Bridge and Firewall Effects on Bandwidth in Linux Network

Many years I use my own Gateway device which is Banana Pi.
Banana Pi is not a new device and I wondered what if I get a gigabit connection, this device can handle my bandwidth ? And also I have other questions in mind. “Does the Firewall have a huge effects on interface ? How many bandwidth reduced with bridging interfaces ? “

So I made tests for illuminate these questions.

My test suite

  • Banana PI
  • TPlink Archer VR 200 Gigabit Modem/Router
  • laptop

First I install iperf on my Gateway, I create a ubuntu container and settled this container network mode to host.
On the PC side, I install IPerf on WSL. Before the start test I make a test with protocol and TCP congestion algorithms.
My bests results are come with TCP based connection on TCP cubic control an 3 Parallel connection. BBR is not stabile at this test. Results with BBR is between 650 and 800.

Pure Interface #eth0

My local gigabit network can achieve 835 megabit. It is acceptable for my suite to me.
Average is 800 megabit in this test.

Bridge

Bridge is just have only 50 megabit affect while nearly has a 800 megabit connection. When I think advantage of bridging for my projects, it’s okay for me.

Firewall

My rules on my firewall (Netfilter) are : Drop any incoming packets on PPP interface, some white list IPS and Nat.
The effect is impressive on my Banana Pi.

Bridge and Firewall

Speed is drop to 600 megabit, I lost 200 megabit on my device.

Bridge - Firewall and NAT activity

Iperf result down to 300 Megabits while taking speedtest. In the Gateway side also has a PPPOE connection and PC side is downloading created data. 300 Used for IPerf + (2*50) Is used for Speedtest. Total bandwidth is 400 megabit on device While Firewalling, bridging, Nat and PPPOE connection between ISP.

Is this Good or Bad ?

My view is the results are good for Banana Pi M1, but When I think firewall and NAT effects on my device this is not good. It is explains why huge companies move to BPF. My results are also shows that my home network is not capable for 1 Ge internet connection but quite enough for 100 megabit connection.