WAN Upgrade from 10mb to 20mb but no change from behind firewall

clarknova

@jpmtg:

how I can test offsite as from what I understand of iperf is that I also have to run it from another location and get some port forwarding going. Is there a public test server people use or will my test be limited to my home speed?

Just put a test machine on the WAN and another on the LAN. This will test the routing throughput of pfsense, leaving the ISP out of the equation.

stephenw10

I think perhaps thinkbroadband or my own ISP had limited the connection because my actual connection is DSL synced at 22Mbps. I can usually get close to 20Mbps real speed.
Today I retried it and:

[2.0-RC3][root@pfsense.fire.box]/root(2): fetch -o /dev/null http://download.thinkbroadband.com/50MB.zip
/dev/null                                     100% of   50 MB 1961 kBps 00m00s

So, close to 16Mbps. Still not what I know is possible but it's busy time of day. If I'm doing any serious testing I wait until after midnight when I know I'm getting less contention and it doesn't count towards my bandwidth limit.  ;)

One thing that might be causing you trouble is that ISPs often have a cap on your bandwidth somewhere in their network. It's entirely possible that they increased your line speed but didn't reset the bandwidth cap.

Steve

atamido

@jpmtg:

P.S. Thanks for the heads up of FreeBSD not being from linux. It was based off of Unix then?

It's worth reading the intro paragraphs here:
http://en.wikipedia.org/wiki/Berkeley_Software_Distribution

And if you scroll down there's an image on the right that shows the hierarchy of where the different *nix systems came from.

jpmtg

@stephenw10:

I think perhaps thinkbroadband or my own ISP had limited the connection because my actual connection is DSL synced at 22Mbps. I can usually get close to 20Mbps real speed.
Today I retried it and:

[2.0-RC3][root@pfsense.fire.box]/root(2): fetch -o /dev/null http://download.thinkbroadband.com/50MB.zip
/dev/null                                     100% of   50 MB 1961 kBps 00m00s

So, close to 16Mbps. Still not what I know is possible but it's busy time of day. If I'm doing any serious testing I wait until after midnight when I know I'm getting less contention and it doesn't count towards my bandwidth limit.  ;)

One thing that might be causing you trouble is that ISPs often have a cap on your bandwidth somewhere in their network. It's entirely possible that they increased your line speed but didn't reset the bandwidth cap.

Steve

It was around 1am when I did the test and I didn't see anything else going on. The ISP engineer did a test from their laptop directly connected to WAN and got 22Mbps. From behind the firewall it was 7Mbps. I just noticed that the upload test they did from their equipment showed an increase over what we had previously. It is showing 17Mbps and prior we would have around 8Mbps. So this at least lets me know that only download is being throttled?

stephenw10

Hmm, OK.
So you have cable WAN or some connection that provides ethernet to your pfSense WAN?
What does your pfSense box say about the status of your interfaces (GUI > Status > Interfaces), are they all 100Mbps full duplex (or faster)?

What is the state of your pfSense box? Is it a fresh install? Any packages? Anything else?  ::)

Steve

jpmtg

@stephenw10:

Hmm, OK.
So you have cable WAN or some connection that provides ethernet to your pfSense WAN?
What does your pfSense box say about the status of your interfaces (GUI > Status > Interfaces), are they all 100Mbps full duplex (or faster)?

What is the state of your pfSense box? Is it a fresh install? Any packages? Anything else?  ::)

Steve

AT&T MetroE 20Mbps fiber

WAN and LAN Interfaces:
1000baseT <full-duplex>Packages:
iperf
Lightsquid
nmap
squid
squidGuard

Fresh install 2.0-RELEASE (i386)
built on Tue Sep 13 17:00:00 EDT 2011</full-duplex>

jpmtg

Here are the results using the ISP's test site.

From the tech's laptop plugged directly into the WAN:

and here is my test from behind router:

stephenw10

It's hard to say quite what is being measured there. What is the difference between 'download speed' and 'download capacity'?

You have quite a few things running on pfSense that could potentially be causing delays; squid and squidguard.

Can you hook up a machine directly to the AT&T connection and test from there?

Can you boot your pfSense machine from the LiveCD to test without any packages?

Steve

jpmtg

@stephenw10:

It's hard to say quite what is being measured there. What is the difference between 'download speed' and 'download capacity'?

You have quite a few things running on pfSense that could potentially be causing delays; squid and squidguard.

Can you hook up a machine directly to the AT&T connection and test from there?

Can you boot your pfSense machine from the LiveCD to test without any packages?

Steve

I had previously disabled squid and tested again with no change. I will work on testing via live cd next time I am on site.

podilarius

Don't just disable them, uninstall them and reboot. You want to make sure that it is package causing the issue and not something deeper. Check your floating rules to make sure shaper has not rules. Remove shaping if there is some there.

Even better, backup your config. Re-install pfsense and give it enough just to start passing traffic, then test speed.

There might be NIC driver issues, what type of NICs are they again?

cmb

@jpmtg:

I will work on testing via live cd next time I am on site.

That would be a good plan and without wrecking your existing install, get the most basic config possible to get online and see how that's diff.