Limiters reducing overall throughput

  • I have my pfsense system running in an ESXi 6.7 VM on my Microserver Gen8 (i3-3220T 2C/4T). I have Comcast Gigabit service and get 920/50 Mbps reliably. I have the Broadcom 5719 NICs configured as vmxnet3 devices in case that matters.

    After upgrading to 2.4.4p1 I turned on the Limiter capability as shown on the hangout video and now experience much lower download bandwidth, getting only 650 down (or so). I've tested using and and both show a similar reduction in bandwidth.

    Could this be a CPU issue? I have given the pfSense VM the full CPU 2C/4T. Most of the time the Dashboard CPU utilization during testing is maxing out at about 60%.

  • First off, you don't want hyperthreading enabled. 60% CPU is probably indicative of it being overloaded. A or speedtest both use around 3-4% CPU @ 400-500Mb/s for me, and that's with it downclocked to 800mhz.

  • Thanks.

    Also, why not use hyperthreading? VMware recommends turning it on for CPUs that support it.

  • I changed the settings to 'Tail Drop' for the Queue Management Algorithm for both the limiter and the queue (with the scheduler still set to FQ_CODEL). I also changed the queue length of the download limited/queue set to 4000 (both). I'm now seeing much better performance - ~800Mbps.

    Is there a log or something to monitor queue length to determine if it is being reached?

  • @scottsh the value you enter for queue length is not used when using FQ-CoDel - CoDel is dynamically managing the queue length within each subqueue created for flows.

    @Harvy66 is absolutely right, you really don't want to have hyper-threading enabled. You are inducing way more latency, especially with the limiter loaded with flows, than you probably realize. Even if pfSense was on your bare metal, hyper-threading would not be enabled if it were me.