Can PFsense handle 10/10 Gbe Internet?

Dobby_

@remi_imer said in Can PFsense handle 10/10 Gbe Internet?:

Do you reckon if I put PFsense on a modern PC could have an impact?

For sure but if I am in your situation I would try out that
with the actual given hardware once more.

Perhaps I could also do this, I have another PC running Ryzen 5 6 core with 16GB ram. I was meant to configure this as Proxmox Server but I have not time to do it due to busy time at work.

Could be nice or also not!

Going to your MTU comment. My pfsense has it blank at present, which I believe defaults to 1500. Do I have to change this value if running 10 Gbit?

If the MTU is not the same on all device in that row,
you may be seeing other numbers as a result then!

As for the PPPoE, I think I am not using this one. I don't remember selecting PPPoE when I installed Pfsense.

If so you will be nailed to one CPU core "only"!
And that means also only one queue for the entire
wan traffic, would good to be knowing about.

Will also try other speed test servers and see what result I get. But i think Ookla is by far the most reliable one.

Ok, but perhaps you may be trying it out at other
or different time frames!

remi_imer

@Dobby_

Am curious about this one. How do I ensure I move away from this?

If so you will be nailed to one CPU core "only"!
And that means also only one queue for the entire
wan traffic, would good to be knowing about.

stephenw10

I'd be amazed if you're using PPPoE with 10G.

But it's caused by the fact that PPPoE is not IP and cannot take advantage of hardware/driver hashing to divide traffic across queues:
https://docs.netgate.com/pfsense/en/latest/hardware/tune.html#pppoe-with-multi-queue-nics

Very unlikely to apply here but you should check the per-core usage to be sure.

Steve

remi_imer

@stephenw10 hi there,

I did exactly as you said and this is what I found during testing. I dont know what am i suppose to be looking at here


last pid: 52273;  load averages:  0.24,  0.23,  0.18                                                                up 3+12:58:31  01:27:23
204 threads:   7 running, 162 sleeping, 35 waiting
CPU 0:  0.0% user,  0.0% nice,  0.0% system, 58.8% interrupt, 41.2% idle
CPU 1:  0.0% user,  0.0% nice,  0.0% system, 50.0% interrupt, 50.0% idle
CPU 2:  0.0% user,  0.0% nice,  0.4% system, 12.2% interrupt, 87.4% idle
CPU 3:  0.0% user,  0.0% nice,  0.0% system,  6.1% interrupt, 93.9% idle
Mem: 21M Active, 47M Inact, 404M Wired, 82M Buf, 3363M Free
Swap: 3656M Total, 3656M Free

remi_imer

@stephenw10

I also did what you suggested here.

/root: sysctl dev.cpu.0
dev.cpu.0.temperature: 57.0C
dev.cpu.0.coretemp.throttle_log: 0
dev.cpu.0.coretemp.tjmax: 100.0C
dev.cpu.0.coretemp.resolution: 1
dev.cpu.0.coretemp.delta: 43
dev.cpu.0.cx_method: C1/mwait/hwc C2/mwait/hwc
dev.cpu.0.cx_usage_counters: 43323265 0
dev.cpu.0.cx_usage: 100.00% 0.00% last 277us
dev.cpu.0.cx_lowest: C1
dev.cpu.0.cx_supported: C1/1/1 C2/2/148
dev.cpu.0.freq_levels: 3201/84000 3200/84000 3000/76349 2900/73036 2700/66595 2500/60408 2300/53689 2200/50804 2000/45218 1800/39849 1700/37248 1500/31535 1300/26734 1100/22147 1000/19936 800/15661
dev.cpu.0.freq: 3201
dev.cpu.0.%parent: acpi0
dev.cpu.0.%pnpinfo: _HID=none _UID=0 _CID=none
dev.cpu.0.%location: handle=\_PR_.CPU0
dev.cpu.0.%driver: cpu
dev.cpu.0.%desc: ACPI CPU

remi_imer

Here's an update.

I connected my PC directly to the FTTH OTO Socket without pfsense router and perform the test.

Unfortunately the result is the same with or without pfsense router. Perhaps there is an issue with my 10 Gb NIC. Or there is an issue at the fiber cable somewhere.. or at my ISP. Will call them tomorrow to find out.

alt text

stephenw10

Ah, well that's mostly good then.

No CPU core is at 0% idle (100% used). The loading could be spread better.

The CPU is running at 3201MHz. The extra 1 there implies turbo is enabled.

So it should be capable of more if there is more to be had.

You might try a local test between two 10G interfaces to confirm that.

Steve

remi_imer

Latest Update.

Goal of closer to 10 Gigabit reached So to answer my own question. Yes PFsense can indeed handle 10 Gigabit internet.

alt text

Thank you all for your inputs. I highly appreciate it.

Next goal is the 25 Gigabit. I hope TNSR is polished and have GUI interface by then

stephenw10

Ooo, nice. I can only dream of such connectivity!

What sort of CPU loading do you see at that throughput?

remi_imer

@stephenw10 , hi there.

26-29% CPU utilization and 11% Memory Usage.

stephenw10

Wow, that's much lower than I would have expected. Maybe still spread unevenly?

remi_imer

@stephenw10

I am quite surprised myself. I was actually planning to swap the CPU to i7 4970 (that's the max the motherboard supports) since I saw one in FB market place for 40 CHF but it seems I don't need to do that at all which is good.

But I am not running any other stuff in my PFsense Box. Just plain routing.

stephenw10

With pf enabled though? It's also filtering?

remi_imer

@stephenw10

Yes, i performed the test using Pfsense - Not direct.

RobbieTT

@remi_imer
So how did you unlock the extra performance?

Looking at your WAN speeds my LAN speeds are starting to look rather pedestrian:

10 GbE.png

️

remi_imer

@RobbieTT

wow! that is nice speeds right there.

I complained to my ISP. I don't what they did to be honest. Other than that, the other thing I changed the negotiation from in the switch from auto to 10.

RobbieTT

@remi_imer said in Can PFsense handle 10/10 Gbe Internet?:

I complained to my ISP. I don't what they did to be honest. Other than that, the other thing I changed the negotiation from in the switch from auto to 10.

Yeah I found that I had to specially set 10 GbE on both my switch and Netgate router to achieve the link speed. I think the pfSense guide recommends 'auto' but that didn't turn out so well.

️

johnpoz

@RobbieTT said in Can PFsense handle 10/10 Gbe Internet?:

specially set 10 GbE on both my switch and Netgate router

Pretty sure the 10GBase-T spec states mandatory auto, believe same for even 1000base-T, that these driver makers even offer hard setting.. There is stuff that is needs to be negotiated other than just link speed.. Master-Slave comes to mind

Glad your working but you sure shouldn't be setting hard speeds, it should be working with auto that is for sure.

RobbieTT

@johnpoz said in Can PFsense handle 10/10 Gbe Internet?:

Glad your working but you sure shouldn't be setting hard speeds, it should be working with auto that is for sure.

I agree but in this case it became a need. I actually tripped on 3 interface bugs from the outset. The first (#14164) was fixed by a rather blunt method which made it to the 23.05 release. Before being able to address the next one a further interface issue was unmasked by resolving the first. That too is now on Redmine awaiting a fix (#14431).

We collectively gave-up on the remaining issues for now as they are complicated without the fix in-place for the recently unmasked issue.

Not everything in networking works as it should. That will never change, so we adapt instead.

️

johnpoz

@RobbieTT said in Can PFsense handle 10/10 Gbe Internet?:

Not everything in networking works as it should.

haha - yeah true ;)