Routing from LAN1 to LAN2 slow - Build on P4 3Ghz 1GB Ram [SOLVED]


  • Hello everyone, i'm facing a performance issue when routing from Lan1 to Lan2 on the same pfSense.

    My setup is on Pentium 4 3Ghz, 1 core 2 HW threads , 1GB ram and 3,5" magnetic Hard Drive Sata2.

    The issue:

    The speed between PC1 or PC2 to PC3 or PC4 is about 25-30MB/s. (traffic between the 2 networks)
    Obviously i have added all rules for routing etc, there is no problem accessing !
    Lans are dedicated interfaces, not VLANS.

    Checking already made:
    Both switches are capable of Gigabit. Cables checked all ok.
    When i test simple file transfer (Zipped Solid Data) on PC1 from PC2 and vice versa, speed is 110MB/s
    When i test simple file transfer (Zipped Solid Data) on PC3 from PC4 and vice versa, speed is 110MB/s

    Diagram:

    284f9c17-cbdb-4390-94d2-ea38cbbc70c4-image.png

    I have checked the CPU Load on dashboard while transfer, on all cases is 20-25% max. RAM 16% usage only.
    BUT what i have notice is that while transfering between the 2 networks, when the low performance happens, the hard disk of pfsense is working like crazy and you can hear it write / reading. This is not happening with transfers on the same network.

    I can understand that on the same network, the commands are directed by the NIC directly and when routing is needed, needs more processing power if am not mistaken.

    My questions are:
    why the CPU not used more if needed ?
    Why the hard disk is reading / writing ?
    Assuming the hard drive limiting the speed, will it help if i replace it with SSD Drive Sata2 2,5" ?

    Thanks for any replies.


  • First and foremost, the P4 was released ~20 years ago, so I would replace your PFsense hardware on GP alone :) Not to mention, if those NICs are sitting in ISA slots, ~30 MB/sec is probably about all you're gonna get due to the bus.

    Next, you could try toggling the different offloading settings in System -> Advanced -> Networking.

    If you're adamant about sticking with that P4, then I would recommend a redesign. E.g., Move to an L3 switch and connect PFsense to the L3 managed switch via a transit network. Then separate your networks using VLANs created on the switch. This way, inter-vlan traffic will be handled by the switch instead of traversing PFsense which is running on 20 year old hardware.


  • @Bambos said in Routing from LAN1 to LAN2 slow - Build on P4 3Ghz 1GB Ram:

    Both switches are capable of Gigabit. Cables checked all ok.

    Are the NICs Gb? As mentioned above, a P4 is a relic from the dark ages. Also, Gb interfaces typically have a LED that indicates a Gb connection. Do you see that on all interfaces?

    BTW, I first worked on P4 systems back in 1997. IIRC, they had huge heat sinks.


  • Thanks for reply.

    @JKnott I'm not sure we are referring to the same hardware. Actually is IBM/Lenovo hardware from 2009 Pentium 4 3GHz CPU with 1 GB Ram, the NIC's are on PCIex bus on the motherboard. Motherboard bus / RAM = 800MHz.
    Yes, they blink gigabit LED's normally.

    @marvosa the system is not 20 years old, maybe is 12, in good shape with single core dual thread CPU @ 3GHz. Front side bus 800MHz, RAM is KVR800. NIC's are on PCI express, capable of gigabit on the same LAN. the issue is while transferring from LAN1 to LAN2.

    Also, why a latest box with Celeron Jxxx series CPU costing 300-400$ would be much better in comparison with a single core 3-3,6GHz CPU ??
    According this : https://cpu.userbenchmark.com/Compare/Intel-Pentium-4-360GHz-vs-Intel-Celeron-J1750/m9270vsm25608
    they are about the same computing power. Of course they consume more energy.


  • @Bambos said in Routing from LAN1 to LAN2 slow - Build on P4 3Ghz 1GB Ram:

    I'm not sure we are referring to the same hardware.

    You said a P4, which covers a lot of territory. IIRC, it's a 32 bit CPU that can't run the latest version of pfSense.

  • LAYER 8 Global Moderator

    @Bambos said in Routing from LAN1 to LAN2 slow - Build on P4 3Ghz 1GB Ram:

    capable of gigabit on the same LAN

    Huh... You understand that pfsense has zero to do with conversations between machines on the same lan.. So not sure what you mean here.. You mean you have the same nic on other machines and when they talk to each other they can do gig?

    Pfsense nic has zero to do while other machines are talking to each other on the same lan.. You could turn pfsense off..

    So your hardware is from 2009.. Yeah its time to move on.. Computer years are like dog years, only worse ;) hehehe -- a 12 year old box its time to let go ;) The elec cost alone would prob pay for a new box in a couple of years ;)

    You say IBM/Lenovo - 2009? You sure its not a M50 from like 2003/4 that is when they came out with the P4 3Ghz model.. After that they were doing Intel duo's etc..

    Dude the thing must just suck power!!! What are you paying for electric 0.22 Euro per kwh or so... Yeah a much leaner less power hungry box that can actually route gig, would prob pay for itself in a year or 2.. Just in the electric cost to run such a beast.. What does it pull in electric idle? 80+ watts?


  • @johnpoz ok Sir, Thanks for your words. In general i agree with you. It's just a pilot setup for what i'm doing. After i have prove of concept, i will have to present a business plan to the board of directors and forecast all the cost with new machines etc, probably im going with 2X 6 port Netgate box in HA. So yes, i agree with you. I'm doing the best i can here :) There is also availability issue in my town. We are in a small island in the middle of Mediterranean. Last week i was searching for PCIex controller for 2 Sata Drives, and i couldn't find. My easiest access is amazon.uk with limited options in comparison to US online stores.

    Thanks guys.

  • LAYER 8 Global Moderator

    Yeah see my edit on the elec costs alone on such a beast.. I guessing that thing is a ancient M50 IBM/Lenovo from your calling it a P4 with 800mhz fsb, etc..

    If this is just a POC - you don't really have to worry about it routing at wire speed do you... Your just showing that stuff will work, etc. etc.. Not that its going to be at full speed with current hardware, etc. etc.