10GbE networking asymmetry in testing setup

jet@hackertalks.com · edit-2 23 hours ago

Windows is enterprise, nothing else comes close if you want to manage many hundreds or thousands of computers.

Enterprise Windows has full control, everything can be automated, everything can be removed. All the annoyances you have in retail windows disappear. It’s just a group policy rule, which is managed centrally, away.

Prevent users from installing apps? Lockdown what devices can be plugged in? Windows makes it possible

HyperV on windows is a super power for enterprise. Want a locked down environment, run it in A VM. Want a qubes experience, do it in hyper-V.

jet@hackertalks.com · 1 day ago

No, the photo is of a general computer. So most of the cooling is for the CPU and GPU.

SFP modules can get quite hot, especially if they’re pushing high frequencies over copper. So you’ll see some people complaining about their 10 gigabit copper SFP modules overheating. Especially on passively cooled network equipment.

Fiber optics don’t get nearly as hot, and don’t have overheating issues. Direct connect cables also do not get hot.

I’d much rather have all of my networking equipment with fiber optics, then copper. The trade-off is it’s harder to splice your own fiber optic cable and put termination on it, the benefit is the equipment is much much cheaper, More reliable, cooler, goes further distance… A fiber optic SFP module cost about $10 for one, but a copper SFP module is like $100.

jet@hackertalks.com · edit-2 1 day ago

And if you’re one of the people who can crack a beer open with the owners of Google, then you found your right community.

However, in the general case, I don’t think these count as any individuals communities. You can’t rub elbows with the people maintaining Google and Facebook. You can’t talk to them about issues you’re having, they’re not going to dynamically modify the system for special cases that are important to your community. A community is a group of people who know each other.

jet@hackertalks.com · 1 day ago

Right. I think the real vision isn’t that every single person self-hosts, but every community has somebody in it who does the self-hosting for the community. Everybody can be independent like villages instead of totally centralized like empires

jet@hackertalks.com · 1 day ago

I like the way you think! This is good engineering

I replaced both direct connect cables with new ones, I used new switch ports.

The asymmetry persists. Linux to windows 9.5GiB/s, Windows to Linux 6.5GiB/s

now we know it probably isn’t the cables!

jet@hackertalks.com · 1 day ago

Yes, exactly the same results.

I’m thinking it might be on the linux side? i’m double checking my debian network stack now

jet@hackertalks.com · 1 day ago

That is a great idea to test!

iperf windows to debian -P4 6Gbit/sec

.\iperf3.exe -c 192.168.11.57  --get-server-output  --dont-fragmen -P 4
Connecting to host 192.168.11.57, port 5201
[  5] local 192.168.11.132 port 56910 connected to 192.168.11.57 port 5201
[  7] local 192.168.11.132 port 56911 connected to 192.168.11.57 port 5201
[  9] local 192.168.11.132 port 56912 connected to 192.168.11.57 port 5201
[ 11] local 192.168.11.132 port 56913 connected to 192.168.11.57 port 5201
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec   190 MBytes  1.59 Gbits/sec
[  7]   0.00-1.00   sec   192 MBytes  1.60 Gbits/sec
[  9]   0.00-1.00   sec   192 MBytes  1.60 Gbits/sec
[ 11]   0.00-1.00   sec   189 MBytes  1.58 Gbits/sec
[SUM]   0.00-1.00   sec   764 MBytes  6.38 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   1.00-2.01   sec   190 MBytes  1.58 Gbits/sec
[  7]   1.00-2.01   sec   190 MBytes  1.58 Gbits/sec
[  9]   1.00-2.01   sec   190 MBytes  1.58 Gbits/sec
[ 11]   1.00-2.01   sec   190 MBytes  1.58 Gbits/sec
[SUM]   1.00-2.01   sec   760 MBytes  6.33 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   2.01-3.00   sec   186 MBytes  1.58 Gbits/sec
[  7]   2.01-3.00   sec   189 MBytes  1.60 Gbits/sec
[  9]   2.01-3.00   sec   189 MBytes  1.60 Gbits/sec
[ 11]   2.01-3.00   sec   189 MBytes  1.60 Gbits/sec
[SUM]   2.01-3.00   sec   754 MBytes  6.38 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   3.00-4.01   sec   190 MBytes  1.58 Gbits/sec
[  7]   3.00-4.01   sec   190 MBytes  1.58 Gbits/sec
[  9]   3.00-4.01   sec   190 MBytes  1.58 Gbits/sec
[ 11]   3.00-4.01   sec   190 MBytes  1.58 Gbits/sec
[SUM]   3.00-4.01   sec   761 MBytes  6.33 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   4.01-5.00   sec   188 MBytes  1.59 Gbits/sec
[  7]   4.01-5.00   sec   188 MBytes  1.59 Gbits/sec
[  9]   4.01-5.00   sec   188 MBytes  1.59 Gbits/sec
[ 11]   4.01-5.00   sec   188 MBytes  1.59 Gbits/sec
[SUM]   4.01-5.00   sec   754 MBytes  6.37 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   5.00-6.01   sec   191 MBytes  1.59 Gbits/sec
[  7]   5.00-6.01   sec   191 MBytes  1.59 Gbits/sec
[  9]   5.00-6.01   sec   191 MBytes  1.59 Gbits/sec
[ 11]   5.00-6.01   sec   189 MBytes  1.58 Gbits/sec
[SUM]   5.00-6.01   sec   762 MBytes  6.35 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   6.01-7.00   sec   188 MBytes  1.59 Gbits/sec
[  7]   6.01-7.00   sec   189 MBytes  1.59 Gbits/sec
[  9]   6.01-7.00   sec   188 MBytes  1.59 Gbits/sec
[ 11]   6.01-7.00   sec   189 MBytes  1.60 Gbits/sec
[SUM]   6.01-7.00   sec   754 MBytes  6.38 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   7.00-8.01   sec   192 MBytes  1.59 Gbits/sec
[  7]   7.00-8.01   sec   191 MBytes  1.59 Gbits/sec
[  9]   7.00-8.01   sec   192 MBytes  1.59 Gbits/sec
[ 11]   7.00-8.01   sec   191 MBytes  1.59 Gbits/sec
[SUM]   7.00-8.01   sec   766 MBytes  6.37 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   8.01-9.00   sec   188 MBytes  1.59 Gbits/sec
[  7]   8.01-9.00   sec   188 MBytes  1.59 Gbits/sec
[  9]   8.01-9.00   sec   188 MBytes  1.59 Gbits/sec
[ 11]   8.01-9.00   sec   188 MBytes  1.59 Gbits/sec
[SUM]   8.01-9.00   sec   752 MBytes  6.36 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   9.00-10.01  sec   191 MBytes  1.59 Gbits/sec
[  7]   9.00-10.01  sec   191 MBytes  1.59 Gbits/sec
[  9]   9.00-10.01  sec   191 MBytes  1.59 Gbits/sec
[ 11]   9.00-10.01  sec   191 MBytes  1.59 Gbits/sec
[SUM]   9.00-10.01  sec   764 MBytes  6.36 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-10.01  sec  1.85 GBytes  1.59 Gbits/sec                  sender
[  5]   0.00-10.01  sec  1.85 GBytes  1.59 Gbits/sec                  receiver
[  7]   0.00-10.01  sec  1.86 GBytes  1.59 Gbits/sec                  sender
[  7]   0.00-10.01  sec  1.85 GBytes  1.59 Gbits/sec                  receiver
[  9]   0.00-10.01  sec  1.86 GBytes  1.59 Gbits/sec                  sender
[  9]   0.00-10.01  sec  1.85 GBytes  1.59 Gbits/sec                  receiver
[ 11]   0.00-10.01  sec  1.85 GBytes  1.59 Gbits/sec                  sender
[ 11]   0.00-10.01  sec  1.85 GBytes  1.59 Gbits/sec                  receiver
[SUM]   0.00-10.01  sec  7.41 GBytes  6.36 Gbits/sec                  sender
[SUM]   0.00-10.01  sec  7.41 GBytes  6.35 Gbits/sec                  receiver

Server output:
-----------------------------------------------------------
Server listening on 5201 (test #15)
-----------------------------------------------------------
Accepted connection from 192.168.11.132, port 56909
[  5] local 192.168.11.57 port 5201 connected to 192.168.11.132 port 56910
[  8] local 192.168.11.57 port 5201 connected to 192.168.11.132 port 56911
[ 10] local 192.168.11.57 port 5201 connected to 192.168.11.132 port 56912
[ 12] local 192.168.11.57 port 5201 connected to 192.168.11.132 port 56913
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-1.00   sec   188 MBytes  1.57 Gbits/sec
[  8]   0.00-1.00   sec   190 MBytes  1.59 Gbits/sec
[ 10]   0.00-1.00   sec   190 MBytes  1.59 Gbits/sec
[ 12]   0.00-1.00   sec   187 MBytes  1.57 Gbits/sec
[SUM]   0.00-1.00   sec   754 MBytes  6.32 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   1.00-2.00   sec   189 MBytes  1.58 Gbits/sec
[  8]   1.00-2.00   sec   189 MBytes  1.58 Gbits/sec
[ 10]   1.00-2.00   sec   189 MBytes  1.58 Gbits/sec
[ 12]   1.00-2.00   sec   189 MBytes  1.58 Gbits/sec
[SUM]   1.00-2.00   sec   754 MBytes  6.33 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   2.00-3.00   sec   188 MBytes  1.58 Gbits/sec
[  8]   2.00-3.00   sec   191 MBytes  1.60 Gbits/sec
[ 10]   2.00-3.00   sec   191 MBytes  1.60 Gbits/sec
[ 12]   2.00-3.00   sec   191 MBytes  1.60 Gbits/sec
[SUM]   2.00-3.00   sec   760 MBytes  6.38 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   3.00-4.00   sec   189 MBytes  1.58 Gbits/sec
[  8]   3.00-4.00   sec   189 MBytes  1.58 Gbits/sec
[ 10]   3.00-4.00   sec   189 MBytes  1.58 Gbits/sec
[ 12]   3.00-4.00   sec   189 MBytes  1.58 Gbits/sec
[SUM]   3.00-4.00   sec   755 MBytes  6.34 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   4.00-5.00   sec   190 MBytes  1.59 Gbits/sec
[  8]   4.00-5.00   sec   190 MBytes  1.59 Gbits/sec
[ 10]   4.00-5.00   sec   190 MBytes  1.59 Gbits/sec
[ 12]   4.00-5.00   sec   190 MBytes  1.59 Gbits/sec
[SUM]   4.00-5.00   sec   759 MBytes  6.37 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   5.00-6.00   sec   190 MBytes  1.59 Gbits/sec
[  8]   5.00-6.00   sec   190 MBytes  1.59 Gbits/sec
[ 10]   5.00-6.00   sec   190 MBytes  1.59 Gbits/sec
[ 12]   5.00-6.00   sec   188 MBytes  1.58 Gbits/sec
[SUM]   5.00-6.00   sec   758 MBytes  6.35 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   6.00-7.00   sec   190 MBytes  1.59 Gbits/sec
[  8]   6.00-7.00   sec   190 MBytes  1.59 Gbits/sec
[ 10]   6.00-7.00   sec   190 MBytes  1.59 Gbits/sec
[ 12]   6.00-7.00   sec   190 MBytes  1.59 Gbits/sec
[SUM]   6.00-7.00   sec   759 MBytes  6.37 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   7.00-8.00   sec   190 MBytes  1.59 Gbits/sec
[  8]   7.00-8.00   sec   190 MBytes  1.59 Gbits/sec
[ 10]   7.00-8.00   sec   190 MBytes  1.59 Gbits/sec
[ 12]   7.00-8.00   sec   190 MBytes  1.59 Gbits/sec
[SUM]   7.00-8.00   sec   760 MBytes  6.38 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   8.00-9.00   sec   189 MBytes  1.59 Gbits/sec
[  8]   8.00-9.00   sec   189 MBytes  1.59 Gbits/sec
[ 10]   8.00-9.00   sec   189 MBytes  1.59 Gbits/sec
[ 12]   8.00-9.00   sec   189 MBytes  1.59 Gbits/sec
[SUM]   8.00-9.00   sec   758 MBytes  6.35 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]   9.00-10.00  sec   190 MBytes  1.59 Gbits/sec
[  8]   9.00-10.00  sec   190 MBytes  1.59 Gbits/sec
[ 10]   9.00-10.00  sec   190 MBytes  1.59 Gbits/sec
[ 12]   9.00-10.00  sec   190 MBytes  1.59 Gbits/sec
[SUM]   9.00-10.00  sec   759 MBytes  6.37 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[  5]  10.00-10.01  sec  2.50 MBytes  1.51 Gbits/sec
[  8]  10.00-10.01  sec  2.50 MBytes  1.51 Gbits/sec
[ 10]  10.00-10.01  sec  2.50 MBytes  1.51 Gbits/sec
[ 12]  10.00-10.01  sec  2.50 MBytes  1.51 Gbits/sec
[SUM]  10.00-10.01  sec  10.0 MBytes  6.03 Gbits/sec
- - - - - - - - - - - - - - - - - - - - - - - - -
[ ID] Interval           Transfer     Bitrate
[  5]   0.00-10.01  sec  1.85 GBytes  1.59 Gbits/sec                  receiver
[  8]   0.00-10.01  sec  1.85 GBytes  1.59 Gbits/sec                  receiver
[ 10]   0.00-10.01  sec  1.85 GBytes  1.59 Gbits/sec                  receiver
[ 12]   0.00-10.01  sec  1.85 GBytes  1.59 Gbits/sec                  receiver
[SUM]   0.00-10.01  sec  7.41 GBytes  6.35 Gbits/sec                  receiver


iperf Done.

Though curiously i see the same behavior, 9.5Gbit linux->windows, and 5Gbit windows->linux… i’m perplexed

jet@hackertalks.com · edit-2 1 day ago

10GbE networking asymmetry in testing setup

jet@hackertalks.com · 2 days ago

Yes. Almost exclusively using crypto.

I don’t want reminders to donate again, I don’t want to be targeted in future marketing campaigns, I don’t want to receive political call to action emails as a ally.

I want to support and be done with it.

jet@hackertalks.com · edit-2 2 days ago

I run infrastructure that’s mostly ubiquity, with a sprinkling of mikrotik. I have no complaints, I really like the devices. They just work.

A switch you need to manually configure after every reboot sounds quite annoying. I don’t know if that’s something you can fix in software, if not sounds like a deal breaker to me.

As far as security risks go: you really need to model your threats, and your level of risk tolerance. Every single device, everyone, regardless of who makes it, has security faults. There is a remote code exploit for every device out there, some of them haven’t been discovered yet, some of them will never get discovered, but they all exist. So the real question is, how much work, how much money, do you want to spend to reduce the probability? And if it does get exploited what is your next fallback? Your network should have defense and depth. Breaking into one component should not breach everything.

Ubiquiti is great, because they’ve supported all of their devices, automatic updates. But they’re a big force now, which means they’re a big target. Which means there’s more effort put into breaking into the systems. Not to mention they really really really really really really want to control everything via cloud accounts, so that’s a huge risk surface that other network products don’t have.

Going onto your risk tolerance, if you’re trying to do all the best practices, internally in your network you would have some intrusion detection system, maybe a honey pot. Those would alert you. These systems exist because it’s inevitable eventually your system will get breached, the question is how long before you notice?

jet@hackertalks.com · 3 days ago

Yes! All motherboards should come with SFP+ ports now!

jet@hackertalks.com · edit-2 4 days ago

Typically the attacks don’t take 10 hours… they take seconds, what takes time is getting the captured device a laboratory and the laboratory having time to look at it. So what will happen usually is the phone is put into a faraday bag, hooked up to a usb charger, and put on a shelf until the laboratory can get around to it.

Once the lab starts attacking the phone, it could take seconds as I said above, but some attacks are more involved requiring the phone to be disassembled and leads soldered onto the board. The restarting is about reducing the time the lab has before they can start and finish their attack

The same process applies to computers and laptops as well, there are lots of mouse jigglers for sale to prevent a screen saver from going on.

jet@hackertalks.com · edit-2 4 days ago

https://discuss.grapheneos.org/d/17505-graykey-leaked-doc-of-android-device-capabilities

https://grapheneos.social/@GrapheneOS/113510696930156578

jet@hackertalks.com · edit-2 6 days ago

Ikea shelf instead of a rack, but I used metal shelves for better thermals!

Top to bottom:

Unifi ac
Brother printer
Sunshine streaming machine
ftth 1 / 2, unifi GW pro
AVR, UPS, Synology NAS

jet@hackertalks.com · 12 days ago

Firefox lets you set default site settings, make the default site setting disable autoplay audio and video.

For sites where you know you trust the video, you can do a per site permission in the URL bar saying autoplay is allowed for like YouTube

jet@hackertalks.com · edit-2 15 days ago

It would be nice if people just said what they were thinking.

We wanted to juice our PSN subscriber numbers, so we’re forcing everybody to make a PSN account, so hopefully they spend more money with us in the future

jet@hackertalks.com · 17 days ago

https://www.privacyguides.org/en/vpn/

jet@hackertalks.com · 25 days ago

The side with the power button is now the top. There is no ports or io on the bottom.

jet@hackertalks.com · 1 month ago

New Community Metabolic_Health discussions

jet@hackertalks.com · edit-2 7 months ago

Favorite portable computer bench case?

jet@hackertalks.com · 1 year ago

Have it your way! Surely they can also use long John silvers…

jet@hackertalks.com · 1 year ago

You can ask the same thing at the internet level. Why are people paying for internet service when they could go to the public library and get free Wi-Fi.

Internet service VPNs are foundational networking. You need them to do anything else.

jet@hackertalks.com · 1 year ago

I totally be interested in this sort of testing methodology being published. Maybe in a wiki?

Getting comparable numbers for buffer bloat and queuing would be great for commercial routers. Of course you would want to compare against Enterprise solution so that people know where on the spectrum they’re landing.

Full disclosure I roll my own GLI net open WRT router and I enforce different queues for qos seperation… i.e. downloading and streaming shouldn’t interfere with VoIP calls and gaming