3100 speed questions

tennbaum

hey all

i need some help figuring something out.

my configuration is:
fiber cable (1Gb down and 100Mb up), from ISP to local modem/router (that is working as "bridge")
from there, an Ethernet cable to the WAN port on my 3100, and another from the 3100 LAN1 port to a cisco manage switch, and the rest of the AP and computers/other switches.

iv'e noticed that connecting my workstation directly to the isp modem, gets me over 900Mb, while doing a test connected to the 3100, i only get 600Mb. i have one floating "buffer bloat" rule, and when it is enabled i cant get over 450 or so.

any thoughts? do i need some better configuration tweaking or is it something to do with the hardware capabilities?

any help would be great.

cheers

stephenw10

It's probably a hardware limit. Is that a DHCP WAN?

Try to check the CPU load whilst testing. The best way to do that is to connect to the console either via the console port directly or via ssh then run at the command line:
top -HaSP

That will show you the per core loading. You can also use Diag > System Activity in the gui but it doesn't show as much detail and isn't as easy to copy and paste the results out.

Steve

tennbaum

@stephenw10
hey steve, thanks for answering so quickly

here are the photos from the "top" test.
this is while idling:

and this is while downloading:

ide like to here your thought, as to if that explains my performance impact to you, and how.
let me know what else you think i should test\check

i remember the speed specs that netgate provided to this model:
L3 forwading: 3.64 Gb
Firewall: 2.44 Gb
vpn: 453 Mb
can still be found on this site: https://www.itandgeneral.com/netgate-3100-replacement/
knowing I have a gigabit fiber internet, i did my research with some online reviews\videos, and picked it up thinking it will do fine (i figured the 2100 might be a little to weak for this task, and the 3100 will give me enough overhead)

what did i mis?

any light that can be shed on this will help me, if not for fixing this problem, maybe better understand how to not repeat it
:)

cheers

stephenw10

I expect to be able to pass ~900Mbps in a local iperf test through the 3100 so what you're seeing is low.
You can see the WAN interface is at close to 100% interrupt load. But neither CPU core is at 100%. That interrupt load includes forwarding traffic and also the load from pf itself.

Running bandwidthd can certainly impact throughput.

How are you actually testing this?

The first thing I would do here is test a near default configuration to get a baseline.

Steve

tennbaum

@stephenw10
just a simple ookla https://www.speedtest.net/ test.

on the first post i described my isp\local network "architecture" (i believe its consider to be double NAT).
the router i got from my isp is in charge of the "name\password identification" with the isp's servers, and has a 4 network switch on it.
the public ip is static but i get it through my isp dhcp.
the isp router "LAN" is connected to the 3100 "WAN" port.

as described, when connect my computer directly to the isp router, i get about 950Mb, when connected to the 3100 LAN port i get only 650Mb on average.

is "WAN interface is at close to 100% interrupt load" a normal behavior, or an indication of a problem\limitation?
the 3100 is running few Vlan's, and some other services/monitoring like dhcp, bandwidthd, openvpn and others, but as you said, it appears the cpu is handling it fine.
Naturally, as you said - the minute i disabled bandwidthd - the speed jumped up to 850Mb.

so, to better conclude and understand this (apparently non)issue, do i need a faster cpu to run this service without impacting performance?
I think im a little puzzled to the cpu overhead while testing on one side, and the performance impact on the other.

i'd love some elaboration if you please
:)

stephenw10

Double NAT is not ideal but it shouldn't really affect throughput. Especially if it's PPPoE upstream which pfSense would likely be slower at terminating.

The interrupt loading from the NIC is normal at maximum throughput, that's where to loading appears. There is more on the WAN NIC because of the NAT.

Yes, to run bandwidthd and traffic shaping on a 1G link will require a faster CPU unfortunately.

Steve