SG-3100 not getting expected performance
-
We have had a SG-3100 on our network since 2018. It is used as a router and firewall.
It has been working fine for our Comcast Business Cable connection of about 100 Mbps down and 6 Mbps up.
Last week we got a new Comcast Business fiber connection. We are paying for 50 Mbps down and 50 Mbps up.
When I tried doing speed tests on the connection, I'm getting 50 Mbps Down and 10 Mbps up.
I've contacted Comcast support and they assure me that they are able to get 50 down/up from our connection through their testing.
I installed Speedtest on our SG-3100 to try to get to eliminate any other network problem from the testing but I'm still getting 50/10 on our connection.
I don't have much running on it. I have PFBockerNG running and only a few rules to open up a couple of ports. I also have ntopng running.
What do I need to look at on our SG-3100 to see where it might be causing a bottle neck?
Thank you for any insight you can give me
Jason
-
Do you now have 2 WANs or you swapped out the old for the new symmetric connection?
If you have two WANs make sure it's not still using the other one.
There should be no problem at all passing 50Mbs in either direction. Check the WAN in Status > Interfaces. Make sure it's linked at the correct speed and duplex and doesn't show errors or collisions.
Steve
-
Remove pfsense and test directly connected to the modem, with a PC or laptop.
Also, don't install speedtest on the firewall..
How are you going to test the throughput performance if you are not passing traffic through?
You would be forcing the SG-3100 CPU to generate the packets for the speedtest, wouldn't that decrease the performance? This is not what it is designed for..Note: if you are getting 50Mbps down, the firewall wouldn't be the bottleneck, otherwise you would be getting 10/10 Mbps up/down. Why bottleneck only in upload..
-
@stephenw10 Thank you for replying
There is only one WAN. The old cable modem has been disconnected and on its way back to Comcast.
I don't have access to my SG-3100 from home, so I will have to check on the WAN interface status next time I am there.
Thanks
Jason
-
@mcury Thank you for the suggestion. I'll try connecting directly to the modem the next time I am at the location.
I have a lot to learn about networking. What you said makes sense about testing throughput performance. Thanks
Jason.
-
So I am back at the site with my SG-3100. I was able to do a direct ethernet cable connection to the Ciena 3903 fiber modem with a laptop. Curiously my linux laptop wouldn't let me do a manual connection and I had to borrow a windows laptop. That was able to get me the 50/50 up/down connection.
I can only guess that there is a problem with a setting that I put in my SG3100.
When the fiber installer was here getting things hooked up, he gave me some information for static IP address, subnet mask, gateway, and the DNS Servers. One thing I noticed is when setting for a static IPv4 in PFsense, there isn't a place to add a subnet mask. It only has places for IPV4 address, IPV4 Upstream Gateway, and the / number. I'm not sure what to use for the / number so I just used 24. Is there a chance that this is causing my issue?
Thanks for your help
Jason
-
Option is there, bottom right, not showing for you?
-
@mcury I'm not sure what the option is I'm supposed to be seeing. I don't see anything saying "subnet mask" in both your screenshot and my screen.
Is that what the "/" does? If so, how am I supposed to enter in "225.225.225.252" into that? I put in the gateway number by clicking the green button and entering into the popup box.
Under status -> Interface -> WAN, it is showing "Subnet mask IPv4
255.255.255.0"I'm sure there is some basic networking concept that I'm not well educated about here.
Thank you
Jason
-
@rlcutah You mean 255.255.255.252, and not 225.255.255.252..
It s a /30.
Edit: Maybe this will make things more clear:
https://docs.netgate.com/pfsense/en/latest/interfaces/configure-ipv4.html
https://docs.netgate.com/pfsense/en/latest/network/cidr.html -
@mcury OK, thank you for those links. That was helpful.
I must have written down the subnet mask incorrectly when the tech gave it to me. The one I gave earlier was the one I had recorded. I can see now how that is not an option. Thank you for the correction.
So I've changed it over to /30. The speed I'm still getting behind the SG-3100 has not changed. 50/10
I know the SG-3100 has the horsepower to support a 50/50 connection, but there must be something with it that is keeping it from reaching the bandwidth that I am able to get with a laptop connected directly to the modem.
Jason
-
@rlcutah said in SG-3100 not getting expected performance:
@mcury OK, thank you for those links. That was helpful.
I must have written down the subnet mask incorrectly when the tech gave it to me. The one I gave earlier was the one I had recorded. I can see now how that is not an option. Thank you for the correction.You are welcome
So I've changed it over to /30. The speed I'm still getting behind the SG-3100 has not changed. 50/10
Have you tried another speedtest?
Did you configure traffic shapper?
https://docs.netgate.com/pfsense/en/latest/trafficshaper/limiters.html -
@mcury Oh my goodness, that was it. Traffic shaper. I had forgotten that I had done that with our previous connection.
Thank you, thank you, thank you
I'm now seeing 50/50 up/down
Jason
-
I have been using PFsense for over ten years on four different types of hardware my SG-3100 has been junk since the day I got.
It is slow even with no packages added on the factory settings I even reinstalled the OS and it still is brutally slow even with only one computer on it. It runs very hot and the hotter it runs the slower it goes I used it for a month and couldn't take it anymore and replaced it with the XG-7100 1U. My SG-3100 sits unplugged in a closet and may soon go in the trash. My XG-7100 1U in my shop with 9 computers on the internet with 2 people working from home using openvpn with Snort and PFblocker is running like a champ. -
How slow? How did you test it?
Actual objective numbers required here.
Did you ever open a ticket with us about it?
Steve
-
My SG-3100 runs with 1000/50, but my segment is not good and FQ_codel limits the Speed far away from Hardware Limit.
If i deactivate FQ_codel, or run up to 900+GBit but 100ms+ of ping time.
That is it not worth.
Is a nice low Power high speed device.
