pfSense is slowing down my internet
-
Hey all,
I have Netgate SG-3100 connected to Xfinity rented modem with gigabit internet package. Before that I owned the modem and thought speed issue were due to bad modem.
When connected directly to the modem using desktop computer I get full speed:
When I connect pfSense to it my download speed is cut in half:
I've tried toggling Disable hardware checksum offload and rebooted
as suggested here but no joy.Can someone please share their experience how they fixed this issue?
Here's the list of installed packages:
Output of speedtest-cli
[2.4.5-RELEASE][root@pfSense.mydomain.net]/root: speedtest-cli Retrieving speedtest.net configuration... Testing from Comcast Cable (73.xxx.xx.xxx)... Retrieving speedtest.net server list... Selecting best server based on ping... Hosted by Speedtest.net (Seattle, WA) [32.11 km]: 30.4 ms Testing download speed................................................................................ Download: 434.61 Mbit/s Testing upload speed................................................................................................ Upload: 25.91 Mbit/s [2.4.5-RELEASE][root@pfSense.mydomain.net]/root: -
comcast modem in bridged mode?
-
-
i had a similar issue and found it to be ntop. Even then, on a 1gb comcast line I only get 700ish down hardwired. If i direct connect I get 950down. I also have a 3100. I'm not entirely sure why the netgate device does this either. When I was running ntop I saw pretty much the same speed as you. try resetting the modem and netgate again. I use a SB8200 modem.
-
if it makes you feel any better..1GB line-in and I get those speed (950 down)with the 3100 out of the equation. That said, I'm not sure I entirely understand where the issue lies if the 3100 can process more than 1GB throughput.
1st test
2nd test
-
Your issue is the traffic “inspection” packages installed:
BandwidthD
DarkStat
Status_Traffic_TotalsThese packages put the Network Interface in Promiscious mode to get “copies”/access to frames sent and delivered on the interface. Promiscious mode requires copious amounts of CPU time to deliver and process frames within the software packages - something the ARM based appliances does not have. So effectively it kills throughput on your SG-3100. On 3100 it takes about half of the Gigabit throughput (just like what you are seeing). On the smaller SG-1100 and SG-2100 it takes slightly more than half (putting them @ about 200mbit).
Uninstall those packages and your bandwidth will return to the promised 930ish mbit through pfSense.
If you need those packages running, you have to get a bigger appliance - and so far an Intel based one. They can handle that load. -
Thank you all for the replies!
I removed all packages and left only:
openvpn-cleint-export
pfBlockerNG-develDid reboot and tested again. Still no joy. I was getting same speeds.
I had Shuttle DS437 with:
Intel Celeron CPU 1037U @ 1.80GHz
Samsung 256GB SSD
8GB of RAM.
Installed fresh copy of pfSense and was getting same speeds.
I was so frustrated that I downloaded Untangle and installed it on the Shuttle and I'm getting 900Mbps+ now.I'm using pfSense over 10+ years but with this I have to think about selling SG-3100 because even if I bought SG-5100 my speeds would not be above 900.
If anyone has more ideas what to try I would be more than happy because I would love to continue to support pfSense!
-
See also : https://forum.netgate.com/topic/142894/comcast-gigabit-sg-3100-not-getting-gig-speed
A test on reddit - see also the video - from 2018 shows 900+ over WAN.
That is, the other ipferf3 side was on the WAN network, so the traffic was going through pfSense, version 2.4.3.
https://www.reddit.com/r/PFSENSE/comments/88f2ty/netgate_sg3100_teardown_speedtest_review_of_this/ -
i've tested again, here are my stats. 1GB down @ Comcrap. I'm happy with this throughput considering suricata/extensive pfblocker lists.
