Have 100Mbs connection to Citylink but speeds seem a bit slow (national)

Forums › New Zealand Broadband › Have 100Mbs connection to Citylink but speeds seem a bit slow (national)

1 | 2 | 3

sbiddle

30853 posts

Uber Geek

Retired Mod

Trusted

Biddle Corp

Lifetime subscriber

#532440 12-Oct-2011 17:33

lchiu7:
Beccara: Well IPSEC @ 100mbit is going to require some coin for a seriously beefy router

Looking at the Mikrotik RB1100/AH which isn't too expensive and should do the job.

I wouldn't be sure that this would be able to route a 100Mbps IPSEC VPN.

If you haven't programmed a RouterOS device before there is also a learning curve - it's probably not something you're going to be able to do out of the box.

lchiu7

6470 posts

Uber Geek

Trusted

#532475 12-Oct-2011 18:42

sbiddle:
lchiu7:
Beccara: Well IPSEC @ 100mbit is going to require some coin for a seriously beefy router

Looking at the Mikrotik RB1100/AH which isn't too expensive and should do the job.

I wouldn't be sure that this would be able to route a 100Mbps IPSEC VPN.

If you haven't programmed a RouterOS device before there is also a learning curve - it's probably not something you're going to be able to do out of the box.

I wasnt planning to but to take up a managed service with the ISP who can handle all that. It was they who suggested this model.

Staying in Wellington. Check out my AirBnB in the Wellington CBD. https://www.airbnb.co.nz/h/wellycbd PM me and mention GZ to get a 15% discount and no AirBnB charges.

DonGould

3892 posts

Uber Geek

#532516 12-Oct-2011 20:39

lchiu7: I wasnt planning to but to take up a managed service with the ISP who can handle all that. It was they who suggested this model.

I would recommend working with Tim on this. He really does know his stuff. He is Mikrotik cert'ed, so does know that stuff backwards and seriously, if he's not telling you to head to a Mtk product then I'm not sure who's advice you'd follow?

I agree with Criyl that a nix 86 box might make more sense as well, because then you can throw more cpu at the problem if needed. But without knowing what your budget for this exercise is... direction gets harder.

Promote New Zealand - Get yourself a .kiwi.nz domain name!!!

Check out mine - i.am.a.can.do.kiwi.nz - don@i.am.a.can.do.kiwi.nz

lchiu7

6470 posts

Uber Geek

Trusted

#532547 12-Oct-2011 21:43

DonGould:
lchiu7: I wasnt planning to but to take up a managed service with the ISP who can handle all that. It was they who suggested this model.

I would recommend working with Tim on this. He really does know his stuff. He is Mikrotik cert'ed, so does know that stuff backwards and seriously, if he's not telling you to head to a Mtk product then I'm not sure who's advice you'd follow?

I agree with Criyl that a nix 86 box might make more sense as well, because then you can throw more cpu at the problem if needed. But without knowing what your budget for this exercise is... direction gets harder.

That's who ssuggested the Mikrotik. But the idea of a Nix86 box is also intriguing since I have plenty of spare boxes I could use.

As an aside if anybody who lives in Wellington is willing to help me evaluate and setup a Pfsense box, send me a PM. Willing to pay.

As to budget I am paying nearly $700/month for the line so I am prepared to spend the right amount to make use of it.

Staying in Wellington. Check out my AirBnB in the Wellington CBD. https://www.airbnb.co.nz/h/wellycbd PM me and mention GZ to get a 15% discount and no AirBnB charges.

vulcannz

436 posts

Ultimate Geek
Inactive user

#533375 14-Oct-2011 14:26

tprice42: That is the key i think, most Sonicwalls come with all most, if not all services enabled by default and you have to configure them specific to the environment. Good on Sonicwall though for publishing throughput specs for their devices that are only really achievable with every advanced feature turned off which negates the their purpose.

Sonicwall used to publish true loaded speeds. But then the likes of Fortinet started using some of the flakier IMIX figures.

Most resellers will tell the customer what the true numbers are and point them to the appropriate model. However some customers only want to spend so much. More than often they'll go no further than a TZ-210, when for higher throughputs like 100Mbps it should not be less than an NSA-2400 (around $7k's worth of kit).

Also worth noting that all these other options such as microtik and cisco are not doing anything close to what the Sonicwall is offering in web filtering, app management, IPS, GAV, and reporting.

Closest thing you'll find is the next step up, the Palo Alto's, and they'll double your cost.

tprice42

4 posts

Wannabe Geek

Trusted

#533385 14-Oct-2011 14:43

The trouble i find is most people don't need those advanced features. A simple stateful firewall is all most people need but they get talked into something more complex and expensive by their 'IT professionals' who in the end don't have a clue how to configure them. That's when fingers start to get pointed in the wrong direction, more often than not at the ISP, to avoid embarrassment.

vulcannz

436 posts

Ultimate Geek
Inactive user

#533456 14-Oct-2011 17:29

tprice42: The trouble i find is most people don't need those advanced features. A simple stateful firewall is all most people need but they get talked into something more complex and expensive by their 'IT professionals' who in the end don't have a clue how to configure them. That's when fingers start to get pointed in the wrong direction, more often than not at the ISP, to avoid embarrassment.

That is complete rubbish. Businesses have responsibilities as far as providing a safe workplace, managing application use, and among other things generally protecting the organisation. These functions are required even down to small businesses.

None of this can be provided by a 'simple stateful firewall'.

Let me add I've got plenty of very happy clients who have been using this stuff for up to 7 or 8 years, and are very very happy. I'm also involved with other sites who do not use this stuff and are very very unhappy. These are sites that range in size from SMB to large enterprise, across all sectors such as govt, education, finance, healthcare and so on.

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

webwat

2036 posts

Uber Geek

Trusted

#534495 17-Oct-2011 21:53

tprice42: That is the key i think, most Sonicwalls come with all most, if not all services enabled by default and you have to configure them specific to the environment. Good on Sonicwall though for publishing throughput specs for their devices that are only really achievable with every advanced feature turned off which negates the their purpose.

I thought they also published another speed with a VPN so you can see both high and low speeds. But yeah even pfSense will slow down heaps if you turn on the rate limiting (regardless of the actual rate you set) just because of CPU and bus speed.

Also, your MTU and receive window on a PC are designed for a LAN so don't expect full speed from a single machine on a fast link. A real test would start by first testing aggregated speed across 3 or 4 machines concurrently on the LAN, and then take a look at what your firewall and the test server are capable of under whatever congestion exists at time of test.

I reckon 75% of full speed on just a single machine is pretty good anyway, because a 100Mbps link is designed to support your whole network instead of just one machine

Time to find a new industry!

ojala

188 posts

Master Geek

#539769 1-Nov-2011 01:57

tprice42: The trouble with speed tests is that the are an indication only, especially when you have a circuit speed over 50Mbps.

As 100+ speeds have got more common, speedtest.net has got more reliable as well.

On a 200/10 cable-tv interweb connection.

On a gigabit corporate fiber. Obviously @ge one shouldn't expect 1000/1000 -- yet.. :)

1 | 2 | 3