PfSense throtteling WAN bandwidth?
-
Lets not jump to conclusions here. Yes, USB NICs are to be avoided in general but there are plenty of people out there using them with pfSense successfully. I would expect to get >5Mbps out of even the crappiest thing if it's configured correctly. Perhaps it's falling back to USB 1 mode? Perhaps it's negotiating to 10Mbps? All those things can be discovered with a few simple tests.
Steve
-
Well - Let me rephrase. USB will most likely be slow and unreliable.
Thats a best case scenario.
Worst case scenario, it will be offline more than online.
The only thing USB has ever done for me reliably is charge my cellphone.
I have exactly 1 device that has never been flakey on USB and thats my nextar drive inclosure which for some miraculous reason is reliable on usb.
Unless money is a huge huge factor, I'd get the usb NIC out of the mix.
-
No errors or dropped packets on NICs. Interrupts go from 47% to 56% during a speed test, CPU load goes from .35 to .57. No obvious memory hogs or CPU intensive procs in top. Running the pfBlocker on or off made no change.
57% cpu time on a dual core cpu is an entire core running at 100%, and current PFSense is mostly single threaded for firewall. If someone with more understanding could correct me if wrong, but I think he's CPU bound from interrupts.
-
Or two cores each running at 57% or some other combination.
Run 'top -SH' at the console to see how your CPU is actually loaded across the cores.Steve
-
I agree the USB NIC is not an enterprise quality solution. This is for my lab, and prior to Brighthouse switching out my cable modem (in bridge mode) and upgrading from 2.1.4 -> 2.1.5 I was getting 30 megs from WAN to LAN. I'm supposed to get 50, therefor the cable modem switch. I admit it was pretty dumb to change modem and pfSense version at once, but sometimes I do dumb things.
pfSense runs on Dell Optiplex 755 small desktop that only takes 1/2 height cards. Any suggestions? I've tried StartTek, Linksys and D-Link 1/2 height cards and pfSense didn't notice any of them. Hence the USB. :(
Thing is, everything was working until upgrade and new modem. Is there a way to test bandwidth directly between pfSense and WAN gateway without using LAN NIC?
-
BTW: neither NICs on auto negotiate. Intel on 1000TXFull, usb on 100TXFull. Cores seem equally loaded under all conditions.
Turning off Squid seems to lower proc lad a few pints but no change in throughput.
-
Ok so the 2.1.4 to 2.1.5 update was mostly security fixes, I'd be surprised if it affected your USB NIC. The modem change is the likely suspect here. Since it's on the WAN side it may be nothing to do with your USB NIC and we all just jumped on that. ::)
Check the output of ifconfig at the console. Check the 'media:' line for your WAN NIC is saying autoselect and is at 100Mbps or more.Test the download speed at the pfSense console. This test will eliminate the USB NIC as a source of problems as you suggested.
[2.1.5-RELEASE][root@pfsense.fire.box]/root(3): fetch -o /dev/null http://cachefly.cachefly.net/10mb.test /dev/null 100% of 10 MB 780 kBps 00m00s
You should see much faster than that, I'm in the UK. Other test file sites might prove better.
Steve
Edit: Just seen your other post. Why aren't they on auto-negotiate? That almost certainly the cause of your problem.
-
The NICs were on auto-negotiate by default. I changed them to see if it would effect the problem. They auto negotiate to the same thing I had them set to.
I got slightly slower download than you did.
[2.1.5-RELEASE][root@pfsense]/root(1): fetch -o /dev/null http://cachefly.cachefly.net/10mb.test /dev/null 100% of 10 MB 746 kBps 00m00s
-
Auto-negotiating to 100FD is not the same as setting it manually. Many devices will try to negotiate, fail, and then default to some lower setting like 10HD.
Can you get a decent download speed from cachefly without the pfSense box in the way? If so then it looks like your WAN connection is at fault.
Steve
-
My Linksys E2500 wireless router is plugged into Brighthouse modem right next to pfSense WAN. On wireless, my laptop gets 40 Mbps down as tested at speedtest.net and speedtest.bhn.net. (Changing the Brighthouse port pfSense is plugged in to makes no difference in results.) If I plug the same laptop into the LAN port on pfSense, I get 5 Mbps down.
-
My suggestion is get a vlan switch.
-
Make sure that you can get a significantly higher speed from cachefly directly from your laptop (not though pfSense).
If that is the case then we have shown that it's the pfSense WAN connection that is as fault and we can try to diagnose it further.Steve
Edit: typo
-
I got 10mb using the file from cachefly on my LAN from the pfSense box:
[2.1.5-RELEASE][root@pfsense]/root(7): fetch -o /dev/null http://172.16.77.50/10mb.test /dev/null 100% of 10 MB 10 MBps
(That would be over the much maligned USB NIC)
I also got 10 MB on my laptop plugged into Brighthouse modem.
It HAS to be the WAN port (which worked fine on 2.1.4) or something in pfSense doesn't like something about the new Brighthouse modem. But I get the same result in any modem RJ45 port, and any other device connected to the modem gets over 30 MB on speed tests.
Any other ideas? Or should I just wipe and re-install from ISO?
-
Well - 10Mb/s is better than NoMb/s I guess.
And if you connect your laptop directly to the modem, problem disappears?
Even if you get this working, You will be ok with the loss of 20Mb/s?
Just a thought - Switch the LAN and WAN interfaces and see what happens.
-
That's MB/s so for a NIC that's negotiated to 100Mbps it's not that bad. ;)
My money is on some basic problem between the NIC and the new modem. Some times two devices don't quite comply with the specs correctly and won't work. These things happen. ::)
Simple test. Put a switch in between the modem and the USB NIC on the pfSense box. If it's a layer 1 problem that may prove it.Steve
-
Sorry - Mixed my apples and oranges.
Did he try switching LAN and WAN?