Connection slow (2.3.2)
-
Hey All,
I have been experiencing a strange issue which started about 1,5 to 2 months ago.
I have been using the pfsense for a longer time starting in about April, after initial installation everything was working fine and the throughput was great actually.Setup is as follows:
Fiber Modem > Pfsense > Switch > User
Connection is forced at 100 full Duplex , required from the ISP.
Connection is a 50Mbps Fiber connection.
Hardware is SG-2440 box so: Intel(R) Atom(TM) CPU C2358 @ 1.74GHz ,2 CPUs: 1 package(s) x 2 core(s), 4GB RAMHowever since about 1,5 to 2 months ago the connection is very slow. From 50Mbps I went to about 8. During that time I have not changed anything in the original setup.
Connecting a pc directly to the modem the speed is OK, full 50Mbps speed.
I have tried forcing the duplex on the lan between switch and firewall to no avail, speed issue stays.
Connecting a pc as sole user to the pfsense the speed is slow, so seems the issue occurs immediately after the pfsense is in play. So without the switch issue is the same.
I have tried disabling the hardware options in advanced > networking . No change.I was thinking about downgrading to 2.3.1 to see if that makes a difference as the 2.3.2 update roughly matches up with my dates but would prefer not too. Also as I couldnt really find anyone with the same issue regarding 2.3.2.
If anyone has any suggestions or options for me to try it would be much appreciated.
-
Running anything like Squid or Snort? What does System Activity show?
-
Right now only running stock no extra packages.
CPU Activity last pid: 29287; load averages: 0.04, 0.05, 0.01 up 3+23:54:06 07:51:27 116 processes: 3 running, 87 sleeping, 26 waiting Mem: 21M Active, 97M Inact, 182M Wired, 28M Buf, 3600M Free Swap: 3726M Total, 3726M Free PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 11 root 155 ki31 0K 32K CPU1 1 95.0H 99.85% [idle{idle: cpu1}] 11 root 155 ki31 0K 32K RUN 0 95.0H 96.68% [idle{idle: cpu0}] 12 root -92 - 0K 416K WAIT 1 14:09 1.86% [intr{irq257: igb0:que}] 20589 root 49 0 262M 31776K piperd 1 0:00 1.37% php-fpm: pool nginx (php-fpm) 12 root -92 - 0K 416K WAIT 0 11:29 0.78% [intr{irq256: igb0:que}] 12 root -92 - 0K 416K WAIT 1 8:25 0.49% [intr{irq260: igb1:que}] 12 root -92 - 0K 416K WAIT 0 8:00 0.39% [intr{irq259: igb1:que}] 36827 unbound 20 0 67420K 40240K kqread 0 2:16 0.00% /usr/local/sbin/unbound -c /var/unbound/un 15 root -16 - 0K 16K - 1 1:47 0.00% [rand_harvestq] 5 root -16 - 0K 16K pftm 0 1:29 0.00% [pf purge] 12 root -60 - 0K 416K WAIT 0 1:14 0.00% [intr{swi4: clock}] 34127 root 52 20 17000K 2408K wait 1 1:09 0.00% /bin/sh /var/db/rrd/updaterrd.sh 36827 unbound 20 0 67420K 40240K kqread 1 1:01 0.00% /usr/local/sbin/unbound -c /var/unbound/un 7892 root 20 0 16676K 2256K bpf 0 0:53 0.00% /usr/local/sbin/filterlog -i pflog0 -p /va 0 root -16 - 0K 288K swapin 0 0:41 0.00% [kernel{swapper}] 10076 root 20 0 19108K 2256K nanslp 0 0:31 0.00% [dpinger{dpinger}] 41284 dhcpd 20 0 24816K 13232K select 0 0:30 0.00% /usr/local/sbin/dhcpd -user dhcpd -group _ 40330 root 20 0 14408K 1952K select 0 0:30 0.00% /usr/sbin/powerd -b hadp -a hadp -n hadp -
Hmm. Seems you should try to isolate the problem as being on the the local environment, the wan, or through the firewall.
The easiest way to determine if it is on the WAN is to run the speedtest-cli.
From the console option 8 (shell):
pkg install py27-speedtest-cli
That'll run through the package installer.
Then:
speedtest-cli
Sample output (Also a 2440 - running snort):
speedtest-cli Retrieving speedtest.net configuration… Retrieving speedtest.net server list... Testing from Cox (68.X.X.X)... Selecting best server based on latency... Hosted by LV.Net (Las Vegas, NV) [18.31 km]: 40.14 ms Testing download speed…..................................... Download: 128.02 Mbit/s Testing upload speed.................................................. Upload: 8.83 Mbit/s -
My result. Below. Seems like there is something wrong with the download, it should be about the same as the upload. However it is only 1/10th. If I connect my notebook directly to the modem however it is the correct speed.
Is this an issue with my WAN configuration on the PFsense?
Retrieving speedtest.net configuration... Retrieving speedtest.net server list... Testing from Signet (81.xx.xx.xx)... Selecting best server based on latency... Hosted by DT-IT (Arnhem) [60.08 km]: 12.733 ms Testing download speed........................................ Download: 5.34 Mbit/s Testing upload speed.................................................. Upload: 40.04 Mbit/s -
I would examine everything very closely for a 100-full/half-duplex mismatch. Any errors in Status > Interfaces? If you have a switch on the WAN side is it managed so you can check for the same thing there?
-
Lots of in/out errors.
The issue seems to be with the modem configuration, my ISP always gave instructions to go full duplex. However setting the ports to auto negotiate pfsense will set it to half. And look here.
Retrieving speedtest.net configuration... Retrieving speedtest.net server list... Testing from Signet (81.xx.xx.xx)... Selecting best server based on latency... Hosted by SIT Internetdiensten B.V. (Voorthuizen) [74.82 km]: 11.25 ms Testing download speed........................................ Download: 44.15 Mbit/s Testing upload speed.................................................. Upload: 47.31 Mbit/sSeems like the ISP either changed their config without informing or has an configuration error. Thanks for the help anyway! Seems that because my laptop was on auto negotiate it did not have this issue and it caused me to think the issue was with the configuration of the pfSense.