Is my CPU too slow for 100 Mbit/s?

snitem

In the past I had a 50 down / 10 up connection where I got full speed. Now I upgraded to 100 down / 40 up and when I use my Draytek Vigor 130 without pfSense I get good speed as well (91 down/31 up). But with pfSense running and the Modem in bridged mode I only get 50 down / 27 up. I disabled the Traffic Shaper and then I had 69 down / 32 up. I opened Diagnostics -> System Activity and during the Speedtest it looks like this:

last pid: 42595;  load averages:  4.04,  1.19,  0.62  up 0+00:33:35    21:34:43
136 processes: 2 running, 110 sleeping, 24 waiting

Mem: 41M Active, 40M Inact, 65M Wired, 31M Buf, 820M Free
Swap: 2048M Total, 2048M Free

PID USERNAME PRI NICE  SIZE    RES STATE    TIME    WCPU COMMAND
  12 root    -92    -    0K  192K WAIT    0:43  31.05% [intr{irq257: em0:rx0}]
    0 root    -92    -    0K  120K -        0:15  20.75% [kernel{em0 rxq (cpuid 0}]
  12 root    -92    -    0K  192K WAIT    0:32  18.80% [intr{irq260: em1:rx0}]
42435 root      73    0 11260K  2304K RUN      0:00  3.66% /usr/bin/top -aHS
42595 root      52    0  9956K  1560K piperd  0:00  3.56% /usr/bin/cut -c1-105
42368 root      52    0 10460K  2084K wait    0:00  3.47% sh -c /usr/bin/top -aHS | /usr/bin/cut -c1-10
40192 root      46    0 87080K 27880K piperd  0:01  3.37% php-fpm: pool nginx (php-fpm)
    0 root    -92    -    0K  120K -        0:02  2.69% [kernel{em1 rxq (cpuid 0}]
  12 root    -92    -    0K  192K WAIT    0:02  0.59% [intr{irq258: em0:tx0}]
  12 root    -92    -    0K  192K WAIT    0:02  0.49% [intr{irq261: em1:tx0}]
90413 www      20    0 14168K  5860K kqread  0:14  0.29% /usr/local/sbin/haproxy -f /var/etc/haproxy/h
  11 root    155 ki31    0K    8K RUN    24:52  0.00% [idle]
    0 root    -16    -    0K  120K swapin  0:36  0.00% [kernel{swapper}]
  12 root    -60    -    0K  192K WAIT    0:03  0.00% [intr{swi4: clock}]
    5 root    -16    -    0K    8K pftm    0:03  0.00% [pf purge]
66040 root      20    0 10152K  1928K select  0:02  0.00% /usr/sbin/syslogd -s -c -c -l /var/dhcpd/var/
    4 root    -16    -    0K    16K -        0:02  0.00% [cam{scanner}]
42032 root      20    0 13712K  5600K kqread  0:01  0.00% nginx: worker process (nginx)

As you can see the idle process is at 0.00%. Is this normal or does this mean my CPU is under full load?
This is what I could find out about the CPU:

hw.machine: i386
hw.model: Genuine Intel(R) CPU N270  @ 1.60GHz
hw.ncpu: 1

belt9

yeah, pfsense will run well on a lot of old hardware, but a decade old single core atom @ 1.6GHz is probably a bridge too far for 140Mbps on pfSense.

You can probably get 140Mbps on a linux firewall if you can't afford to upgrade.

Guest

hw.machine: i386
hw.model: Genuine Intel(R) CPU N270  @ 1.60GHz

The future road map of pfSense will be likes;

• no 32Bit OS version anymore
• no NANOBSD Version anymore
• AES-NI is a must be and not nice to have

And so I personally would be looking for newer hardware such the APU2C4 that will do the job for you and
also with higher bandwidth numbers. It comes with three miniPCIe slots and a 4 core CPU w/AES-NI inside
and together with a mSATA you will be able to run more services likes now, as I see it right. It might be
running well also for 100, 200 and perhaps 300 MBit/s at the WAN side. Varia-Store

stephenw10

Hmm, that is old but I'd still expect it to pass 100Mbps without much difficulty. Especially with an Intel NIC.

Try gettting the processor activity by running at the command line:

top -aSH

Hit q to quit out and freeze the current reading so you can copy and paste it.

Are you using PPPoE with the V130?

Steve

Guest

I have many telecommuters running decade old Acer Aspire One AOA-150 Netbook computers as pfsense routers.

These netbooks have the same processor - Atom N270 (which is a single core but dual thread CPU - as yours and 1GB of RAM, just like yours.

Since Aspire has only one 100 Mb/s ethernet, we configure it to go over inexpensive VLAN enabled 5 port switches.
(And yes we do what everybody says should never be done, yet we have been doing it for years successfully without any incidents)

pfsense 2.3.4-p1 32 bit version runs beautifully and 70/35 lines get driven to their max without any problems.

Neither the CPU nor the RAM gets maxed-out (not even close) while the cable line gets saturated and 100 Mbps could be easily achieved
if we had faster Internet lines for our telecommuters, and especially if we had actual dual ethernets instead of a single etherfast port split
via VLAN configuration.

So, I suspect that you have something not properly setup with your machine. The root cause is probably not the N270.
You might want to dig into the settings and look closely your ethernet port performance.

VAMike

Maxing out around 70Mbps single core doesn't seem impossible, those were really slow CPUs. It does look like hyperthreading is disabled, so you can see if there's a BIOS setting to enable that. (It also might just not be supported on your motherboard.)

stephenw10

Certainly not impossible but I would expect to have to run a number of packages to do it.

As very rough comparison the ALIX could pass 85Mbps and that's significantly less powerful (in both senses  ;)).
But that was with default config and optimal traffic types etc….

Steve

snitem

@VAMike:

Maxing out around 70Mbps single core doesn't seem impossible, those were really slow CPUs. It does look like hyperthreading is disabled, so you can see if there's a BIOS setting to enable that. (It also might just not be supported on your motherboard.)

You were absolutely right, hyperthreading was disabled. I enabled it and now I have full speed. YEAH! Thank you so much, I never thought about that and probably would have bought new hardware next weekend. And thanks to anybody else for the input.