Low bandwidth on initial install
-
@NOCling
NoCling... I believe you are right.I just tested pfSense with ipef (over a static route) and I'm getting 920Mbits/sec transfer rate with IS 1GB/s
So back to square one. Ahhh... I wished this was hardware problem.
In my current setup I'm my xfinity router is connected to the WAN interface of pfSense; my laptop is connected to the LAN interface of pfSense.
My intention is to throw out the xFinity router/modem and use Arris Modem instead, which would then connect to pfSense WAN interface.
Is the existing DHCP setup much different than the PPOE in terms of performance?
Thanks!
-
Try 2.4.5p1, its there.
Both NICs (LAN/WAN) Intel I210?
-
@NOCling
Yes. All 6 are I210. :-)I'm running 2.4.5.p1; I'm applying all harware tweaks again, still no joy. iPerf going 920MB/s regardless.
-
I think it's unthinkable, even if it's Chinese hardware, to install 6 pieces of I210 and they don't perform.
What do you want to achieve?
@twoj "Is the existing DHCP setup much different than the PPOE in terms of performance?"
Yes, PPPOE has its drawbacks, but it depends on what you use the box for,.....in normal use this is not significant.
Just think of MTU:
https://www.sonicwall.com/support/knowledge-base/how-can-i-optimize-pppoe-connections/170505851231244/do you want to run IPS (netmap) things on the WAN interface?
although Bill does not describe the goal (IPS setup) as having the IPS on the WAN interface
(it prefers this to the LAN interface, if you just don't want to observe what's happening on the WAN) -
@DaddyGo said in Low bandwidth on initial install:
I think it's unthinkable, even if it's Chinese hardware, to install 6 pieces of I210 and they don't perform.
I'm very confused.
-
iperf is good at ~920MB/s: testing from within LAN over to WAN then then to the local server.
-
CPU utilization is very low in 2.4.5p1; way better than in their older version; so its not the CPU problem. I'd say its about 3-5% for short burst times.
-
I tried most of the HW teaks and still no change. What the teaks do change is how quickly I can get to top speed of ~400MB/s with speed test.
-
I have replaced psSense setup with Zyxcel USG210 firewall, this one too tops off at ~400MB/s
Any suggestions even where I should look at next?
a) Could it be something else like the SSD that is slow and making things lag?
b) Is speedtest appropriate test for bandwidth? Or is there something else that I can use to reverify the Internet speeds?Thanks
-
-
the case is starting to get a little complicated
so I asked what you want to achieve and where exactly
can you make a system drawing and draw exactly what and where you are measuring?you say that Zyxcel get exactly the same speed, then - this is not a case of the pfSense box and setup
-
the case is starting to get a little complicated
I thought it would be a slam dunk. It never fails. I may try load up pfsense on a real fast BOX, with higher end hardware just to see if I can get up to the 900MB/s range.
so I asked what you want to achieve and where exactly
I want to get rig of the xfinity cable modem/router/wifi device. I used to be able to manage it, but now they are getting more and more restricting. I have Arris modem that I plan to use instead, and I want to couple that with a real firewall setup. I could take the easy way out with just a router, but in today's times I feel I need something more.
My setup is pretty simple actually:
Current:
(Internet From ISP) -> xFinity Router -> WAN of pfSense -> LAN of pfSense -> Test Laptop. Here pfSense WAN is in DHCP mode.Future:
(Internet From ISP) -> Arris modem -> WAN of pfSense -> LAN of pfSense -> 16Port Netgear Switch-> Home computers/devices. Here pfSense WAN will be in DHCP mode as well. No PPPoe.exactly what and where you are measuring?
In 'Current' setup: SpeedTest -> from Test Laptop running speedtest to the internet.
In 'Current' setup: iperf -> from Test Laptop running speedtest to another computer that is connected to the xFinity Router (internal LAN, but on the 'WAN pfSense' side)you say that Zyxcel get exactly the same speed, then - this is not a case of the pfSense box and setup
I did not run the iperf over the Zyxcel yet. It would be interesting to see what the numbers are.
Any other things I should be looking into in the pfSense box?
Thanks!
-
so you have a double -NAT here:
@twoj
Current:
(Internet From ISP) -> xFinity Router -> WAN of pfSense ->try it with Zyxcel too, it will be a good starting point
what did you say your exact ISP speed (subscription)+++++++
https://forum.netgate.com/topic/100945/how-much-throughput-lost-using-pfsense
https://docs.netgate.com/pfsense/en/latest/interfaces/low-throughput-troubleshooting.html -
@DaddyGo said in Low bandwidth on initial install:
What did you say your exact ISP speed (subscription)
1GB/s roughly..... 900MB/s Down and 40MB/s up. I have no problem with hitting 40MB/s upload of course.
try it with Zyxcel too, it will be a good starting point
I did, similar result of about 350-425MB/s. Which makes me think that is the connection between:
xFinity Router -> WAN of (whatever firewall ) is where problem can exists. Possible MTU missmatch? -
we have talked about so much already, about a lot of things
the fact is that you get a bad result with the other firewall too, I understand right?
to me this, definitely seems to be the maximum coming out of the xFinity Router (not normal operation, because your subscription is higher, but you need to check this device)
do one thing more please:
- connect directly to the xFinity Router with a laptop and measure one
PS:
this is not an MTU problem, but this is how you can test
https://kb.netgear.com/19863/Ping-Test-to-determine-Optimal-MTU-Size-on-Router -
we have talked about so much already, about a lot of things
Yes we have! I appreciate all the good info.
the fact is that you get a bad result with the other firewall too, I understand right?
Yes.
to me this, definitely seems to be the maximum coming out of the xFinity Router (not normal operation, because your subscription is higher, but you need to check this device)
Yea... it seems right now that the normal computer connected to xFinity can negotiate at top speed and pfSense and other hardware firewall appliance can not. I'd love to swap out the xFinity modem/router for the Arris right now, but I have to wait until school is over, since my wife teaches from home. I'd hate to be down to some unforeseen problem from xfitiny's side.
I may try running pfSense on beefy computer with enterprise nics in it; just to see what is what.
connect directly to the xFinity Router with a laptop and measure one
Any computer connect to the local LAN is getting top speed ~900MB/s down, but I will retest by directly plugging in.
I WILL GET TO THE BOTTOM OF THIS. :-)
-
it is clear what you need:
xFinity Router in bridge mode, if it exists for this type and your ISP allows it
or you mention a modem (Arris modem) that does not contain NAT per se and you get a public IP directlythe difference between the measurements is very large approx. 900 and 400
we didn't get ahead professionally, because this difference is not justified by the dual -NAT throughput, so there is still a cat hiding somewhere in the bag
if you have the opportunity to exchange, please come back to us afterwards (the curiosity moves the whole world )