Internet through PFSense VM is significantly faster than direct connection
-
I have Comcast 100 Mbit down / 15 up. I run PFSense 2.1.4 on a dual NIC (one as WAN, the other as LAN) Intel Server Board / Xeon E3 1240 V2 ESXi Host with one proc allocated and some amount of RAM (that I cannot remember right now).
What I consistently find when testing is significantly faster speed tests when using PFSense. With PFSense, a speed test will consistently give me 98 - 115 Mbit down and 12 to 16 Mbit up.
However when performing the same test with a Linksys router with 100Mbit WAN port or (and this is the real confusing part) when the same test is performed with the same client system directly connected to the modem (client system having a gbit NIC btw), the tests max out at about 68Mbit down and 6Mbit up.
I get the Linksys limitation. I chalk that up to slow processor, little RAM, and most bottlenecking the 100Mbit WAN port (considering the overhead and true throughput will not be anything close to 100Mbit). What I am confused on, however, is how PFSense is so much better in test performance (using the same client machine though the firewall).
Any thoughts?
-
From the information that you provided, it appears that your conclusion is correct. The Linksys is slower. Maybe a trouble ticket to Linksys would help?
-
I am not concerned about the Linksys. My question is: Why am I getting better bandwidth results through PFSense than when directly connecting the same client machine to the modem? Has anyone else ever tested this?
-
Ok, I think what you are asking is why can the [same] client machine achieve good test results when behind a firewall but poor test results when connected directly?
I don't think you've mentioned any specifics about the client machine, so I'm just guessing, but pfSense is FreeBSD based and generally performs exactly the same as most FreeBSD clients especially when software versions are identical and installed on identical hardware. Also - in my experience - FreeBSD generally performs identical to Linux clients and usually outperforms Windows and OSX clients. If you are testing with a Windows or OSX client your results are not unusual. If you're using a FreeBSD (or linux) client on similar hardware then I would suspect a configuration issue or even possibly a speed/duplexity mismatch. Are you doing your performance testing with identical hardware and identical operating systems?
It seems from the information provided that pfSense is performing properly, and it also seems the client should be able to produce identical speed test results but is not, so if I were working on this issue I would begin by troubleshooting the client. Starting with the basics, I would reboot every device in the test setup and then first check that the speed and duplexity matched up for the client test. If that looked good, then I would check the interfaces on each device for errors and if that passed, I'd probably start eliminating variables and try a different cable, client, then modem.