Slow Internet Speeds on pfSense
-
Hi, all,
I recently had AT&T 1G fiber installed at my house. After running some tests, it appears I am getting 999 Up/999 Down on the provided residential gateway but only an average of 500 Up/300 Down on my pfSense device.
As an example, here is the latest speedtest ran directly from the pfSense shell:
Download: 469.82 Mbit/s
Upload: 453.96 Mbit/sVersion: pfSense 2.4.5_1
Hardware : I am currently using the Protectli FW4B – 4 Port Intel J3160 router with a stock pfSense installation. This is plugged directly into the AT&T residential gateway. IP Passthrough has been enabled, but I have not yet touched DMZ+. All cables are Cat8. All ports show up as 1000baseT <full duplex> on my dashboard.
Installed Packages: I have Suricata and pfBlockerNG installed, but both are disabled at this time. Other packages I have installed are Notes, ntopng, and Telegraf (disabled as well for the time being).
I am attempting to troubleshoot this issue, but haven't had much success. CPU useage is, on average, only 3-5 percent and ram usage is roughly 15 percent, so I doubt this is a resource issue.
Any ideas what might be causing this?
-
@Egregore, I think it could be pfBlocker issue. Anyway disabling pfBlocker doesn't mean it turned automaticly off, you need to uninstall it.
Try to reinstall pfsense without any packages and see if your internet speed improves. -
How exactly would something that blocks dns have anything to do with speed test that clearly you can talk to if you get any result at all.
And clearly its not a resource issue.. Since his cpu and ram are fine..
But to be honest hard to take such posts serious..
I am getting 999 Up/999 Down
Yeah that is not possible on 1 gig interface.. Just not.. 950 ok..
Cat 8? Why? 5 or 5e is more than capable of providing full wire speed of a gig connection..
-
provide a screenshot of installed packges and disable all packages not apart of the out fo the box install. re-enable each and test speed after each. Use the CLI speedtesting agent from speedtest rather than the browser. Ntop for example does affect speed if enabled in my experience.
-
I concur if your wanting to know what speed you can get through pfsense.. I would test with a vanilla install.. Anything that has to look or manipulate or look at the traffic could effect overall performance.. Something like ntop, or ips could have impact.
pfblocker could in a sense have an issue - if it used up all your ram loading up block lists ;) And now your starved for ram to do routing/firewall.
But there is no way your going to see 999 - its not possible via a 1gig interface.. No matter what cat version of cable your using ;) BTW 5e can do 2.5 just fine as well..
here is 2.5 usb interfaces via cat 5e.
C:\tools\iperf3.9>iperf3.exe -c 192.168.10.10 Connecting to host 192.168.10.10, port 5201 [ 5] local 192.168.10.9 port 56764 connected to 192.168.10.10 port 5201 [ ID] Interval Transfer Bitrate [ 5] 0.00-1.00 sec 268 MBytes 2.25 Gbits/sec [ 5] 1.00-2.00 sec 282 MBytes 2.37 Gbits/sec [ 5] 2.00-3.00 sec 284 MBytes 2.38 Gbits/sec [ 5] 3.00-4.00 sec 282 MBytes 2.37 Gbits/sec [ 5] 4.00-5.00 sec 283 MBytes 2.37 Gbits/sec [ 5] 5.00-6.00 sec 282 MBytes 2.37 Gbits/sec [ 5] 6.00-7.00 sec 282 MBytes 2.37 Gbits/sec [ 5] 7.00-8.00 sec 282 MBytes 2.37 Gbits/sec [ 5] 8.00-9.00 sec 281 MBytes 2.36 Gbits/sec [ 5] 9.00-10.00 sec 283 MBytes 2.37 Gbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bitrate [ 5] 0.00-10.00 sec 2.75 GBytes 2.36 Gbits/sec sender [ 5] 0.00-10.01 sec 2.74 GBytes 2.36 Gbits/sec receiver iperf Done. C:\tools\iperf3.9> -
I had this strange slowdown 30Mbit of my 100Mbit connection in file downloads in the all browsers on all machines. However a test to speedtest.net (Ookla) did not have any slowdowns (reported 98Mbit actual troughput). I had PfBlocker installed but not enabled. I uninstalled PfBlocker as mentioned and could not believe but it solved all my problems. What the hell is wrong with that addon?
-
There are a lot of variables so... it's hard to say.
If you had a load of lists loaded and relatively low end hardware you might see that. A restriction to 30Mbps is quite extreme of most hardware though.
Steve
