ER707-M2 V1.0 Software 1.2.2 Deep Packet Inspection Throughput
Hi,
I have a setup with the ER707-M2 as router-on-a-stick. This means the routers routes between VLAN's via the interface 2.5G WAN/LAN2. When I run some iperf3 session between a host in vlan a and a host in vlan b I can reach the speed of 2.3 Gbit/s without any problem. Now I have swtched on the DPI function and the throughtput decreases to 908 Mbits/sec of download und 337 Mbits/sec of upload rate. I was really surprised because it should be a "High-Performance and Ultra-Secure" router. In your datasheet I found a DPI Throughtput of TCP: 1823 Mbps and UDP: 1272 Mbps. Please explain me the difference.
Kind regards
Oliver
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
Hi @oro70
Thanks for posting in our business forum.
Several questions for you:
1. Do you have IDS on? IDS will enormously decrease the speed. We have this marked out on the specs page. This is normal and we cannot fix this. The fix to this IDS problem would be getting better and more powerful models but they still have limits.
2. You've turned on the DPI, but you iperf between the VLANs?
DPI would have an impact on the WAN speed usually. The datasheet usually refers to the LAN > WAN as well. That's usually called throughput.
But, are you referring to the situation where the DPI is enabled and you experience a slow connection between VLANs?
3. 2.3Gbps between the VLANs, which only shows the inter-LAN transmission is not limited. Not sure the decreased result is also about the inter-LAN?
Or you are running the LAN > WAN speed test?
- Copy Link
- Report Inappropriate Content
Hi,
Thanks for your answer.
1. No IDS is off. I'm aware of the decrease.
2. Yes, I have tested intervlan routing. Only LAN Traffic between 2 Hosts. This traffic seems to be affected by DPI as well.
3. No. As I already mentioned, only LAN>LAN traffic. The Interface LAN/WAN 2 is configured as Trunk and carries multiple VLANs and route between this.
I hope this is a bug and not a feature ;-)
Kind regards
Oliver
- Copy Link
- Report Inappropriate Content
Hi @oro70
Thanks for posting in our business forum.
oro70 wrote
Hi,
Thanks for your answer.
1. No IDS is off. I'm aware of the decrease.
2. Yes, I have tested intervlan routing. Only LAN Traffic between 2 Hosts. This traffic seems to be affected by DPI as well.
3. No. As I already mentioned, only LAN>LAN traffic. The Interface LAN/WAN 2 is configured as Trunk and carries multiple VLANs and route between this.
I hope this is a bug and not a feature ;-)
Kind regards
Oliver
Did you use UDP in the iperf?
I think this is expected. The total bandwidth being used meets the datasheet.
- Copy Link
- Report Inappropriate Content
Yes, when you calculate it together you are right. UDP ist matching the datasheet. But I have measuered it in 2 steps and not at the same time.
Why it is so different between Up and Download? And why it is in LAN Traffic. You mentioned DPI should only happen on LAN/WAN Traffic.
Kind regards
- Copy Link
- Report Inappropriate Content
Hi @oro70
Thanks for posting in our business forum.
oro70 wrote
Yes, when you calculate it together you are right. UDP ist matching the datasheet. But I have measuered it in 2 steps and not at the same time.
Why it is so different between Up and Download? And why it is in LAN Traffic. You mentioned DPI should only happen on LAN/WAN Traffic.
Kind regards
Just bring you a different aspect to think of this, this happens to LAN. The performance of the DPI is 1300Mbps for all the LAN ports. That's the hardware limit and why it is called throughput. The total capacity.
Then, it comes to this LAN test you did, the upload/download would be limited by the total throughput. But there is no guarantee that you will get symmetric speed when you run it in the LAN test. The chipset will process it twice at two ports. What you should look at is the final add-up result. It is expected and you misunderstand it.
The chipset does not cut it in half because it happens to the LAN. It just processes the 1300Mbps at its best capacity on all the ports.
- Copy Link
- Report Inappropriate Content
Hi @oro70
Thanks for posting in our business forum.
oro70 wrote
Yes, when you calculate it together you are right. UDP ist matching the datasheet. But I have measuered it in 2 steps and not at the same time.
Why it is so different between Up and Download? And why it is in LAN Traffic. You mentioned DPI should only happen on LAN/WAN Traffic.
Kind regards
The first reply, I think I did not explain it well enough.
2. You've turned on the DPI, but you iperf between the VLANs?
DPI would have an impact on the WAN speed usually. The datasheet usually refers to the LAN > WAN as well. That's usually called throughput.
But, are you referring to the situation where the DPI is enabled and you experience a slow connection between VLANs?
3. 2.3Gbps between the VLANs, which only shows the inter-LAN transmission is not limited. Not sure the decreased result is also about the inter-LAN?
Or you are running the LAN > WAN speed test?
The WAN speed is not an accurate way to say it. It is what you get from hardware throughput (LAN > WAN or WAN > LAN, the same thing when you run a speed test).
And usually, when we discuss that DPI speed is slow, we are referring to the LAN > WAN. That's why I say the highlighted line.
This speed reflects the capacity of the product processor regardless of the direction and it is what's been written on the datasheet. But when we discuss speed, we usually have at least two directions to consider. That's a trap for the brain, the thought, and the mind.
As for the test device, you are displayed with the speed value. But if you need to match it, you should take it out from the directions.
And the question in orange is merely confirming if I understand you right. You are not performing a WAN > LAN test but a LAN > LAN test. That's why I asked the second question.
For the third one, 2.3Gbps is the switch capacity between the LANs. That means the maximum switching capacity for the switch chipset.
I am still confirming what you described in the initial post that this case is about the LAN > LAN iperf test.
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
This is my setup. You mentioned I test UDP traffic. That was standard with older iperf versions. Since v3 it measures TCP traffic by standard. As you see now I have tested TCP and UDP and it mkaes it much more worse:
TCP Download: 329 Mbit/s
TCP Upload: 1.05 Gbit/s
UDP Download: 1.05 Mbit/s !!!!!!!
UDP Upload: 1.05 Mbit/s !!!!!!!
Why there is a so hugh difference between down & upload?
All this measurement are not running at the same time. So I see every measurement as a single run and should reach the value from the datasheet. When you always calculate it together this have to be mentioned.
So DPI on an ER707-M2 V1.0 decrease intervlan traffic as well
I have added IDS and IPS, just for fun:
UDP is still the same
UDP Download: 1.05 Mbit/s
UDP Upload: 1.05 Mbit/s
TCP Download: 106 Mbits/sec
TCP Upload: 1.29 Gbits/sec -> that's a surprise ;-)
DPI would be a nice to have, but the hardware kill the feature.
- Copy Link
- Report Inappropriate Content
Hi @oro70
oro70 wrote
Do you have LAG or a single line that's 2.5Gbps between all the networks? Not sure why you marked it as the trunk. I have to confirm this.
What are the NIC model numbers for the client and server? Third-party switch model?
What's the command you use for iperf3 when UDP? Have you tried multi-session?
The speed test, you did not mention that you run the iperf from the third-party switch. Without the DPI, run the iperf from this setup.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 738
Replies: 9
Voters 0
No one has voted for it yet.