Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 23
  1. #11
    Master Untangler
    Join Date
    Jan 2020
    Location
    San Jose, CA
    Posts
    100

    Default

    Quote Originally Posted by Jim.Alles View Post
    It turns out the large content size is prioritized to 'Medium', which has a 50% download limit.
    This likely affecting the O.P.s observation, as well.
    Jim,

    This is a cool find. The strange thing though is that not all installation have those QoS limits by default.

    Below are the defaults for a fresh Untangle 15.1 installation (designated as "Home", in case that matters): Untangle 15.1 Default QoS Priorities.jpg

    With those default even medium priority traffic can exhaust the bandwidth. But perhaps those defaults have changed recently and you are working off an older installation?

  2. #12
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,605

    Default

    As it turns out, the 50% limit is not likely to be a default

    In general, I have streaming media go to medium Priority.
    This is what I have done:

    QoS Pri.png

  3. #13
    Untangler
    Join Date
    Jun 2018
    Location
    Pacific Northwest
    Posts
    50

    Default

    Thanks for all the great info Jim (and others) - apologies for going radio silent, but it's been a heckuva week with both work and getting the kitchen back together after not having one since early April (burst pipe).

    Teenagers are awake and streaming; I'll use today to catch up on reviewing the wiki and getting the basic bandwidth control setup done, then I'll do testing in the AM before they wake up.

  4. #14
    Untangler
    Join Date
    Jun 2018
    Location
    Pacific Northwest
    Posts
    50

    Default

    Phew, feels like this week has been 10 Mondays long. Finally got some time in for testing this morning. I'll try and do some more tests tomorrow where I only disable one thing at a time instead of ramping up to (almost) fully disabling the app suite.

    Test (1), Time: 7:15 am, PDT
    Conditions: Nothing disabled on Untangle, minimal streaming, Apps: Web Filter, Virus Blocker, Bandwidth Control, Application Control, Firewall, Ad Blocker, Intrusion Prevention, Reports, Config Backup, Directory Connector

    Interface usage: 372 Kb External, 326 Kb Internal (from 7:00 - 7:14 am)
    Hosts: 21 active
    Total session snapshot: 182 (162 scanned, 20 bypassed)

    Results (167.5 Mb/s down, 25.9 Mb/s up):


    *****

    Test (2), Time: 7:19 am, PDT
    Conditions: Applied bypass rule (first rule processed) on my desktop through Network Config, minimal streaming, Apps: Web Filter, Virus Blocker, Bandwidth Control, Application Control, Firewall, Ad Blocker, Intrusion Prevention, Reports, Config Backup, Directory Connector

    Interface usage: not logged, as test packets would skew results
    Hosts: 23 active
    Total session snapshot: 135 (117 scanned, 18 bypassed)

    Results (275.3 Mb/s down, 33.9 Mb/s up):


    *****

    Test (3), Time: 7:25 am, PDT
    Conditions: Bypass rule applied and disabled Intrusion Prevention app, minimal streaming, Apps: Web Filter, Virus Blocker, Bandwidth Control, Application Control, Firewall, Ad Blocker, Reports, Config Backup, Directory Connector

    Hosts: 23 active
    Total session snapshot: 114 (70 scanned, 44 bypassed)

    Results (272.2 Mb/s down, 34.6 Mb/s up):


    *****

    Test (4), Time: 7:30 am, PDT
    Conditions: Bypass rule applied, disabled Intrusion Prevention and Bandwidth Control apps, minimal streaming, Apps: Web Filter, Virus Blocker, Application Control, Firewall, Ad Blocker, Reports, Config Backup, Directory Connector

    Hosts: 25 active
    Total session snapshot: 144 (81 scanned, 63 bypassed)

    Results (215.4 Mb/s down, 36 Mb/s up):


    *****

    Test (5), Time: 7:33 am, PDT
    Conditions: Bypass rule applied, disabled Intrusion Prevention and Bandwidth Control apps, minimal streaming, Apps: Web Filter, Virus Blocker, Application Control, Firewall, Ad Blocker, Reports, Config Backup, Directory Connector

    Hosts: 25 active
    Total session snapshot: 144 (81 scanned, 63 bypassed)

    Results (215.4 Mb/s down, 36 Mb/s up):


    *****

    Test (6), Time: 7:37 am, PDT
    Conditions: Bypass rule applied, disabled Intrusion Prevention and Bandwidth Control apps, disabled QoS, minimal streaming, Apps: Web Filter, Virus Blocker, Application Control, Firewall, Ad Blocker, Reports, Config Backup, Directory Connector

    Hosts: 27 active
    Total session snapshot: 134 (69 scanned, 65 bypassed)

    Results (547 Mb/s down, 41.8 Mb/s up):


    (1 of 2, Continued in next post, ran into image limits)

  5. #15
    Untangler
    Join Date
    Jun 2018
    Location
    Pacific Northwest
    Posts
    50

    Default

    2 of 2:

    *****

    Test (7), Time: 7:40 am, PDT
    Conditions: Bypass rule applied, disabled Intrusion Prevention, Bandwidth Control, and Application Control apps, disabled QoS, minimal streaming, Apps: Web Filter, Virus Blocker, Firewall, Ad Blocker, Reports, Config Backup, Directory Connector
    Note: Had to do test twice after it dropped during first iteration

    Hosts: 27 active
    Total session snapshot: 132 (71 scanned, 61 bypassed)

    Results (458.6 Mb/s down, 42.2 Mb/s up):
    (Broken image, results at: ) http://www.dslreports.com/speedtest/65135533

    *****

    Test (8), Time: 7:47 am, PDT
    Conditions: Bypass rule applied, disabled Intrusion Prevention, Bandwidth Control, Application Control, and Web Filter apps, disabled QoS, minimal streaming, Apps: Virus Blocker, Firewall, Ad Blocker, Reports, Config Backup, Directory Connector

    Hosts: 27 active
    Total session snapshot: 127 (80 scanned, 47 bypassed)

    Results (624 Mb/s down, 40.8 Mb/s up):
    (Broken image, results at: ) http://www.dslreports.com/speedtest/65135570

    *****

    Test (9), Time: 7:50 am, PDT
    Conditions: Bypass rule applied, disabled Intrusion Prevention, Bandwidth Control, Application Control, Ad Blocker, and Web Filter apps, disabled QoS, minimal streaming, Apps: Virus Blocker, Firewall, Reports, Config Backup, Directory Connector

    Hosts: 27 active
    Total session snapshot: 135 (79 scanned, 56 bypassed)

    Results (562 Mb/s down, 42.4 Mb/s up):


    *****

    Test (10), Time: 7:54 am, PDT
    Conditions: Bypass rule applied, disabled Intrusion Prevention, Bandwidth Control, Application Control, Ad Blocker, Virus Blocker, and Web Filter apps, disabled QoS, minimal streaming, Apps: Firewall, Reports, Config Backup, Directory Connector

    Hosts: 27 active
    Total session snapshot: 165 (109 scanned, 56 bypassed)

    Results (638 Mb/s down, 41.5 Mb/s up):


    *****

    Test (11), Time: 7:57 am, PDT
    Conditions: Bypass rule applied, disabled Firewall, Intrusion Prevention, Bandwidth Control, Application Control, Ad Blocker, Virus Blocker, and Web Filter apps, disabled QoS, minimal streaming, Apps: Reports, Config Backup, Directory Connector

    Hosts: 27 active
    Total session snapshot: 133 (80 scanned, 53 bypassed)

    Results (844 Mb/s down, 42.1 Mb/s up):
    (Broken image, results at: ) http://www.dslreports.com/speedtest/65135706

    *****

    Test (12), Time: 7:57 am, PDT
    Conditions: Set DSLReport Speed Test to Gigabit instead of Cable, Bypass rule applied, disabled Firewall, Intrusion Prevention, Bandwidth Control, Application Control, Ad Blocker, Virus Blocker, and Web Filter apps, disabled QoS, minimal streaming, Apps: Reports, Config Backup, Directory Connector

    Hosts: 27 active
    Total session snapshot: 133 (80 scanned, 53 bypassed)

    Results (848 Mb/s down, 41.5 Mb/s up):


    Hopefully that provides a decent snapshot, though it's of a rather small sample size. I'll try and find another good off-peak time when the teenagers are not only still asleep, but the rest of the neighborhood is as well.

  6. #16
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,605

    Default

    So what is your impression of that data?

    I would have to structure it into a table/matrix to make sense of it, but it does look like there is a clear pattern.

    You might be able to remove some of the variables that you don't control by converting into percentages of the full speed test at a given time.

    (I went down the rabbit hole of QoS because test results originally appeared to be exactly 50% of advertised.)

  7. #17
    Untangler
    Join Date
    Jun 2018
    Location
    Pacific Northwest
    Posts
    50

    Default

    I'm hesitant to draw any definitive conclusions from such a small sample size, especially when external factors like neighborhood activity on the the cable network may have impacted my admittedly ad hoc tests.

    I do have some impressions that I'd like to examine with further testing, those being:

    (1) I may have too many apps installed for a home-based install. Even though they are disabled, I should probably uninstall Spam Blocker and Phish Blocker since we don't have our own email server. Likewise, SSL Inspector is disabled after reading about all the issues it has, and how it's not really effective.
    (2) I probably need to do some tuning. With a few exceptions, most settings are at their defaults. Exceptions being mainly "block rules" linked to a Grounded policy or during the Education policy period.
    (3) QoS is definitely impacting speed tests when enabled... which is to be expected. I still may need to make adjustments after a longer period of observation - like through the end of September after the college kids have been back at school for a few weeks. I just did another impromptu test with QoS enabled:



    And then with only QoS turned off (all apps enabled):


    Again, a little adjustment on bandwidth levels may be in order there (more on the upstream side). To get the most out of it, I think I also need to go in and create some rules to prioritize clients / devices better. "Critical" clients like my work rig, wife's preferred streaming setup (because, I choose life), etc. as Very High, with less critical devices like the XBox as High (or maybe even Medium, lol!).

    Does that sound about right for impressions, and a preliminary set of "next steps" to work through?

  8. #18
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,605

    Default

    We didn't get the second screengrab up there.

    Although I agree with you, I wouldn't install those apps I don't use, I wouldn't expect them to have much of an effect.

    For video streaming services, especially Netflix, they initialize by testing the link, to determine bandwidth available, and scale by grabbing as much as possible. Unless 4k is required, I like to limit those sessions to enough bandwidth for HD, while leaving headroom for the rest of the household. Netflix discovers what they have allocated, and remain happy with it with reasonable quality; then it doesn't have to re-negotiate.

    An unseen factor that can slow things down is the sheer number of sessions. Even if they are short-lived, if you have something unusual going on. Keep an eye on that count.

    It possible that this boils down to hardware.

  9. #19
    Untangler
    Join Date
    Jun 2018
    Location
    Pacific Northwest
    Posts
    50

    Default

    Thanks Jim, I'll leave the apps alone. There's plenty of space available on the SSD, so removing them was probably more an artifact of the "reduce the attack surface whenever possible" mindset from a previous role many years ago.

    Unfortunately, we are a 4k household that's also cut cable service, so everything is online (fuboTV, wife's Amazon Prime & Netflix, and Disney+ for the kiddies). That's why I try and test while they're all sleeping or otherwise occupied, lol!

    For sessions, I think getting a handle on that will also involve some tuning and adjustments. For example, when I took a quick glance at the dashboard today I noticed my Sonos speakers pinged a server in Argentina, then Zaire, Germany, etc. A quick search (and trip down the rabbit hole) showed the server in Argentina was for their national research company (innova-red.net), but I don't think my speakers need to contribute to their efforts. I tagged all the speakers with "Sonos," and now have a firewall rule that restricts all traffic to local, US, and US minor outlying islands.

    Here's a look at sessions per hour over the past week (I tried to shrink it, apologies if it's still too large):


    And corresponding CPU load over the same period (a load of 5 is the upper end of Green for my setup, and 8 is the upper end of yellow):


    Alrighty, just about time to jump on another call - thanks again for your insights and advice, it's definitely helping as I work through this.

  10. #20
    Untangle Ninja Jim.Alles's Avatar
    Join Date
    Jul 2008
    Location
    Central PA
    Posts
    2,605

    Default

    Start shopping for hardware.

    Untangle Employee comment please?

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2