Gigabit installed but speed tests are sub 300 Mbits, Verizon says it's pfsense but can't prove it's not.



  • I got gigabit installed yesterday and every speed test I've run using various providers has been under 300 mbit/s. The tech was saying that there is nothing he can do since I'm using my homemade router, he couldn't even tell me if it was gigabit at the ONT. I've tested everything locally and I get 800-900 Mbits/sec internally going from computer to computer or from computer to pfsense so I don't think it's an internal issue. Could it still be something on my side/pfsense, maybe the nic card/cable going out to the ONT is not great and that's the issue (even though it says 1000baseT in pfsense)? How can I diagnose this, ideally without taking down the network.


  • LAYER 8 Global Moderator

    So you can not connect a pc directly and test?

    To test pfsense throughput - you need to put something on the wan of pfsense, and then from client on the lan do your testing.. Say iperf3

    Running into a sim issue with my isp currently for upload.. Should be getting 50, and was for the longest time.. Then the other day its in the dirt and only seeing 2 to 10mbps up.. Even when connecting pc directly to the modem - so it sure and the F is not pfsense in my case ;)

    Download is great 500 plus.. But seeing packet loss and upload is just plain crap.. Tech was out yesterday - levels a bit low, he adjusted - still same.. So waiting for them to do whatever on their end.. Have to wait til friday to call if not fixed by then, etc.

    But to prove them its not pfsense, you going to have to bypass pfsense... Have them bring their own freaking router and show you your getting the speeds your suppose to be getting.


  • LAYER 8

    what are the specs of the pfsense machine?
    the fastest way to check would be to attach a pc to the router provided by your isp



  • @kiokoman said in Gigabit installed but speed tests are sub 300 Mbits, Verizon says it's pfsense but can't prove it's not.:

    what are the specs of the pfsense machine?
    the fastest way to check would be to attach a pc to the router provided by your isp

    AMD Athlon(tm) II X2 250 Processor
    2GB Ram

    Nothing fancy but should be able to handle it, no?

    They want me to rent a router for $12/month, so, even testing becomes a pain.

    I guess I'll figure out how to hook up a pc to the WAN, I just have painful memories of playing with something a year ago and then not having internet for days while I tried to figure it out. I would attach a pc directly to the ONT but it has to be the same MAC address that's recorded now or it wont work.

    If I want to test through pfsense can I just connect another pc to WAN and use iperf? Do I have to change my existing settings in anyway?


  • LAYER 8

    uhm it's a old dual core
    i don't think it's enought for gigabit output
    plus AMD don't play well for networking



  • @kiokoman said in Gigabit installed but speed tests are sub 300 Mbits, Verizon says it's pfsense but can't prove it's not.:

    uhm it's a old dual core
    i don't think it's enought for gigabit output
    plus AMD don't play well for networking

    Well, that would be an easy fix. I'm sure there is more to the router part, ssl, etc but if I can run iperf from pfsense to another computer and get gig that doesn't mean it will work going through it? For my own education, why? I figured since the SG-3100 can do gig that this dual core should be able to but I guess even if the clock is lower on the SG it's newer tech


  • LAYER 8 Global Moderator

    You really need to test "through" pfsense to know what it can route/nat - put something on wan, iperf server, and then iperf client on lan side and do a test.


  • Netgate Administrator

    @RyanDe said in Gigabit installed but speed tests are sub 300 Mbits, Verizon says it's pfsense but can't prove it's not.:

    AMD Athlon(tm) II X2 250

    I'd be surprised if that could not pass 1Gbps assuming you don't have a million packages or are testing over a VPN etc.

    The G-T40E in the APU can pass ~350Mbps. A C2D 4500 can just pass 1Gbps.
    https://www.cpubenchmark.net/compare/AMD-Athlon-X2-250-vs-AMD-G-T40E-vs-Intel-Core2-Duo-E4500/198vs264vs936

    Try running at the command line top -aSH whist testing from a client. See how the loading is spread, if either CPU core is at 100%.

    Steve



  • @RyanDe

    As others have mentioned, test without pfSense in the path. Connect a computer directly to the modem, using Ethernet and not WiFi. See what results you get then. Until you know where the problem is, you can't fix it.



  • The upload is a lot worse than download which is strange too, I've only seen like 100mbit up when it should be a gig. I guess when I get back next week I'll try the direct connection through pfsense before jumping and buying new hardware. Not sure what else it could be though. Thanks for the advice.


  • LAYER 8 Global Moderator

    @RyanDe said in Gigabit installed but speed tests are sub 300 Mbits, Verizon says it's pfsense but can't prove it's not.:

    Not sure what else it could be though

    The ISP not providing you the speed your paying for..

    I pay for 500/50 - currently only getting less than 5 up... They have been "working" on it for 2 days and no progress.



  • @johnpoz said in Gigabit installed but speed tests are sub 300 Mbits, Verizon says it's pfsense but can't prove it's not.:

    The ISP not providing you the speed your paying for..

    I'm paying for 75/10, but typically get low 90s down and 11 up. It's a very rare occurrence when I don't.


  • LAYER 8 Global Moderator

    Yeah this has worked really great for long time... Then about 8/19 saw start of packet loss - use to be 0... Now its around 5% download still screams see easy mid 500's -- spiking up into the 700's Its just download... its not my freaking end... The isp understands it, the tech has been out.. But taking them long time to fix it..

    If the isp keeps blaming it on your gear - then tell them to send a tech to show you with their gear getting the speeds your suppose to be getting actually working.



  • @RyanDe said in Gigabit installed but speed tests are sub 300 Mbits, Verizon says it's pfsense but can't prove it's not.:

    I'll try the direct connection through pfsense before jumping and buying new hardware

    Why through pfSense? If you think it might be a problem just connect a PC directly to the modem, through an Ethernet cable. That will provide the best performance you can get. Then and only then, can you determine whether or not pfSense is the problem. When trying to resolve a problem, you must try to isolate things as much as possible.



  • @johnpoz said in Gigabit installed but speed tests are sub 300 Mbits, Verizon says it's pfsense but can't prove it's not.:

    If the isp keeps blaming it on your gear - then tell them to send a tech to show you with their gear getting the speeds your suppose to be getting actually working.

    That's what I had to do when I had that IPv6 problem, a few months back. I finally got a senior tech out, where his own modem & computer failed. He then took them to the head end, where he tried with my CMTS and 3 others. Only mine failed. The network guys, instead of fixing a problem that had clearly been proven as their responsibility, continued to blame my network, even though my neighbour had the same problem and I had even identified the failing system by name.


  • Netgate Administrator

    300Mbps seems like a very familiar limit to be hitting. I seem to recall some ISPs limiting to that if you did not use the correct VLAN or priority tag. I'm not aware of Verizon being one though.

    Steve


  • LAYER 8



  • I think we'll need to wait until the OP responds back with some more findings from his side. As a fellow user of Verizon gigabit FiOS, I just wanted to mention that there is nothing special that needs to be done on the WAN side to get the connection to work or to enable full speeds. One thing I would recommend looking into perhaps is tuning the NIC's on both the pfSense router and the end clients. Gigabit and higher WAN connections are still fairly new, and historically settings for Linux / FreeBSD have been somewhat conservative in the interest of conserving memory and efficient use of resources.

    Some useful links:

    https://forum.pfsense.org/index.php?topic=113496.0
    https://forum.pfsense.org/index.php?topic=132345

    https://calomel.org/freebsd_network_tuning.html

    https://bsdrp.net/documentation/technical_docs/performance#where_is_the_bottleneck

    Hope this helps.


  • LAYER 8 Global Moderator

    Yeah I would suggest you say your not giving me what I paid for - I was actually pretty happy with my isp response.. They came out Wed.. Warning me, if its on my end then there will be tech charge.. Yeah Yeah - I know its not my end ;)

    So guy came, yup levels a bit low, he took out a splitter that previous tech had put in - that didn't fix it.. Then started checking levels like where it came into the yard, etc.. He had to call in, they couldn't fix it - then hey came back the next day and changed out something at the edge of yard, still not fix and said there was a packet loss issue - which I had told him and showed him on my monitoring ;) Then on the way to work on friday saw too trucks on the street and as I drove buy could see working on the boxes at edge of yard... Looks like they were running new cable from one box to another box..

    Well later morning - I got notified that my line kept going up and down.. I have external monitoring setup.. So I get text messages whenever my line goes down, and then when back up..

    As you can see they fixed it, and now getting what I pay for 500/50

    fixed.png

    You can clearly see where I was having about 5% packet loss - which never went away.. While it didn't really have any major effect on my download.. I could still get 500 down.. And downloads from my server in the NL still hitting 60MBps without much issue.. But upload was just in the dirt like 2, and 10 was highest.. My friends and fam not happy ;) Since plex was down for them - hehehe

    I show 2 people streaming now - and not even breaking a sweat, serving them.
    2streaming.png

    So I would highly suggest you validate that its not your router, do a simple iperf test between wan and lan to validate what it can do.. And if can do your gig or real close to it - then yeah call and complain that their shit aint right..


  • LAYER 8 Netgate

    When I moved into this place in spring 2019 they had to pull a new coax from the curb to the house.

    Sometimes it really is LAYER 1.


  • LAYER 8 Global Moderator

    Yup sometimes it is.. But I doubt I can get an actual RFO from them ;)

    But I bet they have some users that don't even bring it up, and just live with service that is well below par to what they are paying for..

    There would be one thing if you were paying for gig and only seeing like 800.. You might be fine with that.. But if your paying for gig an only getting 300.. WTF!

    When you say its 300, does it hard limit to that - say a "car" or does it fluctuate around that number?


  • LAYER 8 Netgate

    @johnpoz said in Gigabit installed but speed tests are sub 300 Mbits, Verizon says it's pfsense but can't prove it's not.:

    But I bet they have some users that don't even bring it up, and just live with service that is well below par to what they are paying for..

    And they all blame the firewall.


  • LAYER 8 Global Moderator

    Yup! this is why you need to make sure you actually validate what your hardware/software can do - without the internet at play..

    If your isp is blaming your hardware - then say fine, you bring your hardware and show me how the speed is what you say it should be.. Worse case you will get a tech charge... Which is why you should be sure its not your gear before you call them out on that ;)


  • LAYER 8 Netgate

    I say "ISP's suck." I know what I'm talking about. I ran one for 15 years.


  • LAYER 8 Global Moderator

    Hehehe ;) yeah they can for sure.. But sometimes you can get good service.. You might have to go through a few level 2 or even level 3 guys to find the guy that actually cares, etc. etc.

    If you can not get satisfaction from them, hope your in an area where you have choices.



  • @Derelict said in Gigabit installed but speed tests are sub 300 Mbits, Verizon says it's pfsense but can't prove it's not.:

    When I moved into this place in spring 2019 they had to pull a new coax from the curb to the house.

    Sometimes it really is LAYER 1.

    Many years ago, I had a problem which affected my Internet connection and home phone, but not my TV. I wrote a shell script that pinged my ISP's gateway every minute and recorded the failures. I have 2 feeds from the utility room and moved my cable modem to the other one. It still failed. This proved the problem was not in my home. The cable company sent a tech out to my home who tried to tell me that the problem was the cable running from where the cable comes up from the utility room to my computer room and wanted to replace the nicely installed cable (by my cable company) with cable stapled to the moulding, around doors, etc. He couldn't explain why that cable would be bad, but not the one from downstairs, which was a few years older. I refused. They then sent out another tech, after I explained the problem was with both cables from the utility room. They then started testing down there and eventually worked back to a defective cable between my building and their trunk on the street. Yep, sometimes the problem is physical. A bigger problem is "techs" who want to come up with a quick fix, when they don't understand what the problem is.



  • @johnpoz said in Gigabit installed but speed tests are sub 300 Mbits, Verizon says it's pfsense but can't prove it's not.:

    But I bet they have some users that don't even bring it up, and just live with service that is well below par to what they are paying for..

    That is something that bothers me. I've had a couple of problems where the biggest part of getting it resolved is trying to get past the first people who work on it. If it's not a common problem, they're likely lost. I have the telecom and network experience to get past them, but most customers don't.



  • @Derelict said in Gigabit installed but speed tests are sub 300 Mbits, Verizon says it's pfsense but can't prove it's not.:

    And they all blame the firewall.

    That was certainly the case, when I had that IPv6 problem a few months ago, even though my neighbour had the exact same problem and even when I put my modem in gateway mode it still happened.


  • LAYER 8 Netgate

    It sucks. I don't know how mere mortals deal with shitty internet.

    honestly, if you don't know wtf is going on, your best bet is probably to hire a local tech who is carrier-neutral who can negotiate the ticket with your ISP for you.


  • LAYER 8

    it is not easy to find sufficiently expert local technicians at an affordable price for a home user
    an expert would probably ask you more money than what is needed to change isp
    so "mere mortals deal with shitty internet."
    non expert .. well .. they will probably blame the firewall too
    😂



  • I think one challenge with high speed connections these days (e.g. 1Gbit+) is finding a proper testing methodology. What speed tests does one trust? The one your ISP provides? Going to major speed test provider such speedtest.net or using something like Netflix's fast.com? Plus, as more people upgrade to gigabit connections, congestion and load to those test providers or servers will go up as well.

    For what it's worth, my go to method these days is to use a run a Flent (https://flent.org/) test between a client on my network and a cloud VM, preferably one hosted on a provider that I know will peer very well with the ISP (e.g. Google Cloud, Amazon AWS, etc.). The nice thing about Flent is that it does try to strain your connection and it is also full-duplex (i.e. testing both upload and download at the same time). Generally if I see around 1.7 - 1.8Gbit/s combined on a gigabit fiber connection with only slight latency increases during the test, I'm very happy and consider the connection, firewall/router, and client pretty robust.


  • LAYER 8 Netgate

    @kiokoman I don't understand the reluctance to pay a knowledgeable professional for something so important. I just don't.


  • LAYER 8 Global Moderator

    To some its users, they don't have any clue to what gig is.. They just got that package because it was the "hightest" Then they go about using it with some shit wifi client and router that can barely do 100mbps But they can tell their friends - we went with the gig package ;)

    As to paying someone, yeah I don't get it either.. You pay the guy to fix your car.. You might bitch about the price - but hey you could rebuild the transmission on your own if you wanted to ;) hehehe

    I pay the professionals to trim my back hedges.. I would be out there for 8 hours, if not the whole freaking weekend sweating my ass off and do a shitty job more than likely... When they can come and do it in an hour, and take away the leavings.. So yeah it cost a few hundred... Money well spent if you ask me ;)

    Paying someone to do a job that your not skilled at doing, or want to do is well worth it.. Do you really want to be on the phone with some isp level 1 trying to get them to fix your internet for hours - now can you reach this www.domain.tld - what part did you not understand that Im not getting an IP.. So no I can not get to www.domain.tld ;)

    Many a company are paying for "line management" - could be a thing maybe in the home consumer market as the connections get faster and more complex.

    I might be willing even to pay X$ a month for that ;) Just like how you pay a service to cut your grass and fertilize, etc. ;)

    Are you ripping into your havc when its not working - or do you get a professional to do it? What about the plumbing.


  • LAYER 8

    I don't understand the reluctance to pay a knowledgeable professional for something so important. I just don't.

    so important for who/what ? home users that watch youporn and netflix?

    To some its users, they don't have any clue to what gig is.. They just got that package because it was the "hightest" Then they go about using it with some shit wifi client and router that can barely do 100mbps But they can tell their friends - we went with the gig package ;)

    exaclty, that's why ppl, at least in my country, have different priority, they don't care about gig, 90% does not know the difference between 1 megabits and 1 megabytes, they are ignorant fools. they start to complain only when they are unable to watch a football match on sky over adsl or the like

    moreover being able to talk to the technical service here is almost impossible unless you wait 4 or 5 hours on the phone before someone answers you from abroad who does not know what you are talking about / does not speak well our language and closes the phone on your face forcing you to call again and stay other 4 or 5 hours on hold.

    it's less frustrating to stay with what you have or change isp until you find the one that work the best



  • @Derelict said in Gigabit installed but speed tests are sub 300 Mbits, Verizon says it's pfsense but can't prove it's not.:

    @kiokoman I don't understand the reluctance to pay a knowledgeable professional for something so important. I just don't.

    It's all about cutting costs, forgetting that also costs in what's delivered. I believe the term is "false economy". Also, I have worked as a tech for many years. One thing I've often noticed is many others only learn as much as they need to do the job and little else. As a result, they can generally do their job, but get stuck when something unusual comes along. I have always tried to learn more.


Log in to reply