Trouble with WAN not being able to get correct speed

Gblenn

@kilasin What I should have said was "you don't happen to have a switch lying around".. as in another extra switch...

If your ISP is doing 2.5G on WAN, you could then connect that switch between your ISP WAN and pfsense. The sole purpose of this switch would be to negotiate 2.5G with ISP and 10G with pfsense...

If you don't have another switch, I suppose it may be cheaper getting a new NIC for pfsense, although 10/2.5G switches are getting cheaper...

kilasin

@Gblenn i still dont get what your trying to say. You want me to connect the switch directly to the isp bypassin the EE modem or connect t he modem to the switch ? ok so here is the deal

I am gettin 2.5 with the router but the port lines in the router are only 1g hence i did the pfsense ... i got a 4 nics that are 10G but aptly none of em can do 2.5 and the only one is aquantia but not supported or flaky at best with pfsense now my switch cant do both however i dont see how a switch can negotiate and act as a router to the 2.5G WAN connection the ISP can provide unless im missin how it would work.

I am guessing is connect the ONT directly to my switch then have the pfSense router connect to the switch via 10G from the switch and negotiate everything from there?

Gblenn

@kilasin said in Trouble with WAN not being able to get correct speed:

@Gblenn i still dont get what your trying to say. You want me to connect the switch directly to the isp bypassin the EE modem or connect t he modem to the switch ? ok so here is the deal

I am gettin 2.5 with the router but the port lines in the router are only 1g hence i did the pfsense ...

Understood, and if the router had been capable of 10G on the LAN you could simply have used it in bridge mode if it has that function. In bridge mode it would act pretty much like the switch I'm suggesting now...

i got a 4 nics that are 10G but aptly none of em can do 2.5 and the only one is aquantia but not supported or flaky at best with pfsense now my switch cant do both however i dont see how a switch can negotiate and act as a router to the 2.5G WAN connection the ISP can provide unless im missin how it would work.

A switch can negotiate whatever speeds it's designed to handle, but it will still just be a switch and pfsense will still be the router. However, switches are likely able to negotiate whatever speed being requested (or set via UI), which is not necessarily true with yet another NIC that you put in your server.

BTW, speaking of that, have you tried not passing the NIC to pfsense, to see if you have better support for the aquantia NIC in Unraid?

I am guessing is connect the ONT directly to my switch then have the pfSense router connect to the switch via 10G from the switch and negotiate everything from there?

Exactly, just make sure that the switch you connect between the ONT and pfsense is physically (a different switch) or logically (using VLAN perhaps) separated from your LAN.

So what I'm saying is that you need another switch doing this job. ONT RJ45 > switch 2.5G... switch 10G > pfsense 10G.
On the LAN side you keep things as they are.

Another "use case" is having a switch with both RJ45 and SPF+ ports. Then you bypass the ONT as well and plug the fiber module directly into the switch SFP+, and then continue with RJ45 into your pfsense.

kilasin

@Gblenn

Gotcha I understand now. Ya problem is i have only 1 switch maybe i can make that into a VLAN just for the inbetween.

On the other note about the aquantia card. Yes, I made a passthrough and it works in OPNSENSE (which is nice) but i just like pfSense much better no idea it will work with one but not the other. Like in pfSense the card will not even show up which is crazy and in OPN not a problem and I am stubborn it makes no sense to me how both bein BSD systems it wont work.

I have another 2.5G which is RLT but that wont passthrough for some reason in unraid no idea why that is and i stopped trying spent too much of this problem this week so I just might make it easier on myself and order a card that is compatible with pfSense that is 2.5G and basically have a 3x 10G ports and 2 2.5G which is not bad and have another switch for the rest.

If only i can make the RTL pass through that would be great

Gblenn

@kilasin pfsense and opnsense are both bsd but driver support may differ.

If your switch had been larger, with say at least 4 ports capable of 2.5/20G, then you could have used it for both the WAN side and your current setup for your server. Using VLAN to logically split it up into two switches.
And for the time being, you can absolutely do that right now, if you can live with your server not being able to run 10G on LAN.

You don't have to pass thru a NIC for pfsense to be able to work. Some HW functions in the NIC will be lost to pfsense but RTL cards typically need those turned off anyway. And from a performance perspective I'm pretty sure you will still be able to route 2.5G even with a virtualized NIC.
What WILL happen if you don't pass thru is that the Interface name will change and you would have to reassign WAN in pfsense. Not a big deal if it's only WAN. More work if LAN and lot's of VLAN and other stuff.

Never seen a card with 5 ports on them, what card is that??

Gblenn

BTW, did you see @stephenw10's post about the RTL card and the realtek-kmod driver package?

Here's discussion about that which may help?
https://www.reddit.com/r/PFSENSE/comments/t872mx/fix_issues_with_realtek_nic_on_pfsense_260t
I guess it traces back to this blog post perhaps:
https://www.robpeck.com/2021/04/using-realtek-nics-in-pfsense/

One thing to not in the reddit discussion is turning off HW offload...

kilasin

@Gblenn the cards are 2 540 ts and 1 aquantia giving me 5x10gs then i got 2 2.5Gs one is embeded in the mobo which is akiller one if im correct the other the RTL card, which i bought but couldnt manage to get it to work. I do have an extra 2 10G card hpe flex but thats more server type and none of my systems can read it unless i plug it to my original old hp server..

I am new to this networking stuff i do it for fun and see what works for me but i luv pfsense it is AMAZING just trying to make it work with the stuff I have around.

kilasin

@Gblenn

i know this would be a great ask and favour but how would if i decide to use my switch in vlan to make it work? im trying to search videos for it but cant seem to find what your talking about. Sorry for the hassle and being a noob but im trying to learn here as well

Gblenn

@kilasin said in Trouble with WAN not being able to get correct speed:

@Gblenn the cards are 2 540 ts and 1 aquantia giving me 5x10gs then i got 2 2.5Gs one is embeded in the mobo which is akiller one if im correct the other the RTL card, which i bought but couldnt manage to get it to work. I do have an extra 2 10G card hpe flex but thats more server type and none of my systems can read it unless i plug it to my original old hp server..

Ah, I thought you meant a card with 3 plus 2... my bad..

Anyway, I'd suggest to check out installing the driver package for RTL cards to see if you can get that working with pfsense, like you did with opnsense.

i know this would be a great ask and favour but how would if i decide to use my switch in vlan to make it work? im trying to search videos for it but cant seem to find what your talking about. Sorry for the hassle and being a noob but im trying to learn here as well

No problem... obviously switches are different in the way the user interface is designed, but In the manual you have Port based VLAN as well as 802.1Q VLAN.
I'm thinking that Port based VLAN should do the trick in your case.

On page 27 it tells you to select the menu item VLAN and click activate unless you have already done so.
Then for ports 9 and 10, which I understand are the one's capable of 2.5/10G, you enter a VLAN ID number of your choice. So let's say you enter 100 as the ID for those two ports. This should isolate the ports so that it's only those two that are allowed to communicate with each other. The ID you chose is irrelevant and all this will do is break up the switch into two logical parts, ports 1-8 and ports 9-10.

You should test this before you connect to the WAN side of course.

Gblenn

@Gblenn Here's how to do it if you were to use the 802.1Q VLAN setup instead.

Start by adding the ID (100 in this example) in the field, and then click ADD.
Next you need to make sure that ports 9 and 10 are removed from the list of ports using ID 1, and instead add them to ID 100.
This is done on the VLAN Membership tab.
First, with ID 1 visible, click ports 9 and 10 so that they are empty (no U or T visible).
Then select ID 100 and click ports 9 and 10 so that they read U (Untagged).
Finally go to Port VID and select ports 9 and 10 and enter ID 100 and click Apply.
Now you should be all set...

I actually found a video for this where they do exactly this, but for ports 1-5: https://www.youtube.com/watch?v=TIPQhZrwBTo

kilasin

@Gblenn

Ok I was able to seperate those ports. Now the WAN side how do i go about doing that ?

Gblenn

@kilasin said in Trouble with WAN not being able to get correct speed:

@Gblenn

Ok I was able to seperate those ports. Now the WAN side how do i go about doing that ?

Great, now all you need to do is connect port 9 to ONT and port 10 to WAN on pfsense. Your switch should then be able to negotiate 2.5G towards ONT and 10G towards pfsense.

Think of your switch as two switches in one now. Ports 1-8 are 1G and can talk to each other. Ports 9 and 10 are 2.5/10G and can talk to each other. But ports 1-8 have no knowledge of ports 9-10 and vice versa.

So ports 1-8 can be used on the LAN side as you see fit.

Although you may have solved the problem of getting more than 1G on WAN from pfsense, you don't have any way to get 10G switching on the LAN side until you add more 10G capable switch ports.

In the meantime, you can at least test that you actually get 2G or more on WAN and through pfsense. Simply connect to a VM or a PC directly to the 10G LAN port on pfsense and run speedtest.

kilasin

@Gblenn

It Fking worked omg yes ...that is awesome!!!!!

Now how do i make the other lan port work from the switch ? I still need an extra card to send it to the other port switch so it can route them i imagine

kilasin

@stephenw10

I got a quesiton mate .. I tried installing the RTL card drivers but to no avail i cannot see it when i do the kldstat

kilasin

@Gblenn
Jarhead
stephenw10

I cannot thank you enough for your help regarding this issue. You guys are absolutely awesome !!!

Gblenn

@kilasin said in Trouble with WAN not being able to get correct speed:

@Gblenn

It Fking worked omg yes ...that is awesome!!!!!

Now how do i make the other lan port work from the switch ? I still need an extra card to send it to the other port switch so it can route them i imagine

Great stuff!

What do you mean "the other lan port work from the switch?"

Consider your switch as being split up into two completely separate switches now. And since ports 9 and 10 are occupied doing the 2.5 to 10G conversion, you now only have 8 ports to handle switching on LAN. But these ports are configured like they were before and they are only capable of handling 1G connections.

So your LAN port on pfsense should now connect to say port 1, and ports 2-8 can be your VM's, your PC and perhaps if you have an access point for WiFi.

kilasin

@Gblenn

Ya i figured that much !! i just connected my VM directly to my machine to get those speeds but i saw the switch doesnt give out the ips to ther ports lol but in any case i knwo for a fact now pfsense can do 2G which is great i just need to either make my RTL Card working or wait for the one i jsut ordered

Gblenn

@kilasin said in Trouble with WAN not being able to get correct speed:

@Gblenn

Ya i figured that much !! i just connected my VM directly to my machine to get those speeds but i saw the switch doesnt give out the ips to ther ports lol but in any case i knwo for a fact now pfsense can do 2G which is great i just need to either make my RTL Card working or wait for the one i jsut ordered

You will get IP on the other ports as soon as you connect the LAN port from pfsense into e.g. port 1.
It's a good thing you did not get IP without this, since it proves that ports 9 and 10 are isolated.

So now you have proven that you can get 2.5G internet, but the bummer is that you only have two switch ports capable of such speeds, and they are now busy on the WAN side.

If you really want to continue investigating 10G networking, I would suggest you look for a new and bigger switch capable of 10G on all ports. Or perhaps you set the limit at a more reasonable 2.5G which will not cost you an arm and a leg. Even if you get it working with pfsense directly on 2.5G, you can still only connect one device on 10G. So even if your Unraid server is at 10G, you can't do much on 10G anyway.
Your PC will be connected to one of the 1G ports so file transfer is limited by that.

I have seen that Qnap have switches that are reasonably priced which can to 2.5G or 2.5/10G.

To be honest, it's pretty much impossible to make any real use of 10G in a home lab scenario. It's fun playing around and learning of course, and file transfers to/from NAS will be quick. But they are typically limited by disk transfer speeds anyway, unless you go for expensive SSD's.
The only WAN application that I have found being able to reach significant speeds are game downloads from Steam or Blizzard which I have seen reaching up to 3 Gbit sometimes.

stephenw10

@kilasin said in Trouble with WAN not being able to get correct speed:

I tried installing the RTL card drivers but to no avail i cannot see it when i do the kldstat

Do you see the loader lines in loader.conf.local?

You should be the module being loaded before the kernel starts if you have the console output.

You could save a port on the switch by using VLANs in dot1Q mode instead of port-vlan mode. But it would mean a more complex setup in pfSense.

kilasin

@Gblenn

Ya i use it for my own business and then for my steam cache which i wanted to use on 10G but this is great to be honest and ya another switch might be in order to be honest but this has been awesome to learn i really cannot thank you guys enough ...