Speed test is slow direct from my PC to PFSense
-
I am new to PFSense.
Currently I have a Lab that I am using to make sure that it can replace my SonicWall TZ500 (at my house).
The biggest reason why I would like to replace it is so that I can upgrade my home internet speed from 1Gib to 3Gib. But here is where I am at...
I have set up this Lab with using an 8 core Mini Computer with 32GB Ram. Its pretty spunky.
I installed the HTML5 Speed Test tool on the device and I am getting very slow speeds directly to it.
I have used this software before on servers quite a bit, and get great speeds over a 10 Gbps network, however right now I am getting those slow speeds directly from my PC to the PFSense router.
What am I doing wrong? I should be getting close to 1 Gbps speed here as this device is set up for 1 Gbps network cards.
The internet trunk that I currently have set up to the device does have internet but its my slow internet that is 100mbps down, 15 up and I at least get those speeds when using speedtest.net.
Please help direct me! I want to make sure that when I get back that I am OK with sticking a 10 Gbps network card in that I can get 10 Gbps speeds (with very little overhead).
-William
-
pfsense is a router/firewall not a server - you need to test through pfsense, not too it..
This is brought up every single time someone ask this same question.. The only time that speed to pfsense would come into play would be if using proxy.. And then even then you should test through via the proxy vs directly.
Setup say iperf server on wan side of pfsense, and then from lan through to that server. Or whatever speedtest server side thing you want to do..
Then you would test directly from client to server, and then route/firewall/nat it through pfsense to see what sort of performance you can expect with those features happening vs just what the server and client can do over wire.
-
Okay, thanks, this is good news. I will test it this way.
But why can't I test to the router in this way? Why are the speeds slower?
Also note, that when I do test this way, I look at the CPU and Ram during this test and everything remains low.
-
pfsense is designed to route/firewall/nat - not serve up stuff ;)
There is a big difference between routing a packet and sending it up the stack to process it and then send back an answer, etc.
As to load remaining low, yeah why should a router spend all its cycles doing something that not its job - shit that is not its job is lower priority than what its suppose to do..
Your testing method has zero to do with what pfsense is designed to do.. Its like testing your tractor for its quarter mile speed ;) Going to suck at it.. But hey it will plow that field like nobodies business.. While your mustang might have great 1/4 mile results, not going to plow your field worth shit... hehehehe
-
Yeah, testing directly from or to the firewall is only really useful for fault locating. You can compare the results from two different interfaces for example but absolute values are almost always going to be lower that what can routed through it.
That said those values do seem low.
Also you will not see 10Gbps through that unless maybe you used jumbo packets etc. I would expect somewhere in the 3-4Gbps region but there are many variables.
Steve
-
Yes, the values are very slow. If I hook up my home network to it and test to my web server through the PFSense Firewall, here is what I get:
Where as if I connect to it directly:
(I am not sure why its not showing closer to 3-4gbps, but its a newer server, have not looked at mtu or anything) -
I assume you are testing over a 1G link there. igb NICs?
-
Yes, both are 1Gb NICs and a a short Cat5e cable between the two.
-
But are they igb NICs as opposed to em or re etc?
-
I guess I don't know what IGB vs EM vs RE are.
But I do see that the nics are IGB
-
Ok they're igb. They pretty much had to be unless you had added more since the C2758 has 4 igb NICs built into the SoC.
You should be seeing significantly more than that. I would check the output at the command line of
top -aSHwhilst testing.Make sure you have all off loading disabled in Sys > Adv > Networking.
Check
vmstat -ishows interrupt loading from each NIC spread across the cores.Steve
-
@billsecond said in Speed test is slow direct from my PC to PFSense:
I am not sure why its not showing closer to 3-4gbps
How do you expect to get more than 1Gb out of 1Gb NICs? You are going to need 10G to the ISP.
-
@Derelict because when connected direct to the network I’m on 10gbps. Not through the router.
-
Non-trivial to set up a lab like that. is virtualization involved? What switches etc?
Going to need more information. Guarantee the C2758 is capable of forwarding faster than you are seeing there, barring some strange issue with your particular unit.
-
@Derelict
No, Virtualization is not involved, I have the nic in my personal PC directly connected via a cat6 cable to the device. -
you happen to be doing any jumbo frames? Since your running 10ge and all.
-
The igb NICs are all 1G. You have 10G NICs in that firewall too?
Steve
-
@stephenw10 said in Speed test is slow direct from my PC to PFSense:
The igb NICs are all 1G. You have 10G NICs in that firewall too?
SteveNot on this one, this is my test device. But My point was that I was getting very slow speeds on this device. The device that I will be building is 10gb device. I was also explaining that if I hook up my PC direct to my existing non-test network (all 10gb), I do get a faster speed test.
-
Ok, so we are still looking at the ~250Mbps limit on a 1Gbps connection.
So do the tests I asked about here and we can check the results.
Steve
-
Any update to this thread? im having the same problem with the bandwidth speed when using pfsense.
