Jesus Pimp

I'm currently using zone alarm and was wondering if I lose any bandwith downloading?

__________________
Never date anyone who doesn't make your dick hard.

charliex

short answer no.

the difference in speed of processing the data by zonealarm is an order of magnitude greater than the network bandwidth, so the bottleneck is your network connection.

dragonxx

I used Zone Alarm for a LONG time, and did several speed tests while using it.. I never notices any speed change while using it, however, there was always the instance of when it asks you if you want to allow something... If you miss the screen for it, it kinda sits there and waits...till you notice it and ok whatever it is asking..

Jesus Pimp

Well I noticed that whenever I use Zone Alarm my bit torrent download speeds drop considerably. Maybe I'm just seeing things.. I was downloading some anime at 180kb/sec (cable ). When I turned on Zone Alarm, it dropped down to zero.

__________________
Never date anyone who doesn't make your dick hard.

Konichiwaneko

Bit torrent is new tech if I remember. Also if I was a firewall and I that much information flying, I would be concerned Doesn't bit Torrent create multiple session with whomever is downloading all that file, and getting everyone to download/upload it at the same time?

Personally I would skip zone alarm and just get a router...I don't like software firewalls at all.

It's arguable that Firewalls create latency (not exactly slowing down your connection, but just the responsiveness) but it would to such a low and unnoticable amount I wouldn't care for it.

__________________

Jesus Pimp

Have you had problems with bit torrent over your hardware firewall?

__________________
Never date anyone who doesn't make your dick hard.

tronims

I havnt had any preblems with bittorrent and my hardware firewall, but I do notice slightly lower speeds then before, still maxing the connection just it takes many files to do so.

Pragma

The way that BitTorrent works is as follows: It lets you download at a percentage of your upload capability (ie: download = 4 * upload). A common issue that I've seen with my own systems is that if I set up my firewall to block BitTorrent from sharing files, my download speed drops to 1 or 2 k/sec. However, the second I open it up, the speed jumps right back up to several hundred k/sec.

To address the larger issue ("Does using a firewall reduce bandwidth?"), the answer is yes - conditionally. If you've got a metric fuckton of bandwidth (ie: multiplexed T1s out the ass) and a fairly slow stateful packet filter, then yes, you'll lose some of your bandwidth capability as the system is just not fast enough to inspect all of the packets as they come in. But you'll only experience this under heavy load.

Most people with enough bandwidth to experience this problem can afford high-end Cisco PIX firewalls or similar hardware, so they aren't affected, though.

__________________
Eat antimatter, Posleen-boy!

zero2

No it doesn't.

Pragma

Huh, maybe it was the version I was using, but I repeatedly demonstrated it on my machine and two others I had access to at the time.

__________________
Eat antimatter, Posleen-boy!

Jesus Pimp

So what's the solution? Get a hardware firewall?

__________________
Never date anyone who doesn't make your dick hard.

Pragma

If you've got insane bandwidth, then yea, hardware firewalls are the way to go. However, I highly doubt that you'll experience any kind of a noticable difference in performance.

Just make sure that BT is allowed to send files out, and see if that improves your download rates any.

__________________
Eat antimatter, Posleen-boy!

kel

Don't use bittorrent as a gauge of download speed.

It is a MONSTER CPU hog, on systems sub 1ghz it is common for the CPU to be the bottleneck and not the network connection.

__________________
"It better be funny"

Pragma

That's also very true, kel. I was referring more to testing BT-download speeds, rather than the total capabilities of the system, in terms of "turn on and off the firewall, see if it makes a difference."

My comments about "insane bandwidth and hardware firewalls" were directed at "total bandwidth", not "BT downloads".

__________________
Eat antimatter, Posleen-boy!

Mephisto2

Does it affect your bandwidth?

Of course it does! Anyone who says otherwise doesn't understand the first thing about networking.

Will it affect your bandwidth to such a degree that you notice it?

Probably not if you have a decent CPU.

Mr Mephisto

charliex

Mr Mephisto, how so ?

A firewall does not generate more bandwidth on a connection, its all on the host CPU processing the data, the rate that a modern PC can process is data is an order of magnitude greater than almost any network pipe can handle.

The bottleneck will always be the network in current systems, unless the CPU is maxed out, and if you know anythign about bottlenecks, it doesn't matter if a process down the pipe take slightly longer than it did (and we are talking nanoseconds) so long as it can still pull data from the bottleneck faster than it can push, it will always be starved for data..

I'd like to see some facts on your reasoning

Mephisto2

Which is exactly what I said.

If your CPU is fast enough, you most likely will not see any service degration on a small home internet feed.

If you try to run a large network through a software firewall, you will see service degradation.

If you need to see "facts" to support that, you don't know as much about networking as you think.

Check out
http://www.intel.com/design/network/...erformance.htm
or
http://www.pcmag.com/article2/0,4149,1169142,00.asp

I couldn't be arsed looking for more "facts" to convince you.


Mr Mephisto

charliex

Those aren't facts of a pc user running a software firewall seeing bandwidth degredation..

given the latencies involved with networking and the size of the network pipe via a CPU + bus theres going to be zero slowdown.

If you managed to achieve a full 100Mbs data push from a PC via software firewall to a 100Mbs net card to a local area network, the bus would hardly notice,..

note thats a 100 Mbs per second, hardly a hit at all.. Most routers have an insignicant processing power compared to a PC.

The intel article is for VPN + Firewall, note the phrase

"The addition of VPN to firewalls usually alters performance greatly."

Its a totally different beast, VPN has a lot more going on. The second article says 'affects PC performance' not affects 'network performance'.

of course you can't be bothered looking for facts, they don't exist.

What exactly do you think a hardware firewall is ? its a cut down PC like device, with considerably less CPU power , it runs its "software" from a rom or such instead of a disk, although its pathways are optimized, its because its considerably less powerful than a PC. Most firewalls run on dinky CPU's

A 1000 gallon per minute pump going through a 10 gallon per minute valve, can reduce in effiecieny down to 500 gallons per minute, and the 10 gallon per minute valve will still be delivering maximum throughput.

Mephisto2

You're missing my point.

The answers here (so far) were stating that there would never be any network performance running a software firewall. As I said, with a decent CPU that wont' happen.

I'm saying that's not a simple fact, but rather a result of PCs now having fast CPUs and only running small home networks.

As I said earlier, if you tried running a full LAN through a software firewall running on a PC, that was also being used for playing Quake (for example), then you would see service degradation.

I think you're being far too pedantic and argumentative, as you do seem to understand the issues in question.

And I can do without the water analogy. It's rather old hat.

Mr Mephisto

Mephisto2

PS - and with no malice whatsoever, the link to your site on your profile has a typo.

Just thought you'd like to know...



Mr Mephisto

PS - am intriqued by your RC hacking reference. IM me offline...

Mephisto2

[snip double post]

Peetster

Sounds like Bit Torrent uses a non-standard port series that is being blocked by Zone Alarm. Go to your logs and see what Zone Alarm is doing.

Pragma

I'm siding with Mr Mephisto on this one, charliex. Software firewalls, while inferior to hardware firewalls, will show almost no noticable performance degradation on SOHO networks. If you run a large network through one, while maxing the CPU or doing other strenuous activities on it, you will see degradation.

As for your comment about hardware firewalls having inferior CPUs - very true, but hardware firewalls are built from the ground up for nothing but firewall work, and as such have very high throughput backplanes. Therefore, you'll have better performance through a dedicated hardware piece (ie: Cisco PIX firewall) than you will with your old 500MHz desktop running Linux.

Anyways, the main discussion was with home networks - and that's been answered.

__________________
Eat antimatter, Posleen-boy!

charliex

The question is 'will a software firewall running on an home PC affect network bandwidth".

The answer is 'no' ,thats all there is too it, if the software firewall is causing slowdowns in bandwidth, either the PC is archaic or there is something wrong with the hardware or software.

You will have exactly the same amount of bandwidth firewall or otherwise theres no new traffic generated.

The bus speed of an enterprise class PIX firewall IIRC is 66mhz, say for arguments sake the 535 , 1 gigabit per second of throughput..

Typically a custom designed hardware dedicated to move extremely large amounts of data will mostly likely be faster, but not always, and it doesnt match a modern PC , since it doesn't usually need too.

Again network speeds are tiny compared to CPU bus and memory speeds, the bottleneck on a system less than 8 years old (maybe more) is going to be the ethernet pipe, not many home users run gigabit ethernet, and even then a modern PC is quite capable of running a 1G ethernet card.

Most network cards don't even run close to capacity.

A PCI-X 1066 bus can transfer data at 8.5 gigaBYTES per second.

Whats an OC48 run at 2.4 giga bits per second ?

Not even in the same league.

The bottleneck will be the dsl or cable modem, the network card will always be starved, and the cpu will be at grade 1 famine.

I can't see why on earth anyone would think otherwise, granted in a multiple OC48 with hundreds of ports then the data transfers get hairy, but this is all about a home user running a software firewall on a PC..

re the link, thanks mr mephisto i'll edit it.

Mephisto2

Like I said above, if your PC is handling multiple tasks, or is at or near CPU capacity, and (for example) you are using more and more complex rules etc, then you will see a performance hit.

Considering this further, you will probably see the PC shit itself rather than "slow" the network down per se, but if it has to examine every packet in detail and check the higher layers (even opening individual TCP datagrams for example), depending upon what level of rules you are running, then you will see performance hits.

Real world experience equates to probably no impact (as already stated in my first post).

Theoretically, of course there is a chance of a performance hit.

There seems to be no point in arguing this any further.

Mr Mephisto

charliex

firewall runs in ring mode 0 at driver level, if it isnt getting any CPU time, therefore nothing outside the hardware or code taking all the time away is gettign any either, so the software that was downloading the data wouldnt get any either, so that means that even if you didnt have a software firewall it would do exactly the same.

Since you'd get the same results with or without firewall, it makes no sense to include that case.