Gigabit WAN speed low though pfsense.

stephenw10

What spec is your pfSense box?

The LAN should normally be set to track the WAN for IPv6. The WAN itself may not necessarily get an IPv6 IP if it pulls a PD only. Check the dhcp logs.

Steve

hilltop79

The computer is a Intel(R) Celeron(R) CPU 847 @ 1.10GHz
2 CPUs: 1 package(s) x 2 core(s)
AES-NI CPU Crypto: No 4gb ram

I did enable the "track the wan" this morning and it seemed to help a lot. On my LAN adapter property's in windows 10 machine states ipv6 no internet. There is also no DNS server listed for IVP6. How do I correct that or do I even need to? There is also no leases listed in the ipv6 leases in pfsense. Not sure where the logs are.

UPDATE: I checked "do not wait for RA" and the windows machine now has ipv6 DNS. Still not great speeds. I will have to check other PC's and switches in the network to make sure.

stephenw10

That is not a fast CPU. It's probably just limited by that.

I assume that is not a PPPoE connection?

Steve

hilltop79

I'm not so sure about that one. When I do a speed test the CPU only hits about 35%. I am running DHCP not PPPoE. I am not sure if the modem is.

Grimeton

@hilltop79

Go to System -> Advanced -> Networking

Scroll down. There are several options, e.g.:

• Hardware Checksum Offloading
• Hardware TCP Segmentation offloading

And so on. Usually it's better to have these enabled and hand over the workload to the NICs, but it can also cause problems when it's enabled, so disable it and see if that fixes it.

What NICs are in your box exactly? I remember a year or two back I had a box, where I had to set several sysctl values to make the NICs work correctly. Maybe you got one of those as well?

Cu

hilltop79

I just tried it. It didn't seem to make much difference. I am using the on board nic ports. I know not the best idea. I do have some others I can try.

Grimeton

It should just work. Sure there's not another bottleneck?

Maybe the speedtest you're doing is not fast enough?

https://www.speedtest.net

http://ovh.net

Cu

hilltop79

Yea I think something is weird in the LAN side. I just went to another PC That is on the main switch and was getting gigabit. then this pc 500Mbits. I jumped this pc to the main switch and it was still low. I don't get it. It was fine before I installed this router. So its either this pc or the main switch which I doubt since other computers are ok. Strange

stephenw10

Run at the command line top -aSH while you're testing to see the true CPU usage and what's using it.

Grab the output from that and paste it here so we can review it.

Steve

hilltop79

last pid: 54247; load averages: 0.60, 0.53, 0.50 up 0+00:54:10 18:02:48
149 processes: 3 running, 127 sleeping, 19 waiting

Mem: 344M Active, 140M Inact, 343M Wired, 159M Buf, 2991M Free
Swap: 3881M Total, 3881M Free

PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND
11 root 155 ki31 0K 32K RUN 0 46:50 75.59% [idle{idle: cpu0}]
11 root 155 ki31 0K 32K RUN 1 43:53 67.29% [idle{idle: cpu1}]
12 root -92 - 0K 304K WAIT 1 0:50 23.39% [intr{irq265: re0}]
12 root -92 - 0K 304K WAIT 0 0:22 9.77% [intr{irq266: re1}]
75635 root 52 0 55792K 40044K select 0 0:01 2.69% /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron{php}
341 root 24 0 98460K 38740K piperd 0 0:05 2.39% php-fpm: pool nginx (php-fpm){php-fpm}
342 root 52 0 98332K 38404K accept 1 0:06 1.17% php-fpm: pool nginx (php-fpm){php-fpm}
66696 root 52 0 94104K 35572K accept 1 0:02 0.98% php-fpm: pool nginx (php-fpm)
47322 unbound 20 0 319M 311M kqread 0 0:27 0.10% /usr/local/sbin/unbound -c /var/unbound/unbound.conf{unbound}
0 root -16 - 0K 304K swapin 1 0:24 0.00% [kernel{swapper}]
12 root -60 - 0K 304K WAIT 1 0:05 0.00% [intr{swi4: clock (0)}]
57394 root 20 0 10436K 7384K kqread 1 0:04 0.00% /usr/local/sbin/lighttpd_pfb -f /var/unbound/pfb_dnsbl_lighty.conf
51269 root 21 0 51052K 34508K nanslp 0 0:03 0.00% /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog
57450 root 20 0 50988K 35928K piperd 0 0:02 0.00% /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc dnsbl
58012 root 52 0 50988K 35976K nanslp 0 0:01 0.00% /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc queries
47322 unbound 20 0 319M 311M kqread 1 0:01 0.00% /usr/local/sbin/unbound -c /var/unbound/unbound.conf{unbound}
0 root 8 - 0K 304K - 1 0:01 0.00% [kernel{thread taskq}]
12 root -72 - 0K 304K WAIT 0 0:01 0.00% [intr{swi1: netisr 0}]

stephenw10

Ah, Realtek NICs. They won't be helping. Clearly not CPU limited though.

hilltop79

I am going to try to change the adapter see if that helps.

akuma1x

@stephenw10 said in Gigabit WAN speed low though pfsense.:

Ah, Realtek NICs. They won't be helping. Clearly not CPU limited though.

Just curious... how did you read Realtek from his top output, if that's where you saw it?

edit: nevermind, I see it now (re0 and re1) at the ends of lines 8 and 9. Sorry.

Jeff

Grimeton

@hilltop79 Can you login via SSH and run:

systat -vmstat

Then check the interrupts and if the load is high. If that's the case, switching to polling could help.

Cu