Throughput Issue In Bridged Configuration

  • ISP Ciena Switch----pfSense Bridge----ISP Router----Firewall/SIP Gateway

    We have had a situation where the carrier ISP router was overloaded with traffic greatly impacted service to us.

    We are looking to place a pfSense with bridged interfaces between their switch and router so we can see all traffic going to the router and if needed, put firewall rules in place to block traffic so the router doesn’t fall on its face again.

    What we had available for this is a HP DL380 G7 with dual Xeon CPU E5649 @ 2.53GHz with 24 cores, 48GB of memory and HP NC382i NICs with BCM5709C controller. Yes we know it is overkill for what we am trying to do but it is what we had available.

    Do not have any other services on the interfaces and when we did a sanity check with iPerf (we know not a good way to simulate traffic) just to make sure the machine could pass traffic, we got 900Mb through put on the bridged interfaces.

    When we plug the device inline (2 port bridge for line between ISP Ciena and ISP Router), our internet throughput drops from 50Mb to 3Mb. Tested speeds just before and after placing the pfSense box in line. The CPU on the pfSense box does not get above 2% utilized. Less than 1000 states in the state table.

    What configuration are we missing that would cause the throughput to drop by that much?2019-12-20 12_40_17-Clipboard.png

    Status > Interfaces showing any errors? My first hunch would be an interface duplex mismatch there.

  • The Status > Interface was showing collision errors on the OPT1 and OPT2 interfaces that make up the bridge.

    The bridge interfaces were set to Default (no preference, typically auto-select) on the interface setting. On the Status > Interface it was showing 100 half duplex. Changed the interface to match of 100baseTX and rebooted the box.

    Once back ran test and still low throughput and the Status > Interfaces still show collisions.2019-12-20 14_18_19-Window.png

