[SOLVED]pfsense WAN throughput issues



  • Hello people!

    I'm relatively new to "setting up your own firewall" and recently setup an pfsense system (reusing an old Dell Optiplex 755 (Core2Duo E8400) with HP NC364T Quadport NIC).

    Here's the setup that I have at the moment:

    ISP Router (Assigns DHCP 192.168.x.x to PF Sense WAN)
    |
    |
    +–-----DELL Optiplex (runs Ubuntu Server 17.04 with 4GB RAM and VirtualBox headless)
          |
          |
          +-------> VM1 - pfsense (pfsense 2.x, 1GB Memory)
          |      |
          |      |
          |      |---> Adapter 1 uses NIC#1 (pfsense WAN with IP assigned from ) - Bridged Adapter (Intel PRO/1000 T Server 82543GC)
          |      |---> Adapter 2 uses NIC#2 (pfsense LAN) - Bridged Adapter (Intel PRO/1000 T Server 82543GC)
          |        |
          |        |
          |        |---> Asus Wifi Router(runnning in AP mode)
          |        |---> TPLink Wifi Router (running in AP mode)
          |
          |
          +-------> VM2 - Apps (Ubunt Server 17.04, 1.5GB Memory and has virtualbox guest addons installed)
                |
                |
                |---> Adapter 2 uses NIC#2 (pfsense LAN) - Bridged Adapter (Intel PRO/1000 T Server 82543GC)

    The problem that I'm facing is that (although the network adapters are all Gigabit) my internet speeds seem to be limited on VM2.

    I have a 300Mbit connection but end up getting around 110Mbit on VM2 but if I change the network adapter on VM2 to NAT (skipping pfsense and hooking onto NIC#1 directly), I get full bandwidth (I tested the bandwidth by using wget to download a iso file).

    So the problem seems to be with some sort of throttling when the data going through pfsense.

    I was thinking of setting up VM2 with NIC#3 then running a cable from NIC#2 to an unmanaged switch and back to NIC#3.

    Do you guys think that will increase the throughput on WAN? Here's how the new setup should look like:

    +------> VM1 - pfsense (pfsense 2.x, 1GB Memory)
          |      |
          |      |
          |      +---> Adapter 1 uses NIC#1 (pfsense WAN with IP assigned from ) - Bridged Adapter (Intel PRO/1000 T Server 82543GC)
          |      +---> Adapter 2 uses NIC#2 (pfsense LAN) - Bridged Adapter (Intel PRO/1000 T Server 82543GC)
          |            |
          |            |
          |            |
          |            +--->[Unmanaged Switch]
          |                |     
          |                |
          |                |
          |                +–-> Asus Wifi Router(runnning in AP mode)
          |                +---> TPLink Wifi Router (running in AP mode)
          |
          |
          +-------> VM2 - Apps (Ubunt Server 17.04, 1.5GB Memory and has virtualbox guest addons installed)
                |
                |
                |---> Adapter 1 uses NIC#3 (pfsense LAN via unmanaged switch) - Bridged Adapter (Intel PRO/1000 T Server 82543GC)

    Note: I'm not using any traffic shaping on pfsense.



  • I'm not familiar with using VMs, but I was able to find a few hits on people having network performance issues with FreeBSD pre-11 has a guest with a VirtualBox host. In some of those forums, some said the performance issues went away once they switched to FreeBSD 11, which pfSense 2.4 will be based on. You issue may go away once you upgrade to 2.4, which they think may be out as soon as Monday.



  • @Harvy66:

    I'm not familiar with using VMs, but I was able to find a few hits on people having network performance issues with FreeBSD pre-11 has a guest with a VirtualBox host. In some of those forums, some said the performance issues went away once they switched to FreeBSD 11, which pfSense 2.4 will be based on. You issue may go away once you upgrade to 2.4, which they think may be out as soon as Monday.

    Interesting

    Once more thing to add is that the the wired clients connected to the Wifi AP don't get full bandwidth either. They get around 70% which is more than the VM running on the DELL machine but still not 100% of the bandwidth.



  • VMs complicate things. You need to very carefully plan the host, guest, and hardware. You can't just throw one together an expect decent performance. I would just wait for 2.4 and see which of your problems remain. Hopefully none.



  • Fingers crossed! Thank you for your inputs Harvy66! :)



  • UPDATE:
    @Harvy66, I tested out latest opnsense as well which is based off FreeBSD 11.1 but I still faced the same issues.
    The solution for my problem was to disable nested paging under VM -> System -> Acceleration, after which the bandwidth went full throttle! :)

    ![2017-10-02 22_30_50-pfsense - Settings.png](/public/imported_attachments/1/2017-10-02 22_30_50-pfsense - Settings.png)
    ![2017-10-02 22_30_50-pfsense - Settings.png_thumb](/public/imported_attachments/1/2017-10-02 22_30_50-pfsense - Settings.png_thumb)


Log in to reply