• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

Half network performance compared to clean FreeBSD

Scheduled Pinned Locked Moved General pfSense Questions
4 Posts 3 Posters 999 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • M
    MrCCL
    last edited by Aug 5, 2016, 7:10 AM

    I only get half network performance doing a simple bandwidth test on the LAN side using iperf3,  and this is on a clean pfsense install.
    If I do a clean install of FreeBSD I get full bandwidth, i.e. more than 100MB/s.

    
router to client
[  4]   9.00-10.00  sec  37.0 MBytes   310 Mbits/sec

client to router
[  4]   9.00-10.00  sec  49.8 MBytes   418 Mbits/sec

    What does pfsense change/modify in regards to the basic network setup on FreeBSD that is likely to have this effect?
    Or do you have any other clues what to do?

    Hardware
    SuperMicro X7SPE-H (Atom D510, chipset Intel ICH9R, 2xIntel 82574L NICs)

    1 Reply Last reply Reply Quote 0
    • H
      heper
      last edited by Aug 5, 2016, 7:20 AM

      this question comes up every couple of days, but lets go again:

      default freebsd is configured as an endpoint / pfSense is configured as a router/firewall.
      freebsd doesn't do firewalling out of the box / pfSense does.
      Disabling firewalling on pfsense will increase your "bandwidth" performance somewhat … it won't be the same as clean freeBSD tho.

      to see' performance you should measure throughput, so instead of running iperf on pfSense run it like that:

      <iperf-client>  ---  <pfsense>---</pfsense></iperf-client>

      1 Reply Last reply Reply Quote 0
      • M
        MrCCL
        last edited by Aug 5, 2016, 8:00 AM Aug 5, 2016, 7:47 AM

        Ahh….it suddenly changed things :-)

        Now I get 112/MBs and no impact on CPU usage at all! :-)

        
[  4]   9.00-10.00  sec   112 MBytes   943 Mbits/sec

        I just expected that pfSense's router/firewall functionally wouldn't play any part if I did a router<->LAN test, but I guess I was wrong.
        I would of course expect a decrease in throughput going through the NAT/firewall (WAN <-> router <-> LAN).

        But this is of course not a in-real-life problem, as the pfsense rarely play any other server-role than being firewall.

        Running iperf3 on the router, not only I got the pure bandwidth, but it also used 100% usage.

        Thanks for clearing it out, and I'm sorry I missed the other threads about it…...I did search the forum but I guess I did a wrong search.

        1 Reply Last reply Reply Quote 0
        • H
          Harvy66
          last edited by Aug 5, 2016, 4:54 PM

          One of the many differences is iperf is in userland and packets moving to/from the network must go through kernel space to the userland, which is a lot of extra overhead. You can tweak the OS to be better at this, but sometimes comes as other costs. As a router/firewall, the packets stay in the kernel and certain optimizations can be done.

          1 Reply Last reply Reply Quote 0
          4 out of 4
          • First post
            4/4
            Last post
          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
            This community forum collects and processes your personal information.
            consent.not_received