Diagnosing pfSense performance loss (40%)
-
Hi all,
After resolving a thorny NAT issue that was entirely my fault, I've come up with this issue, the bandwidth delivered by my pfSense appliance is suffering over 50% download loss. ISP provides 150mbps, computer connected directly to cable modem gets 150mbps. My pfSense device, connected to the cabler modem, is only delivering about 67mbps to my PC connected to the pfsense device in LAN.
If anyone can offer some advice on how to resolve what might be causing this performance loss I would be eternally grateful!
The pfsense device is running
-
Packages:
Of these, the iperf one is not in actual use at the moment but it is installed. There is no active VPN server.
-
Following the troubleshooting guide, this is the System-advanced-networking config:
No changes were needed, default was set. Issue still persists though of course. :-)
-
Is this the guide you're referring to? Have you gone through it completely?
https://docs.netgate.com/pfsense/en/latest/interfaces/low-throughput-troubleshooting.html
-
Yes that is the guide!
The main part I haven't tried to do yet is the MTU/MSS part. If I understand correctly, this would involve me contacting my ISP to determine what the optimal settings are for this?
There is no traffic shaping applied.
My PC connected to the pf-LAN is using CAT6 wired. Tested by reconnecting directly to the cable-modem and the speed there is 150mbps, drop in speed only occurs when connected to the pf device. Repeated multiple times to rule out other potential issues (like a windows update download sneaking in).
Also tested ISP performance using a laptop connected by WiFi, and that is a solid 150mbs (thruj 802.11ac) connection.
Getting the ISP to answer MTU/MSS settings may not be a fun process, was trying to avoid this. :-)
-
@jkamal said in Diagnosing pfSense performance loss (40%):
Also tested ISP performance using a laptop connected by WiFi, and that is a solid 150mbs (thruj 802.11ac) connection.
Is that WiFi connected to your pfSense router, if it is its not an issue with your WAN connection.
-
No, the laptop by WiFi is using the cable-modem WiFi.
pfsense network is wired only, and has only two connections -> to cable modem [wan1], and to my PC [lan]. Nothing else..
-
You'll see the MTU if you start a download of a big file and do a packet capture on your WAN interface.
Download the file then open it in Wireshark.
It you have ISP Router -> pfSense Router I'd have expected it to be 1500, expecially as it works fine on Wi-Fi.
You'll have a double NAT that won't help.
Also are you bridging, you've mentioned it in other posts?
https://forum.netgate.com/topic/143855/assistance-enabling-external-access-into-lan-nat-port-forwarding
-
I killed the bridge -- did a total reset to factory, and reconfigured everything. Only three ports are defined now, with three unassigned. igb0 is wan1, igb1 is wan2 (disabled right now), and igb2 is LAN.
-
Isolated the issue! During testing, I had misconfigured my cable-modem ISP. A hard reset of the cable modem and a switch back to DHCP on pfsense wan-1 interface cured the issue.
Not sure how it was providing 50% connection, as everything was messed up.... :-)
Full capacity restored!!
