Pfsense Internet Download Slow

Rickinfl

Hi,
I built a New stand alone server (Not Virtual) 24 cores, 64 gig ram. only only package is pfBlockerNG. I have a 300 MB down modem. I plug modem into my computer I get 300 down. I run it through Pfsense I get 60 Down.

Any clues where to start? And I did turn off pfBlockerNG and still 60 Download. I'm running Intel Network Cards and have tried different brands and so on. Still 60 MB download.

stephenw10

What hardware is that running on? What NIC type exactly? ix, igb? SFP?

I assume you mean 300Mbps since 2.4Gbps seems unlikely. Unless all 24 of those cores are running at 100MHz I wouldn't expect there to be any issue passing 300Mb.

Check the Status > Interfaces page for errors. That level of throttling looks like a hardware issue like a bad cable or a link negotiation issue.

Try putting a switch in-between the pfSense WAN and the modem as a test.

Steve

Rickinfl

Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
Current: 2400 MHz, Max: 2401 MHz
16 CPUs: 2 package(s) x 4 core(s) x 2 hardware threads
AES-NI CPU Crypto: Yes (inactive)

The network Card is a Intel I350-T4 Quad Port Gigabit Ethernet Server Adapter. Running in LAGG mode connected to Cisco 3750g switch with VLANS.

No errors in logs.

Googled "Pfsense slow downloads" and Google exploded so I'm assuming this is a common issue. I have 5 pfsense boxes running at work all have the same issue all 5 have different hardware. I have 200 down there and through Pfsense I only get about 50 to 60. No VLANS at work just straight connection to Cisco switches.

My internet connection is 300 down 20 up.

I did put a switch between modem and pfsense and got the 300 down.

stephenw10

Ok, so if adding a switch allowed you to get full rate it's probably a link negotiation issue. Most commonly that's due to some ISPs still supplying modems with fixed port speeds that don't negotiate at all resulting in pfSense falling back to 10 or 100MB-HD.
Check the link speed shown without a switch in between.

If you can access the modem try to check it's port settings.

Try setting the pfSense interface to a fixed speed to match the modem.

We have also occasionally seen issues with flow-control on the link you might check.

Steve

Rickinfl

I own the Modem it's an Arris Surfboard SB6190.

The LAGG status

Gi1/0/13 connected trunk a-full a-1000 10/100/1000BaseTX
Gi1/0/14 connected trunk a-full a-1000 10/100/1000BaseTX
Gi1/0/15 connected trunk a-full a-1000 10/100/1000BaseTX
Gi1/0/16 connected trunk a-full a-1000 10/100/1000BaseTX

I have 5 pfsense boxes at work all different hardware and have the same issue there. I'm not sure which direction to go.

stephenw10

Hmm, maybe I'm reading the wrong. Where exactly did you put the switch?

How is pfSense connected to the modem and other interfaces? All via the 4 way LAGG?

Steve

Derelict

I gave up on the Arris SB6190. Complete junk as far as I am concerned.

http://www.dslreports.com/shownews/Arris-Sued-Over-SB6190-Surfboard-Modem-Latency-Flaw-139331

https://forums.xfinity.com/t5/Your-Home-Network/SB6190-Puma-6-Chip-defect-Firmware-fix/td-p/2969575

Just google arris sb6190 "puma 6" "latency"

Rickinfl

The modem connects to a nic card in the Pfsense box. Then I have a 4 port nic card lagged connected to a Cisco 3750g switch.

What do you recommend for a Modem? I plug the SB6190 into my laptop and computer and get 300 down. When I plug it into the Pfsense I get around 50 down.

Derelict

I went to a Netgear CM600 but it sounds like you have a design problem.

stephenw10

So what does the WAN interface show when connected to the modem directly?

Have you tried setting that to a fixed speed? I doubt it's a problem with the LAGG side.

You can try running a speed test from the firewall itself to be sure though.
See: https://forum.netgate.com/post/781548

Steve

Rickinfl

Status
up
DHCP
up Relinquish Lease
MAC Address
xxxxxxxxxx
IPv4 Address
xx.xx.xx.xx
Subnet mask IPv4
255.255.254.0
Gateway IPv4
xx.xx.xx.x
IPv6 Link Local
xxxxxxx
DNS servers
8.8.8.8
MTU
1500
Media
1000baseT <full-duplex>
In/out packets
125527658/65976060 (167.51 GiB/4.10 GiB)
In/out packets (pass)
125527658/65976060 (167.51 GiB/4.10 GiB)
In/out packets (block)
55698/84 (15.42 MiB/11 KiB)
In/out errors
0/0
Collisions
0

Rickinfl

[2.4.3-RELEASE][root@pfSense.home.lan]/root: speedtest-cli
Retrieving speedtest.net configuration...
Testing from Spectrum (xx.xx.xx.xx)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by Hivelocity Hosting (xxxxxxx) [17.89 km]: 129.495 ms
Testing download speed................................................................................
Download: 284.77 Mbit/s
Testing upload speed................................................................................................
Upload: 23.46 Mbit/s

Derelict

So it's on the LAN side.

Maybe eliminate all that LAGG stuff or at least directly connect to a single interface on the inside and test from there.

129.495 ms That is a lot.

Herman

Hello everybody,

Experiencing kind of same problem. See my post:

https://forum.netgate.com/topic/133567/wan-speed-drops-significantly-when-downloading-large-10-gb-files.

The physical network card is an Intel(R) Ethernet Server Adapter I350-T4. The switch used is a HP 1810-24G. No crappy hardware I would say.

Still looking for a solution,

Regards,
Herman

Rickinfl

It's not going through the LAGG right now I have it connected to a single card. I did get 300 Down when I hard wire connected my laptop so it seems to be working. Also set WAN to 1000 Full Duplex.

Herman, I did a speed test getting over 300 down, but my Pfsense box Graph only showed about 50 like yours.

Grimson

@rickinfl said in Pfsense Internet Download Slow:

Herman, I did a speed test getting over 300 down, but my Pfsense box Graph only showed about 50 like yours.

So, is the Graph set to bytes or bits? If you don't know the difference it's high time to learn it.

Herman

@Rickinfl My graph shows MB's (MegaBytes). The problem is that my download is not consistent as you can see in the graph. It suddenly drops en is very inconsistent.

Maybe very stupid to ask but what do you mean with LAGG?

Regards,
Herman

Derelict

If you are not doing a LAGG you don't have to worry about it.

https://en.wikipedia.org/wiki/Link_aggregate_group

What you are seeing in that graph would be indicative of irregular sending by the sender, or possibly something going on on the receiver, not anything on the firewall. Maybe something upstream starts to limit you or any one of 100 different things.

Rickinfl

@herman said in Pfsense Internet Download Slow:

@Rickinfl My graph shows MB's (MegaBytes). The problem is that my download is not consistent as you can see in the graph. It suddenly drops en is very inconsistent.

Maybe very stupid to ask but what do you mean with LAGG?

Regards,
Herman

LAGG. I have a I350-T4 I took all 4 ports and created a LAGG which combines all 4 ports into 1. So basically I have a 4 GIG link. On my Cisco 3750G I created a LACP Trunk which is basically a LAGG, but in Cisco words. This allows me to send VLANS across to the Pfsense box. I also created VLANS in Pfsense.

Herman

@rickinfl Okay... I need the ports also for the vm's. The SuperMicro board has also 2 Intel nics on board.

But any idea whats going on with the speed?? Before I migrated from the TMG 2010 I've had an stable download.

Regards,
Herman