SG-3100 Slow Throughput
-
@torred - you're one step (but light years) ahead of where I am. I simply need a trusted copy of ng_etf.ko for FreeBSD 11.2 to plop onto my SG-3100 and I'm done. Everything else in the pfatt project is ready for the reboot.
I don't have spare hardware lying around so have been trying to download the FreeBSD VMware image, but it has no source. And when I try to download the source, it fails. This simple step mocks me. Any thoughts?
Sean
-
@sean-allen, try following this: https://www.freebsd.org/doc/handbook/makeworld.html#updating-src-obtaining-src
TL;DR: svn update /usr/src
There's quite a few guides on setting up FreeBSD for qemu, virtualbox, and VMWare. Once you get it running it's pretty easy.
Edit: Also, you could...
wget ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/11.2-RELEASE/src.txz
tar -xz -C / -f src.txz -
@torred I'm very thankful for your help with the ng_etf.ko. I have all in place and am bypassing the AT&T RG.
However, my speeds have not improved. At all. Quite the let down as I was assuming the interaction between RG and SG-3100 was the issue
- Directly through the RG I was seeing 900+Mbit up/down
- SG-3100 through RG in IP Passthrough yielded ~100Mbit up/down
- Same setup using PIA as my VPN gave ~75Mbit up/down
- I bypassed the RG with great expectation and the ~100Mbit and ~75Mbit numbers remained. <sad trombone>
Those numbers varied, but not nearly as wildly as @torred results. The speed tests I'm doing are speedtest.net, dslreports.com and att.com. I'm not familiar with iperf. I loaded it on pfSense and the dizzying array of config options had me walk away from that.
Other than the PIA VPN, I have:
- pfBlockerNG DNSBL
- OpenVPN Server (though no clients, it's just there to hit my network from outside while traveling)
- ntopng
Turning off DNSBL and ntopng have no measurable effect on speed tests. I have the laptop I'm running speed tests on directly connected to one of the switched ethernet ports on the back of the SG-3100 removing other switches from the test.
Any other thoughts or suggestions here? I feel like the SG-3100 should be able to keep up with these, even with VPN, based on what I've read. It surely should be going faster than it is.
Thank you!
SeanSide note: Anyone know why I can't access these forums through my PIA VPN? I have to bypass that before any page will load.
-
@sean-allen said in SG-3100 Slow Throughput:
Side note: Anyone know why I can't access these forums through my PIA VPN? I have to bypass that before any page will load.
https://forum.netgate.com/topic/136229/vpn-blocked
-
@grimson thanks! I searched the forum, but I kept getting assorted posts about PIA/VPN/access/etc. - none having to do with the forum.
Sean
-
It's clear that personal VPNs are a contentious issue here, so let's remove that from the equation for now.
I can get 900Mbit speeds directly from the AT&T RG, but as soon as I introduce my SG-3100 into the path (either through or bypassing the RG) I start getting 100Mbit (not through VPN) - or a bit more than 10% of the available bandwidth.
Any ideas on how I've messed up my configuration such that the SG-3100 is pouring molasses on my link? I'm going through my entire network to make sure I have "good" cables and switches to remove that from the equation - but even when I plug a new cable directly into the switched ports on the SG-3100, same result.
Sean
-
The AT&T RG is a beast, unfortunately.
https://forum.netgate.com/topic/99190/att-uverse-rg-bypass-0-2-btc/1
-
-
It must still be something in the bypass configuration then. Perhaps something in the traffic that is not marked in some way that AT&T expects it.
Or something that should be negotiating gigabit is negotiating at 100.
If it were me - and I couldn't find someone else who has put all the pieces together - I would put a switch with a SPAN port between the RG and the ONT in this configuration
client->RG->ONTand capture traffic on a mirror port.Then I would put the same switch between the SG-3100 and the ONT in this configuration
SG-3100->ONTand capture traffic and see if there is a difference in QoS bits, VLAN priority, or something. -
Yup that is exactly the steps need to figure out what is going on
-
@Derelict and @johnpoz - thanks for the feedback!
Quick question, though: if
client->RG->ONTis at 900Mbit and (SG-3100->RG->ONTorSG-3100->ONT) are both sub 100Mbit - doesn't that point to an issue with the config or hardware of the SG-3100? The RG running in IP Passthrough, or being bypassed, yields the same result when the SG-3100 originates the traffic. The bypass method would seem to not be adding or subtracting anything relevant here, but I defer to your expertise. The bypass, if you're curious, uses netgraph to set aside the EAP auth traffic such that it only goes between RG and ONT (which are plugged into the two routed eth ports of the 3100). All other traffic sent directly from the SG-3100 to the ONT via a new interface (ngeth0) defined by netgraph to tag outbound as VLAN 0 (some odd AT&T requirement). It would appear that the only thing the RG is used for by AT&T is to make sure AT&T equipment is present - so the hard-coded cert in the RG is required to authenticate the channel. Full details on the bypass, if interested, are here: https://github.com/aus/pfattThe reason I ask is because it will not be easy for me to mirror and capture traffic as you've suggested. Partly because of hardware, partly because of expertise.
-
My SG-3100 runs in either bypass or IP-Passthrough with full speed. I would assume you have a config issue with the bypass setup. If you care to share screen shots I can look at what you have in comparison to what I have. I have been bypassed for better than a year now. I still put the gateway back from time to time to play with it but generally stay bypassed.
-
To do a span port all that is need is a 30$ smart switch and a box that can run wireshark..
So hardware constraint while you might not have on hand? What switch(es) are you currently using... And you do not have a laptop or pc - for that matter a current pi that you could sniff on?
You could even use your sg3100 as a sniff box for testing what is actually going on when your not using the sg3100 and seeing your 900mbps
Do you not have any smart switch?
-
@gsmornot - thank you for the offer! I am happy to share screen shots. Here or DM? What parts of my config are interesting for troubleshooting this? I used the bypass method described here. The only mods I made to pfatt.sh were to tell it which of my routed ethernet interfaces were connected to the RG versus ONT - and give it the MAC of my RG. Once it ran and did its thing, I configured the ngeth0 interface in pfSense to spoof the MAC of the RG. After that, traffic started flowing - just as slowly as through IP Passthrough :(
@johnpoz - this is my home network, I've just been using dumb switches. Netgear GS108, TP-Link (TL-SG1008D), etc. Yes, I can feel the impending mocking. I can go get a smart switch (recommendation?), no problem having a system to run wireshark. Interpreting the results is where I am quickly out of my depth. I wouldn't know what to look for. When my SG-3100 goes through the RG via "IP Passthrough" it sends supposedly unaltered traffic. When the RG is bypassed, it has been altered by netgraph, ostensibly just to tag it VLAN 0. Both paths out result in the same speed loss - so it doesn't make sense to me that it is something to do with the bypass config.
Is the theory that the SG-3100 does something to the packets, regardless how it makes it to the ONT, that slows things down? I did some experimenting with CoDel awhile ago because of massive bufferbloat on my former asymmetric link, but have since deleted everything under Traffic Shaping (because it didn't help anyway). Perhaps some remnant there? It's the only thing I can think of, but my scope of knowledge here barely scratches the surface of what y'all know.
-
You messing with limters and shapers.. Should of been mentioned in the OP..
Who wants to take book that is the problem... Flush the system..
pfsense is not going to "do" anything to the packets... Other than ROUTE and NAT them...
-
@johnpoz Fair enough. I just remembered tinkering with that a long time ago and mentioned it. However, running:
pftop -s1 -v queueshows:pfTop: Up Queue no entries, View: queue, Cache: 10000 QUEUE BW SCH PRIO PKTS BYTES DROP_P DROP_B QLEN BORROW SUSPEN P/S B/SDoesn't that mean that all shapers/limiters have been cleared out? If not, would deleting the interfaces in webConfigurator and re-adding them clear anything else out?
If pfSense isn't "doing" anything other than ROUTE or NAT, why is it doing that so slowly? The weak link (aside from my knowledge, which I'm trying to rapidly fix) in this seems to be the SG-3100 or pfSense - both of which should be beefy enough to handle it. I have traffic coming out of a laptop with a 1Gb NIC, over a short cat 5e cable, directly into a LAN port on the SG-3100. When it comes out the WAN port it seems to be traveling sub-100Mb.
Sorry if I'm being frustrating or thick - just trying to go path of least resistance. I can completely start over with my SG-3100, I'm just not seeing anything that says that effort will be worth it. It will take quite some time to walk through the webConfigurator writing down everything in there so I can manually recreate it.
-
@sean-allen said in SG-3100 Slow Throughput:
When it comes out the WAN port it seems to be traveling sub-100Mb.
This is a good test and takes the isp and internet out of the equation.. You seeing sub 100 would point to maybe not negotiating gig in the first place or a duplex mismatch problem or etc..
All I can say is I have 2 sg3100 in production and while they do not have gig connection they are doing full speed of the isp connection well above 100 and not even breaking a sweat.. So yes something is wrong - need to figure out what.
Did you look under diag, limiter info? Does that show blank as well
To be 100% sure you don't have something messed up since you were playing in that area.. Would be to wipe it and do your local test right out of the gate..
After validating your cables and test machines by using the cables your going to use and just connect the 2 test boxes directly together and running your iperf test.
If with your test you are showing good speeds and then putting a clean sg3100 in the middle your seeing low speeds then I would suggest you contact support.. Maybe there is something wrong with the hardware?
-
@johnpoz I say that it seems to be traveling sub-100Mb because those are all the results I get from speedtest from multiple sources (iperf from laptop to cloud iperf server, ookla, att, dslreports). I do several of those speedtests going around the SG-3100 and get 900Mb.
My
Diag->Limiter Infolooks the same as yours:Limiters: No limiters were found on this system. -
Well the first thing to check would be the interface statistics to see if the link speed is fine and if there are any errors on the link, and then check with the most basic config on a fresh system if the interface looks good. But as you seem to like to ignore the basic steps and rather just whine around, I wish you good luck.
-
Yeah I am confused - you say you have had this for like a year... And say it was solid, but now your saying it can not do more than 70mbps?
Sure sounds like you playing with say shaping or limiting messed up something.
CLEAR IT!!! Do your local testing - if shows bad then call support.
