Half network performance compared to clean FreeBSD
-
I only get half network performance doing a simple bandwidth test on the LAN side using iperf3, and this is on a clean pfsense install.
If I do a clean install of FreeBSD I get full bandwidth, i.e. more than 100MB/s.router to client [ 4] 9.00-10.00 sec 37.0 MBytes 310 Mbits/sec client to router [ 4] 9.00-10.00 sec 49.8 MBytes 418 Mbits/sec
What does pfsense change/modify in regards to the basic network setup on FreeBSD that is likely to have this effect?
Or do you have any other clues what to do?Hardware
SuperMicro X7SPE-H (Atom D510, chipset Intel ICH9R, 2xIntel 82574L NICs) -
this question comes up every couple of days, but lets go again:
default freebsd is configured as an endpoint / pfSense is configured as a router/firewall.
freebsd doesn't do firewalling out of the box / pfSense does.
Disabling firewalling on pfsense will increase your "bandwidth" performance somewhat … it won't be the same as clean freeBSD tho.to see' performance you should measure throughput, so instead of running iperf on pfSense run it like that:
<iperf-client> --- <pfsense>---</pfsense></iperf-client>
-
Ahh….it suddenly changed things :-)
Now I get 112/MBs and no impact on CPU usage at all! :-)
[ 4] 9.00-10.00 sec 112 MBytes 943 Mbits/sec
I just expected that pfSense's router/firewall functionally wouldn't play any part if I did a router<->LAN test, but I guess I was wrong.
I would of course expect a decrease in throughput going through the NAT/firewall (WAN <-> router <-> LAN).But this is of course not a in-real-life problem, as the pfsense rarely play any other server-role than being firewall.
Running iperf3 on the router, not only I got the pure bandwidth, but it also used 100% usage.
Thanks for clearing it out, and I'm sorry I missed the other threads about it…...I did search the forum but I guess I did a wrong search.
-
One of the many differences is iperf is in userland and packets moving to/from the network must go through kernel space to the userland, which is a lot of extra overhead. You can tweak the OS to be better at this, but sometimes comes as other costs. As a router/firewall, the packets stay in the kernel and certain optimizations can be done.