SG-2100 WAN speed problem
-
@alleykat said in SG-2100 WAN speed problem:
I had also run speedtest from the "command prompt" in pfsense. It also showed the 150mb speed.
Running the speedtest CLI client from pfSense itself will often show a reduced throughput. Especially in this sort of situation where then line speed to greater than the firewall throughput. The client itself uses significant CPU cycles and pfSense is not optimised as a TCP endpoint.
It's a useful tool for checking relative speed or, for example, knowing you don't have a 100M connection in your link. It also tests only the WAN so you would see if you had a bad LAN port for example.Steve
-
@alleykat Cool. 614mbps is what you can expect to be peak throughput on the SG-2100. Now whether you think that is fine or not - because you have a GigE service - is up to you. Personally I wouldn't bother getting a bigger box unless you need packet inspection as well. 620mbps in homeuse is more than ample throughput for all but THE most hardcore downloader that spends hours and hours doing massive downloads every day (Good luck finding services that will actually deliver that bandwidth sustained).
-
@keyser So let me ask you, do you think these sg boxes are capable of supporting two pc's streamimg video and one pc playing graphic intensive video games at the same time?
-
@alleykat I can guarantee you that the SG-2100 can do that. You can do that simultaniously from 20 PC’s and it would still run completely smooth.
I do it at home with at least 10 clients at times (my kids and their friends along with my Wife and I). No issues at all - not even close to exaustion.
-
@keyser That's awesome, I was hoping you were going to say that. Thanks again for your help!
-
@stephenw10 Ok, thanks for the reply. I think I have a better understanding of that going forward.
-
Well off to the HAproxy threads, I have a TrueNAS box running the Nextcloud plugin I need to protect...
-
@alleykat Hey, don't forget... once you get it setup and working, and BEFORE jumping into a new area of pfsense, make a backup of the config. That way, if you mess up something along the way, you can quickly revert to a working backup copy.
Diagnostics -> Backup & Restore
If this is on your home network, you don't want to "accidentally" knock the family off the internet for too long! LOL
Jeff
-
@akuma1x Yes, got it. My system is strictly home computer hobbyist. I'm in the process of dumping Microsoft, Google and all "cloud services" and keeping that data here local. Just installed Linux Mint on another pc to help with the transition, TrueNAS is god sent for me.
-
@alleykat HAproxy runs excellently on the SG-2100 - I use that too ;-)
-
I had a 400/40 Mbit cable connection and an SG-1100.
I managed over 400 Mbit with this small device.
Now I have received 1000/50 cables and handed the SG-1100 over to my parents.Now I'm the last one in the segment and have 600-800MBit Down.
This is not the limit of the SG-3100, but the limit of my wired connection.When I turn off the limiter, the speed increases, but ping (about 100ms) and packet loss (10%) occur. And that's not worth that little bit more speed to me.
So I get an A to A + rating, with no Limiter C or worse.If you don't want your firewall to limit, you have to have the SG-3100 for GBit. But that doesn't mean that it comes out clean.
-
@nocling Very good observation. The SG-3100 is definitely the optimal homeuse device for FULL use of a proper GigE internet connection.
I suspect your issue with the need to use the limiter is tied to the fact your Internet connection is asymmetrical. I see no such issues with my tests using SG-3100 on a symmetrical full duplex connection.
One has to remember that asymmetrical does not only impact return bandwidth, but also latency on reply/acknowledge traffic :-) Asymmetrical links are usually only half-duplex links, so once the link is "loaded" with download, the latency to insert return trafic becomes horrible - return traffic uses the same bandwidth and interrupts the download.
-
@keyser @NOCling Thinking back to my consideration in purchasing the sg2100 was it had 4gb of memory and the firewall limit was supposed to be 881mbps. The sg3100 only had 2gb of memory. For most of my projects, more memory was desirable. If the sg3100 had come with 4gb or an upgradeable 2gb, I might have jumped on it. The sg5100 was the one to "grow" into but I couldn't justify the price point for home use.
Also, does anyone know if the firewall speed limit on the sg2100 is a hardware or software limitation?
-
@alleykat It’s hardware. The CPU is a dualcore lowpower ARM CPU that does not contain a lot of horsepower.
It’s actually the same CPU as in the SG-1100, but because SG-2100 has two physical NIC’s (SG-1100 only has one), it’s capable of handling interupts from each interface on each CPU core and thus has a higher throughput than SG-1100
