HELP: SG-4860 abnormally low throughput (~250mbps)
-
I recently upgraded my Xfinity service from the 250mbit tier to the gigabit tier, but I appear to be bottlenecked by my SG-4860.
If I plug my computer directly into the cable modem I am able to iperf/speedtest.net the full ~950mbps downstream or so I'd expect, but with the SG-4860 in the path I see mid-200's max. Here's what I am observing/things I have tried:
- Running 2.4.3-RELEASE-p1.
- Watching top on the console shows extremely low CPU usage (system or otherwise) and reasonable interrupt activity
- The GUI shows that have PowerD enabled. Changing from Hiadaptive to Maximum had no impact.
- I originally had my cable modem cabled directly to the WAN port on the device, and I changed it to pass through my switch (Cisco SG300-28MP) with a WAN VLAN set up with two access ports. This had no effect, and the switch is not showing any line errors or retransmits or anything on either port. Both ports appear to be negotiating gigabit full duplex as you'd hope.
- I originally had the LAN port on the SG set up with several VLANS (all low traffic) in addition to LAN. I moved the pfSense LAN interface from the igb0 LAN port to igb2 as an Access port on my switch so that LAN is not sharing the pipe with any other VLANs. This also seems to have made no difference.
- I have no traffic shaping set up on any interfaces.
- I am only running the following packages: AutoConfigBackup, zabbix-agent34. I can't imagine either of them would impact throughput. No snort, no suricata, nothing like that.
- I do have an OpenVPN client instance running, extremely low traffic, it's only set up to transfer traffic to and from my office (via a LAN firewall rule that sets the gateway for the office IP range)
- 14 firewall rules on LAN, 10 on WAN, 9 floating. Nothing super-involved there.
- MTU 1500 on all interfaces
- I have a lot of VLANs and interfaces, but it's otherwise a pretty vanilla setup. DHCP/DNS Resolver. IPv4 and IPv6 on most interfaces.
I am all out of things to investigate or try, and I'd love any suggestions or ideas for further areas to experiment. Every thread I've read would indicate that the SG-4860 hardware should be more than enough to yield the full throughput that I should be getting. I just don't know how to get there from here.
Thanks!
System Netgate SG-4860
BIOS Vendor: coreboot
Version: ADI_RCCVE-01.00.00.03-nodebug
Release Date: Sat Mar 14 2015
Version 2.4.3-RELEASE-p1 (amd64)
CPU Type Intel(R) Atom(TM) CPU C2558 @ 2.40GHz
4 CPUs: 1 package(s) x 4 core(s)
AES-NI CPU Crypto: Yes (active)
Hardware crypto AES-CBC,AES-XTS,AES-GCM,AES-ICM
Kernel PTI Enabled
Uptime 02 Hours 21 Minutes 27 SecondsState table size: 2% (13860/814000) Show states
MBUF Usage: 55% (14686/26584)
Temperature: 62.0°C
Load average: 0.37, 0.23, 0.18
CPU usage: 2%
Memory usage: 4% of 8143 MiB
SWAP usage: 0% of 16383 MiB
-
I have a sg4860 and do not have a gig internet to test with... It doesn't even break a sweat in handling my 500/50 connection. I always see 500+ down..
Your bios is bit dated - I would update that.
mine
Vendor: coreboot
Version: ADI_RCCVE-01.00.00.17-nodebug
Release Date: Mon Sep 18 2017You could try to disable PTI, I don't think it's hit would be that drastic.. But you could try turn it off.
How exactly are you testing your speed?
My buddy has sg4860 as well, and he see's 900's on his ATT fiber connection without any issues.
