pfSense config w/ new Spectrum router & modem

DanZero

Hello! We recently upgraded our Spectrum service. The previous 400 mbps plan (originally Time Warner) was working fine, and our speeds were consistent in the 400s. We were going straight from the pfSense router (netgate hardware) to their modem. The pfSense was (and still is) configured with our one static IP and gateway andress.

Post-upgrade to the 600 mbps plan (Spectrum), our pfSense router now plugs in to their router (new), and that goes to their modem (also new). While it does work, our speeds are all over the place (download as low as 100 and as high as 500, upload speeds are half what they should be). I’ve tried to bypass their router and plug the pfSense router straight into the cable modem, as it once was, but the gateway never connects (and yes, I rebooted everything multiple times). Spectrum claims I must go thru their router, and has been precisely zero help.

The Spectrum router is configured with the static IP and gateway address. Our router’s config hasn’t changed, and ALSO is configured with the same static IP and gateway address. I assume their router is in bridge mode, as they tell me, but I don’t know how it works at all with both devices trying to obtain the same IP address. I read it might be trying to do double-NAT or something, and that’s causing the issue, but that’s the extent of my knowledge.

There is limited configuration ability on Spectrum’s router. I’ve tried to disable SPI firewall, DHCP, and any NAT settings, but nothing had any effect. I also tried leaving DHCP enabled, and changing the pfSense to obtain the WAN address via DHCP, which worked but again did not solve the issue. The bottom line is that I can plug a laptop into their router and obtain max speeds (I hit just over 700 mbps). But behind the pfSense, which we must use for VPN, port forwarding, etc., we’re lucky to get even half of that, and it’s very inconsistent.

Has anyone dealt with this before? I'm sure there's a way to make this work, but since Spectrum won't help and I have limited knowledge of all this, I'm hoping the community can help! Thanks!

marvosa

@danzero
What hardware are you using? In order to achieve 500+ Mbps, their guide shows you'll need:

DanZero

@marvosa The NetGate is an SG-2440. CPU and memory usage are low.

JKnott

@marvosa

I am running Linux with an i7 CPU & 32 GB memory, using the built in NIC on a Gigabyte H77M-D3H mom board and pfsense is running on the hardware described in my sig. Here's a recent speedtest. I'm on Rogers with a 500/20 connection. When I run speedtest, pfsense isn't even breaking a sweat.

marvosa

@jknott
Just quoting the guidelines from -> https://www.pfsense.org/products. We know real-world results will always vary.

Considering the guidelines, also the fact that the SG-2440 is EOS/EOL and appears to be sporting a dual-core 1.7 GHz Atom, an upgrade may be warranted. Although, Netgate's specialized appliances may be able to do more with less.

I've read a few posts that say to verify PowerD is enabled (System -> Advanced -> Miscellaneous) and set to either Maximum or Hiadaptive.

There are always the usual suspects... e.g. were you shaping with QoS before the bandwidth upgrade? If so, verify bandwidth settings were adjusted accordingly. Are there any limiters defined? Are you running any packages like Snort, Suricata, Squid, etc? If so, does disabling them make a difference? I'm assuming you've verified cabling? And please tell me you're not running any TP-Link gear ;)

I've also read that disabling Hardware TCP Segmentation offloading can increase throughput, but I believe this step is typically related to virtualized environments, so this setting is probably moot in your case.

Of course, this all assumes Spectrum's router isn't cutting you off at the knees. Is PFsense getting a public IP? If not, I'd address that also.

JKnott

@marvosa said in pfSense config w/ new Spectrum router & modem:

There are always the usual suspects... e.g. were you shaping with QoS pre-upgrade? If so, verify bandwidth settings were adjusted accordingly. Are there any limiters defined? Are you running any packages like Snort, Suricata, Squid, etc? If so, does disabling them make a difference? I'm assuming you've verified cabling? And please tell me you're not running any TP-Link gear ;)

I'm not doing any of those. I have a Cisco switch and Unifi AP.

DanZero

This post is deleted!

DanZero

@marvosa
Thank you for the info.

EDIT: I think you were right, it was the traffic shaper. I deleted the existing shaper, re-ran the wizard and traffic speeds appear as fast as they should be and relatively stable!

Thank you for your help... I'll post an update should anything change, but for tonight, it looks good!