Making pfsense faster
-
Hi
In Sweden we can test our connection against a government server. It is set up so customers can get real facts about the speed. Because the government has set this server up and released a test program, every ISP is trying to get the best connection against this server.I notice something today. When making a direct connection to Internet without going through pfsense, it get 93 Mbit/sec download and 81 Mbit/sec upload. When going through pfsense, I get ~50 Mbit/sec upload and download.
Looking at "top" I can see that my processor is working ~50%, under these tests, to serve interrupts.So, am not a linux guru. What should I test (different commands) so I can understand what is making this drawback in speed?
Desktop computer
pfsense 2006-12-12 snapshot
Pentium III 800 Mhz
Onboard lan (10/100) with connection to LAN
NETGEAR FA311 10/100 with connection to WAN
512 MB RAM (PC100)
No pfsense plugins except time server. -
Looks like your system is too weak for the speed that you need. Try getting better nics that don't cause so much interrupt time and maybe upgrade your CPU.
-
There was a throughput speed comparison for the embedded Soekris and PC-engines platforms as well as a PC some time ago.
If memory serves me right, a P300 can handle up to 18 MBit or so and up to 3 MBit with IPsec.Looks like you are playing in the ballpark with your 800MHz machine.
But, as Hoba mentioned, good (read: more expensive) NICs have their advantages over cheapoes…don't know what you're using, though.
Cheers
jahonix
-
Get Intel Nics and your problems will go away and your throughput dubble.
-
These NIC's work great:
http://www.intel.com/network/connectivity/products/pro1000mt_dual_server_adapter.htm -
Thank you guys for helping me out on this one.
I can probably buy the PCI version of Intel PRO/1000 PT Dual Port Server Adapter but their will be nothing left to spend on a new CPU or new computer. I guess the desktop version, Intel PRO/1000 GT Desktop Adapter is out of the question here?
I can choose to buy a computer with ~1.8Ghz CPU, 512 RAM for the same money as the server nic. So, what should I choose? Will the server nic solve all my problems without having to upgrade the rest of my computer hardware?
-
Thank you guys for helping me out on this one.
I can probably buy the PCI version of Intel PRO/1000 PT Dual Port Server Adapter but their will be nothing left to spend on a new CPU or new computer. I guess the desktop version, Intel PRO/1000 GT Desktop Adapter is out of the question here?
I can choose to buy a computer with ~1.8Ghz CPU, 512 RAM for the same money as the server nic. So, what should I choose? Will the server nic solve all my problems without having to upgrade the rest of my computer hardware?
Well the NIC I suggested is an all in one solution. Meaning they will work in either a pci 32 or 64 bus. I would consider upgrading your NIC first. They can be had at a decent price. I got my dual pro1000 mt from ebay for under 50$US. Another one is listed here: http://cgi.ebay.com/INTEL-PRO-1000-MT-PCI-X-DUAL-PORT-GIGABIT-NIC_W0QQitemZ170061886651QQihZ007QQcategoryZ51196QQssPageNameZWDVWQQrdZ1QQcmdZViewItem
-
@sdale:
Well the NIC I suggested is an all in one solution. Meaning they will work in either a pci-express, pci 32 or 64 bus. I would consider upgrading your NIC first. They can be had at a decent price. I got my dual pro1000 mt from ebay for under 50$US. Another one is listed here: Ebay link
It says the seller only ship to the USA. Am in Europe.
I have searched a bunch of auction and second hand sites for Intel Server cards without success. The retail price for the MT card is $195. Can you guys recommend another server nic that I can search for? -
Does it have to be a Gigabit NIC?
In one of my pfSense boxes this does what it's supposed to:
http://cgi.ebay.de/ws/eBayISAPI.dll?ViewItem&item=160041275319&ssPageName=ADME:B:EF:DE:2
It is a 100MBit dual NIC from Compaq with Intel chipset. They are cheaper on other auctions.
Beware of the dual Adaptec NICs. When I was into buying one, BSD wasn't supporting them. But that ~may~ have changed.Jahonix
-
It says the seller only ship to the USA. Am in Europe.
I have searched a bunch of auction and second hand sites for Intel Server cards without success. The retail price for the MT card is $195. Can you guys recommend another server nic that I can search for?Any Intel chipset based NIC will be good for what you need. They will be expensive, but they are some of the best NIC's around.
-
@sdale:
Any Intel chipset based NIC will be good for what you need. They will be expensive, but they are some of the best NIC's around.
So are you saying that a Intel PRO desktop nic will work?
I believe that anyway.I have run new tests. Not on pfsense but on another firewall. ~90 mbit/sec with my computer hardware. I will switch back to pfsense when the WAN dhcp problem is solved.
-
Intel Pro NIC should be good. One other thing you might want to try is enabling device polling under System>Advanced. If your NICs support this feature it should increase your throughput.
-
How do you know if the device polling works? I have two 3com cards in my mashine, with polling..
-
Have a look at status>interfaces. It should note "polling" somewhere along the lines if it is enabled and the nic supports it.
-
Also, gig nics usually have bigger buffers, which in turn causes less interrupts (on equivalent speed traffic to a 100Mbit NIC). Gig cards are the way to go if you can get them in your budget.
–Bill
-
With a P3 733 and a Intel Dual port MT 1000 I can do 220Mbit.
Without polling.I also have good experience with the Intel 100Mbit cards and the 3Com 3c905 cards.
vr an rl are not safe a choice.
-
Have a look at status>interfaces. It should note "polling" somewhere along the lines if it is enabled and the nic supports it.
Current snapshot (12/23) have this or just HEAD?? I have intel nics that I have polling enabled that I think are suppose to support it but nothing in the status/interfaces page..
-
Looks like I was wrong and it is not noted at status>interfaces. Go to diagnostics>command and run "ifconfig" from there. You should the "polling" noted there somewhere when enabled and supported by the nic.
-
http://yourpfsense.com/status.php will also show if the NICs are running with polling.
-
cool… that and then some.. forgot about this page, used it in monowall.. TX!