@heper OK. I realized my ISP also has iperf3 server listening so I tried that instead of speedtest. I attached a virtio vtnet interface to pfsense and made a better comparison with single vs. parallel flows, IPv4 vs. IPv6, and coming from physical port (ix) vs. virtio (vtnet). WAN is always physical port.

You had right, I think it is related to tx/rx queue issue you also linked above.

My test results show a single flow (ix or vtnet) can support around 5Gb/s on my system (packet filtering enabled). If I enable parallel, ix reaches to 9Gb/s, it does not matter IPv4 (NAT) or v6 (no NAT), and it consumes around 70% CPU (4 cores). However, when using vtnet with parallel flow, neither throughput nor CPU use changes and it is still around 5-6Gb/s (similar to single flow). It is actually very good for a single flow (as good as physical) and CPU consumption is not different (only a few percents higher maybe).

@viragomann I can confirm your diagnosys, removing the "10" IP, now the sessions from external "10" to "100" work and are stable.

Thank you very much again.

Hi,

I have pfSense 22.05 virtualized in proxmox 7.3: I had strange network performance issue with it and also with a plain debian install.

Turned out issue was NIC used (intel 210) belonged to a PCIE card, while in proxmox grub I had pcie passthrough option active: once removed all back to normal.
Not sure if that could be related though

@ar-ptg-co I would suspect that it doesn't come with support other than here at the forum since it's a Microsoft product...anymore and you should expect to pay; let hope that support staff verify.

@gulzoa712 You need to provide a diagram of your network.
Why are you using two routers on the same segment?
Separate the pfsense network from your other segment.

@urbaman75
I would restore the existing config on the new, then reassign the vlans to the new interfaces. Worked fine for me in the past.


So first I did not have my adaptors setup and it was wanting me to setup a vlan through a cryptic command line, then I could not access it because my router had the same IP now finally I can continue following the course. I did try to change the IP through the cryptic menu and that did not work out. So I went back and changed the IP on my linksys. that was less complex. Maybe changing the ip the web access works better.

@provels Thanks a bunch! Mediacom had to send out a tech and then a follow maintenance truck to find and remove the problem in my neighborhood and they finished an hour ago. Speed is running 20% over what I'm supposed to get with zero packet loss.

**** UPDATE ****

I found that there was a new FIRMWARE update for the HP 331T-Quad card, and I applied it. It is like 2 versions higher now than where it was.

Did a brand new install of Proxmox, and enabled the IOMMU settings.

Still seeing the PCI Bus errors, and found an article to add 'pci=nommconf' to the loader.conf section.

Been running more than 2 hours - no PCI Bus errors.

So I built a new pfSense VM and added the PCI directly for 0000:01:00.0 and 0000:01:00.1 as two NICs to the VM (direct access not virtualized ports).

Software installs - but only one Interface is seen (not 2)....and just repeated errors about a Firmware Link - over and over and over.

Oh Well - according to UPS, my INTEL i5-T4V2 card should be here tomorrow.

@patch

Somewhat understand your answer. I have tried passing 2 ports of the 4-port NIC card as separate ports to pfSense VM (see below - 1:00.0 and 1:00.1) - but when the VM starts, only one of them is seen.

7ebdcfc5-dc63-422f-91f2-953f786cdc1d-image.png

This is why I asked can I just pass-thru the WAN port and use paravirtualized as the LAN port? Any advantages to this? Disadvantages I understand if I have to backup or restore, I cannot unless everything is virtualized.

I have pfSense running on an HP T620+ ThinClient which once I move - will be stored as a backup router/firewall in case something happens with Proxmox.

A solved same problem by tunring on "Disable hardware TCP segmentation offload" and "Disable hardware large receive offload" options in System->Advanced->Networking