Is it possible to determine the internet speed at the router (netgate 2100)?
-
@netboy Usually the advice is to run any test on a client behind pfSense so as not to use up CPU cycles on the test.
-
@SteveITS Let me parse your reply. The fiber comes to a box and from the box a patch cable is connected to my WAN port in netgate 2100. From your comments, my understanding is remove the WAN patch cable from netgate router and connect to a latop and check for internet speed?
-
@netboy said in Is it possible to determine the internet speed at the router (netgate 2100)?:
@SteveITS Let me parse your reply. The fiber comes to a box and from the box a patch cable is connected to my WAN port in netgate 2100. From your comments, my understanding is remove the WAN patch cable from netgate router and connect to a latop and check for internet speed?
No, that's not what @SteveITS means. He was thinking you might run the speed test directly on the pfSense box. There is a speed test client CLI package available for installation on pfSense, and then you can run a test from pfSense itself. Lots of users jump on this option. But this is not a good strategy because it steals CPU cycles from the pfSense packet routing engine to execute the actual speed test client code on the pfSense box and thus usually gives a false low speed reading.
If you run your speed test on a PC connected normally to your network with pfSense as your intervening firewall, the test will be fine. pfSense will "route" the speed test traffic normally and that's what it is designed to excel at. It is not designed to be the actual speed test client, though.
When you run the speed test client package on the pfSense box, it steals CPU cycles to generate the test packets, time them, and send/receive them with the remote server. Those stolen CPU cycles used to execute the speed test code rob routing performance and so you see a lower speed. Instead, put the speed test client on a host on the LAN, and then test "through" the pfSense firewall so that it can devote all of its CPU resources to simply routing packets (not having to generate and/or time them). That gives a much more accurate speed test result.
-
@netboy ^that and it kind of depends whether you want to measure through the 2100 or without it.
The 2100 will max out around 600-700 Mbps due to its CPU.
-
@SteveITS said in Is it possible to determine the internet speed at the router (netgate 2100)?:
The 2100 will max out around 600-700 Mbps due to its CPU.
Wow! This is what I am experiencing and never new there is a max cap! I have 1 Gig fiber and have a client connected to the network and get speeds ranging from 675 to 750 - Which seems like "normal" from your reply? Can you kindly explain why CPU is a bottleneck? Upgrading to Netgate 4200 will help?
-
@netboy Yes, if you check with โtopโ running Iโd expect it to be maxed out. :-/
-
@SteveITS Is this because of limitations of Marvel Chip? Is the CPU of 4200 more powerful and will I get the full 1 Gig speed?
-
@netboy Itโs an ARM CPU. The 4200 is a giant step up.
In general my rule of thumb is about halfway between the published benchmark specs:
2100:
Firewall
(10k ACLs)
IPERF3 Traffic: 964 Mbps
IMIX Traffic: 249 Mbps4200:
Firewall
(10k ACLs)
IPERF3 Traffic: 8.61 Gbps
IMIX Traffic: 3.21 Gbps -
@SteveITS Thx I do not mind buying netgate 4200 - Is it easy to dowload the config from 2100 and upload to 4200 are there are some gotchas? How easy is it to transfer my existing config from 2100 to 4200?
-
@netboy Short answer, yes you can just restore. Especially if using WAN and LAN.
If you have VLANs or a complex config Netgate will convert the config file for you for free.
You might note the default power settings and interface assignments before restoring. And maybe save the default factory config file for later comparison.
-
@netboy said in Is it possible to determine the internet speed at the router (netgate 2100)?:
Wow! This is what I am experiencing and never new there is a max cap!
My connection via cable modem is 1.5 Gb down. However, my hardware is only capable of 1 Gb and I see about 930 on speedtest, with a computer behind pfSense.
-
@JKnott said in Is it possible to determine the internet speed at the router (netgate 2100)?:
My connection via cable modem is 1.5 Gb down
Do you have netgate 2100 or 4200?
-
@netboy said in Is it possible to determine the internet speed at the router (netgate 2100)?:
o you have netgate 2100 or 4200?
Neither. I have a miniPC, as described in my sig.
However, this situation illustrates a coming trend where our hardware isn't fast enough to keep up with the Internet connection. Even before that, I noticed faster connections didn't make a noticeable difference in my usage.
My ISP is moving to DOCSIS 4, which can greatly increase bandwidth in both directions. But to take full advantage, I'd have to replace all my hardware and I really don't feel the need to do that.
BTW, the first time I saw a 10 Gb fibre connection, it was in a data centre for a major bank. Now individuals are approaching that for their home connection. Do we really need it?
-
@JKnott netgaate must come out with something like https://store.ui.com/us/en/category/all-cloud-gateways/products/ucg-ultra
Compact with IDS/IPS Throughput of 1Gig guranteed! and interestingly the price is only $129! -
@netboy so it won't do your 1.5ge then.. It seems odd setup it has 1 2.5ge, but all others are 1ge - so how would you get your 1.5 from your isp to a single device.. Sure multiple devices might be able to leverage your 1.5 total. But with those ports, even with ips/ids off your not going to be able leverage more than 1ge for a connection.
But yeah that is a very attractive price point.. You should order one and give it a go - let us know how it turns out. My guess is their selling at a loss and hoping to make it up with the 99$ a year subscription for cybersecure/proofpoint.
I use to have a usgp3 - and unless they have made drastic changes to how you do firewall rules - they were horrible to work with. I had gotten it to temp allow me to leverage my 500mbps internet when I upgraded and the 4860 was on backorder. But it could do no where close to that with their IPS/IDS enabled..
I pulled it out of the network the day my 4860 was delivered ;) But it wasn't a bad product to be honest, and had a great price point.
Might not be a bad piece of kit to have laying around as a backup to my pfsense..
-
@johnpoz said in Is it possible to determine the internet speed at the router (netgate 2100)?:
You should order one and give it a go - let us know how it turns out
No way! I like my netgate 2100.
Witth the great help from this forum, I was able to configure 2 VLAN kind of setup WITH dumb switches (not managed).
@dennypage helped me to setup NUT as well. Thx Denny!
I only hope netgate comes with a similar product for prosumer along with 8 port POE++ switch etc just like ubiquiti. My understanding is netgate farms out hardware and is not manufactured in-house. Netgate needs to up their game !
