Bandwidth loss through pfSense firewall built on old dual homed PC?
-
Hello all. I have pfSense/pfBlockerNG/Suricata running on an HP thin client with two NICs, and am generally getting pretty good performance. In doing some random testing, however, I noticed that I appear to be getting aprox 997 mbps down outside the firewall, and about 640 mbps down inside. That hasn't been a performance problem, but it seems odd to me since the processors rarely go above 30%, and I seem to only get about 2 ms extra latency from the firewall itself. Both NICs are intel gigabit, and the 4 GB of memory rarely shows more than 25% usage.
I am wondering what sort of performance in this regard other folks are getting running this type of hardware, or older dual homed PCs, and if the community has any tip on tuning to limit the bandwidth "losses". Should I have any expectation of "better" performance with actual netgate hardware?
Update: Oddly I am getting a consistent 34 Mbps up, both inside and outside the firewall. No delta at all.
Thanks in advance
Bryan Bowlsbey
-
I used to have an HP computer for pfsense, before it died. My Internet connection is 500/20 and I would typically get upper 500s on speedtest. After the HP died, I replaced it with a Qotom mini PC with i5 CPU & 4 GB memory. I immediately started seeing better results on speedtest. So, the old HP was definitely a bottleneck.
-
@jknott interesting. What did your cpu and memory usage look like on the HP? Where they crazy high?
-
I never bothered measuring those. However, it was an Athlon 3200+ CPU and 4 GB of memory. My Qotom also has a 64 GB SSD and 4 Intel NICs.
-
Without knowing the spec of your HP thin client I would say it was a bandwidth issue with your HP thin client data bus.
Since the HP thin client only has 1 internal NIC I guess your 2nd NIC is connected to the USB port (USB version 2 has bandwidth limitations). Depending how HP designed their thin clients I would also say the USB and NIC might be on the same 1x data bus.
-
I had 3 NICs in my HP. However, it was a compact case, not a thin client. I had to use the low height cards in it. It's also possible his 2nd connection is via VLAN and managed switch, but that would definitely be a bandwidth killer.
-
@papdee It is an HP T610 with an additional IntelPro 1000 NIC
-
@bbowlsbey it depends on how that 2nd NIC is connected to the data bus. My guess is it is a 32-bit PCI connection running at 33MHz.
-
@bbowlsbey just reading the spec of the HP610 and it uses a PCIe x4 so it should be enough bandwidth to handle your Gb data transfers. Not sure on your setup internally but maybe worth checking the switch and maybe try using CAT6e.
-
@papdee said in Bandwidth loss through pfSense firewall built on old dual homed PC?:
maybe try using CAT6e
That won't make a bit of difference. Gigabit Ethernet was designed before there was even CAT 5e and is rated for 100M over plain CAT 5.
