Speed being limited on SG2100

stealthmode

Hi,

I am having trouble achieving maximum speeds that my ISP offers. I have a simple home setup. My maximum home speed is 1gbps download.

Workstation --> Switch --> Netgate --> ISP router

• In the setup above, I get only close to 640 mbps.
• When connecting workstation to ISP router directly, I get close to 940 mbps.
• I have another machine connected on the same switch. Doing a local speed test via iperf also gives close to 950 mbps.
• Implies that switch isn't the bottleneck.

Few points:

• All wired connectivity, no WiFi
• Pfsense does is on latest version and Netgate hardware is SG2100
• CPU is not overutilised, very minimal utilisation
• There are no other high bandwidth devices connected. I'm using only this workstation and at any point in the day, the speed caps to around 640 mbps.
• ISP router running in bridge mode
• No elaborate PFsense configuration. Probably 3-4 ACLs, and not using any IDS/IPS.
• Using pfblockerNG

How do I troubleshoot this issue further?

keyser

@stealthmode There is nothing to troubleshoot. The SG-2100 is not capable of pushing more than about 620-ish Mbit when firewall'ing and doing NAT.
So you are at the very limit of what it offers. To actually push 1Gbit you will need a SG-4200 or bigger.

Sorry to be the bearer of bad news.

stealthmode

@keyser Thank you for your reply, I read that SG2100 has a firewall throughput of 964 mbps?

keyser

@stealthmode Yeah.... what can I say... Marketing needs high numbers....
To reach that, you need two clients doing only 1518 bytes packet exchange in an established session, and no NAT being done.
Not exactly your "real world"

You should look at the IMIX numbers instead.
They show what will be usually the general worst case real life numbers.
Then doubling that number usually gives you something around the average experience...

stealthmode

@keyser Thank you.... learnt my lesson :)

keyser

@stealthmode Happy to help.

It's one of those situations where its just a bad marketing strategy to post the numbers for a very narrow usecase.

They should post the main numbers as the most typical usecase, and then make a note that shows faster examples of special cases and configurations.

stephenw10

@stealthmode said in Speed being limited on SG2100:

CPU is not overutilised, very minimal utilisation

I'd like to see that though whilst testing. At 640Mbps I would expect to see high CPU usage on both cores in the 2100.

stealthmode

@stephenw10 said in Speed being limited on SG2100:

@stealthmode said in Speed being limited on SG2100:

CPU is not overutilised, very minimal utilisation

I'd like to see that though whilst testing. At 640Mbps I would expect to see high CPU usage on both cores in the 2100.

Good point, I monitored top constantly while running a speedtest and the max it touched was 15%

stephenw10

What as using it? Make sure you have top showing all process, at the cli use: top -HaSP