Comcast Gigabit - SG-3100 (not getting gig speed)
-
x-post from r/pfsense
Just switched from an aging Dell R210 to the SG-3100 for power consumption reasons.
I have gigabit service from Comcast, plugging directly into the modem and configuring one of my public static IPs does show I am receiving my advertised speed for my business account (Speedtest.net, dslreports, etc...)
However as soon as I am behind the 3100, I get no more than 500mbps at absolute best. (Snort was previously installed and I was getting around 150-300mbps with Snort enabled- snort is now currently uninstalled). There are no other packages installed that monitor / change traffic. Traffic shaping is also completely disabled. CPU is basically idling even during a speedtest.
I'm really scratching my head here since I've seen a few folks saying the SG-3100 can keep up but I'm having my doubts... It's a fairly stock setup; I don't have pfBlocker or ntopng installed any more.
-
The SG-3100 does not have the hardware specs to support gigabit WAN speed. You will need a SG-5100. Sorry.
This is what i run with my Comcast Gig connection.
Firewall Micro Appliance with 4X Intel Gigabit Ports, Intel Atom E3845, AES-NI
-
Curious. Because I have seen reports of others getting a gig to route through it. My old R210 was getting similar speeds as well with a hefty Xeon.
-
Fair warning: I am not a pfSense user; I am currently only a potential customer of a Netgate device.
From all my reading and research I've been doing lateley I'd say the 3100 has got the chops to do gigabit (pushing it's limits with all the bells wistles running at the same time) but it should be able to keep up (that also depends on your network design too but...).
Have you run any testing on your network?
iperfis failry popular (or you can usetcpbenchif you're an OpenBSD guy); I haveiperf2on my home server which I use to test internally--every time I get extremely bored or want to kill 10 seconds of free time-.Could be Comcast (when I had them, my speeds would bounce all over the place); test again in a bit. And actually I just had a--probably worthless--though; does Comcast still use the MAC on your device (I had to specify the same MAC as the Comcast router when wanted to use my own router); dbl check your Comcast settings again.
*shrug*
-
@Calltech101 I'm not sure where you are getting those numbers.
Perhaps you are confused with the SG-1100?
-
Simple google for sg3100 benchmarks on google shows multiple videos of it doing gig without any issues.. Even with ips on, etc.
So no clue to where he is coming from..
-
@johnpoz Oh I'm very well aware it can do gig, that's what lead me to purchase the SG-3100 however something is gumming up the works and I'm grasping at straws.
-
I would suggest you take internet out of the equation to validate.. Simple iperf from something on wan to lan, versa.
I have seen isp throuttle newer connections.. Connect some PC to your modem - can it do gig? This will have different mac than your previous router as well.
-
@JohnKaul I've been running iperf against the LAN IP of the pfSense and I'm getting roughly the same speeds so I don't suspect it's so much the routing part, but something else. I've been a user of pfSense since v1.2.3 and I've always loved it. This is just one of those gremlins... I used to be able to iperf to the old Dell running pfSense before at gig speeds, and through it (just not out to the internet) I can iperf through the Cisco SG200-26P switch at gig speeds minus overhead just fine.
-
testing to pfsense is not valid test of its routing/firewalling speed.
You need to test "THROUGH" pfsense..
-
@cparkervt, Ah. cool. Thanks for the recommendation. I'm still on the fence to be honest. I've never used pfSense so I'm still reading (a lot) about it and the hardware. Thanks again though. I appreciate the recommendation.
About the testing:
iperfis a nice tool but read what @johnpoz just said. -
-
@johnpoz said in Comcast Gigabit - SG-3100 (not getting gig speed):
I would suggest you take internet out of the equation to validate.. Simple iperf from something on wan to lan, versa.
I have seen isp throuttle newer connections.. Connect some PC to your modem - can it do gig? This will have different mac than your previous router as well.
I should have included this in my previous message. I have connected my MacBook to the modem directly, and set one of the IPs from my /29 public subnet AND tested with the DHCP lease received from the router portion of my modem. Both ways shows gig speed.
-
because pfsense stack for tcp is not meant to answer stuff asked of it, its meant to route it and firewall it... So no its not a fair test of what it can do.. Its not a server - its firewall/router.
-
@cparkervt, testing from aiperfclient (laptop) to aniperfserver (the 3100) would only be testing the cable/wifi signal (there's nothing in the way). Theiperfserver should be after the router so you test the throughput of the router.After re-reading your posts, I think I misunderstood your last question. I apologize for the "lesson" (you already understand what I said above). Sorry.
-
@johnpoz said in Comcast Gigabit - SG-3100 (not getting gig speed):
I would suggest you take internet out of the equation to validate.. Simple iperf from something on wan to lan, versa.
Are there any instructions anywhere on how to do this? All the talk of testing the routing THRU a pfsense box has me curious to setup this test.
I'm assuming it's a computer on the WAN port with some IP address, pfsense in the middle, and a machine on the LAN side. Run an iperf test and see the numbers. Anything more complicated than that?
Jeff
-
When you tested the speed of your switch, did you test through the switch or did you run iperf on the switch and talk to an SVI on the switch?
Nope thats it -
computer (iperf -s) --- pfsense ---- (iperf -c) computer
-
@johnpoz said in Comcast Gigabit - SG-3100 (not getting gig speed):
When you tested the speed of your switch, did you test through the switch or did you run iperf on the switch and talk to an SVI on the switch?
Nope thats it -
computer (iperf -s) --- pfsense ---- (iperf -c) computer
I will test PC -- OPT1 -- pfSense -- LAN1 -- PC ... later this evening.
Also on the agenda is testing a loaner SG-3100 with a virgin config. -
I would make sure you setup say opt1 to look like wan so its doing nat.. Since that could be a performance hit.. So you want to validate your speed is with natting being done.
-
lan by default is part of the switch right.. Possible you could have flood of broadcast traffic causing you issues on the switch?
