PfSense throtteling WAN bandwidth?

Harvy66

@jriggin:

No errors or dropped packets on NICs.  Interrupts go from 47% to 56% during a speed test, CPU load goes from .35 to .57.  No obvious memory hogs or CPU intensive procs in top.  Running the pfBlocker on or off made no change.

57% cpu time on a dual core cpu is an entire core running at 100%, and current PFSense is mostly single threaded for firewall. If someone with more understanding could correct me if wrong, but I think he's CPU bound from interrupts.

stephenw10

Or two cores each running at 57% or some other combination.
Run 'top -SH' at the console to see how your CPU is actually loaded across the cores.

Steve

jriggin

I agree the USB NIC is not an enterprise quality solution.  This is for my lab, and prior to Brighthouse switching out my cable modem (in bridge mode) and upgrading from 2.1.4 -> 2.1.5 I was getting 30 megs from WAN to LAN.  I'm supposed to get 50, therefor the cable modem switch.  I admit it was pretty dumb to change modem and pfSense version at once, but sometimes I do dumb things.

pfSense runs on Dell Optiplex 755 small desktop that only takes 1/2 height cards.  Any suggestions?  I've tried StartTek, Linksys and D-Link 1/2 height cards and pfSense didn't notice any of them.  Hence the USB.  :(

Thing is, everything was working until upgrade and new modem.  Is there a way to test bandwidth directly between pfSense and WAN gateway without using LAN NIC?

jriggin

BTW: neither NICs  on auto negotiate.  Intel on 1000TXFull, usb on 100TXFull.  Cores seem equally loaded under all conditions.

Turning off Squid seems to lower proc lad a few pints but no change in throughput.

stephenw10

Ok so the 2.1.4 to 2.1.5 update was mostly security fixes, I'd be surprised if it affected your USB NIC. The modem change is the likely suspect here. Since it's on the WAN side it may be nothing to do with your USB NIC and we all just jumped on that.  ::)
Check the output of ifconfig at the console. Check the 'media:' line for your WAN NIC is saying autoselect and is at 100Mbps or more.

Test the download speed at the pfSense console. This test will eliminate the USB NIC as a source of problems as you suggested.

[2.1.5-RELEASE][root@pfsense.fire.box]/root(3): fetch -o /dev/null http://cachefly.cachefly.net/10mb.test
/dev/null                                     100% of   10 MB  780 kBps 00m00s

You should see much faster than that, I'm in the UK. Other test file sites might prove better.

Steve

Edit: Just seen your other post. Why aren't they on auto-negotiate? That almost certainly the cause of your problem.

jriggin

The NICs were on auto-negotiate by default.  I changed them to see if it would effect the problem.  They auto negotiate to the same thing I had them set to.

I got slightly slower download than you did.

[2.1.5-RELEASE][root@pfsense]/root(1):  fetch -o /dev/null http://cachefly.cachefly.net/10mb.test
/dev/null                                     100% of   10 MB  746 kBps 00m00s

stephenw10

Auto-negotiating to 100FD is not the same as setting it manually. Many devices will try to negotiate, fail, and then default to some lower setting like 10HD.

Can you get a decent download speed from cachefly without the pfSense box in the way? If so then it looks like your WAN connection is at fault.

Steve

jriggin

My Linksys E2500 wireless router is plugged into Brighthouse modem right next to pfSense WAN.  On wireless, my laptop gets 40 Mbps down as tested at speedtest.net and speedtest.bhn.net.  (Changing the Brighthouse port pfSense is plugged in to makes no difference in results.)  If I plug the same laptop into the LAN port on pfSense, I get 5 Mbps down.

kejianshi

My suggestion is get a vlan switch.

stephenw10

Make sure that you can get a significantly higher speed from cachefly directly from your laptop (not though pfSense).
If that is the case then we have shown that it's the pfSense WAN connection that is as fault and we can try to diagnose it further.

Steve

Edit: typo

jriggin

I got 10mb using the file from cachefly on my LAN from the pfSense box:

[2.1.5-RELEASE][root@pfsense]/root(7): fetch -o /dev/null http://172.16.77.50/10mb.test
/dev/null                                     100% of   10 MB   10 MBps

(That would be over the much maligned USB NIC)

I also got 10 MB on my laptop plugged into Brighthouse modem.

It HAS to be the WAN port (which worked fine on 2.1.4) or something in pfSense doesn't like something about the new Brighthouse modem.  But I get the same result in any modem RJ45 port, and any other device connected to the modem gets over 30 MB on speed tests.

Any other ideas?  Or should I just wipe and re-install from ISO?

kejianshi

Well - 10Mb/s is better than NoMb/s I guess.

And if you connect your laptop directly to the modem, problem disappears?

Even if you get this working, You will be ok with the loss of 20Mb/s?

Just a thought - Switch the LAN and WAN interfaces and see what happens.

stephenw10

That's MB/s so for a NIC that's negotiated to 100Mbps it's not that bad.  ;)

My money is on some basic problem between the NIC and the new modem. Some times two devices don't quite comply with the specs correctly and won't work. These things happen.  ::)
Simple test. Put a switch in between the modem and the USB NIC on the pfSense box. If it's a layer 1 problem that may prove it.

Steve

kejianshi

Sorry - Mixed my apples and oranges.

Did he try switching LAN and WAN?