SG-1100 PPPoE Performance

  • Hi,

    Does anyone have any SG-1100 PPPoE performance numbers they could share?
    I have pfSense virtualized at the moment, but the Virtualisation platform tends to lockup/crash every 3-4 months taking all VMs down with it. So I think I'll move to some dedicated hardware and support the excellent pfSense project.

    Before I buy one of these little tanks though, I'd love to know what people can get using PPPoE through them. Not worried about OpenVPN or any IDS etc, just PPPoE and standard firewalling.


  • Netgate Administrator

    What sort of bandwidth are you looking at?

    The usual PPPoE restrictions don't apply in the same way as they do to igb/ix NICs. nvneta uses a single queue for all traffic so PPPoE is not additionally restricted. That said there is some additional overhead still.


  • I don't really have any BW in mind. I'm sure it'll handle my 100/20 link just fine, I'm just curious what speed I will limit my headroom to. I know I can upgrade my current link to 1G/400 with a phonecall.
    Given it's pricepoint I'm not expecting wirespeed here, but just curious what overhead on the posted ~890Mb/s IMIX result adding PPPoE to the mix brings.
    I both love and hate PPPoE, love it for the state that it brings to Ethernet, hate it for the performance overhead that comes with it.

  • Did anyone have any numbers they could share?

  • @muppet Are you in the USA? The SG-1100 is only $150. Why don’t you get it and give it a try? Sell it if you aren’t satisfied with its performance.

    I’m sure it will work just fine for you, but I don’t know your specific network environment.


  • @akuma1x No I'm in New Zealand, shipping is an extra $50 USD for me as well. So overall I'm looking at ~$300 NZD which is quite expensive. I concur though, I think I'm going to have to bite the bullet and just see what performance I end up with.

  • I hate to say it, because I prefer to support the project whenever possible, but you could do a bare metal install of pfsense on a SFF (small form factor) PC with recent hardware. Add as many NICs as you need, within machine specs. Then you wouldn’t have to virtualize. Find something local, if possible, to keep your costs down.


  • @akuma1x Yes it's easy enough to buy some secondhand/commodity hardware. My entire rationale for doing this is to support the pfSense project. I used bought the book even though I didn't need it, but that's not an option anymore. Plus having some branded hardware would be cool, but not if it's going to limit me to say 200mb/s in the future.


  • Netgate Administrator

    Trying to get a realistic number for you. I have a PPPoE WAN here but unfortunately it's only 80Mbps so... 🙄

    I can test artificially against the pfSense PPPoE server but that's likely to give a higher throughput locally.

    What sort of latency do you see on your WAN?


  • Thanks @stephenw10 !

    Ping between my host and the PPPoE BNG is ~3.4ms when pinging with a 1024 payload:

    [2.4.4-RELEASE][admin@trogdor.XXX.XXX]/root: ping -c 10 -s 1024 202.XX.XX.251
    PING 202.XX.XX.251 (202.XX.XX.251): 1024 data bytes
    1032 bytes from 202.XX.XX.251: icmp_seq=0 ttl=64 time=3.981 ms
    1032 bytes from 202.XX.XX.251: icmp_seq=1 ttl=64 time=2.648 ms
    1032 bytes from 202.XX.XX.251: icmp_seq=2 ttl=64 time=5.333 ms
    1032 bytes from 202.XX.XX.251: icmp_seq=3 ttl=64 time=2.221 ms
    1032 bytes from 202.XX.XX.251: icmp_seq=4 ttl=64 time=4.439 ms
    1032 bytes from 202.XX.XX.251: icmp_seq=5 ttl=64 time=3.469 ms
    1032 bytes from 202.XX.XX.251: icmp_seq=6 ttl=64 time=2.369 ms
    1032 bytes from 202.XX.XX.251: icmp_seq=7 ttl=64 time=2.559 ms
    1032 bytes from 202.XX.XX.251: icmp_seq=8 ttl=64 time=2.570 ms
    1032 bytes from 202.XX.XX.251: icmp_seq=9 ttl=64 time=4.406 ms
    --- 202.XX.XX.251 ping statistics ---
    10 packets transmitted, 10 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 2.221/3.400/5.333/1.029 ms


    I think any testing, even to a locally attached PPPoE server would be a good indication. I'm just trying to find out if it's ~200Mb or say ~600Mb/s. I think if it's much lower than 500-400 then I probably wouldn't bother, there is other hardware I can source locally with PPPoE offload and it'll give you basically wirerate minus the overheads. I have to source the SG-1100 direct, probably incurring import fees too!

    Appreciate the reply.

    Kind Regards,

  • @muppet said in SG-1100 PPPoE Performance:

    I have to source the SG-1100 direct, probably incurring import fees too!

    There's 2 authorized Netgate partners in New Zealand, according to their partner finder map. I don't know if that will help you any.

    Maybe ask if they have the SG-1100 there, or can get it for you and at what cost?


  • @muppet said in SG-1100 PPPoE Performance:

    @akuma1x Yes it's easy enough to buy some secondhand/commodity hardware.

    Anything you can find with enough network ports and an Atom C3XXX, or Intel i3/i5/i7 processors, or even some of the more recent fast Celeron and Xeon processors. Those are all good for a pfsense box. Try to stay away from the laptop-grade mobile processors, and the older Celeron J1900 stuff. Those are going to show their age and weaknesses quicker than the other ones.

    HP and Dell made/make some good small form factor stuff. Just make sure you can add at least 1 multi-port INTEL network card in there and you'll be all set with a nice pfsense firewall box.