QoS issues (again)

.Hello @all!

So I have asked in the past a few questions about QoS, but I had a more complicated setup with two WANs and additionally the second was a bonding between an ADSL line and a 4G+ sim card, which was nor really steady regarding the bandwidth

Time went by and I finally have a decent FTTH connection (500/50)

Now the never-ending question: When I perform a speedtest I get a result of 508 down / 53 up

What I want is to limit my whole network to 495 down/ 49 up

I went to system services and created a Traffic shaping rule as follows

Then in Firewall rules I created a top firewall rule and set as source zone my LANs/VLANs and Destination zones WAN.

In this rule I set Shape Traffic to the traffic shaping rule above

I run a command line speedtest from a linux machine and this is what I get

Speedtest by Ookla

Server: LANCOM LTD - Athens (id: 12031)
ISP: FORTHnet SA
Idle Latency: 2.97 ms (jitter: 0.34ms, low: 2.83ms, high: 4.02ms)
Download: 292.54 Mbps (data used: 251.7 MB)
6.49 ms (jitter: 1.77ms, low: 3.61ms, high: 14.59ms)
Upload: 46.91 Mbps (data used: 21.8 MB)
3.09 ms (jitter: 0.31ms, low: 2.55ms, high: 4.53ms)
Packet Loss: 0.0%

Upload Speed is not exactly what I want but I don't mind.

But download speed is a far cry from 495Mbps

Funny thing is that if I change the download limit from 62000 to say, 70000, I get the exact speed from speedtest

Now I turn off the firewall rule and immediately run another speedtest

Speedtest by Ookla

Server: HYPERHOSTING - Athens (id: 5377)
ISP: FORTHnet SA
Idle Latency: 2.40 ms (jitter: 0.55ms, low: 1.71ms, high: 3.14ms)
Download: 408.47 Mbps (data used: 490.1 MB)
30.79 ms (jitter: 1.59ms, low: 3.77ms, high: 40.38ms)
Upload: 51.28 Mbps (data used: 23.9 MB)
44.51 ms (jitter: 8.94ms, low: 11.40ms, high: 301.76ms)
Packet Loss: 0.0%

My kids are downloading something from PS4 at the moment so not the full 500Mbps speed but still..

I have created another traffic shaping rule with the exact same numbers but this time instead of individual I set it to shared.

I get the exact same results: Setting download bandwidth to 62000 I get a speed of 300. Changing again to 70000 I get no increase.

Disabling the rule gets me back to 400+

Can someone explain what is going on?

Edited TAGs
[edited by: Erick Jan at 12:08 PM (GMT -7) on 19 Sep 2024]

Parents

0 Raphael Alganes 2 hours ago

Hello,

What are the results when you perform the test without any users on the network and please share result? Also have you tried directly testing without the FW? PC->directly connected to router->Speedtest? could you share result if you're getting exactly 500 or at least near 500MB DL speed w/o the FW?

Also could you share your current SFOS version? Thank you

Regards,

Raphael Alganes
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 Raphael Alganes 2 hours ago

Hello,

What are the results when you perform the test without any users on the network and please share result? Also have you tried directly testing without the FW? PC->directly connected to router->Speedtest? could you share result if you're getting exactly 500 or at least near 500MB DL speed w/o the FW?

Also could you share your current SFOS version? Thank you

Regards,

Raphael Alganes
Community Support Engineer | Sophos Technical Support
Sophos Support Videos | Product Documentation | @SophosSupport | Sign up for SMS Alerts
If a post solves your question use the 'Verify Answer' link.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

0 ChriZathens 1 hour ago in reply to Raphael Alganes

At the moment not much bandwidth is consumed at the house.

Just run a speedtest without having the firewall rule enabled.

https://www.speedtest.net/my-result/d/a8dece83-3b26-4fd2-bf3a-ed2d4747bbd6

(speeds down/up --> 442/53)

I enabled then the firewall rule. This is the result

https://www.speedtest.net/my-result/d/bf474902-ca96-4090-90f3-c55a091fd8b5

Although the numbers in KBps are calculated correctly, the traffic is capped at 300

(speeds down/up --> 286/47)

I do have an ISP router, however it is set to bridge mode and is now acting as an ONT.

I have seen many times the speed reaching 500 down, but even if I hadn't seen it, the traffic shaping rule should give me the full available at any given moment (for example 440+ that I got at the first speedtest). But with the firewall rule for the QoS enabled I always get capped at 300

My SFOS version is SFVH (SFOS 20.0.2 MR-2-Build378)

Sophos XG Home Licence.
Machine: Barracuda F12 appliance (Intel Celeron N3350 CPU, 6GB Ram, 80GB sata SSD)
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 ChriZathens 1 hour ago in reply to Raphael Alganes

I have replied to you, but my post was flagged as spam, possibly due to the fact that I pasted speedtest links to share the results (was running the windows app this time).

Anyway, since I don't know when/if my reply will be unflagged, I am replying again..

So at the moment there is not much bandwidth consumed at the house

Run a speedtest (from a linux machine now) without the firewall rule enabled:

Download: 422.91 Mbps (data used: 407.7 MB)
32.73 ms (jitter: 4.52ms, low: 3.74ms, high: 253.45ms)
Upload: 52.96 Mbps (data used: 25.2 MB)
44.28 ms (jitter: 9.33ms, low: 19.42ms, high: 292.46ms)
Packet Loss: 0.0%

I enable the firewall rule again:

Download: 313.15 Mbps (data used: 238.5 MB)
5.93 ms (jitter: 1.43ms, low: 2.98ms, high: 12.61ms)
Upload: 47.09 Mbps (data used: 22.4 MB)
2.84 ms (jitter: 0.41ms, low: 2.27ms, high: 12.94ms)
Packet Loss: 0.0%

I disabled the rule again and at the next speedtest I got 430/45

I enabled it then once more and got 310/47

The ISP's router is set to bridge mode, which effectively turns it to an ONT

I have seen many times the speed reaching at 500, but even if I didn't, the QoS rule (which has the correct numbers for KBps) should not limit me to 300, it should at least give me the full available speed since it is capped at a higher speed that the actual one. It should not contantly cap me at 300

I am running the latest sfos version SFVH (SFOS 20.0.2 MR-2-Build378)

Sophos XG Home Licence.
Machine: Barracuda F12 appliance (Intel Celeron N3350 CPU, 6GB Ram, 80GB sata SSD)
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 rfcat_vk 30 minutes ago in reply to ChriZathens

Hi ,

for future reference please post screen shots.

I am running a 250/100 internet connection, to get it to perform, I used the following settings. My peak is slightly less than maximum to allow for the VoIP service requirements.

Ian

XG115W - v20.0.2 MR-2 - Home

XG on VM 8 - v20.0.2 MR-2

If a post solves your question please use the 'Verify Answer' button.
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 ChriZathens 5 minutes ago in reply to rfcat_vk

Thanks a lot for the example Ian!

I actually want to also limit the upload speed, so this setting alone would not do what I want, but nevertheless I tried your way.

I disabled the firewall rule and only set the below (based on your numbers, so setting my numbers double than yours)

Result:

Download: 254.42 Mbps (data used: 264.8 MB)
8.40 ms (jitter: 6.47ms, low: 2.36ms, high: 286.60ms)
Upload: 52.95 Mbps (data used: 24.5 MB)
43.45 ms (jitter: 1.38ms, low: 14.06ms, high: 49.38ms)
Packet Loss: 0.0%

I immediately change the settings to Disable "Enforce guaranteed bandwidth"

Result:

Download: 424.80 Mbps (data used: 414.4 MB)
29.13 ms (jitter: 1.66ms, low: 5.16ms, high: 39.75ms)
Upload: 52.93 Mbps (data used: 25.2 MB)
42.67 ms (jitter: 1.65ms, low: 16.11ms, high: 49.23ms)
Packet Loss: 0.0%

It makes no sense...

Sophos XG Home Licence.
Machine: Barracuda F12 appliance (Intel Celeron N3350 CPU, 6GB Ram, 80GB sata SSD)
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel