Gigabit WAN speed low though pfsense.
-
Hello. I am new to pfsense. I just installed a pfsense box to my home network. I for some reason cannot achieve gigabit speeds from my ISP through it. I did once before when I was testing from what I remember but when I put my xfinity box in bridge mode it slowed down. When it was not in bridge mode it just grabbed and ip from the dhcp from the xfinity modem/router and I did a speed test. The test was 985 Mbits. Now after putting the modem in bridge mode. The speeds are 540Mbits. Now, with that said, the modem/router before bridge mode was issuing ipv6 connections to my devices. Now in bridge mode the the pfsence box doesnt seem to find one. I have the WAN setup in pfsense for dhcp on ipv4 and ipv6. It finds an address fore ipv4 but not ipv6 from what I can tell on the cli when booting. I don't know if that is the issue or not. Any help would be appreciated. I have the LAN assighnment side set up for static ipv4 and dhcp on the ipv6.
-
What spec is your pfSense box?
The LAN should normally be set to track the WAN for IPv6. The WAN itself may not necessarily get an IPv6 IP if it pulls a PD only. Check the dhcp logs.
Steve
-
The computer is a Intel(R) Celeron(R) CPU 847 @ 1.10GHz
2 CPUs: 1 package(s) x 2 core(s)
AES-NI CPU Crypto: No 4gb ramI did enable the "track the wan" this morning and it seemed to help a lot. On my LAN adapter property's in windows 10 machine states ipv6 no internet. There is also no DNS server listed for IVP6. How do I correct that or do I even need to? There is also no leases listed in the ipv6 leases in pfsense. Not sure where the logs are.
UPDATE: I checked "do not wait for RA" and the windows machine now has ipv6 DNS. Still not great speeds. I will have to check other PC's and switches in the network to make sure.
-
That is not a fast CPU. It's probably just limited by that.
I assume that is not a PPPoE connection?
Steve
-
I'm not so sure about that one. When I do a speed test the CPU only hits about 35%. I am running DHCP not PPPoE. I am not sure if the modem is.
-
Go to System -> Advanced -> Networking
Scroll down. There are several options, e.g.:
- Hardware Checksum Offloading
- Hardware TCP Segmentation offloading
And so on. Usually it's better to have these enabled and hand over the workload to the NICs, but it can also cause problems when it's enabled, so disable it and see if that fixes it.
What NICs are in your box exactly? I remember a year or two back I had a box, where I had to set several sysctl values to make the NICs work correctly. Maybe you got one of those as well?
Cu
-
I just tried it. It didn't seem to make much difference. I am using the on board nic ports. I know not the best idea. I do have some others I can try.
-
It should just work. Sure there's not another bottleneck?
Maybe the speedtest you're doing is not fast enough?
https://www.speedtest.net
http://ovh.net
Cu
-
Yea I think something is weird in the LAN side. I just went to another PC That is on the main switch and was getting gigabit. then this pc 500Mbits. I jumped this pc to the main switch and it was still low. I don't get it. It was fine before I installed this router. So its either this pc or the main switch which I doubt since other computers are ok. Strange
-
Run at the command line
top -aSHwhile you're testing to see the true CPU usage and what's using it.Grab the output from that and paste it here so we can review it.
Steve
-
last pid: 54247; load averages: 0.60, 0.53, 0.50 up 0+00:54:10 18:02:48
149 processes: 3 running, 127 sleeping, 19 waitingMem: 344M Active, 140M Inact, 343M Wired, 159M Buf, 2991M Free
Swap: 3881M Total, 3881M FreePID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND
11 root 155 ki31 0K 32K RUN 0 46:50 75.59% [idle{idle: cpu0}]
11 root 155 ki31 0K 32K RUN 1 43:53 67.29% [idle{idle: cpu1}]
12 root -92 - 0K 304K WAIT 1 0:50 23.39% [intr{irq265: re0}]
12 root -92 - 0K 304K WAIT 0 0:22 9.77% [intr{irq266: re1}]
75635 root 52 0 55792K 40044K select 0 0:01 2.69% /usr/local/bin/php /usr/local/www/pfblockerng/pfblockerng.php cron{php}
341 root 24 0 98460K 38740K piperd 0 0:05 2.39% php-fpm: pool nginx (php-fpm){php-fpm}
342 root 52 0 98332K 38404K accept 1 0:06 1.17% php-fpm: pool nginx (php-fpm){php-fpm}
66696 root 52 0 94104K 35572K accept 1 0:02 0.98% php-fpm: pool nginx (php-fpm)
47322 unbound 20 0 319M 311M kqread 0 0:27 0.10% /usr/local/sbin/unbound -c /var/unbound/unbound.conf{unbound}
0 root -16 - 0K 304K swapin 1 0:24 0.00% [kernel{swapper}]
12 root -60 - 0K 304K WAIT 1 0:05 0.00% [intr{swi4: clock (0)}]
57394 root 20 0 10436K 7384K kqread 1 0:04 0.00% /usr/local/sbin/lighttpd_pfb -f /var/unbound/pfb_dnsbl_lighty.conf
51269 root 21 0 51052K 34508K nanslp 0 0:03 0.00% /usr/local/bin/php_pfb -f /usr/local/pkg/pfblockerng/pfblockerng.inc filterlog
57450 root 20 0 50988K 35928K piperd 0 0:02 0.00% /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc dnsbl
58012 root 52 0 50988K 35976K nanslp 0 0:01 0.00% /usr/local/bin/php -f /usr/local/pkg/pfblockerng/pfblockerng.inc queries
47322 unbound 20 0 319M 311M kqread 1 0:01 0.00% /usr/local/sbin/unbound -c /var/unbound/unbound.conf{unbound}
0 root 8 - 0K 304K - 1 0:01 0.00% [kernel{thread taskq}]
12 root -72 - 0K 304K WAIT 0 0:01 0.00% [intr{swi1: netisr 0}] -
Ah, Realtek NICs. They won't be helping. Clearly not CPU limited though.
-
I am going to try to change the adapter see if that helps.
-
@stephenw10 said in Gigabit WAN speed low though pfsense.:
Ah, Realtek NICs. They won't be helping. Clearly not CPU limited though.
Just curious... how did you read Realtek from his top output, if that's where you saw it?
edit: nevermind, I see it now (re0 and re1) at the ends of lines 8 and 9. Sorry.
Jeff
-
@hilltop79 Can you login via SSH and run:
systat -vmstat
Then check the interrupts and if the load is high. If that's the case, switching to polling could help.
Cu
