[Closed] CPU overload during high speed downloads, legacy Alix 2D3

  • Hi,  I was fortunate enough to get an upgraded service from my internet provider recently.  The community in live in negotiated a better deal so we get it at no additional cost to myself.

    Whereas before I had a 30Mbps connection I am now upwards of 75Mbps+ tier (actually closer to 90-100Mbps throughput).  While this has been a nice change, I just recently associated a problem with my PFSense 2.3.1 and Alix 2D3 platform with the higher speeds… if I download something from the internet that maxes out the connection my other clients are unable to use DNS services and the PFSense web interface is unable to be accessed.  As soon as that high speed download is stopped the other clients have no issues.

    I've had the CPU graph up while testing this and it's definitely hitting 100% utilization during the burst connections so I believe it's a compute / performance issue.  Before I go investing money ( that's really not in the budget )in upgrading my PFSense hardware, are there any recommended tunables or other parameters that might help out here?  I know there are some hardware settings, right now I have the following at the defaults from the install:

    Device polling is unchecked/off.
    Disable Hardware checksum offloading is unchecked/off (or enabled I guess).
    Disable Hardware TCP Segmentation Offload is checked/on. 
    Disable hardware large receive offload is checked/on.
    Suppress ARP messages is unchecked/off.

    System tunables are mostly at default values.

    I'm okay with experimenting and toggling some of these values but hoping someone else may have beat me to it and can offer up some advice.


    [Closed] Going to use the managed switch suggestion until I can update HW.

  • When I googled "Alix 2D3" for throughput, I'm seeing people showing it capping out between 40Mb and 60Mb, with some peaks into the 80Mb range. 50Mb UDP iperf was showing 3% packetloss and 2ms of jitter. Your hardware was almost at its limit at 30Mb/s. Time for an upgrade.

  • Put a managed switch, global rate limiting, between pfSense-LAN and your LAN-members.

  • LAYER 8 Netgate

    ALIX can forward max about 80Mbps in my experience. Time for new hardware, probably.

  • @hda:

    Put a managed switch, global rate limiting, between pfSense-LAN and your LAN-members.

    That's a great suggestion,  I hadn't thought of that.  I was thinking I'd need a Managed switch in the near future anyway, they are fairly cheap now, and that would buy me some time to explore some budget upgrades for PFSense and let me keep using my service in a slightly reduced performance mode that I can control.

    I also appreciate the other folks confirming it's time to update the hardware.