u/MathResponsibly

I was trying to diagnose a problem with a VPN connection to another site (that's on gig fiber with another provider), and I just couldn't figure out why in one direction I was getting ~20Mbps, but in the other 500+Mbps. Started doing some speed tests in general from my Ziply connection, and speeds seem all over the map.

If I use the web speedtest.net to the Ziply Server in Seattle, I get reasonable speeds - 840 down, 930 up (but seeing as this should be internal to Ziply, rather questionable that it's not ~940ish in both directions, given I'm using gigabit ethernet on my side)

https://preview.redd.it/0gf93vzl0u1h1.png?width=736&format=png&auto=webp&s=2a0d73d350bcf0ab3e483a4d85ea86ed5c85bc93

On the "default" (for me) FIBERFI speedtest server in Portland, I get 920 / 934

But changing to the Comcast server in Portland, I get massively slower downloads, but just as fast uploads. 36Mbps down, but 916 up???

https://preview.redd.it/x1l5ap1y0u1h1.png?width=734&format=png&auto=webp&s=2be28541c6e5121a7d1e9bc889379631cd3e6c6d

Trying some public iperf3 servers, I'm seeing the same thing. Testing to a public iperf3 server in Phoenix, speeds are just absolutely terrible in the download direction (~70Mbps), but ok-ish in upload (590Mbps):

https://preview.redd.it/ovrx6v077u1h1.png?width=564&format=png&auto=webp&s=4e7bd0f1a65aa9ebb5b321f537b75d44b7832beb

https://preview.redd.it/3popfu597u1h1.png?width=564&format=png&auto=webp&s=43296ca02163c3281651092bdcaaa16eea336895

Trying another leaseweb iperf3 server in seattle (speedtest.sea11.us.leaseweb.net) gives similar performance: ~20Mbps down, 940Mbps up)

leaseweb iperf3 in DC (speedtest.wdc2.us.leaseweb.net) ~80Mbps down, 300Mbps up

datapacket in seattle (84.17.41.11 -p 5201), ~40Mbps down, ~80Mbps up

If I try any of these from my other fiber connection, speeds are considerably better:

datapacket in seattle (from Quantum Fiber in phoenix) 780 down, 590 up

leaseweb in phoenix (from Quantum Fiber in phoenix) 941 down, 941 up

https://preview.redd.it/lksdicnl7u1h1.png?width=565&format=png&auto=webp&s=d4378793bb7d685ae8e85ad3d94fb6327dbc4257

I know Ziply doesn't control the whole internet, but something seems majorly wrong to be getting such asymmetric speeds, getting less than 100Mbps from any major US network.

It's obviously not my connection, or anything on my end, as I can get decently fast speeds from the Ziply speedtest server in Seattle, and FIBERFI speedtest server in Portland.

Been bashing my head for hours trying to figure out what's wrong with my VPN settings, and instead it seems to be some larger problem with Ziply?

I've migrated my firewall / router box to a brand new install of Debian Trixie (13). I installed with netinst iso, text install, no GUI installed, just ssh server selected during install.

I need to override the domain name and dns nameservers provided by my ISP over dhcp. There was a previous post about this a while ago, and there was no firm resolution that I can see: https://www.reddit.com/r/debian/comments/1ncoxia/debian_13_etcresolvconf/

I'm running into the exact same issue as mentioned in that thread. I want ip address / subnet / gateway by DHCP, but to ignore (or prepend) the DHCP supplied nameservers and override the domain name.

This USED to be so easy - you put 2 lines in /etc/dhcp/dhclient.conf:

supersede domain-name "whatever.internal";
prepend domain-name-servers 192.168.2.1;

and now it's a huge hulabalu to even figure out which of 30 different ways the network is being setup - and this is PROGRESS??? HOW???

Just like in the original thread, I seem to be using ifupdown (configured through /etc/network/interfaces), which is using dhcpcd as the dhcp client now. None of dhcpcd, NetworkManager, etc is running as a systemd service.

I tried adding this to /etc/dhcpcd.conf - it didn't work:

interface enp2s0f3
static domain_name_servers 192.168.2.1
static domain whatever.internal

It didn't work

I tried adding it to /etc/network/interfaces (which I don't even think this is a valid way, I think this is a complete hallucination by google's dumb AI, but it did suggest this)

iface enp2s0f3 inet dhcp
 dns-nameservers 192.168.2.1 8.8.8.8 1.1.1.1
 domain whatever.internal

It didn't work.

So what is the correct way to get dhcpcd to override the supplied nameservers and domain?

no matter what I do, or try, I still end up with this in /etc/resolv.conf

# Generated by dhcpcd from enp2s0f3.dhcp
# /etc/resolv.conf.head can replace this line
nameserver [ISP nameserver ip 1]
nameserver [ISP nameserver ip 2]
# /etc/resolv.conf.tail can replace this line

I'm trying out wireguard, hoping to switch to it from OpenVPN for my inter-site vpns to get better performance / faster throughput. A quick diagram of my network:

https://preview.redd.it/yt6he3k8sk1h1.png?width=823&format=png&auto=webp&s=f082eb81d983133c990609db0e4507a8c7c77cae

Router A and Router B are debian boxes with multi-port nics that are the routers / firewalls / etc for 2 sites.

At router A, I have a test box setup to act as a wireguard server (eventually the test box will replace Router A, but for now, I just have UDP port 51820 forwarded from the public interface through the existing router to the Test Server).

I have the test server running wireguard as the server, and Router B connects to it through the internet (and router a) to form the 10.10.0.0/24 wireguard virtual interface. I'm not doing any forwarding of the lan on either side over the wireguard interface for now, I'm just testing between the two wireguard endpoints 10.10.0.1 and 10.10.0.2

If I test the speed of that interface, by running iperf3 server on router B

iperf3 -s -B 10.10.0.2

and run ipef3 client on the Test server

iperf3 -c 10.10.0.2 -t 30 -b 1200M -l 1400

If I run a TCP test, I get terrible performance, 20-50Mbps. If I run the iperf3 client in UDP mode (with -u), I get 850Mbps (and during that time, one of the CPU cores on Router A hits 100%, so I think that's the bottleneck, and why Router A ultimately needs to be replaced). Both sides have symmetric 1G fiber internet connections, and speed tests on both sides not going through wireguard show the full ~940Mbps expected when using gig ethernet cards.

EDITED TO ADD: When I say speedtest, I mean like speedtest.net speedtest. If I speedtest using iperf3, running iperf3 server on the public address of Router B, and connecting from Test Server, I get almost the same speeds - 20-50Mbps TCP, and 930 to 940Mbps on UDP. Leads me to believe the problem is something on Router A...

The MTU of the wg0 interface on both sides is set to the default of 1420 (and I have confirmed with

ping -M do -s 1392 10.10.0.2

from the Test Server that 1420 byte packets go through without fragmentation (1392 + 28 header = 1420 packet). I also have the MSS of the wg0 interface on router B pinned to 1380 in the firewall config.

What could be causing the super bad 20-50Mbps TCP throughput vs the 850Mbps UDP throughput through wireguard? How do I diagnose further to find the issue?

Something I've always struggled with, and not found a lot of resources on is how to send reliable digital data down long cables. I understand transmission line theory, impedance matching, etc etc, but I'm missing something between that and practical applications.

Say I have a long cable and I need to send a 5V digital signal down it. I can measure the short circuit inductance and open circuit capacitance of the cable and calculate the characteristic impedance, but if I then terminate both ends of the cable with that impedance for "maximum power transfer", I end up halving the voltage, which means I only have 2.5V signal at the far end across the termination resistor - not good for a digital signal. So for a digital system, it seems like maximum power transfer is not the ideal goal for cable termination, as it is in RF.

I also saw this post earlier https://www.reddit.com/r/rfelectronics/comments/1t5l2km/looking_for_smd_network_termination_devices/ about terminating a cable with some inductance (to counteract the capacitance of the cable I guess) in parallel with some resistance, and how that helps preserve the fast edges of a digital signal. How do you properly calculate the inductor value and parallel resistor value? I wouldn't think you'd want to exactly cancel out the cable capacitance, do you? Do you end up with a resonance problem at certain frequencies? Because a sharp rising edge essentially has all frequencies, doesn't this lead to ringing at the resonance frequency?

I need to push a digital signal down a long cable, and I'm having problems with my rising edges looking very "capacitive" at the far end of the cable - of course it gets worse as the cable gets longer, until the edges are rising so slowly that they're not reaching the threshold to be detected as a high before the bit time is over. Putting a pull-up resistor, higher than the "characteristic impedance" of the cable (to avoid the 1/2 voltage drop at the actual characteristic impedance) at the far end helps, but only so much.

I feel like I can never find good information on this topic, either in books, or on the internet, yet it seems like a very important and fundamental topic to get anything practical that needs a long cable to work correctly.

So I finally got to getting my price updated, and it's very convenient that you email me the chat transcript, because it makes this VERY easy to show just how dishonest things are now. Chat agent says $50, but email confirmation shows $70??? WTH???

Also why are the timestamps in the chat log in the wrong timezone?

I left the order number in so someone can investigate and fix this.

The chat option on the website isn't even currently working - it just spins it's circle logo forever and never actually connects me to anyone.

https://preview.redd.it/pl2u0j09otxg1.png?width=551&format=png&auto=webp&s=458fc36d10ebabfc561e2a32d829d51069131824