@softwareplumber said in Help analyzing performance bottleneck on Protectli FW4B: If it's the ISP I'll be mad. Who is the ISP? A while ago we confirmed with others and AT&T that their business fiber router has (or, had) a low limit. This was a note I had from 2018, based on emails from an AT&T rep: "AT&T Business Fiber does not support true IPv6, but customers may use 6rd to facilitate IPv6 tunneling across IPv4 infrastructures. AT&T Business Fiber does not support “true” bridge mode, however it does support IP Passthrough Mode. The new AT&T Business Fiber modem we deployed, the BGW210, supports up to 8,000 concurrent IP sessions." I found another note from someone else about "AT&T Broadband Fiber" allowing all of 2000. re: "exactly one hour," there is a patch in the new System Patches package for "Disable pf counter data preservation to temporarily work around latency when reloading large rulesets (Redmine #12827)"

@kennypollock I am using a "Plugable 2.5G USB C and USB to Ethernet Adapter, 2-in-1 Adapter Compatible with USB C/Thunderbolt 3 or USB 3.0, USB-C to RJ45 2.5 Gigabit LAN Compatible with Mac and Windows" on my Windows client machine It was pending on the FreeBSD support for the USB Adapter, more then once seen here they are often sorted with FreeBSD incompatible chips.

Adding some details now I'm at my desktop. [2.5.2-RELEASE][root@pfsense.local.lan]/root: dmesg | grep 710 ixl0: <Intel(R) Ethernet Controller X710 for 10GBASE-T - 2.3.0-k> mem 0x38bffe000000-0x38bffeffffff,0x38bfff008000-0x38bfff00ffff irq 47 at device 0.0 numa-domain 0 on pci7 ixl1: <Intel(R) Ethernet Controller X710 for 10GBASE-T - 2.3.0-k> mem 0x38bffd000000-0x38bffdffffff,0x38bfff000000-0x38bfff007fff irq 47 at device 0.1 numa-domain 0 on pci7 [image: 1647534513145-1bb2b6b4-d239-4281-aca2-8b6c21fe7c1f-image.png] Syncing up nicely at 2.5gbps to my cable modem, and 10G port to my switch.

@robatwork said in Lightweight/low cost hardware for pfsense: Thanks, but I really wanted something that didn't need another "box" ie. modem I was mislead by the entire topic, sorry for that. With more money and knowledge if the BT in UK supports this modems (named and linked below) you could be happy, but not matching your price. Netgate 2100 + ADSL/VDSL SFP modem VT AIR 100 Firewall + ADSL/VDSL SFP modem

@joshhboss Can you provide us with more details please? WAN Bandwith, are they all WiFi Users? Which switches and other hardware will be in game here? What packet you want to install on your pfSense? Squid, pfblockerNG, Snort, Captive Portal with voucher system and radius certificate,....... Or do you only have 2 GBit/s WAN lines and wan to connect all users over WiFi and LAN into some VLANs and the firewall do the routing job? Please don`t get me wrong here, but if you have stacked (ring) Layer3 switches and also core Switches plus one or more WiFi controllers and pfSense do only the firewall job all will be fine here for 4000 - 6000 users.

@cool_corona Thanks for your reply - I really appreciate it

@jean-francois This is still relevant in 2.6.0. Had a NIC die and didn't have a replacement on hand. Plugged in a TP-Link UE200 with the RTL8153 chipset. It was capping out at 40MBit. Using the 2 config lines you posted boosted the throughput up to 250mbit, which should suffice until a replacement nic arrives.

@orangehand said in SFP transceiver to connect to ADVA box: @pcourtney Maybe one day I will try and get the ADVA to talk direct to the 7100 before you do that, take with you a laptop with 1Gb NIC speed ethernet port, a 1Gb media convertor that is same SFP spec as the ADVA ( MM or SM ) , take the pigtail out of the Cisco managed router that TT (TalkTalk) supplied, and configure windows with the static IP and gateway that was originally provided by TT provided to your customer, this is what we do when testing before we actually connect any third party routers we may come across

@stephenw10 very good, thank you.

Plug it in and find out. The next best thing would be to get the PCI device IDs and compare that with the list on the driver. Steve

OK, can anyone advice what would be better to get TOPTON i7-1165G7 i211AT 6LAN or QOTOM Q575G6 i7-7500U i211AT 6LAN. I'm on PPPoE FTTP (UK). With current electricity prices I'm trying to find most efficent solution(without breaking the bank [ie. SG-6100 max]).

@stephenw10 Update.... I ended up using only one of the ethernet port on the NIC for the LAN and used the port on the MB for the WAN. Everything works. I guess the dual port NIC cannot handle WAN and LAN at the same time...

All that sounds good! So no problem with the temp, then. Does anybody have an idea what 4G/LTE USB modem that actually works well? Edit: I'll ask in the Wireless forum, that's probably better.

Has it always run at those indicated temps? Is it under high load?

@akuma1x well i only have one nic shown in the pic i put it in my system, its all good so far! i also want to remind everyone that its a used nic card i got from ebay FOR FREE!!! got sent the wrong one and was refunded the full amount and told to keep it, so if you want a reliable and honest ebay seller you should definitely look them up! they already have high rating on ebay. im not doing advertising or anything, its just my limited experience dealing with them.

Have tried disabling every offload feature (or variations of) "ifconfig ixl0 -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso -vlanhwtag" via shellcmd (either as shellcmd or earlyshellcmd). No difference whatsoever. If I reroot the firewall (rather than reboot), the errors do not appear when everything comes back up. No idea if that's helpful to know. It seems the same thing happens irrespective of what switch is on the other end - MikroTik and Ubiquiti both do the same. It looks purely cosmetic though so not too bothered. I do have another X710-DA4 somewhere which I'll play around with and see if I can figure out what's causing this. Can't keep screwing with the actual firewall as it takes every internet connected thing down if I do!

Ah, OK. acpi_call is not included in pfSense or the default repo. You can try adding it directly from FreeBSD like: [22.01-RELEASE][admin@5100.stevew.lan]/root: pkg add https://pkg.freebsd.org/FreeBSD:12:amd64/latest/All/acpi_call-1.0.1_1.txz Fetching acpi_call-1.0.1_1.txz: 100% 6 KiB 6.3kB/s 00:01 Installing acpi_call-1.0.1_1... Extracting acpi_call-1.0.1_1: 100% [22.01-RELEASE][admin@5100.stevew.lan]/root: rehash [22.01-RELEASE][admin@5100.stevew.lan]/root: acpi_call Please specify path to method with -p flag But you need to understand the possible consequences of doing that: https://docs.netgate.com/pfsense/en/latest/recipes/freebsd-pkg-repo.html#concerns-warnings Steve

Great, thanks!