4. Pfsense Internet Download Slow

Pfsense Internet Download Slow

  • R

    Hi,
    I built a New stand alone server (Not Virtual) 24 cores, 64 gig ram. only only package is pfBlockerNG. I have a 300 MB down modem. I plug modem into my computer I get 300 down. I run it through Pfsense I get 60 Down.

    Any clues where to start? And I did turn off pfBlockerNG and still 60 Download. I'm running Intel Network Cards and have tried different brands and so on. Still 60 MB download.

    0
  • Netgate Administrator

    What hardware is that running on? What NIC type exactly? ix, igb? SFP?

    I assume you mean 300Mbps since 2.4Gbps seems unlikely. Unless all 24 of those cores are running at 100MHz I wouldn't expect there to be any issue passing 300Mb.

    Check the Status > Interfaces page for errors. That level of throttling looks like a hardware issue like a bad cable or a link negotiation issue.

    Try putting a switch in-between the pfSense WAN and the modem as a test.

    Steve

    0
  • R

    Intel(R) Xeon(R) CPU E5620 @ 2.40GHz
    Current: 2400 MHz, Max: 2401 MHz
    16 CPUs: 2 package(s) x 4 core(s) x 2 hardware threads
    AES-NI CPU Crypto: Yes (inactive)

    The network Card is a Intel I350-T4 Quad Port Gigabit Ethernet Server Adapter. Running in LAGG mode connected to Cisco 3750g switch with VLANS.

    No errors in logs.

    Googled "Pfsense slow downloads" and Google exploded so I'm assuming this is a common issue. I have 5 pfsense boxes running at work all have the same issue all 5 have different hardware. I have 200 down there and through Pfsense I only get about 50 to 60. No VLANS at work just straight connection to Cisco switches.

    My internet connection is 300 down 20 up.

    I did put a switch between modem and pfsense and got the 300 down.

    0
  • Netgate Administrator

    Ok, so if adding a switch allowed you to get full rate it's probably a link negotiation issue. Most commonly that's due to some ISPs still supplying modems with fixed port speeds that don't negotiate at all resulting in pfSense falling back to 10 or 100MB-HD.
    Check the link speed shown without a switch in between.

    If you can access the modem try to check it's port settings.

    Try setting the pfSense interface to a fixed speed to match the modem.

    We have also occasionally seen issues with flow-control on the link you might check.

    Steve

    0
  • R

    I own the Modem it's an Arris Surfboard SB6190.

    The LAGG status

    Gi1/0/13 connected trunk a-full a-1000 10/100/1000BaseTX
    Gi1/0/14 connected trunk a-full a-1000 10/100/1000BaseTX
    Gi1/0/15 connected trunk a-full a-1000 10/100/1000BaseTX
    Gi1/0/16 connected trunk a-full a-1000 10/100/1000BaseTX

    I have 5 pfsense boxes at work all different hardware and have the same issue there. I'm not sure which direction to go.

    0
  • Netgate Administrator

    Hmm, maybe I'm reading the wrong. Where exactly did you put the switch?

    How is pfSense connected to the modem and other interfaces? All via the 4 way LAGG?

    Steve

    0
  • Netgate

    I gave up on the Arris SB6190. Complete junk as far as I am concerned.

    http://www.dslreports.com/shownews/Arris-Sued-Over-SB6190-Surfboard-Modem-Latency-Flaw-139331

    https://forums.xfinity.com/t5/Your-Home-Network/SB6190-Puma-6-Chip-defect-Firmware-fix/td-p/2969575

    Just google arris sb6190 "puma 6" "latency"

    0
  • R

    The modem connects to a nic card in the Pfsense box. Then I have a 4 port nic card lagged connected to a Cisco 3750g switch.

    What do you recommend for a Modem? I plug the SB6190 into my laptop and computer and get 300 down. When I plug it into the Pfsense I get around 50 down.

    0
  • Netgate

    I went to a Netgear CM600 but it sounds like you have a design problem.

    0
  • Netgate Administrator

    So what does the WAN interface show when connected to the modem directly?

    Have you tried setting that to a fixed speed? I doubt it's a problem with the LAGG side.

    You can try running a speed test from the firewall itself to be sure though.
    See: https://forum.netgate.com/post/781548

    Steve

    0
  • R

    Status
    up
    DHCP
    up Relinquish Lease
    MAC Address
    xxxxxxxxxx
    IPv4 Address
    xx.xx.xx.xx
    Subnet mask IPv4
    255.255.254.0
    Gateway IPv4
    xx.xx.xx.x
    IPv6 Link Local
    xxxxxxx
    DNS servers
    8.8.8.8
    MTU
    1500
    Media
    1000baseT <full-duplex>
    In/out packets
    125527658/65976060 (167.51 GiB/4.10 GiB)
    In/out packets (pass)
    125527658/65976060 (167.51 GiB/4.10 GiB)
    In/out packets (block)
    55698/84 (15.42 MiB/11 KiB)
    In/out errors
    0/0
    Collisions
    0

    0
  • R

    [2.4.3-RELEASE][root@pfSense.home.lan]/root: speedtest-cli
    Retrieving speedtest.net configuration...
    Testing from Spectrum (xx.xx.xx.xx)...
    Retrieving speedtest.net server list...
    Selecting best server based on ping...
    Hosted by Hivelocity Hosting (xxxxxxx) [17.89 km]: 129.495 ms
    Testing download speed................................................................................
    Download: 284.77 Mbit/s
    Testing upload speed................................................................................................
    Upload: 23.46 Mbit/s

    0
  • Netgate

    So it's on the LAN side.

    Maybe eliminate all that LAGG stuff or at least directly connect to a single interface on the inside and test from there.

    129.495 ms That is a lot.

    0

  • Hello everybody,

    Experiencing kind of same problem. See my post:

    https://forum.netgate.com/topic/133567/wan-speed-drops-significantly-when-downloading-large-10-gb-files.

    The physical network card is an Intel(R) Ethernet Server Adapter I350-T4. The switch used is a HP 1810-24G. No crappy hardware I would say.

    Still looking for a solution,

    Regards,
    Herman

    0
  • R

    It's not going through the LAGG right now I have it connected to a single card. I did get 300 Down when I hard wire connected my laptop so it seems to be working. Also set WAN to 1000 Full Duplex.

    Herman, I did a speed test getting over 300 down, but my Pfsense box Graph only showed about 50 like yours.

    0
    G
     1 Reply
  • G

    @rickinfl said in Pfsense Internet Download Slow:

    Herman, I did a speed test getting over 300 down, but my Pfsense box Graph only showed about 50 like yours.

    So, is the Graph set to bytes or bits? If you don't know the difference it's high time to learn it.

    0

  • @Rickinfl My graph shows MB's (MegaBytes). The problem is that my download is not consistent as you can see in the graph. It suddenly drops en is very inconsistent.

    Maybe very stupid to ask but what do you mean with LAGG?

    Regards,
    Herman

    0
    R
     1 Reply
  • Netgate

    If you are not doing a LAGG you don't have to worry about it.

    https://en.wikipedia.org/wiki/Link_aggregate_group

    What you are seeing in that graph would be indicative of irregular sending by the sender, or possibly something going on on the receiver, not anything on the firewall. Maybe something upstream starts to limit you or any one of 100 different things.

    0
  • R

    @herman said in Pfsense Internet Download Slow:

    @Rickinfl My graph shows MB's (MegaBytes). The problem is that my download is not consistent as you can see in the graph. It suddenly drops en is very inconsistent.

    Maybe very stupid to ask but what do you mean with LAGG?

    Regards,
    Herman

    LAGG. I have a I350-T4 I took all 4 ports and created a LAGG which combines all 4 ports into 1. So basically I have a 4 GIG link. On my Cisco 3750G I created a LACP Trunk which is basically a LAGG, but in Cisco words. This allows me to send VLANS across to the Pfsense box. I also created VLANS in Pfsense.

    0
    M
     2 Replies

  • @rickinfl Okay... I need the ports also for the vm's. The SuperMicro board has also 2 Intel nics on board.

    But any idea whats going on with the speed?? Before I migrated from the TMG 2010 I've had an stable download.

    Regards,
    Herman

    0
  • Netgate

    @rickinfl said in Pfsense Internet Download Slow:

    It's not going through the LAGG right now I have it connected to a single card. I did get 300 Down when I hard wire connected my laptop so it seems to be working. Also set WAN to 1000 Full Duplex.

    I would leave that at Default (no preference, typically autoselect)

    By running the speed test on the firewall and getting Download: 284.77 Mbit/s you have established it is not the WAN interface.

    0
  • M

    @rickinfl said in Pfsense Internet Download Slow:

    LAGG. I have a I350-T4 I took all 4 ports and created a LAGG which combines all 4 ports into 1. So basically I have a 4 GIG link.

    (Pedantic) Err, no. You still have a 1Gbps link for a single flow, but you can handle up to 4 single flows simultaneously at 1Gbps, and anything above 4 flows will start to share bandwidth. But you'll never get 4Gbps in a single flow.

    And remember (I'm just stating, not accusing) - if you have your graph at MBps instead of Mbps, then a 300Mbps link should show up as roughly 35MBps.

    0
  • G

    If you have 4 or less LAN segments you can also use them as individual interfaces instead of a LAGG with VLANs. This way you don't have to deal with possible issues in the LAGG driver and reduce the complexity of the config.

    0

  • Hi guys,

    Looked around a bit for myself. Would like to receive your thoughts about this.
    Using Sabnzbd for large UseNet downloading. I’ve add 3 UseNet server with each 16 connections. Playing around with this made me conclude the following. Enable just one UseNet pay server with only 4 connections is giving me the best performance. About 35MB generally over the whole download. There are some moments that the speed drops to 0 but then it resumes to the speed of approximately 35 MB. Does this make any sense to you guys? I’d like to understand what’s going on here.

    Like noted before I use a HP 1810-24G managed switch. There are tons of settings that can be made. My knowledge is not that far to understand all of them. For example the Jumbo Frames, should they be enabled or disabled? For now I enabled them to see what it does to the performance. The link speed of the switch is now ‘auto”. Should I set it to “1000 Full Duplex”?

    Any thoughts of how to configure the switch to get the best performance? All tips would be appreciated!

    Kind regard and thanks for helping already,
    Herman

    0
  • Netgate

    Maybe they are throttling with you in some way when you start increasing the number of connections. Maybe your client starts having problems. I cannot see pfSense caring one way or the other.

    You shouldn't need to do anything on the switch.

    i wouldn't touch jumbo frames in your environment. Leave everything 1500.

    0 1 Reply

  • @derelict

    Thank you @Derelict for the reply. I will turn the jumbo frames back to off. I have no clue if the news hosting provider (https://www.newshosting.com/) is throttling when I increase the connections. My peasant wit would say the more connections the more speed you can gain? Well probably that seems not to be the case.

    What would be the advice in using connections? Just use one server with one connection? Why does the provider offer 30 connections in the first place?

    Kind regards,
    Herman

    0 1 Reply

  • Also found this link https://www.newshosting.com/usenet/usenet-connections/. This explains how connections works. Just didn't figure out how to test the ideal amount of connection in combination with a speed test...

    Just wanted to share this aswell.

    Herman

    0
 

Products

Applications

Support

Services

News

Resources

Company

Our Mission

As host of the pfSense open source firewall project, Netgate believes in enhancing network connectivity that maintains both security and privacy. We also believe everyone should be able to afford it.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy