Slow LAN and downloads

  • I did a fresh install of pfsense on a quad core pc with gigabit nics and 8gb of RAM. I have  not installed any packages or enabled traffic shaping, its just a default install as of now. The problem is when connecting to samba shares and copying files across the LAN to another pc I max out at 50kbps, even just authenticating takes a long time. Web browsing seems snappy enough and streaming Netflix HD video via Amazon fire  has no buffering issues but if I initiate an actual download of a file from a website it also limits the speed to 50kbps to 80kbps.

    I put on an old dlink router for testing and it was waaaaay faster when  copying files across the lan and downloading files from websites so the issue is definitely from pfsense. I've tried disabling Hardware Large Receive Offloading (LRO), Hardware TCP Segmentation Offloading (TSO) and Hardware Checksum Offloading ,there were no improvements.

    Can anyone tell me why this may occur or what settings to check?

  • What's your ping to the box? Have you tried doing an iperf against it? Generally you do iperf through it, but at this point, something really weird is going on.

  • I tried pinging the box and I’m getting 2ms response average which seems fine. I'll try installing iperf package and see what the throughput performance is like. One of the nics is an on-board nic and not a standalone pci board. Could this cause an issue? I know on-board nics generally perform worse but I didn't think it would be that bad.

  • They generally perform worse for two reasons, they offload all of the work to the CPU, and they have crap driver support. No matter how good your hardware is, no driver support will kill it. And depending on several thing, 2ms is really really bad. I get a 0.2ms ping average, and a min ping of 0.008ms. Even my 8 year old Dells with an Integrated Intel NIC that Intel claims costs about $0.01 to add to the chipset, averaged about 0.3ms.

    But lets not get sidetracked with hardware knocking before the issue gets narrowed down a bit. One thing you may want to do while trying to make the firewall shuffle packets around is to look at the System Activity and see if CPU usage is abnormally high an what is using it. When doing this kind of test, best to do a load test through the firewall and not to it, it makes a difference since firewall stuff is done in the kernel while iperf is done in userland.