J1900 performance

bradsm87

@thegriffin my current ISP is just IPoE/DHCP so I can’t help you there.

thegriffin

Thank you both. Yep there's no way to know for sure until the box is here and even if it does make it to 1 Gb/s with a basic config it may struggle with a more complex one on top of the PPPoE issue (which it wouldn't with IPoE).

At the moment I can't justify an i3/i5 for a home firewall/router so I had decided to squeeze some more life out of my aging Asus AIO until next year.

I was also looking at their new 8 NIC boxes (4 x I211AT + 4 x I350) and 8th gen Intel CPUs of which the i3/i5 are a worthwhile upgrade over 7th gen.

JKnott

@jknott

Well, the HP computer I was running pfSense on died, so I'll have to get something. Today I came across this: https://www.aliexpress.com/item/32864883139.html?gps-id=pcStoreLeaderboard&scm=1007.22922.122102.0&scm_id=1007.22922.122102.0&scm-url=1007.22922.122102.0&pvid=95b54977-2a52-4283-90d5-89784c1471b7&spm=a2g0o.store_home.smartLeaderboard_819228523.32864883139

At the moment, I'm using a Linksys WRT54GL & OpenWRT. Boy, is it slow, about 35 Mb down! It's also IPv4 only. It's about 540 Mb/s slower than what I was getting with pfSense on that HP computer.

4o4rh

@jknott are you saying the Quotom is significantly slower, or the linksys/openwrt is slower. If you mean the Quotom, the J1900 is a Quad Core system, where as the link you provided is for dual core systems.

The N3160 would be the newer version supporting AES
https://www.aliexpress.com/item/1005001510522500.html?spm=a2g0o.productlist.0.0.1cc77f2dQx5UvI&algo_pvid=42cfd0b7-04d1-45bf-a0e9-67003baac53e&algo_expid=42cfd0b7-04d1-45bf-a0e9-67003baac53e-0&btsid=0b0a182b16101780984958676ebf55&ws_ab_test=searchweb0_0,searchweb201602_,searchweb201603_

or the i5-8250 for slightly more up market
https://www.aliexpress.com/item/1005001813291053.html?spm=2114.12010612.8148356.12.511b33e9w3Cnpd

bingo600

@gwaitsi

AFAIK the WRT54G has a 400MHz MIPS processor, and using their default firmware. I had around 30Mb/s speed through it, when in use. That was ok back in 2004 when it was released.

The Qotom will outperform it by a factor 10 or more.

I'm using the i3-7100U at work, w 64GB disk + 8 GB Ram
Excellent OpenVPN performance (that i need at work)
https://www.aliexpress.com/item/32970672528.html

But they seem to have gotten a notch up in price, ISTR i payed ~330$ last summer.

I like my "home" Qotoms" too , but would prob go for the 6-Port i3-7100, if i had to get a new one.

Both of my tested models will do 1Gbit/s wo. probs.

JKnott

@jknott

I'm also considering the Netgate SG-1100. Will it support 500 Mb download? Also, are updates for it free? Or do they require a subscription or service plan?

tnx jk

NinthWave

I have an Supermicro X10SBA paid 110$ in 2018.

I run pfSense on Proxmoc with 2 cores and 2 GB of RAM with pfBlock NG and it never uses more than 50% of RAM and less than 30% of CPU.

I have a cable 100/30.

Pretty satisfied.

JKnott

@ninthwave

That appears to be just a mom board, with memory, disk, cabinet etc. extra. There are other Qotom devices available that may be better. For example the one I linked to has those AES NI instructions used for encryption. Also, is that $110 U.S.? The device I linked to is in $Cdn.

NinthWave

@jknott said in J1900 performance:

@ninthwave

That appears to be just a mom board, with memory, disk, cabinet etc. extra. There are other Qotom devices available that may be better. For example the one I linked to has those AES NI instructions used for encryption. Also, is that $110 U.S.? The device I linked to is in $Cdn.

Yes, it was 110 C$ and yes, it was just the board.

I bought that to build an Hakai music server (https://www.lejonklou.com/forum/viewforum.php?f=10&sid=7061995857ec1c9230394738b3f17fab) but I abandonned the project.

In a pandemic situation, one is in need of projects so I decided to try pfSense and replace my DD-WRT router.

My only downside with this board is that it has only two NICs.

If I were in search of new H/W specific for pfSense, I would probably go the Protecli way or even a Netgate product to encourage the development.

JKnott

@ninthwave said in J1900 performance:

My only downside with this board is that it has only two NICs

Those Qoton systems have 4 NICs and the Netgate, 3. However, if the Netgate requires some support program just to get updates, I won't bother with it.

The old computer was a HP 5150, which I bought refurb around 10 years ago, for $200. I originally ran Linux on it for my firewall router, but when my ISP started providing IPv6 and required support for DHCPv6-PD, to get the prefix, I switched to pfsense. For 6 years previous, I got IPv6 via a 6in4 tunnel, which worked will with Linux.

JKnott

@jknott

I was referring to the Linksys, as I don't have a Qotom yet. It was a HP 5150 computer that failed.

AZCoyote

A lot of intriguing info here. I’m am looking to jump to Pfsense but not sure what hardware to go to yep. I have fiber to the home (1Gb/1Gb) and my FW does all my PPPOE. I currently have a J1900 Supermicro running Sophos UTM and with only firewall running, I have seen as high as 980 down and up. That was the NIU plugged right into my FW handling PPPOE wan side then into a TP Link managed switch then my PC all links Gb. I don’t run IPS or IDS as that cuts speed in half.

So two questions. What is the PPPOE issue referenced above?

And what hardware for PfSense can handle FW/IPS/IDS and maintain near Gb line speed?

Thanks!
W

AndyRH

Short answer: Any Intel Core CPU with an Intel NIC. IMHO

Long answer:
I am using an old PC with an Intel 4 port NIC. Speed tests do not see a real difference behind pfSense or just my ATT router. I am not running any packages, just some rules.

fiber -> ATT Router -> pfSense = about 980 up and down @20% CPU.

Intel(R) Core(TM) i3 CPU 540 @ 3.07GHz
4 CPUs: 1 package(s) x 2 core(s) x 2 hardware threads
AES-NI CPU Crypto: No

Using proper placement of PCs I did push it to around 1.7Gb, but ran out of desire to test further. Still did not make it busy.

stephenw10

It's this: https://docs.netgate.com/pfsense/en/latest/hardware/tune.html#pppoe-with-multi-queue-nics

The igb NICs in the J1900 could normally have 4 queues and all 4 cores servicing them. But with PPPoE all frames are sent to the same queue so only one core can service it. The single core performance of the J1900 is not that special. You won't see 1G over PPPoE using it with anything FreeBSD based.

Steve

AZCoyote

@andyrh thank you!

AZCoyote

@stephenw10 said in J1900 performance:

It's this: https://docs.netgate.com/pfsense/en/latest/hardware/tune.html#pppoe-with-multi-queue-nics

The igb NICs in the J1900 could normally have 4 queues and all 4 cores servicing them. But with PPPoE all frames are sent to the same queue so only one core can service it. The single core performance of the J1900 is not that special. You won't see 1G over PPPoE using it with anything FreeBSD based.

Steve

Thank you! So this is a FreeBSD thing? Just dipping my toe into PfSense so it’s educational. Do the i210 nics help with this at all? The Sophos thing I’ve been doing these last 5 years is Linux based I think.

stephenw10

Yes, it's a FreeBSD issue. There are no NICs I'm aware of that can hash the PPPoE frames with the on-board hardware.

The J1900 also seems to have worse than expected throughput even allowing for this. Not really sure why.

Steve.

VAMike

@azcoyote yes it's freebsd. there are some kernel settings to change its behavior to be more like the way linux does it, but there have been not a lot of reports because (frankly) PPPoE is stupid for last mile connectivity and most ISPs have moved away from it--so there aren't a lot of people to play with it, and those that are left and using pfsense have mostly moved on to other hardware. (Talking about net.isr.dispatch=deferred and net.isr.maxthreads=-1)

soder

@vamike "PPPoE is stupid for last mile connectivity" --> agreed

"most ISPs have moved away from it--so there aren't a lot of people to play with it" --> completely disagree; depends on what is your personal experience in your country with your ISP. In my country, the biggest Gbit fiber ISP uses PppoE, and they dont advertise when they gonna abandon it. So its still an issue for a lot of people.

Pcengines Apu2-3-4-5-6 are still sold in 2021, so if that's the choice of hardware for anybody as a home router for their Gigabit PppoE WAN, they will still face this bottleneck even in 2021 February.

stephenw10

Yeah, that is very location dependent. Here in the UK most soho level connections are DSL with PPPoE. None are Gigabit though so....