SG-3100 Slow Throughput
-
FWIW, I'm running a Dell R210 II via Xeon E31220 @ 3.10GHz on pfSense 2.4.4. Here's a recent speedtest from a server within my LAN:
SpeedTest++ version 1.14 Speedtest.net command line interface Info: https://github.com/taganaka/SpeedTest Author: Francesco Laurita <francesco.laurita@gmail.com> IP: Finding fastest server... 7727 Servers online ............ Server: speedtest: 2 ms Ping: 2 ms. Jitter: 0 ms. Determine line type (2) ........................ Fiber / Lan line type detected: profile selected fiber Testing download speed (32) .................................................................................................................................................................................................................................................................... Download: 954.57 Mbit/s Testing upload speed (12) ................................................................................................................................................................................................................................................................................................................................................................................................. Upload: 799.39 Mbit/sI've seen a few other reports of performance differences between
pfatt.sh, IP-Passthrough and no bypass. In the past, I haven't been convinced the problem is withpfatt.shdue to a variety of discrepancies with reported testing methodologies.That being said, I've never been able to push my upload past ~820 Mbit/s with
pfatt.sh. It's very possible there is a subtle issue here. Unfortunately, there are a lot of moving pieces between AT&T, speed test methodology, pfSense, configurations, and hardware. Troubleshooting requires downtime, and like you, I signed a 99.999% uptime SLA with my family.
I'll keep following this thread. Curious to see how your testing goes.
-
Well...that sucked. It was faaar from "simply rebuild, then restore section by section" - but I did land on a much better result. A sincere thank you @torred @Grimson @Derelict @johnpoz @gsmornot @aus for your help. I spent a bunch of time in the config.xml file comparing my old config to a clean new one. Amazing how much rot develops over five years trying to learn pfSense and eek out better speed from AT&T.
I am now between 600-700Mb down and 850-935Mb up. That is not a typo. My upload screams past my download. I can finally host that p0rn server I've always wanted to. Kidding aside, anything jump out as a reason for that difference? BTW - speed testing is a non-deterministic pile of poo.
Side note: OpenVPN client performance on a gig line with a SG-3100 is thoroughly disappointing. Did a bunch of reading on that and no matter the link speed, seems that people are maxing the 3100 out at 100-150Mb. I thought about trying to set up IPSec instead, but I've had about as much fun as I can take right now.
When I recover, I am probably going to rebuild this from complete scratch. Manually reenter everything - no restore. Kill cruft. Trying to figure out how to do that while also pounding some bourbon. What could go wrong?
Any advice on upload outpacing download or OpenVPN client performance is appreciated.
Y'all rock.
-
Great to hear. Without seeing what you changed, no. I don't have any ideas what it could have been.
OpenVPN is just....slow. It spends more time context switching between user and kernel modes that it does doing anything else.
-
OpenVPN VS IPsec forever and a day Flexibility VS Speed.
-Rico
-
@rico Interesting. You'd sacrifice 80-90% of the links speed to get the flexibility OpenVPN offers? That really says something...like I'm going to hate it if I try IPSec.
-
I keep my fingers crossed for Multicore Support in OpenVPN 2.5
In the meantime you can run OpenVPN and IPsec peaceful together and do some testing, this should not be any Problem.-Rico
-
@sean-allen said in SG-3100 Slow Throughput:
@rico Interesting. You'd sacrifice 80-90% of the links speed to get the flexibility OpenVPN offers? That really says something...like I'm going to hate it if I try IPSec.
It may appear to be 80-90% because 100Mb of 1000Mb but in reality IPSEC on the 3100 is only going to do @300. So yea, you’re giving up 66% in speed but only compared 300Mb. In my use, primarily mobile, I like OpenVPN for it “stay connectedness” vs IPSEC which can be less resilient to connection changes. OpenVPN vs IPSEC security I will let others speak on.
