Slow speed with pfSense

KOM

Mainboard details aren't all that important.  What type of NIC is em0 & em1?

ctirado

Could traffic shaping or limiter be turned on in pfSense accidentally? I would check that first.

Carlos

KOM

Those kinds of things are very hard to turn on accidentally, considering how much configuration they require.

Derelict

I would look hard at the ethernet between the fiber converter and pfSense's WAN NIC. Make sure everything is good and they're both negotiating gig.

What is the make/model of the fiber converter?

I would look for errors on the WAN NIC.

I might try a managed switch with a GBIC and a blank VLAN between pfSense and the fiber so you can get error counters and statistics on both sides. You'd be replacing the fiber converter with a blank vlan with one untagged copper and one untagged fiber port. You probably want to disable spanning tree on the VLAN and/or ports.

I would call the ISP and see what they see as far as errors on their port.

An i5 ought to easily do 250/100.

David_W

@Derelict:

I might try a managed switch with a GBIC and a blank VLAN between pfSense and the fiber so you can get error counters and statistics on both sides. You'd be replacing the fiber converter with a blank vlan with one untagged copper and one untagged fiber port. You probably want to disable spanning tree on the VLAN and/or ports.

This would be my recommended approach if the "fiber converter" is just a fiber <-> copper media converter.

If, however, the "fiber converter" is actually an ONT on a PON network, this won't work, as you can only use an ONT authorised by the network operator (which almost always means one they supplied). My recommended approach in this scenario is similar - connect the "fiber converter" and the pfSense interface via a switch, for example using a dedicated VLAN. I use this approach successfully with a VDSL2 bridge.

Disabling spanning tree on such a VLAN is a good idea, especially in the media converter scenario. The ISP's network will probably filter it or otherwise ignore it, but the possibility remains that they might not take too kindly to spanning tree traffic coming from your end of the connection.

Guest

Ok to be fair at first you should not be using the speedtest in the Internet, that we all should be verify your test
results by making perhaps related to the same hardware also same results.

CPU Type Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz

With this CPU and pfSense together you might be or must be able to route 1 Gbit/s at the WAN Interface
with ease. So it could be pending on more or less things we should all thing about and proof.

• It could be that your modem is having a auto sensing mismatch at the LAN port of the modem
  and the WAN port of the pfSense. Could this be? In pfSense you will see perhaps "1000 MBit/s full Duplex auto."
  But in real life there will be perhaps only a 10 MBit/s or 100 MBit/s connection.
• The "modem" is not a pure modem, nut a real router and your pfSense got only over DHCP a IP address
  that will be changing then more or less often.
• PowerD (hi adaptive) is not enabled and the CPU is not able to deliver enough power if needed
• mbuf size is not high up to perhaps something around 1.000.000 the size should be related to
  the amount of available RAM, but with 15 GB you have no problems at all
• if a SSD is used you could also enable TRIM support at this stage and time
  (not really related to the problem you have here in case, but also useful for your SSD drive)

Questions:

• What NIC or NICs you are using?
  (Vendor, model, ports, speed)
• Are all unused things will be disabled in the BIOS?
  (things such as Jumbo Frames, network enhancing and LAN Optimizer, WiFi,….)
• deactivating onBoard Intel and Qualcomm Atheros gaming networking and install a new 2/4 Port Intel NIC

Your Internet connection is about 250/100 MBit/s (Megabit) and if you got then 25 MB/s (Magebyte)
that means you got perhaps nearly the theoretical maximum from ~32 MB/s, can it be the you was not
right counting? Only a thought!

FuriousRage

Hi all.
thanks for the replies.
I just ran a speedtest.net and got

I havent changed anything, so it must been a hickups at the ISP area for almost a week.

Anyways, seems its been resolved by its own.

Guest

I have 250/100 Mbps fiber connection.

Pending on this you got it fully I mean, because you must count the TCP/IP overhead on top of this
and shorten it a bit for passing the NAT part and firewall rules. So all is fine on your side as I see it right.

FuriousRage

@BlueKobold:

I have 250/100 Mbps fiber connection.

Pending on this you got it fully I mean, because you must count the TCP/IP overhead on top of this
and shorten it a bit for passing the NAT part and firewall rules. So all is fine on your side as I see it right.

Unfortunately, the good speeds only held for a few days, i am still down to 10% of my possible max.
I have concluded with testing that it is somewhere at my pfSense box, but i cannot find out what could possible be the problem.
Reboots doesnt help. I saw an earlier post, i dont have a modem (like cable, isdn).
This system is less then a year old afaik, but i wounder if perhaps the usb key could be the culprit and a reinstall on a new one would help..

heper

a broken usb key will get you filesystem errors & perhaps boot issues. It's unlikely to cause a slow wan link.

do you get fast speeds when you connect a different system (laptop/desktop) directly on the converter ?
what speeds do you get from pfsense console ?
)

FuriousRage

@heper:

a broken usb key will get you filesystem errors & perhaps boot issues. It's unlikely to cause a slow wan link.

do you get fast speeds when you connect a different system (laptop/desktop) directly on the converter ?
what speeds do you get from pfsense console ?
)

Hi.
When i use my Asus Transformetbook T200T, i can make the network cards 100/100, directly connected to the converter.
When i tried the download thru pfSense cli, using a close to me service to download both a 100Mb and a 1Gb file to "/dev/null"(?), im getting the same speed, roughly around 25 Mbps download, i have changed to new/old/other cables both on the converter side, and between the wall and pfSense box.
I am going to stop by a store today and pick up a few more new patch cables to change to completely new cables on both side. I cannot do anything about the wall installed cable.

FuriousRage

Hmm.
It seems new cables did not help :(
And buying a new 2-4 port PCIx card costs almost the same as buying a pfSense hardware in the store, and im not sure if its the nic or not.
The WAN card is an Intel PCIx, lan uses the onboard, but im testing the speed with fetch directly at the pfSense ssh console.