SG-2440 - MAX NAT/PF SPEED
-
SG-2440 supposed to to gbit. I read a ton of reports that it should, but after I upgraded our ISP to 1gbit...having issues.
Enabled TSO. PowerD w/ Maximum enabled....
Can the SG-5100, I want to replace this router with it if for some reason it cannot pf @ gbit speeds.
-
Why would you enable TSO? If anything that will hurt.
On the 2440 you should have HCO enabled (unchecked) and TSO and LRO disabled (checked).
How are you testing? What are you seeing? It depends on the makeup of the traffic and a host of other things.
Q: Can the SG-2440 pass traffic at gigabit speeds? A: It depends.
The SG-5100 has quite a bit more processing capability than the SG-2440.
https://www.netgate.com/products/appliances/
-
I just purchased a SG-5100 to put in place. I can't get 1gbit on WAN through this device no matter how I try. Who knows it could be bad, I guess.
I just can't understand how 1 single TCP stream can't peak at 1000mbits WAN to LAN.
All I have enabled is pf, and NAT.
We are talking about a speedtest.net thing. I even run the script on the device w/ this: https://www.joe0.com/2019/11/12/measure-the-speed-of-your-pfsense-routers-wan-connection-by-executing-the-speedtest-net-from-a-pfsense-gui/
Max I can get is 500mbit.
I will have to setup my own iperf, etc...but something is up here.
Is this device not rated for gbit WAN?
-
I have 3 of these devices, and I will perform some tests in a lab environment someday and update this post.
-
Because a single TCP stream generally cannot transfer 1 gigabit.
https://www.switch.ch/network/tools/tcp_throughput/
This is an XG-7100, which has the same processor as the SG-5100 (Atom C3558):
Note that 937Mb/sec is pretty much as fast as is theoretically possible on 1000BaseT. There are Ethernet headers and framing, preambles, and inter-packet gaps, IP and TCP headers, etc that all have to be transferred. If someone says they get 1000Mbit/sec payload through gig ethernet they are lying to you.
Your speed test results will only be as fast as the slowest link between you and the speed test server. That one at EPB is really close. I am also using the ookla app on the Macbook Pro to eliminate any browser issues. There are lots and lots of reasons you might not be getting the same results. The firewall hardware you have chosen is only one part of the entire flow.
As a contrast here is the same speedtest but using a server at Georgia State University in Atlanta:
To me that is an acceptable result, even though it's not 1000Mbps or even 937.
-
I get how that works @Derelict but I can't get above 500 to 600 mbits on this device.
Nothing special. I had to QoS the connection down to about 200 mbits just to fix it.
-
W
webdawg about an hour agoI get how that works @Derelict but I can't get above 500 to 600 mbits on this device.
You mean you can't get more than 500-600 FROM THE INTERNET on that device?
Nothing special. I had to QoS the connection down to about 200 mbits just to fix it.
I don't know what that means. If you had to reduce your speeds to 200Mbit on what is supposed to be gigabit or else you got buffer bloat or something that is an ISP problem, not a local firewall problem.
Set it up in a lab and see what you can get through it when you control everything. I'm sure you will find you can get about 940Mbps through it every time you try as soon as you get a decent testing methodology worked out.
I just re-enabled snort on LAN to see what it does and I have a bunch of packages running.
My point is that the hardware is but one element in your overall WAN speeds.
With snort on LAN:
-
It was the router. I could not even get a single iperf stream to saturate the connection.
I don't know if the SG-2440 was messed up.
iperf3 -P4 would hit gigabit.
i can do single streams now.
the SG-2400 can't do an iperf3 single stream @ gigabit speeds? max was 600-700 mbit.
sg-5100 is moving and grooving.
-
FYI:
I just defaulted one of these back to factory, and did some testing. With NO changes from default:
700-841 mbits max, single stream.
900-835 4 streams. I am attaching output from a script that runs the test 25 times in a row.
The source was a box that was on 10 gbit fiber (no jumbo), with the router connected to a switch that has 10 gbit fiber in. So all 10gbit until I plugged the router into the switch, and the test client into the router.
Attached is the output.
