I'm new here so if I make some mistakes let me know!
We are using pfsense(latest stable version) for VPN(IPSEC),Firewall,load-balance,VLAN.
I did a initial config for squid transparent proxy and notice that the lan latency went high up almost 1sec sometimes and avg of 200ms (ping from/to switch TL-SG1024DE) making the connections really slow if more than 10 users at same time, without squid it went down to 80ms avg lan
Because the we were using onboard crap nics and a slow HDD, I changed the HDD to SSD and brought a Intel I350-T4, reinstall de pfsense and restore the backup.
I saw after the upgrade using squip a better of performance of at least 50% now with squid is avg 60ms top 200ms, without squid is avg of 5ms top 40ms.
but still, its wierd because we have up to 45 devices tops, (half is smartphones).
I am using the Status > monitoring to see if I find the bottleneck:
Processor last day:
user util. 0.10 % 0.57 % 2.93 % 1.72 %
nice util. 0.00 % 0.00 % 0.04 % 0.00 %
system util. 0.08 % 0.39 % 1.38 % 1.38 %
interrupt 0.13 % 0.43 % 1.15 % 0.93 %
Memory last day:
active 2.42 % 2.70 % 5.07 % 2.80 %
inactive 58.98 % 63.11 % 69.95 % 64.11 %
free 8.81 % 18.15 % 22.17 % 11.98 %
cache 0.00 % 0.00 % 0.00 % 0.00 %
wire 15.54 % 16.05 % 23.52 % 21.11 %
Mbuf Clusters: As the NIC tunning wiki page said, I just changed the mbfcluster to 1M for intel igb:
current 18265.24 18282.20 18773.88 18266.42
cache 1697.94 1884.06 3244.76 3243.58
total 19996.00 20166.26 21510.00 21510.00
max 233.23 k 271.07 k 1.00 M 1.00 M
Anyone know how to fix this or at least improve, I would like to have as close as possible to 1ms without squid and around 20ms with squid.
How are you measuring the latency?
I am using ping from pfsense to switch, ping from 2 machines to the gateway and switch. (direct connected patch cord 1,5m cat6)
from any manchine to switch is always 1ms, only pfsense seens to have variations.
I changed the cable, port, even to another switch but any ping from pfsense or to pfsense is instable, for me it looks like a software problem because its only start happing after all services from pfsense is up.
But I disabled almost all non essentials services but no luck.
my nic has 4 ports, 3 wan ports with avg of 0,5ms!!!! I even changed ports to see if anything change, no luck!