Intel igb 125Mbps speeds?

Visseroth

Your reply wasn't helpful in any way. Why bother replying?

I'm obviously new to speed testing through the firewall.

Does anyone have any suggestions?

Perforado

Performance Testing "through" the Firewall:

As you have 4 Interface maybe you have one spare for testing.
Set that to an IP-Range on another subnet.
Test if you can ping that ip from your Client.
Install the iperf-Package.
Start the iperf-Server on pfsense.

iperf -c the-ip-you-set-the-pfsense-spare-interface-to

Client <-> LAN [pfsense] OPT2

My Results:
Some Supermicro A1SAi-Board.
Intel(R) Atom(TM) CPU C2550 @ 2.40GHz
Quad Intel igb

[root@burn ~]# iperf -c 172.XX.99.1 -t 60
–----------------------------------------------------------
Client connecting to 172.XX.99.1, TCP port 5001
TCP window size: 85.0 KByte (default)

[  3] local 172.XX.0.231 port 24708 connected with 172.XX.99.1 port 5001
[ ID] Interval      Transfer    Bandwidth
[  3]  0.0-60.0 sec  2.93 GBytes  420 Mbits/sec

pfsense:
LAN 172.XX.0.1
OPT 172.XX.99.1

burn:
LAN 172.XX.0.231

As for the WinSCP and 125MBit. I guess the Write-Cache on the WD-Black is off and you simply tested the maximum write speed to the Filesystem.

Visseroth

I setup a static on another interface, 172.16.0.1. I'm able to ping it but I can't get ipref to do anything. The client starts but there's no output

I started the iperf server on PfSense and then started the client on my machine with iperf3 -p 5201 -c 172.16.0.1

Perforado

Port 5201? Default is 5001 for me.

Did you try to do a filter Rule to allow Traffic

[your internal network] <-> TCP 172.16.0.1:5201

Visseroth

I don't know, I've tried 5001, 5201, added the rule in both the lan and the opt and still nothing. Even tried the local LAN GW address, still nothing.

Perforado

Did you leave the iperf window (the one that doesn't seem to report anything) open after starting iperf in server-mode?

Visseroth

I indeed left it open then went to the command prompt and executed the client. Even checked the firewall to see if it was being blocked but didn't see anything.

Perforado

Maybe TCP/UDP mixed up?

For me the iperf-Server on pfsense works out-of-the-box.

Visseroth

or the version I downloaded.
So I have a linux laptop and I tried it from the laptop and it worked fine but the weird thing is it was telling me that I was getting 5.75MB of transfer at only 4.67Mb/s.
Seriously, I have a 20Mb connection, I've already fully saturated it with this thing and iperf is telling me I'm actually slower than that? Seems a bit off to me.

I then setup my laptop as the server and pfsense as the client and here's the output…

Client connecting to 10.1.1.111, TCP port 5001
TCP window size: 65.0 KByte (default)
------------------------------------------------------------
[  9] local 10.1.1.1 port 27528 connected with 10.1.1.111 port 5001
[ ID] Interval       Transfer     Bandwidth
[  9]  0.0- 2.0 sec  1.02 MBytes  4.26 Mbits/sec
[  9]  2.0- 4.0 sec  1.01 MBytes  4.25 Mbits/sec
[  9]  4.0- 6.0 sec  1.02 MBytes  4.28 Mbits/sec
[  9]  6.0- 8.0 sec  1.02 MBytes  4.26 Mbits/sec
[  9]  0.0-10.0 sec  5.09 MBytes  4.27 Mbits/sec

UDP is saying….

Client connecting to 10.1.1.111, UDP port 5001
Sending 1470 byte datagrams
UDP buffer size: 56.0 KByte (default)
------------------------------------------------------------
[  9] local 10.1.1.1 port 50550 connected with 10.1.1.111 port 5001
[ ID] Interval       Transfer     Bandwidth
[  9]  0.0- 2.0 sec   247 KBytes  1.01 Mbits/sec
[  9]  2.0- 4.0 sec   253 KBytes  1.03 Mbits/sec
[  9]  4.0- 6.0 sec   253 KBytes  1.03 Mbits/sec
[  9]  6.0- 8.0 sec   254 KBytes  1.04 Mbits/sec
[  9]  8.0-10.0 sec   253 KBytes  1.03 Mbits/sec
[  9]  0.0-10.0 sec  1.23 MBytes  1.03 Mbits/sec
[  9] Sent 893 datagrams

Visseroth

OK, so I'm basically testing this thing before I implement it. I only have a 20Mbit connection and here is it fully saturated….

Harvy66

It's very important that you mention that you have snort. Snort has to inspect every packet and slows things down a lot.

Visseroth

This I understand and disabled snort during the test. I also have squid, this I didn't disable but didn't think it would hit on my speed to much.

Seriously bud, sure I'm a bit ignorant but not completely stupid and you have been of no help at all, why even post at all?

Anyhow…

The other thing I thought of doing was disabling "Block private networks" and "Block bogon networks" and then plugging directly into my local network and then trying to connect to my storage server through the firewall so I could pull a file but unfortunately it seems I was unable to get to my server. I didn't see any blocks in the firewall logs so I'm not exactly sure why I was unable to reach the server. I figured it had something to do with routing.

Guest

This I understand and disabled snort during the test. I also have squid, this I didn't disable but didn't think it would hit on my speed to much.

And perhaps Squid is acting as a caching proxy too?
Then you might be sure cheating your self! Because if you then do the first time a test, you will get slow
numbers from this test, but if you do it then again and again you will get more fine numbers.

So in normal if you want to do a speed test you should do the following:

• Do a fresh and full install
  – activate PowerD (hi adaptive)
  -- high up the mbuf size to 1.000.000
  -- enable TRIM support for the SSD or mSATA

And then take two PCs or Laptops as a server and a client that are doing a test trough the pfSense machine
and then on top you should activate Snort and do the test again. And then you should activate Squid and do
the test again. So you get three independent and different numbers for the throughput of your pfSense machine.

• One number is the raw throughput
• One is the Snort throughput
• One is the Snort & Squid throughput

Visseroth

Agreed. Unfortunately I need to get this one in place and have run out of time but I'll be building another one soon for CARP, that one will get further testing as this one will for now meet the needs of the two internet connections. One is 24Mbps the other 40 totally about 60Mbps.

The reason I was trying to get more speed was for future reliability. So that if by chance the internet connections up here get faster and more stable this thing would be ready for the task and for general bench mark purposes.

With this next one I'm going to do just as you said. Two machine, one on each side and then hammer traffic through it. First stock then with one package at a time.

For those that were helpful, thank you. Some of you  ??? :-X