Pfsense is slowing my internet down

jakehaas

I just built my first Pfsense box on a dell r210 ii. I have not touched any pfsense settings except assigning lan and wan ports and switching lan to 10.0.0.1/24.

Install was fairly easy. I have verizon fios, So I plugged the ethernet cable from the ont into wan port, and once I was able to get an IP from Verizon (took a few reboots) everything was working as expected, except for the speed.

I then plugged the Verizon router into my lan network so DVR etc would work on the TVs. Didn't need to forward any ports, which I thought was strange since all the guides out there say you will have to.

I was getting 350 Mbps before with just verizon router, and now I am getting 60-80 Mbps on all the speed test websites. It also seems like my latency is longer too, although cannot confirm that.

Any help would be appreciated,

Thanks

hescominsoon

@jakehaas what hardware are you running pfsense on? hard to tell what could be going on without hardware specs.

jakehaas

@hescominsoon

I am running on a Dell PowerEdge R210 II Server

Xeon E3-1220L 2.2GHZ

8GB Ram

tman904

It may be the PF(Packet Filter) firewall inside of pfSense causing it. I remember reading that using a stateful firewall can slow down throughput vs a pure stateless router. Although Netgates appliances can route and firewall at speeds much higher than 80mbps.

What is the CPU usage on your pfSense while performing the speed test?

I know you said you didn't change anything but the LAN IP but just to double check.

1. Are your CPU/RAM and state table resource usages high?
2. Are you using any add on packages?
3. Do you have a lot of firewall rules configured?
4. Did you change PF(Packet Filters) ruleset optimization setting?
5. You said you didn't have to forward any ports so did you enable UPNP?

tman904

This post is deleted!

jakehaas

I tried disabling packet filtering but it also disabled NAT which I need since I am coming directly from the ONT.

Not using any add-on packages.

Only firewall rules that are set are whatever the default are.

No, I haven't touched the optimization setting - I'll look into that.

I also did not enable UPNP, so I really do not know how the FIOS router is working for the TVs. It is also connected over coax - so maybe it just needs any internet connection for in/out traffic and then the rest is handled through coax.

Basically this is a fresh install.

What is the best way to monitor system recourses? I was looking at the top output in System Activity.

It basically stays like this the entire time - even when running speed tests.

last pid: 19177;  load averages:  0.22,  0.16,  0.15  up 1+04:44:56    04:30:20
162 processes: 5 running, 137 sleeping, 20 waiting

Mem: 36M Active, 112M Inact, 243M Wired, 18M Buf, 7506M Free
Swap: 3656M Total, 3656M Free


  PID USERNAME   PRI NICE   SIZE    RES STATE   C   TIME    WCPU COMMAND
   11 root       155 ki31     0K    64K CPU3    3  28.7H 100.00% [idle{idle: cpu3}]
   11 root       155 ki31     0K    64K CPU2    2  28.7H 100.00% [idle{idle: cpu2}]
   11 root       155 ki31     0K    64K RUN     0  28.7H 100.00% [idle{idle: cpu0}]
   11 root       155 ki31     0K    64K CPU1    1  28.7H  99.46% [idle{idle: cpu1}]

Thanks for your help with this!

chpalmer

I easily see full speed on my internet 250+mbps using my pfsense box.. Intel(R) Celeron(R) CPU G1820 @ 2.70GHz

Yours- ??
https://ark.intel.com/content/www/us/en/ark/products/53401/intel-xeon-processor-e3-1220l-3m-cache-2-20-ghz.html

Id be more interested in what the actual motherboard and ethernet options are..

tman904

@jakehaas Are you using the onboard ethernet nic? If so its driver may having very poor hardware interrupt handling, meaning that NIC can slow the system down a tremendous amount. When higher speeds/throughput are pushed through it.

ssh or console in and run "systat vmstat" Then keep that command running while running your speed test. If the Interrupt CPU usage is high and the amount left idle is low that could confirm what the problem is.

Here's my firewall with no problems as a baseline.

stephenw10

60Mbps is woefully bad on that hardware. There is something significantly wrong.

Check the Status > Interfaces page for errors/collisions.

What NICs do you have there? Dell Broadcom multiport cards? bgeX?

Steve

provels

Seriously slow. I get 300/25 with the tiny VM in my sig on a 12 year old PC.
Try changing cables and switch ports first, then a new/used i345/i350 NIC if no help.

Tzvia

Did I miss- what NICs you have... STATUS/INTERFACES - verify the WAN mtu is in the neighborhood of 1500 and media is 1000 T FULL. Can't hurt to check all INTERFACES. If it's coming up 100 you aren't going to get faster than that...

tman904

@jakehaas said in Pfsense is slowing my internet down:

dell r210 ii.

I've got a feeling they are broadcom based on that machines specs.
Taken from here:
https://www.dell.com/tc/business/p/poweredge-r210-2/pd
Network Controller
-One Dual port Broadcom BCM 5716

I've personally had horrible performance with broadcom in the past. Now I use intel based gig nics.

stephenw10

Most Broadcom NICs should be fine in pfSense but if you are seeing issue check the tuning guide options:
https://docs.netgate.com/pfsense/en/latest/hardware/tune.html#broadcom-bce-4-cards

Steve

tman904

@stephenw10 I was referring to the fact his hardware has broadcom NICs in order to rule those out as a possible problem maybe he should try other NICs,

I personally haven't had those type of driver interrupt problems in years.

stephenw10

Nope me either. I would not expect to see any issues with Broadcom in most setups.

The 60Mbps the OP is seeing here is so low it must be something pretty fundamental like the NICs linked at half duplex or a bad cable etc.

Steve

tman904

@stephenw10 Could be a fault with the switch it's connected to as well.