Comcast Gigabit - SG-3100 (not getting gig speed)
-
x-post from r/pfsense
Just switched from an aging Dell R210 to the SG-3100 for power consumption reasons.
I have gigabit service from Comcast, plugging directly into the modem and configuring one of my public static IPs does show I am receiving my advertised speed for my business account (Speedtest.net, dslreports, etc...)
However as soon as I am behind the 3100, I get no more than 500mbps at absolute best. (Snort was previously installed and I was getting around 150-300mbps with Snort enabled- snort is now currently uninstalled). There are no other packages installed that monitor / change traffic. Traffic shaping is also completely disabled. CPU is basically idling even during a speedtest.
I'm really scratching my head here since I've seen a few folks saying the SG-3100 can keep up but I'm having my doubts... It's a fairly stock setup; I don't have pfBlocker or ntopng installed any more.
-
The SG-3100 does not have the hardware specs to support gigabit WAN speed. You will need a SG-5100. Sorry.
This is what i run with my Comcast Gig connection.
Firewall Micro Appliance with 4X Intel Gigabit Ports, Intel Atom E3845, AES-NI
-
Curious. Because I have seen reports of others getting a gig to route through it. My old R210 was getting similar speeds as well with a hefty Xeon.
-
Fair warning: I am not a pfSense user; I am currently only a potential customer of a Netgate device.
From all my reading and research I've been doing lateley I'd say the 3100 has got the chops to do gigabit (pushing it's limits with all the bells wistles running at the same time) but it should be able to keep up (that also depends on your network design too but...).
Have you run any testing on your network?
iperfis failry popular (or you can usetcpbenchif you're an OpenBSD guy); I haveiperf2on my home server which I use to test internally--every time I get extremely bored or want to kill 10 seconds of free time-.Could be Comcast (when I had them, my speeds would bounce all over the place); test again in a bit. And actually I just had a--probably worthless--though; does Comcast still use the MAC on your device (I had to specify the same MAC as the Comcast router when wanted to use my own router); dbl check your Comcast settings again.
*shrug*
-
@Calltech101 I'm not sure where you are getting those numbers.
Perhaps you are confused with the SG-1100?
-
Simple google for sg3100 benchmarks on google shows multiple videos of it doing gig without any issues.. Even with ips on, etc.
So no clue to where he is coming from..
-
@johnpoz Oh I'm very well aware it can do gig, that's what lead me to purchase the SG-3100 however something is gumming up the works and I'm grasping at straws.
-
I would suggest you take internet out of the equation to validate.. Simple iperf from something on wan to lan, versa.
I have seen isp throuttle newer connections.. Connect some PC to your modem - can it do gig? This will have different mac than your previous router as well.
-
@JohnKaul I've been running iperf against the LAN IP of the pfSense and I'm getting roughly the same speeds so I don't suspect it's so much the routing part, but something else. I've been a user of pfSense since v1.2.3 and I've always loved it. This is just one of those gremlins... I used to be able to iperf to the old Dell running pfSense before at gig speeds, and through it (just not out to the internet) I can iperf through the Cisco SG200-26P switch at gig speeds minus overhead just fine.
-
testing to pfsense is not valid test of its routing/firewalling speed.
You need to test "THROUGH" pfsense..
-
@cparkervt, Ah. cool. Thanks for the recommendation. I'm still on the fence to be honest. I've never used pfSense so I'm still reading (a lot) about it and the hardware. Thanks again though. I appreciate the recommendation.
About the testing:
iperfis a nice tool but read what @johnpoz just said. -
-
@johnpoz said in Comcast Gigabit - SG-3100 (not getting gig speed):
I would suggest you take internet out of the equation to validate.. Simple iperf from something on wan to lan, versa.
I have seen isp throuttle newer connections.. Connect some PC to your modem - can it do gig? This will have different mac than your previous router as well.
I should have included this in my previous message. I have connected my MacBook to the modem directly, and set one of the IPs from my /29 public subnet AND tested with the DHCP lease received from the router portion of my modem. Both ways shows gig speed.
-
because pfsense stack for tcp is not meant to answer stuff asked of it, its meant to route it and firewall it... So no its not a fair test of what it can do.. Its not a server - its firewall/router.
-
@cparkervt, testing from aiperfclient (laptop) to aniperfserver (the 3100) would only be testing the cable/wifi signal (there's nothing in the way). Theiperfserver should be after the router so you test the throughput of the router.After re-reading your posts, I think I misunderstood your last question. I apologize for the "lesson" (you already understand what I said above). Sorry.
-
@johnpoz said in Comcast Gigabit - SG-3100 (not getting gig speed):
I would suggest you take internet out of the equation to validate.. Simple iperf from something on wan to lan, versa.
Are there any instructions anywhere on how to do this? All the talk of testing the routing THRU a pfsense box has me curious to setup this test.
I'm assuming it's a computer on the WAN port with some IP address, pfsense in the middle, and a machine on the LAN side. Run an iperf test and see the numbers. Anything more complicated than that?
Jeff
-
When you tested the speed of your switch, did you test through the switch or did you run iperf on the switch and talk to an SVI on the switch?
Nope thats it -
computer (iperf -s) --- pfsense ---- (iperf -c) computer
-
@johnpoz said in Comcast Gigabit - SG-3100 (not getting gig speed):
When you tested the speed of your switch, did you test through the switch or did you run iperf on the switch and talk to an SVI on the switch?
Nope thats it -
computer (iperf -s) --- pfsense ---- (iperf -c) computer
I will test PC -- OPT1 -- pfSense -- LAN1 -- PC ... later this evening.
Also on the agenda is testing a loaner SG-3100 with a virgin config. -
I would make sure you setup say opt1 to look like wan so its doing nat.. Since that could be a performance hit.. So you want to validate your speed is with natting being done.
-
lan by default is part of the switch right.. Possible you could have flood of broadcast traffic causing you issues on the switch?
-
@johnpoz I'll isolate the pfSense from the rest of my network during testing. Just for grins, I tested from a LAN PC using iperf3 to an Ubiquiti EdgeRouter's WAN IP in that same /29 and I was getting ~300m but that could be that it's a cheap ER-X and not able to handle being an iperf server as I know those have potatoes for CPUs in them.
I appreciate all the help so far. I really hope it's something simple like "hey you missed this one thing" actually kind of enjoying the challenge (good thing this is my home office/ home lab)
-
that brings up very good point... test your iperf server and client testing without pfsense to validate they can do gig..
iperf -s --- wire ---- iperf -c
or
iperf -s --- switch ---- iperf -cAnd make sure you use all the wires you will use with the testing, before you put pfsense in the middle..
If wasn't 3pm on a friday I would sim test the 3100 I have here.. But could do on monday ;)
-
@cparkervt said in Comcast Gigabit - SG-3100 (not getting gig speed):
<snip> but that could be that it's a cheap ER-X and not able to handle being an iperf server as I know those have potatoes for CPUs in them.
<snip>For what little it's worth: If I remember right, it's been a few years since I've dove into the source code but,
iperfruns on the stack (memory) only. So you are running a memory<->memory network/performance test. -
@johnpoz Yeah all my other testing I've been doing to rule out my own network was random clients running iperf over my two Cisco SG200/300 switches and they get 900+. Hence my confusion as to why the pfSense LAN IP was getting almost exactly the same as my previously quoted Internet speed tests. But like I said, I'll isolate the pfSense and test routing/NAT performance via iperf and see what it says.
-
Isolated 3100.
MacBook Pro used as iperf2 server.Through NAT:
[332] 0.0- 1.0 sec 46.0 MBytes 386 Mbits/sec
[332] 1.0- 2.0 sec 46.3 MBytes 388 Mbits/sec
[332] 2.0- 3.0 sec 45.9 MBytes 385 Mbits/sec
[332] 3.0- 4.0 sec 46.3 MBytes 388 Mbits/sec
[332] 4.0- 5.0 sec 46.0 MBytes 386 Mbits/sec
[332] 5.0- 6.0 sec 46.1 MBytes 387 Mbits/sec
[332] 6.0- 7.0 sec 46.1 MBytes 387 Mbits/sec
[332] 7.0- 8.0 sec 46.1 MBytes 387 Mbits/sec
[332] 8.0- 9.0 sec 46.1 MBytes 387 Mbits/sec
[332] 9.0-10.0 sec 45.9 MBytes 385 Mbits/sec
[332] 0.0-10.0 sec 461 MBytes 386 Mbits/secThrough Comcast modem switch:
[308] 0.0- 1.0 sec 117 MBytes 980 Mbits/sec
[308] 1.0- 2.0 sec 113 MBytes 949 Mbits/sec
[308] 2.0- 3.0 sec 113 MBytes 949 Mbits/sec
[308] 3.0- 4.0 sec 113 MBytes 949 Mbits/sec
[308] 4.0- 5.0 sec 113 MBytes 949 Mbits/sec
[308] 5.0- 6.0 sec 113 MBytes 950 Mbits/sec
[308] 6.0- 7.0 sec 113 MBytes 949 Mbits/sec
[308] 7.0- 8.0 sec 113 MBytes 949 Mbits/sec
[308] 8.0- 9.0 sec 113 MBytes 949 Mbits/sec
[308] 9.0-10.0 sec 113 MBytes 949 Mbits/sec
[308] 0.0-10.0 sec 1.11 GBytes 951 Mbits/seciperf3 was giving me weird numbers for both scenarios so I rolled back to iperf2.
No special switches were used in either iperf test. Just -c and -s where appropriate.Weirdly enough I can hit ~650 presently via speedtest.net (I consistently use Boston Comcast as my target because that's my next hop before I hit the rest of the internet)
-
Hmm, that seems waaay too low for a local test. Can say exactly what that iperf2 test was between? And how the 3100 was connected, which ports?
What weird results were you seeing with iperf3? That's usually preferred.Steve
-
@stephenw10 said in Comcast Gigabit - SG-3100 (not getting gig speed):
Hmm, that seems waaay too low for a local test. Can say exactly what that iperf2 test was between? And how the 3100 was connected, which ports?
What weird results were you seeing with iperf3? That's usually preferred.Steve
o.0
'between'? The 3100 was 'between' (as the OP stated).I would imagine
iperf3being preferred for testingOpenVPN, orSnort(or other type of single threaded stuff) but not as a general rule such as 'usually prefered'. There are other key differences but the point being, choose your weapon based on your needs not "da version number".http://fasterdata.es.net/performance-testing/network-troubleshooting-tools/throughput-tool-comparision/
-
I don't buy these speed so will duplicate when get to the office monday... Will bring my play laptop to work and my work laptop will be my test boxes.. If have to take the guest internet offline for a bit during lunch so be it ;)
But I will bring up a bit of why this stuff can be confusing sort testing... So elsewhere on the internet I was talking about my unifi usg I had sitting on a shelf, that I had used temp while my sg4860 was back ordered for home, and my VM pfsense that I ran for years could not keep up with my new 500/50 internet..
Anyhoo because of a question elsewhere I pulled it off the shelf, dusted it off - had to upgrade its firmware because current controller wouldn't work with it on such old firmware, etc. (few months)
Well got it all up and running in a few minutes.. And ran a speedtest.net test - like WTF only seeing hair over 100.. Now this laptop is a bit dated running windows 7 and hadn't fired it up in a while either.. But I had updated it from windows update before doing any of this - updated its java (needed to run the unifi controller on it), etc. etc.. I know it can easy do gig.. Updated its firefox browser, all the normal steps I do when fire up something that has been sitting for a few months.
So it was driving me nuts - I know this thing can do gig, and the usg before had no issues doing my 500 before.. Was there something wrong with the current firmware 4.4.38.. So I put the laptop just connected to my sg4860 - still shitty speeds! WTF.. I knew this thing can do gig, and my other pc sees my full speed through the sg4860.. So I fired up iperf (3.6) on my pc and the laptop running.. Bam 850 something iperf test...
So fired up ie and chrome - they are see much better speeds.. not what my pc sees, but much closer - in the 300.. My normal pc sees 600 speedtest to the internet..
My point to this all - is lets be clear what your testing here.. Once you go to the internet, and use some browser there could be other factors at play..
I have a 3100 at work I can play with.. So be happy to duplicate testing of speed of wan to lan via nat and firewall and see what I get..
-
*drops: sonobuoy*
So what usually happens when "you" cannot duplicate? -
I 'prefer' iperf3 myself because you can run it bi-directionally which makes testing easier. And because all the other results I have here are using that version which makes comparrison much easier.
By 'between' what I mean is what is the test server and test client in use and how are they connected to the SG-3100? Because if they are both local and connected to the WAN and LAN ports of the SG-3100 those numbers are far lower than I expect.
Steve
-
@JohnKaul said in Comcast Gigabit - SG-3100 (not getting gig speed):
So what usually happens when "you" cannot duplicate?
Well if can duplicate we need to figure out what is going on - maybe, just maybe some bug that is hitting our common testing.. But if can not duplicate need to figure out what is going on with his setup..
Its just more info to solve the puzzle... Sorry but I have been this for many many years, and while I believe the user has run into something that is causing him grief. I do not believe that the hardware can only do 350 ;)
None of the benchmarks show this.. So once I have a box that we can duplicate setups with we can hopefully track down what is the issue.
If I can or can not duplicate - either way its info we can give the guys that can do really figure out what is going on..
