Bridged Modem Sub 700Mbps
-
Hey @jknott thank you for that. It should help cut down if the speeds are being held up by the modem or 2100
Should I unplug the 2100 and plug a computer in instead?
-
Yep.
-
Once business hours are over I will definitely give this a shot
-
@jknott OK when I unplug my Netgate SG-2100 and plug my NIC straight into the modem in bridged mode I get full bandwidth. Even with a newly crimped cable I can't push any more than 600-700 mbps through pfsense.
-
It looks like the SG-2100 isn’t rated for full gig firewalling, you’d have to step up to the SG-3100, I have that and can verify it handles full gig just fine.
On the firewall specs, you have to pay attention to IMIX traffic throughput because firewalls inspect traffic, which naturally lowers what they can handle. If you disabled the firewall and just used it to route, it looks like it can the handle the full gig.
That SG-2100 is only rated for 842Mbps of inspected traffic, which matches up close with what your seeing.
That’s also why they list throughput with 10k ACLs. The more access lists you have the more compute power is used toward matching packets to those lists, naturally dropping how much is available for routing and firewalling, thus dropping throughput even further.
-
@behemyth I'm doing a test with a single session though. Speedtest isn't mixed traffic. Shouldn't I be able to score much higher than Mix traff rates?
-
@behemyth said in Bridged Modem Sub 700Mbps:
It looks like the SG-2100 isn’t rated for full gig firewalling
I was wondering about that too. That's one of the reasons I went with a Qotom mini PC. With mine, I've seen 873 Mb on what's supposed to be a 500/20 Mb connection. My ISP routinely provides better than advertised performance.
Here's what the command line speedtest, running on pfsense, showed:
/root: speedtest
Retrieving speedtest.net configuration...
Testing from Rogers Cable (99.246.abc.def)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by System Lifeline (Brampton, ON) [18.99 km]: 9.682 ms
Testing download speed................................................................................
Download: 873.44 Mbit/s
Testing upload speed......................................................................................................
Upload: 27.77 Mbit/sSo, pfsense is clearly not the limiting factor, but hardware appears to be.
-
@jknott I have read a lot of threads where people say it should be possible to reach 800mbps theoretical but that is way above what I am seeing, with an average of 500mbps through the appliance.
I am thinking about going back to a factory image at this point or doing an RMA. -
After going back to factory, try it before changing anything to see what it gets you.
-
@jvamos NVM 600mbps max appears to be the experience of other customers as well single session. Most of the servers I care about the most cap me at 100mbps but it is a little disappointing. I'll report back if I have any issues.
Do y'all use IPS or IDS? I was thinking about activating it. I remember it being problematic for a lot of use cases. But I might be confusing it with Squid.
How many packages can I stuff on this thing? Is there a good thread on packages and specific netgate hardware.
I'd love to experiment with settings more but I need sleep and can't stay up to experiment every night. -
@jvamos said in Bridged Modem Sub 700Mbps:
Do y'all use IPS or IDS? I was thinking about activating it.
No. As I mentioned, give it a try after a reset, to see if anything you're doing is causing the problem.
-
Speedtest will be filtered by the firewall when moving between interfaces. IPERF is done completely inside the network, which means it stays on the LAN interface. Your supposed to run an internal IPERF server to handle throughput tests, I'm sure that's how they come up with their IPERF numbers.
That means the big difference here is your passing traffic from LAN to WAN, which is being inspected and run through ACLs, doing an IPERF test would mean you have a local server, which means the traffic stays local and only hits the LAN interface, thus not being filtered.
I should also mention you need to run the IPERF test from the PfSense appliance/VM, not a computer on the network. You need the traffic to be generated from the appliance its self.
-
@behemyth I am basing this on speedtest figures alone,
@JKnott I will try a reset tonight I only have PFblockerNG and one other package running. I have a few widgets running now. None of this effects my speeds. I did test it before installing anything and had the same result. As well I tried it on 2.4.5 with no packages with the same result.
I was thinking about doing a reset but it's unclear if I should be uninstalling all packages and installing from an image file or just reseting the config to factory.
Is it just a bad result from speedtest? Am I really bad at bandwidth math?
-
-
Don't confuse Bytes (B) with bits (b). Bytes generally refer to an amount of data, such as with disk space, but bits refer to a transmission rate. A byte = 8 bits.
