New Spectrum Gigabit Internet/Slower Download Speeds Than Expected
-
@tenorbro what services do you have running?
Are you policy routing through a VPN? -
@michmoor My raspberry pie runs Pi-hole and DNS. I have Firewalla monitoring my network. I don’t use a VPN unless I’m outside of my network, and that’s hosted on Firewalla using OpenVPN.
-
I hear you there!
I never had Traffic Shaping configured and I updated my pfBlockerNG-devel version, but that did nothing.... -
The 1100 will never pass 1Gbps with firewall+NAT running in a test like that. I would expect it to pass somewhere in the 400-500Mbps given low enough latency. That's with a close to default config. Any additional packages or VPNs etc will reduce that.
Steve
-
@stephenw10
The performance specs have it in the > 900Mbps for routing and 600Mbps for firewall features which i assume NAT or VPN but its difficult to say as that particular metric doesnt really mean anything as its not associated with a package or service function [NAT? Rules? Or NAT and Rules? VPN? IPS?.]
I
https://shop.netgate.com/products/1100-pfsense -
That’s exactly what I have running, but I do use a VPN. Of course, I’ve tested with and without the VPN running, so that hasn’t done anything.
I “registered” my modem via the Spectrum website last night and it was showing as good. I have yet to open the packaging for their crappy router that came with it. I know that until now, using an ISP’s router wouldn’t have been a factor, but starting to think they’re somehow throttling my bandwidth by 90% until I install—and register—their router. Thoughts?
I’m willing to install that, register it, then switch back to my own stuff. I was getting > 200Mbps before uninstalling the older Spectrum router/modem combo.
BTW, I run from ISP modem to a beefy custom built PC tower that only has pfSense loaded, then to my WIFI router, then out to my 8-port smart switch, and run everything else from that smart switch.
My desktop is plugged directly into the switch with CAT-5e, the rest of my machines run on WiFi.
They all get ~25Mbps!
️ -
@rbuseraccount For what it's worth, I did call Spectrum and sat on the phone with the rep to confirm I was receiving 900+ Down and 35+ Up when I plugged my computer into the EN2251 modem.
https://d15yx0mnc9teae.cloudfront.net/sites/default/files/Spectrum%20D3.1%20EMTA%20Data%20Sheet%281%29.pdf
-
I also tested for bufferbloat, and it's not great either. My worry is traffic shaping could resolve bufferbloat but reduce speeds. Is this a valid concern?
https://www.waveform.com/tools/bufferbloat?test-id=b8563aa8-fea7-4e66-b2f7-0788925b2695
-
@tenorbro screenshot what services you have running on pfsense
-
@michmoor it also shows 472 and 191 for IMIX Traffic.
See
https://www.netgate.com/blog/choosing-the-right-netgate-applianceThe 1100 shares a 1g connection internally. The switch ports use VLANs to isolate them.
(The 2100 has the same CPU but a separate WAN interface.)
Also
https://forum.netgate.com/topic/145052/sg-1100-throughput/17 -
@tenorbro I’m sorry to say this, but it’s your pfSense appliance that is limiting you. The SG-1100 tops out at about 300mbps in real life one client firewall (average latency) setups.
This is due to the fact it only has one NIC where all ports are connected via a switch and uses VLAN separation to create interfaces.
So at about 300mbit the interrupt rate becomes the limiting factor in synthetic real life one client tests.
One Nic and One Client always hashes to the same thread, so that thread goes to about 100% of what a CPU core can deliver (= ~300mbps). This explains why you never see a fully loaded CPU, but only 50% (= one thread @ 100%)The synthetic numbers netgate published are “worthless” when it comes to L3 (no firewall, and pure lab optimized conditions) and firewall (pure lab). You need to look at the IMIX numbers, and that is still with more than one client.
To make full use of your 1Gbe you need a SG-4100 or higher.
-
@steveits yep I see that. You’re right. It’s a platform limitation. Thanks for making me double check.
-
@Tenorbro Let me give you the advice to go for the 6100 if you have PPPoE connection and/or want to use suricata/snort.
