Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Load Balancing multi-gigabit ISP connections?

    Scheduled Pinned Locked Moved Routing and Multi WAN
    20 Posts 4 Posters 2.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • E
      eap2018
      last edited by

      Here's my client to pfsense IPERF test result:

      ![0_1603334209322_da738b45-7028-43be-8f9d-766c48d7e4e9-image.png](Uploading 100%)

      c:\portable\iperf>iperf3 -c 172.27.7.7 -w 512k
      Connecting to host 172.27.7.7, port 5201
      [ 4] local 172.27.0.13 port 7988 connected to 172.27.7.7 port 5201
      [ ID] Interval Transfer Bandwidth
      [ 4] 0.00-1.00 sec 661 MBytes 5.55 Gbits/sec
      [ 4] 1.00-2.00 sec 648 MBytes 5.43 Gbits/sec
      [ 4] 2.00-3.00 sec 701 MBytes 5.88 Gbits/sec
      [ 4] 3.00-4.00 sec 660 MBytes 5.54 Gbits/sec
      [ 4] 4.00-5.00 sec 740 MBytes 6.20 Gbits/sec
      [ 4] 5.00-6.00 sec 713 MBytes 5.98 Gbits/sec
      [ 4] 6.00-7.00 sec 676 MBytes 5.67 Gbits/sec
      [ 4] 7.00-8.00 sec 661 MBytes 5.55 Gbits/sec
      [ 4] 8.00-9.00 sec 754 MBytes 6.32 Gbits/sec
      [ 4] 9.00-10.00 sec 682 MBytes 5.72 Gbits/sec

      [ ID] Interval Transfer Bandwidth
      [ 4] 0.00-10.00 sec 6.73 GBytes 5.78 Gbits/sec sender
      [ 4] 0.00-10.00 sec 6.73 GBytes 5.78 Gbits/sec receiver

      iperf Done.

      1 Reply Last reply Reply Quote 0
      • P
        pwood999
        last edited by

        Also check the reverse with pc as server & pfsense client. Then try public iperf servers.

        1 Reply Last reply Reply Quote 0
        • E
          eap2018
          last edited by eap2018

          Iperf from pfsense to client:

          [2.4.5-RELEASE][root@gateway]/root: iperf3 -c 172.27.0.13 -w 512k
          Connecting to host 172.27.0.13, port 5201
          [ 5] local 172.27.7.7 port 19800 connected to 172.27.0.13 port 5201
          [ ID] Interval Transfer Bitrate Retr Cwnd
          [ 5] 0.00-1.00 sec 265 MBytes 2.23 Gbits/sec 0 513 KBytes
          [ 5] 1.00-2.00 sec 220 MBytes 1.85 Gbits/sec 0 513 KBytes
          [ 5] 2.00-3.00 sec 283 MBytes 2.37 Gbits/sec 1 299 KBytes
          [ 5] 3.00-4.00 sec 276 MBytes 2.31 Gbits/sec 0 500 KBytes
          [ 5] 4.00-5.00 sec 257 MBytes 2.16 Gbits/sec 0 513 KBytes
          [ 5] 5.00-6.00 sec 235 MBytes 1.98 Gbits/sec 0 513 KBytes
          [ 5] 6.00-7.00 sec 251 MBytes 2.10 Gbits/sec 0 513 KBytes
          [ 5] 7.00-8.00 sec 272 MBytes 2.28 Gbits/sec 0 513 KBytes
          [ 5] 8.00-9.00 sec 256 MBytes 2.14 Gbits/sec 1 458 KBytes
          [ 5] 9.00-10.00 sec 284 MBytes 2.38 Gbits/sec 0 513 KBytes

          [ ID] Interval Transfer Bitrate Retr
          [ 5] 0.00-10.00 sec 2.54 GBytes 2.18 Gbits/sec 2 sender
          [ 5] 0.00-10.00 sec 2.04 GBytes 1.76 Gbits/sec receiver

          iperf Done.

          1 Reply Last reply Reply Quote 0
          • P
            pwood999
            last edited by

            So when traffic flows downstream from Pfsense you are only getting roughly 2Gbps, although with the command you are using iperf is running single thread with one TCP stream.

            Try using "-P 5" to run 5 streams simultaneously. Then run multiple iperf sessions in different shell or cmd windows, using "-p port" so each iperf server session uses a different TCP port. Do the same on the client side. This way each session should use a different cpu core.

            You should be able to achieve 6Gbps in both directions given your upload test earlier.

            Finally when doing external test using public servers, you need to run client locally, but use the "-R" switch to force download, direction.

            If you play with iperf3 a bit, you can get a much better idea of what is happening. Remember without the switches, "iperf3 -c" sends traffic up to the server.

            1 Reply Last reply Reply Quote 0
            • E
              eap2018
              last edited by

              If I can achieve at least 1.5 Gbps combined internet speed, I will be happy for now.

              1 Reply Last reply Reply Quote 0
              • P
                pwood999
                last edited by

                You might also want to try multiple client PC's simultaneously. This should utilise the gateway group more evenly.

                1 Reply Last reply Reply Quote 0
                • DerelictD
                  Derelict LAYER 8 Netgate
                  last edited by

                  Load balancing does not aggregate links into one. It distributes states among the available outbound connections.

                  Please see this thread:

                  https://forum.netgate.com/topic/110595/4-wan-pfsense-not-loadbalancing-accurately/

                  Takeaway there is it is almost impossible to see load balancing working with any sort of speed test. You need to throw lots of users and lots of states at the mechanism for it to really show what it can do. Expectations are often inaccurate.

                  Based on the basic throughputs you posted before, I would set the weights of the various gateways to 1 for the 500Mbit and 2 for the 1000 Mbit connections. That will mean the gig circuit will get 2 states for every 1 given to the 500M gateways.

                  Chattanooga, Tennessee, USA
                  A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                  DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                  Do Not Chat For Help! NO_WAN_EGRESS(TM)

                  P 1 Reply Last reply Reply Quote 0
                  • P
                    pwood999 @Derelict
                    last edited by

                    @Derelict Yes I know, hence why I suggested multiple PC's with multiple iperf3 sessions running so the PF state counts mount up..

                    1 Reply Last reply Reply Quote 0
                    • DerelictD
                      Derelict LAYER 8 Netgate
                      last edited by

                      It probably takes more states than you are generating to actually see maximum on all links.

                      Chattanooga, Tennessee, USA
                      A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                      DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                      Do Not Chat For Help! NO_WAN_EGRESS(TM)

                      1 Reply Last reply Reply Quote 0
                      • E
                        eap2018
                        last edited by

                        Hi All!

                        Just to give an update to this, I moved my setup to a newer beefy server and I am now able to download upto 170Megabytes per seconds.

                        I did not do anything special, I just migrated PFSense to our new beefy server as a virtual machine and now I'm very happy as ever.

                        e983830f-0577-4b29-9620-020beb55b683-image.png

                        Thank you all for responses!

                        Consider this solved until 10Gbps is available in our location, that is to another milestone.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.