SG-2200 slow LAN to WAN throughput



  • I am a long time Tomato user and have recently upgraded to one of the Netgate SG-2200 units. I made the upgrade for OpenVPN performance reasons because it was sucking on my Tomato builds. I just got pfSense setup and have been doing some tests and noticed my speedtest.net results are half of what they are with Tomato. I can hit 42Mbits download with Tomato on a cheap Asus router but roughly 20Mbits download with the Netgate SG-2200.  Any thoughts on what could be causing this?

    I'm going to continue trying to isolate the cause. Hopefully I come back with a "I'm a dork" post but for now I'm really scratching my head. Thanks folks.

    Cheers



  • need more information.



  • Can you help me out with what you're looking for?

    I live in Colorado Springs using CenturyLink DSL. I have the DSL modem configured for transparent bridging. I have the pfSense box Wan port connected to the DSL modem and configured the Wan interface for PPPoE. I have a gigabit switch on the LAN side of the pfSense box with my devices connected to it. If I swap out thr pfSense box for my Asus Tomato router I will get 42Mbps download on speedtest.net from a PC connected to the gigabit switch. If I put the pfSense box in there instead that number drops to 17-22Mbps using the same PC and website.

    I have some port forwarding, Dynamic DNS, NAT reflection, and Open VPN configured on pfSense and nothing else.



  • might be a lot of things.

    i'd try lowering the MTU of the wan port.

    https://forum.pfsense.org/index.php?topic=56486.0



  • Ah man I should have known to try that. Not mocking, seriously. A long time ago I spent a lot of time digging into improving DSL performance. I set the MTU to 1492 on my WAN interface and guess what happened? I'm now in the 38-40Mbps download range on speedtest.net. Now I just gotta figure out if the error difference is in the noise or if there still is something significant. First reaction is that was it. Thanks for the help!



  • That was odd. For about 30 minutes the  MTU change gave me expected performance. Now it is even worse and has been so all day. It has been hovering around 5Mbps after setting the MTU to be the same I have it on my Asus router. So now I'm really confused about this pfSense performance issue. I will try factory resetting it and see where that takes me.


  • Galactic Empire

    @scottlindner:

    That was odd. For about 30 minutes the  MTU change gave me expected performance. Now it is even worse and has been so all day. It has been hovering around 5Mbps after setting the MTU to be the same I have it on my Asus router. So now I'm really confused about this pfSense performance issue. I will try factory resetting it and see where that takes me.

    Doesn't appear to be a pfSense issue at all. Change your cables, check MTU on your modem. Call your ISP.



  • It is pfSense , and I think I cracked the code. I can demonstrate by moving the LAN and WAN cable between my Asus router and pfSense that the performance is poor with pfSense. I even factory reset it to nothing but stock pfSense configuration and it was bad. I took the modem out of bridging so I could prove to myself I didn't do anything to the pfSense configuration.

    Now what I think is going on. I have a NAS doing a big backup to Amazon Cloud Drive that has been running slowly for over a year and will take another year+ to complete. I have traffic shaping running on my Asus router and I don't on pfSense. I forgot about the backup because it's been running for a long time. I paused the backup and it seemed to be expected performance. I think the window of good performance earlier was due to the backup being temporarily stopped due to the network changes. So now I need to figure out pfSense traffic shaping to confirm. But for now this is where I suspect my devils are.



  • Easiest, but not dynamic, would be to use limiters on a rule for your nas


  • LAYER 8 Netgate

    Easier still would be to limit on the NAS itself.



  • Thanks for the thoughts. I'm gonna work to get traffic shaping setup for my needs. I have something basic rolling now that brings the performance back to something more sane while the backup is rolling. I have Ooma (third party VOIP) some gaming systems, host some personal websites, have this epic backup going, and of course want the internet to be usable for surfing and watching stuff online. I just gotta do it anyway.

    For now at least, I'm calling this issue closed. I am 99% confident my pfSense performance issues were due to that forgotten backup job without using traffic shaping and I was comparing to my old firewall that had traffic shaping all configured on it. Why it knocked me down so much is a bit of a mystery. I'm assuming the uncontrolled backup traffic was causing contention on the way the speedtest.net site works.


Log in to reply