Not getting properthroughput on gigabit devices. 200mbps when it should be at least 600mbps

Berzerk

Hey, I've been running pfsense for a about 6 months now.
I recently switched my wan to 600Mbps/100Mbps from 200/25 with my ISP.

Now even though direct from the modem I'm getting 600, pfsense is only putting through 200 still.

Only non-standard packages I have are acme and haproxy. I'm using an old HP laptop as my device. 4GB ram, 40gb SSD. 1 onboard gigabit intel and 1 gigabit realtek pcmcia adaptor. The onboard is the WAN and the realtek is the LAN. Can anyone help me get 600Mbps throughput?
Thanks.

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC>
ether xx:xx:xx:xx:xx:xx
hwaddr xx:xx:xx:xx:xx:xx
inet6
inet
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6
inet6
inet
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
enc0: flags=0<> metric 0 mtu 1536
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: enc
pfsync0: flags=0<> metric 0 mtu 1500
groups: pfsync
pflog0: flags=100<PROMISC> metric 0 mtu 33160
groups: pflog
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,LINKSTATE>
ether
hwaddr
inet6
inet
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active

Derelict

If you have not installed any shaping or limiting for the 200Mb speeds in Firewall > Traffic Shaper It might be time for you to throw some additional CPU at the problem or at least get rid of that realtek NIC.

PCMCIA on the NIC can't be helping your cause either.

johnpoz

What is that like a 13 year old cpu? I doubt it would jump it up to 600, but the PTI isn't going to help - you could disable that.

Also I would just take the ISP out of the equation for your tests.. put something on the wan, and then on the lan and do say an IPerf.

Berzerk

@johnpoz said in Not getting properthroughput on gigabit devices. 200mbps when it should be at least 600mbps:

PTI

Thanks, I'll try that.

With regard to the CPU, people were getting gigabit when it came out, and it more than meets the minimum for pfsense. I've got half a dozen core 2 duos, and they all have gigabit on board.

johnpoz

Having gig interface doesn't mean your going to see 900mbps ;) I remember when gig first came out and seeing 300mbps was kewl ;)

Berzerk

@Derelict
Mmmm.....all of my pcmcia adaptors are realtek. :(
Is there some old issue with them?

Cool_Corona

Around 2GHz will get you 200 no matter how many CPU's you throw at it.

I have 16 core server setup and cant go beyond 200 with Suricata running on a 10Gbps connection.

You need CPU horsepower.... = GHz

johnpoz

realtek and freebsd has never been good fit.

stephenw10

The E4500 I used to run could pass 1Gbps, just. But that was between PCIe Intel NICs.

Run at the command line top -aSH while you are testing. What CPU usage are you seeing, how it is spread?

But, yeah, a Realtek PCMCIA NIC cannot be helping here! Probably better off usings VLANs and switch.

Steve

Berzerk

OH....I was hoping on utilizing old hardware. I've got enough to have a couple fail over devices.

johnpoz

You can use all kinds of old hardware - doesn't mean your going to see 940mbps through it ;)

Berzerk

@johnpoz So what kind of hardware do I need to get those speeds?
Got to scrap the realtek, anything else I need to avoid?

Berzerk

@stephenw10 Highest I've seen cpu usage is 25% while running the test.

So no way of getting better results from realtek?

johnpoz

Something that has not been EOL for 10 years already would be a good start ;)

As to min you can get by with and do 600mbps - that would be a question for someone that deals with old stuff.. @stephenw10 would be my go to guy for such a question.. He plays with all kinds of hardware..

If it was me, I would get a sg3100, or 5100 and be done with it.

Berzerk

You have no idea just how cheap I am.

...plus, I've got a warehouse of old stuff.

It really baffles me that the network tech manufacturers got away with selling stuff as Xbps, and actually providing only 20% of what they say. I bought my first realtek gigabit cards in 2005. I know those are based on 'perfect' environments, but it crosses from 'reasonable' drops to ... well lies.
Don't get me started on wireless speeds.

akuma1x

@Berzerk Realtek gigabit cards can hit theoretical gigabit speeds, but with FreeBSD they aren't fully supported.

What kinds of "warehouse of old stuff" are we talking about here? You might have something better that can solve this problem you're having. I also find it kind of ironic that you're trying to route and hit today's high internet speeds with "old stuff" you've got sitting around...

Jeff

Berzerk

@akuma1x @johnpoz I have another question, if you'll humor me.

I have several realtek onboard ports, on about 30% of my network. A few D-Link brand, but are just Realtek. Some broadcom chips, but mostly intel. I'm able to transfer on the lan at about 920mbps between them. The CPUs vary from core 2 duos to I7s. Is it all in the FreeBSD drivers that the issue rests?

Berzerk

@akuma1x The Core 2 Duos are the oldest ones I have. (At least on the network. I have a few Athlons, and some x86 single cores, but I've put them out to pasture.)

akuma1x

@Berzerk Yes, that's the problem.

There has been some work for a driver, see here:
https://forum.netgate.com/topic/135850/official-realtek-driver-binary-1-95-for-2-4-4-release

I apologize, I haven't been following it all too closely, and I don't use any of it since I don't have any Realtek-equipped machines.

Jeff

Derelict

Get something with two intel PCIe NICs, idk, a lower-power Core i3 maybe. Might as well get something that has AES-NI going. An Atom C2000 maybe. You'll get 600 down or it's not the firewall.