Download Speeds are very poor but upload is fine.

  • Hi all,

    I have a fiber connection right to my Modem, 1GB Down / 1GB Up. I am using PFSense 2.4.4-Release-p3. I am having issues with "poor" download speeds relative to the connection I should be getting.

    When running speed tests on, I get my full upload speed ranging between 850Mb/s to 988Mb/s. But my download speed never goes above 175 - 190Mb/s. CPU doesn't go above 50% when running the speed tests (core i5-5250U CPU), the memory never goes above 20%. The device I have also has 4 1Gb NICs on it. I tried a different port in case it was just a bad port, no change. I have tried doing a new install of PFSense to make sure it wasn't something with my existing config, but the result is the same. If I plug into my ISP's modem directly my speeds are perfectly fine. 976+/- Mb/s Down and Up. I took my switch out of the equation thinking maybe that was the cause and just plugged directly into my PFSense box, but I still saw the issue. I also made sure Traffic Shaping was off.

    With all the testing I have done, everything points to the PFSense box, from what I can tell. I spent a few hours last night searching here and on google, but nothing that I found has resolved the issue for me. Does anyone have some ideas on how to fix this?

  • Netgate Administrator

    50% total CPU could be 100% on two threads there.Try running at the command line: top -aSH
    That should show you how that load is spread and what is causing it.

    Is that a DHCP WAN?

    With connection speeds that throttled check for errors in Status > Interfaces. Make sure you've tried swapping out cables etc.


  • @stephenw10 Thanks for the suggestion.

    Ok so I ran that command and run another speed test on and if I am reading this correctly, the CPU load% does not go over 2%. Load Averages: .14, .12, .09.

    Nothing is jumping out to me there.

    My ISP actually gave me a Static IP at no charge, so the IP on the WAN interface is Static.

    I have tested the cables and ruled out the physical layer. Used the same cables when connecting my laptop directly to the ISP modem (Used same static IP as PFsense router used and was getting full speed). It's only happening behind the PFSense box.


  • Netgate Administrator

    2% whilst passing ~200Mbps seems unusually low. What does the actual output show, the list of processes?

  • @stephenw10 This is what I am seeing in Top as the speed test is happening. Keep in mind, it was hitting 186Mb/s at this point. The only time I ever see any spike here is during upload and it's hitting 750 - 950Mb/s. I think the highest WCPU percentage I saw was 14%ish.


  • Netgate Administrator

    Hmm, OK that looks good. Multiple queues on each NIC.
    Hard to say then. We have seen ISP limit speeds severely to all except one MAC address, usually whatever was first connected. Have you tried spoofing the MAC to whatever your client that sees full speed is?


  • @stephenw10 I can try that, however I don't know if that would really do anything. I understand what you're saying and it totally makes sense, however I don't think my ISP is doing that. One thing I forgot to mention during my testing is that I actually tried connecting 2 different laptops directly to the modem and saw full speed on both. So unless they are only allowing 2, 3 or 4 different MAC's, and my PFSense was the cutoff at #5, I don't see this being the issue. I am happy to try it again though. Just eager to get this resolved.

  • Netgate Administrator

    I agree it seems unlikely but there is nothing to lose by testing it.

    The other thing I would try is putting an unmanaged switch between the pfSense and the modem as a test just to rule out some odd link issue.


  • ifconfig (the console => option 8) command confirms :

    media: Ethernet autoselect (1000baseT <full-duplex>)

    for all interfaces ?

    Your speed test @DSLReport confirmed a triple A score ?


    Check your main log file.
    Any NIC interface messages ?

    Reboot, goto (the console => option 8) and type


    at the end you'll see interface LINKUP messages.
    Speed and duplex mode is ok ?

    Wait some time - do some test and use the dmesg again.
    Something changed ?

    You could also try out some different settings here : System => Advanced => Networking - section "Network Interfaces".

    Btw : I had to use some well documented ( on this forum ) traffic shaping to bypass some severe buffer bloat on my VDSL connection.

  • @tbattista Always power-cycle the modem, then connect the device you are testing with when doing these sorts of tests to flush anything the modem may have learned.
    @stephenw10 having a managed switch that can mirror the traffic might be a great way to analyse where the problem is stemming from, although there would be some challenges as speeds approach 1Gbps, but given the low speeds reported, it should be sufficient to see what's really going on.

