PFSense Throughput Slow



  • Hi there,

    So I'm trying to understand where my bottleneck is. My service has been upgraded to 1Gps fiber. Yet I seem to only get around 6MB or 48Mps.

    However if I test and connect my host directly to the modem I am able to reach much better speeds. I have also tried a different switch that PFSense and my host connect on, as well as connecting directly to the PFsense box. All those tests I am still left with 6MB.

    Looking on my box the cpu does seem to climb perhaps just shy of 50%.

    Wondering if anyone might have any idea if a) the PFSense hardware is not adequate or b) what might be causing the bottleneck?

    Version 2.3.2-RELEASE-p1 (i386)
    built on Tue Sep 27 12:13:32 CDT 2016
    FreeBSD 10.3-RELEASE-p9

    The system is on the latest version.

    CPU Type Intel(R) Atom(TM) CPU D525 @ 1.80GHz
    4 CPUs: 1 package(s) x 2 core(s) x 2 HTT threads

    Memory usage
    14% of 3029 MiB

    I've tried going through: https://doc.pfsense.org/index.php/Low_Throughput_Troubleshooting as well.

    Anyone have any thoughts?



  • @qwaven:

    Looking on my box the cpu does seem to climb perhaps just shy of 50%.

    Eh?!
    Even for such a lame CPU, 50% is TOO MUCH, if you only routing/NATing.

    1. What connection type (direct, pppoe) do you have?
    2. What network card are you using? (most probable culprit)
    3. Don't hesitate to give us all hardware info you can
    4. Browse/download/watch online pron video through this box, and collect ifconfig output (look for errors)
    5. Try disabling offloads and repeat step 4



  • Version    2.3.2-RELEASE-p1 (i386)
    CPU Type    Intel(R) Atom(TM) CPU D525 @ 1.80GHz
    4 CPUs: 1 package(s) x 2 core(s) x 2 HTT threads

    So is this a 32Bit OS on an 64Bit CPU sorted System? And when yes, why is there not an
    64Bit OS installed? I mean the 32Bit OS support will ending soon, or shorter then as we
    might expecting it and drivers or other things are perhaps not really will find the whole
    interest such in the 64Bit companion system, and so it might be that you are limited
    by that perhaps! Intel Atom D525

    The second thing might be pointed directly to that CPU itself, that could be not strong enough
    to handle the entire WAN speed of 1 GBit/s! Please read about that, under that link;
    pfSense Hardware requirements (CPU selection)
    10-20 Mbps We recommend a modern (less than 4 year old) Intel or AMD CPU clocked at at least 500MHz.
    21-100 Mbps We recommend a modern 1.0 GHz Intel or AMD CPU.
    101-500 Mbps No less than a modern Intel or AMD CPU clocked at 2.0 GHz.
    Server class hardware with PCI-e network adapters, or newer desktop hardware with PCI-e network adapters.

    501+ Mbps Multiple cores at > 2.0GHz are required. Server class hardware with PCI-e network adapters.

    • You may be not having a modern CPU, yours is from 2010!
    • You might be not having over >2.0GHz and also non server class hardware?

    DDR3 800 (SODIMM only); DDR2 667/800
    And this might be another point, perhaps your CPU is strong enough to handle such a
    traffic but your RAM gets rendered or saturated, and there for you will not be able to
    archive the full speed!

    Gigabit routing hardware
    ….that's not quite how it works. The packet filter, the IP forwarding parts, and even NAT
    (part of pf, but run at a different phase) all hit the memory system. It's likely not that
    your CPU can't keep up, it's that your memory system is saturated.

    I would consider to install first, if this is able to realize, a 64bit OS.
    And as second if you would be able to get DDR3-800 RAM modules it will be the best at all.

    But for a real 1 GBit/s line you could try out to get a better hardware system.



  • @pan_2:

    @qwaven:

    Looking on my box the cpu does seem to climb perhaps just shy of 50%.

    Eh?!
    Even for such a lame CPU, 50% is TOO MUCH, if you only routing/NATing.

    1. What connection type (direct, pppoe) do you have?
    2. What network card are you using? (most probable culprit)
    3. Don't hesitate to give us all hardware info you can
    4. Browse/download/watch online pron video through this box, and collect ifconfig output (look for errors)
    5. Try disabling offloads and repeat step 4

    Hi pan_2,

    Thanks for the reply.

    1. Connection is PPPoE over fiber
    2. Not 100% sure which cards are in the system. I believe there are realtek and something else. R# and em# if I recall correctly?
    3. What other hardware info would you like? There is an SSD drive for the storage.
    4. I had already tried playing with the offloads, did not see any change with on/off. Left it as the throughput guide suggested.

    Cheers!



  • @BlueKobold:

    Version    2.3.2-RELEASE-p1 (i386)
    CPU Type    Intel(R) Atom(TM) CPU D525 @ 1.80GHz
    4 CPUs: 1 package(s) x 2 core(s) x 2 HTT threads

    So is this a 32Bit OS on an 64Bit CPU sorted System? And when yes, why is there not an
    64Bit OS installed? I mean the 32Bit OS support will ending soon, or shorter then as we
    might expecting it and drivers or other things are perhaps not really will find the whole
    interest such in the 64Bit companion system, and so it might be that you are limited
    by that perhaps! Intel Atom D525

    The second thing might be pointed directly to that CPU itself, that could be not strong enough
    to handle the entire WAN speed of 1 GBit/s! Please read about that, under that link;
    pfSense Hardware requirements (CPU selection)
    10-20 Mbps We recommend a modern (less than 4 year old) Intel or AMD CPU clocked at at least 500MHz.
    21-100 Mbps We recommend a modern 1.0 GHz Intel or AMD CPU.
    101-500 Mbps No less than a modern Intel or AMD CPU clocked at 2.0 GHz.
    Server class hardware with PCI-e network adapters, or newer desktop hardware with PCI-e network adapters.

    501+ Mbps Multiple cores at > 2.0GHz are required. Server class hardware with PCI-e network adapters.

    • You may be not having a modern CPU, yours is from 2010!
    • You might be not having over >2.0GHz and also non server class hardware?

    DDR3 800 (SODIMM only); DDR2 667/800
    And this might be another point, perhaps your CPU is strong enough to handle such a
    traffic but your RAM gets rendered or saturated, and there for you will not be able to
    archive the full speed!

    Gigabit routing hardware
    ….that's not quite how it works. The packet filter, the IP forwarding parts, and even NAT
    (part of pf, but run at a different phase) all hit the memory system. It's likely not that
    your CPU can't keep up, it's that your memory system is saturated.

    I would consider to install first, if this is able to realize, a 64bit OS.
    And as second if you would be able to get DDR3-800 RAM modules it will be the best at all.

    But for a real 1 GBit/s line you could try out to get a better hardware system.

    Hi BlueKobold,

    Thanks for your reply.

    Yes its 32bit. I can't recall exactly why I believe either I had issues running the 64bit OS or there was no build available at the time of install. (been installed for a while now)

    You mentioned getting better hardware. So I am curious if I were to buy one of the PFSense boxes. Which one would be acceptable for a bare minimum to achieve 1G?

    Also note (however I have tried with these disabled) I would like to have PF, Squid/SquidGuard, and Snort running.

    Cheers!



  • @qwaven:

    1. Connection is PPPoE over fiber

    Then you're screwed. You'll need more hardware or beg your provider to provide a straight connection without pppoe.



  • @VAMike:

    @qwaven:

    1. Connection is PPPoE over fiber

    Then you're screwed. You'll need more hardware or beg your provider to provide a straight connection without pppoe.

    What do you mean by that?



  • @qwaven:

    @VAMike:

    @qwaven:

    1. Connection is PPPoE over fiber

    Then you're screwed. You'll need more hardware or beg your provider to provide a straight connection without pppoe.

    What do you mean by that?

    PPPoE introduces a good bit of overhead, and your hardware isn't beefy enough to deal with that at 1gbps. I continue to be amazed that anybody is still deploying PPPoE.



  • @VAMike:

    @qwaven:

    @VAMike:

    @qwaven:

    1. Connection is PPPoE over fiber

    Then you're screwed. You'll need more hardware or beg your provider to provide a straight connection without pppoe.

    What do you mean by that?

    PPPoE introduces a good bit of overhead, and your hardware isn't beefy enough to deal with that at 1gbps. I continue to be amazed that anybody is still deploying PPPoE.

    Is there any recommended hardware minimum that I should aim for?

    Cheers!