ALIX APU.2C4 Board and 1GBit Internet connection
-
@BlueKobold:
As a single firewall with some (20) firewall rules it will be enough fore nearly 500 MBit/s - 700 MBit/s and some tunings
for the network interface cards (NICs), but real 1 GBit/s you will never reach here due to the hardware system given
horse power.That hardware can do a gigabit just fine under linux. It's not a hardware problem, it's a system problem.
What do you mean system problem like problem with pfsense ?
-
@BlueKobold:
As a single firewall with some (20) firewall rules it will be enough fore nearly 500 MBit/s - 700 MBit/s and some tunings
for the network interface cards (NICs), but real 1 GBit/s you will never reach here due to the hardware system given
horse power.That hardware can do a gigabit just fine under linux. It's not a hardware problem, it's a system problem.
What do you mean system problem like problem with pfsense ?
The "system" is the combination of hardware & software. There isn't a "problem", it is a matter of matching requirements and resources. If the requirement is "pfsense at 1Gbps" then the APU2 is the wrong hardware. If the requirement is "firewalling at 1Gbps with an APU2" then pfsense is the wrong software. I just get tired of seeing people saying it's a "hardware problem" when the hardware is fine; it's reasonable to say that the hardware is the wrong choice for the application, but not reasonable to say it's the hardware's fault that the software doesn't utilize it efficiently.
-
That hardware can do a gigabit just fine under linux. It's not a hardware problem, it's a system problem.
The entire question, from the opening post here, was not about the Linux throughput, but about pfSense and the PC Engines
APU2C4 throughput. And under pfSense that is based on FreeBSD it ís not interesting what the same hardware will be able to
deliver under Linux.What do you mean system problem like problem with pfsense ?
1. Linux is coded more nearly to the hardware as other systems, and act sometimes more liquid then BSD based systems
and so BSD based systems needs much more horse power then compared to a Linux based OS.
2. The driver support and quality from the site of the hardware vendors will be more pointed to
windows and Linux as to BSD based systems, that will changing in the last time but slowly.
3. And on top of some things such named above pfSense is going more and more and more to change things, but this will
be not be done so fast as we all need it or hope it! But they are on the right way, FreeBSD is going to be more multi CPU
core usage, the version 3.0 will be totally written new, other parts will also be changing to multi-core CPU usage, such
suricata, Snort is on its way, OpenVPN the igb(4) driver and so on, but some rarely parts such as PPPoE is, will be only
single-core CPU threated since now, and this will all play together and not all one part for it self!The "system" is the combination of hardware & software. There isn't a "problem", it is a matter of matching requirements and resources. If the requirement is "pfsense at 1Gbps" then the APU2 is the wrong hardware. If the requirement is "firewalling at 1Gbps with an APU2" then pfsense is the wrong software. I just get tired of seeing people saying it's a "hardware problem" when the hardware is fine; it's reasonable to say that the hardware is the wrong choice for the application, but not reasonable to say it's the hardware's fault that the software doesn't utilize it efficiently.
This might be right but this here is the pfSense forum and not the Linux or ClearOS, or Endian, or Untangle UTM, or Sophos UTM,
or SmoothWall, or IPFire or the shorewall forum, and based on the entire opening post the threat opener is using pfSense or asking
for pfSense together with the APU2C4 and 1 GBit/s at the WAN interface. -
With 2c4 we are getting 940mbit/s here on 1gb/s Mediacom cable (which is the same directly connected to the modem with no router) on pfSense 2.3.3. As a matter of fact its only one of two routers out of many we have tested to get full throughput out of 1gb/s. An old Core2Duo E8400 with the same config only got 600mb on 2.3.3, Core2Quad the same. A Netgear R7000 with stock firmware (no thanks) pulled 940mbit/s last night but with Shibby TomatoUSB firmware only 360 down. I'd like to try a Asus RT-AC9000P with Merlin firmware. Ubiquiti Edgerouter X got 400 down, Edgerouter Lite better at 918mb/s. So as it stands it's the APU 2C4! ;)
We just got 1GB/s in our area so we have been experimenting a good bit.
-
With 2c4 we are getting 940mbit/s here on 1gb/s Mediacom cable (which is the same directly connected to the modem with no router) on pfSense 2.3.3. As a matter of fact its only one of two routers out of many we have tested to get full throughput out of 1gb/s. An old Core2Duo E8400 with the same config only got 600mb on 2.3.3, Core2Quad the same. A Netgear R7000 with stock firmware (no thanks) pulled 940mbit/s last night but with Shibby TomatoUSB firmware only 360 down. I'd like to try a Asus RT-AC9000P with Merlin firmware. Ubiquiti Edgerouter X got 400 down, Edgerouter Lite better at 918mb/s. So as it stands it's the APU 2C4! ;)
We just got 1GB/s in our area so we have been experimenting a good bit.
Thanks for your reply.
How much did you get for the upload on the 2c4 ?
Please keep us updated on your findings THANKS AGAIN!!
-
With 2c4 we are getting 940mbit/s here on 1gb/s Mediacom cable (which is the same directly connected to the modem with no router) on pfSense 2.3.3.
Are you using PPPoE, at this Internet connection?
-
I believe there are some very SFF Intel n series Celeron boards out there that could do basic gigabit.
-
@BlueKobold:
With 2c4 we are getting 940mbit/s here on 1gb/s Mediacom cable (which is the same directly connected to the modem with no router) on pfSense 2.3.3.
Are you using PPPoE, at this Internet connection?
No, Mediacom Cable. DHCP WAN.
-
I believe there are some very SFF Intel n series Celeron boards out there that could do basic gigabit.
We also tried an Atom D510 and got 209Mb/s (pfSense 2.3.3) :(
-
How much did you get for the upload on the 2c4 ?
Our download/upload is not asymmetrical unfortunately. It's supposed to be a 1gb/50mbs plan. Our upload max has been 78mb/s.
-
-
With 2c4 we are getting 940mbit/s here on 1gb/s Mediacom cable (which is the same directly connected to the modem with no router) on pfSense 2.3.3. As a matter of fact its only one of two routers out of many we have tested to get full throughput out of 1gb/s. An old Core2Duo E8400 with the same config only got 600mb on 2.3.3, Core2Quad the same. A Netgear R7000 with stock firmware (no thanks) pulled 940mbit/s last night but with Shibby TomatoUSB firmware only 360 down. I'd like to try a Asus RT-AC9000P with Merlin firmware. Ubiquiti Edgerouter X got 400 down, Edgerouter Lite better at 918mb/s. So as it stands it's the APU 2C4! ;)
We just got 1GB/s in our area so we have been experimenting a good bit.
fthomasr and I are doing the testing. I tested an ASUS RT-68u last night with latest stock firmware, Merlin latest, and Tomato latest. Stock pulled 948, Merlin pulled 949, and tomato 360. I was confused how stock and merlin firmware could be outperforming tomato firmware. After some research, I found a little know setting under the advanced-> miscellaneous tab to enable CTF (Cut-Through Forwarding). Now the tomato flashed router does 949. I'm sure that setting wasn't enabled on the netgear R7000 when we tested it with tomato firmware, but hey not a Netgear fan so we sent it back.
I must mention the AC68U we are testing is the older version with only an 800MHZ processor. The current revision includes a 1GHZ processor. I'd love to test the difference between these two revisions. -
-
No, Mediacom Cable. DHCP WAN.
Ah ok that was not clear to me, thanks.
-
-
That hardware can do a gigabit just fine under linux. It's not a hardware problem, it's a system problem.
It sure is.
I've been testing pfSense throughput vs some GNU/Linux router distros, and the results are a little shocking, TBH.
Even without any routing (LAN interface to LAN client), I get ~600-650 Mbit out of pfSense, apparently CPU bound (one core at 100%).
I haven't found a GNU/Linux router that can't saturate the gigabit link (~950Mbit) in the same situation. With minimal CPU use (<15%).
I love the features of pfSense, but that's one hell of a performance tax we're paying for them :(
-
I've been testing pfSense throughput vs some GNU/Linux router distros, and the results are a little shocking, TBH.
Please try out iPerf from client to server and set it up to use 8 streams or more, then you will perhaps seeing other results
and you may get other numbers, because the LAN line will be saturated.I love the features of pfSense, but that's one hell of a performance tax we're paying for them :(
As above told, the hardware requirements for reaching 1 GBit/s at the WAN are given by the pfSense team shown
under the link named some posts above by me, so there will be not really a need to complain about, because the
APU is only serving ~1.0GHz at the CPU and > 2.0GHz are needed. For sure in the near future this can be really
differ, by using multi-core CPU for the igb(4) driver, the entire pfSense system it self and perhaps more or less
one of the forwarding (netmap-fwd, try-fwd, fast-fwd) methods that can change this.