Message #341 des archives de la Liste ecs-isp@2rosenthals.com

De: "Massimo S." <ecs-isp@2rosenthals.com> En-têtes complèts
Message brut
Sujet: Re: [eCS-ISP] Injoy FW 4.2.2 and download datarates (connection speed) the eternal mistery :)
Date: Wed, 16 Jun 2021 23:46:08 +0200
À: eCS ISP Mailing List <ecs-isp@2rosenthals.com>



Il 16/06/2021 22:25, Roderick Klein ha scritto:
On 16-06-21 09:11, Massimo S. wrote:


Il 16/06/2021 02:40, Roderick Klein ha scritto:
On 14-06-21 08:59, Massimo S. wrote:
Hi all,

in the eternal mistery of this topic with no help or support from the
company
the firewall (as default internet gateway) with Intermediary section
values of default

Assemble packets: ON
MTU: 1500
MSS Auto Adjust: disabled

if you do a speed test it say you have a 20Megabit connection while you
have a 100Mb FTTC

playing with these parameters the situation improve
(e.g. giving 1492 as MTU and playing with MSS)

on an FTTC (100Mbit/sec full granted) i'm able even to raise downloads
data-rate
from 2 MegaBytes/sec to 9MegaBytes/sec, anyway the upstreaming bandwidth
it's not
so much good and i'd like to improve it

even using speedguite.net tcp analyzer

i'm not able to improve further the performances (download/upload
datarate)
and i get no support at all from the sw house, ticket not answered
etc...

Has this simply not been a long standing issue that the performance of
the Injoy firewall, where the systems is connected to a fast internet
connections lags behind ?

playin with RWIN size in inetcfg.ini it seems not to improve too much
things


while i can survive with this in my office, i still have aound some
Injoy FW
at customers's places and internet speed improvement is giving me some
issue

anyone has experience with IJ FW and a 100Megabit/sec FTTC connection
using INJOY FW as default lan gateway?

I am starting to get the impression this is a a current, please note
thst word *current*, limitation in fxwrap.sys.

Roderick

do you mean that there could be udpates that fix the issue?
or V5 will fix the issue?

I do not know when and how it can fixed. What does seem to be the case is that the Injoy Firewall can not provide high threwput, we need on modern fiber optic lines.

I get the impression the filtering logic runs at user level in OS/2 (RING 3 cpu level) and the fxwrap driver runs at kernel 0 (ring 0).
I get the impression every TCP/IP packets has to send from rin0 to ring 3 and back to ring 0. This consumes a lot of CPU time if this is correct.

The IBM OS/2 firewall, like on Linux is ring 0 driver. Where the packet filtering is done at kernel level directly. This provides a great perfomance gain. But that IBM filter driver can of course not used by the Injoy Firewall.

Note that make such changes, if that would help is a lot lot of work!
Right now I get the impression the guys at BWW are extremely busy surviving and working on getting the new Otter Browser beta out the door.

Roderick


Roderick

"busy surviving" is not a justification
i'm a very small business and 9 clients of mine went bankrupt due to the pandemic issues
i've now a turnover that it's the half of about 2 years ago
i'm surviving me too with a number of difficulties

not to mention the phenomenon of uncontrolled relocation that is destroying the IT market (also called "cloud")

i've opened a number of tickets about performances issues and i've no answers
there is not documentation

e.g. if you run a 100Megabit/sec connection you have to run a 4 core cpu and 2 GB of ram
(clearly is just an example i don't know the exact hw reqs)

i've installed at a client's place IJ fw on a 3Ghz core I7 with 4GB of ram,
with SSD storage and i still have performances issues

so i don't believe the stuff of ring0 and ring3
i don't believe that IJ FW is loosing performances in such translation from the driver
to the filtering engine

since if you play with the "intermediary parameters" of packet assembling
you get speed improvements

i believe the problem is that the product *do not have updated documentation*
with correct settings for the different kind of connections

20Megabit, 30Megabit, 50Megabit, 100Megabit and so on...

the documentation are still very old PDFs (some it's even hard to open nowadays)
from FX firm, they have been never updated by the new software house

there is not anywhere an hardware requirements table and so on..

when you modify a rule or a parameter that need firewall restart the firewall
become unresponsive so that you have to call by phone the customer and power off
the server, it's allmost about one year that i wait for such fix

here at my office i've a full granted 100Megabit/sec if i use the Injoy FW as gateway
i get 2,2MegaBytes/sec downloads and 8MegaBytes/sec downloads if i use the router as GW

which kind of internet connections have them in their office?
an ADSL at 20Mbit/sec in Basel??..
please

did they tested the software on a modern connection?
it sounds impossible to me
if yes, they should write a readme txt how to set up their product correctly
i can also pay a ticket for that
but i still not have an answer.....


massimo

Abonner: Direct, Résumé, Index.
Désabonner
Écrire au gestionnaire de la liste