SG-1100 Throughput



  • This post is deleted!


  • I found a post after making this stating it can't handle the throughput.... ugh. Their product page is misleading.


  • Rebel Alliance Netgate Administrator

    What part threw you off?

    I assume: https://www.netgate.com/blog/choosing-the-right-netgate-appliance.html is the post you read on what device to get?


  • LAYER 8 Global Moderator

    How exactly are you testing that your seeing drops?

    Per this thread, seems that 800s are doable via testing.
    https://forum.netgate.com/topic/140100/sg-1100-throughput-test



  • @chrismacmahon I didn't find that page until I posted. I reviewed the below product page that stated "For users seeking an excellent firewall with up to 1 Gbps throughput, the SG-1100 is the new gold standard." This seems to just be a sales angle since the ports are gigabit. The link you posted is the one I ended up finding stating that it was intended for a 500mb connection and that is about what I am getting out of it.

    https://www.netgate.com/solutions/pfsense/sg-1100.html



  • @johnpoz I was testing the identical config between the 2 devices (the virtual one vs the sg1100) using speedtest.net to the local ISP (they have a speedtest node within thier network). With the virtual pfsense in line, I was getting 950mbps x 850mbps with no loss and with the sg1100 in line, I was getting 450mbps x 280mpbs with packet loss.

    I did see the post you mentioned and that coupled with the product page info swayed me to pull the trigger. I packed it up and factor reset it last night to return it. I am going to go with a white box micro firewall to put pfsense on that is a bit beefier and has hardware level encryption support.

    https://www.amazon.com/gp/product/B0742P83HY/



  • I also fell for the 1Gb marketing blurb. This device absolutely does not handle Gigabit Internet speeds. I get 900mbps connected direct to the modem and about 260mbps through the pfSense. Wish I'd seen this earlier:

    https://www.netgate.com/blog/choosing-the-right-netgate-appliance.html

    This link is a little less misleading than this:

    https://www.netgate.com/blog/netgates-new-sg-1100-punches-way-above-its-weight.html

    Upgraded my little SG1000 that maxed out at 150, and now I have a rather lamo 260. Nothing complex about the setup ... home network with a few PCs and IoT, basic pf enabled.

    So hope this helps somebody make their decision. Kinda disappointed and feel somewhat conned.


  • Netgate Administrator

    260Mbps is very low for the SG-1100. How are you measuring that?

    Do you have any packages running?

    Steve



  • Well I no longer think the sg1100 is the culprit. I'm using speedtest.net to test. There are no extra packages running just basic firewall with no fancy rules. But last night I hooked up a Peplink Balance 380 from the office, which I know for sure does gigabit, and it also returns about 270mbps, so that means the issue must be on the Comcast side. I have scheduled them to come take a look, although when they installed it I saw it coming down at 900 or so at the modem. I'll report back once I have verified the Comcast speeds.



  • @eholcroft I just wanted to chime in here since the original post seems to have been deleted. The sg1100 can switch at gigabit but can't filter at gigabit speeds. Netgate admitted this to me and that is why their product page reads differently than when I originally quoted it. The 2nd issue I had is that, in freebsd, pppoe is single threaded and since my ISP requires it for access, the j series celeron were no fast enough. I found a cheap Chinese fanless mini pc with a quad i5 for less than the sg3100 that works flawlessly. I would recommend looking into that.


  • LAYER 8 Global Moderator

    @Erik10206 said in SG-1100 Throughput:

    he original post seems to have been deleted

    Which is your post..



  • @Erik10206 So Comcast just left. Upper hundreds when speedtesting a computer connected direct to their modem (I messed that test up before because unbeknownst to me only eth1 is active on the Comcast modem when in bridging mode). So what else, my GB network switch faulty? No: I connected my computer direct to LAN port on SG1100, gives 260-270mpbs. Even with PF enabled I should get 700mbps according to the blurb. But why is my trusty old Peplink showing almost identical results?

    I have a Netgate XG7100 lying at the office. I will test with that tomorrow. This is our main unit we deploy across our regional offices ... if that also returns these low speeds .... well then the router is conclusively ruled out as the bottleneck, unless my logic is fundamentally flawed.

    Could Comcast be throttling my home service when a router is detected? Anyway, not so sure I'm talking about a router speed issue here any longer, there's something else going on, it seems. I can also add that this 260 is a global limit in that if I run two speedtests on different machines, they give 131mbps (for a total of 262) each down, but 40 each which is the Comcast limit (for a total of 80) on the upload.

    Will report back with results on the XG7100, if anyone cares.


  • LAYER 8 Global Moderator

    @eholcroft said in SG-1100 Throughput:

    Could Comcast be throttling my home service when a router is detected?

    No... I ran comcast for many many a year - they never throttled no matter what router I put on.. I never had their gig service... Here is the thing if you can not get the speed your paying for - then have them come out and prove to you the line can do it with their equipment then.

    The sg1100 is capable of way more than 260mbps.. Test it yourself taking the internet and your isp out of the equation.. Put something on wan, but another on lan and move some packets.. iperf, file downloaded etc.. Just test without sg1100 in between at first to make the test equipment is capable of X speed.. Then with router inbetween you should get something a bit less than X..



  • Well that's interesting. Thanks for that suggestion.

    iperf from network client to SG1100 (pf enabled, MTU 1500):

    [ ID] Interval Transfer Bitrate
    [ 5] 0.00-10.68 sec 476 MBytes 374 Mbits/sec

    I expected something in the upper 700's. So the SG1100 is connecting to the Internet not that much slower than it can run across the LAN. I switched off bandwidthd and saw a substantial improvement:

    [ ID] Interval Transfer Bitrate
    [ 5] 0.00-10.61 sec 698 MBytes 552 Mbits/sec

    Along with this I saw an improvement on speedtest.net to 297mbps. Still a afar cry from gigabit.

    This was surprising to me. I had no idea bandwidthd would chew up so much resources. Now I wonder what else I can switch off on the Netgate.

    On the LAN side, this is clealry not the bottleneck:
    iperf from network client to another network client on my home LAN:
    [ 3] local 192.168.253.15 port 28062 connected with 192.168.253.100 port 5001
    [ ID] Interval Transfer Bandwidth
    [ 3] 0.0-10.0 sec 1021 MBytes 857 Mbits/sec


  • Netgate Administrator

    Ok that looks more like what I expect through the SG-1100. You won't see 900Mbps through it though no matter how much tuning we do. At least not in a test against speedtest.net.

    Steve



  • So just to close the loop on this:

    Hooked up the XG7100 as a comparative test and got 873mbps on speedtest.net. That's more like it. Except I don't think I'll be putting a $1000 router in my home any time soon.

    I'll take a look at the product lineup and see what Netgate pfSense will give me closer to what I need. The SG3100 I guess. Didn't really want to spend that much on a home router, but I'm in deep with Comcast Gigabit now so I might as well go all the way.

    The picture offered here https://www.netgate.com/blog/netgates-new-sg-1100-punches-way-above-its-weight.html really seems a bit optimistic. Not sure what the conditions of that testing were but I wish I could replicate it here. So to other buyers out there be warned - while the SG1100 is an impressive little device, it doesn't quite live up to the hype.



  • @eholcroft said in SG-1100 Throughput:

    So just to close the loop on this:

    Hooked up the XG7100 as a comparative test and got 873mbps on speedtest.net. That's more like it. Except I don't think I'll be putting a $1000 router in my home any time soon.

    I'll take a look at the product lineup and see what Netgate pfSense will give me closer to what I need. The SG3100 I guess. Didn't really want to spend that much on a home router, but I'm in deep with Comcast Gigabit now so I might as well go all the way.

    The picture offered here https://www.netgate.com/blog/netgates-new-sg-1100-punches-way-above-its-weight.html really seems a bit optimistic. Not sure what the conditions of that testing were but I wish I could replicate it here. So to other buyers out there be warned - while the SG1100 is an impressive little device, it doesn't quite live up to the hype.

    I have no horse in this race, so to speak, but looking at the page you linked there are some bar charts at the bottom where the results somewhat agree with your real world experience. Of note, look at the bar chart showing packet filtering enabled. Notice that depending on the packet size configured (256 bytes, 512 bytes or 1500 bytes), the bits/second number changes quite a bit. What is actually more important is the pps (packets per second) processing rate. That is pretty much fixed and determined by the CPU in the box. It stands to reason, though, that larger packets wind up producing a greater bits per second rating. That's what the bar chart I referenced illustrates.

    With your speed test site, you don't really know exactly what size all of the packets are. If they were all uniformly 1500 bytes, then maybe reaching the 800 megabits/sec rate is reasonable. However, with smaller packet sizes, since the packets per second rate is fixed, you get overall smaller throughput when measuring in bits/second.

    Note that the first bar chart on the page is showing performance with pf (the packet filtering firewall) disabled. Very few users would run that way, though. That's just a plain vanilla router with no firewall enabled. The second chart shows performance with the firewall enabled.


Log in to reply