iperf3 server on wan, and client on lan : but how?
-
Hey all,
Since getting my first pfSense box (1100) I am eager to learn more and more about networking. I decided I'd want to learn how to iperf.
I set up iperf3 on two Macs and got it to work:
- Mac1 (LAN) -> Switch -> Mac2 (LAN): 940 mbps
- Mac1 (VLAN10) -> Switch -> Mac2 (VLAN12): 577 mbps (L3 routing)
So far so good. Now I want to test the SG-1100 WAN to LAN. But how to connect the Macs?
I found this topic and what member @johnpoz said:
"I assume server or client is on wan, and other side is on the lan. But there are multiple ways this could all be connected. Which you really need to clarify. The actual valid test would be server on wan, and client on lan. While doing nat - which is the typical setup."So server on wan, and client on lan. Mac1 on LAN no problem. But would I need to connect Mac2 directly to the WAN port? Both Mac2 and pfSense WAN are DHCP. How would I configure the WAN port?
Thanks!
PeteP.S. just to add my SG-1100 config:
- Out of the box config just added pfBlocker, Avahi and freeradius (the latter not running)
P.S.2 I first tested SG-1100 ISP throughput using ISP speedtest and found 220-ish speeds for a 500 connection. I also tried a UniFi USG 3P base config which did around 500. So I want to learn how to perform a "real" test to check SG-1100 WAN-LAN throughput.
-
@cabledude said in iperf3 server on wan, and client on lan : but how?:
Both Mac2 and pfSense WAN are DHCP. How would I configure the WAN port?
For you test, you would put your 2nd test mac on the wan network - if you can not do this with your current internet setup - then disconnect from the internet and setup a network on the wan where you can place your 2nd testing mac.
-
@johnpoz Yes that is what I want to do. But I don't know how to connect a single computer to the WAN port and make them connect as both ports act as DHCP client. Let me explain with this scheme:
Should I adjust the WAN settings in the SG-1100? I wouldn't know how.
Pete
-
@cabledude set your wan to static with some dummy gateway and IP range so its still a wan. Disable monitoring so that wan is considered up. Say 172.16.0.0/24 which doesn't overlap with your lan.
So pfsense IP say 172.16.0.1/24 with gateway 172.16.0.254, now set your macbook 2 to 172.16.0.2 for example and connect it to the wan port.
Once your done with testing - change it back to dhcp and connect it to your isp device..
If your isp "modem" is actually providing dhcp and doing nat and pfsense is getting some rfc1918 address. Then just connect your mac2 client to this isp device, or add a switch and use whatever IP it gets as your testing..
-
@johnpoz That sounds brilliant in its simplicity. So basically I am mimicing what the DHCP server does: hand out IP addresses. What I failed to grasp up until now is that two devices will talk to each other if their IP's are within the same subnet, either established via a DHCP server or manually.
Am I understanding this correctly?
Will try this tonight. It will always have to be during the night because the family won't thank me for sudden downtime.
Thanks!
Pete
-
@cabledude yeah if the devices are on the same network and connected to each other - they would be able to talk to each other ;)
Doesn't matter how they get ip - be it via dhcp or static setup, etc.
Bit of heads up - when pfsense is not really on a internet connection, and its dns doesn't work the gui can be slow to respond.. Just wait a bit and it will work - but the web gui main page likes to check for updates and stuff, so when it can't its a bit sluggish..
-
@johnpoz Thanks for that notice. I will keep it in mind.
Just a check question : you recommended to disable monitoring, I assume you mean the "Disable Gateway Monitoring" in the System/Routing/Gateways/Edit Menu?Should I also disable "Disable Gateway Monitoring Action"? I suppose not as the system can only take action if monitoring is enabled.
You are really helping me to learn more about pfSense!
Pete
PS As a bit of an exercise I first connected the two MacBooks using a direct cable, setting 172.16.0.1 and 172.16.0.2 and I get gigabit iPerf3 readings (940's). So I am sure I will get the SG-1100 test running now.
-
I did the iperf3 test on the SG-1100. These are my findings:
Test 1 only Macbooks, directly connected, no switches no VLANs:
Macbook1 -> cat6 cable -> SG-1100 (LAN port) ->
SG-1100 (WAN port) -> cat6 cable -> Macbook 2
Macbook1 (LAN side) is on LAN (untagged from SG-1100)
Macbook2 (WAN side): ./iperf3 -s
Macbook1: (LAN side): ./iperf3 -c 172.16.0.2[ ID] Interval Transfer Bandwidth [ 4] 0.00-1.00 sec 86.9 MBytes 729 Mbits/sec [ 4] 1.00-2.00 sec 75.4 MBytes 632 Mbits/sec [ 4] 2.00-3.00 sec 82.8 MBytes 695 Mbits/sec [ 4] 3.00-4.00 sec 81.5 MBytes 684 Mbits/sec [ 4] 4.00-5.00 sec 86.0 MBytes 721 Mbits/sec [ 4] 5.00-6.00 sec 85.6 MBytes 718 Mbits/sec [ 4] 6.00-7.00 sec 77.5 MBytes 650 Mbits/sec [ 4] 7.00-8.00 sec 85.1 MBytes 714 Mbits/sec [ 4] 8.00-9.00 sec 83.1 MBytes 697 Mbits/sec [ 4] 9.00-10.00 sec 82.0 MBytes 688 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth [ 4] 0.00-10.00 sec 826 MBytes 693 Mbits/sec sender [ 4] 0.00-10.00 sec 825 MBytes 692 Mbits/sec receiverTest 2: Using UniFi stack on LAN side:
Macbook1 -> cat6a cable -> 24p UniFi switch -> cat6a cable -> SG-1100 (LAN port) ->
SG-1100 (WAN port) -> cat6 cable -> Macbook 2
Macbook1 (LAN side) is on VLAN12 (tagged from SG-1100 to the switch and Macbook connected to access port VLAN12)
Macbook2 (WAN side): ./iperf3 -s
Macbook1: (LAN side): ./iperf3 -c 172.16.0.2[ ID] Interval Transfer Bandwidth [ 4] 0.00-1.00 sec 46.3 MBytes 388 Mbits/sec [ 4] 1.00-2.00 sec 71.4 MBytes 599 Mbits/sec [ 4] 2.00-3.00 sec 71.5 MBytes 600 Mbits/sec [ 4] 3.00-4.00 sec 71.1 MBytes 597 Mbits/sec [ 4] 4.00-5.00 sec 65.2 MBytes 547 Mbits/sec [ 4] 5.00-6.00 sec 70.3 MBytes 589 Mbits/sec [ 4] 6.00-7.00 sec 74.1 MBytes 622 Mbits/sec [ 4] 7.00-8.00 sec 72.7 MBytes 610 Mbits/sec [ 4] 8.00-9.00 sec 64.9 MBytes 544 Mbits/sec [ 4] 9.00-10.00 sec 71.4 MBytes 599 Mbits/sec - - - - - - - - - - - - - - - - - - - - - - - - - [ ID] Interval Transfer Bandwidth [ 4] 0.00-10.00 sec 679 MBytes 569 Mbits/sec sender [ 4] 0.00-10.00 sec 678 MBytes 569 Mbits/sec receiverTest 3: ISP speedtest using SG-1100 and internet (WAN side):
I get consistent 200 - 220 ish download speeds with the SG-1100. I currently have a 500/40 cable connection.
When I connect a UniFi USG with its own UniFi stack (switch, AP) I get consistent 500 Mbps download speeds.
The ifperf3 tests show that the SG-1100 can perform adequately. Any clues where to start looking for clues?
Pete
-
@cabledude said in iperf3 server on wan, and client on lan : but how?:
Any clues where to start looking for clues?
Your wifi, 200mbps seems like a typical 2 stream AC connection with 40mhz channels, ie like a 400 PHY.. Is that via something plugged into the sg1100 interface or via your wifi AP that is connected to the sg1100?
I assume from your iperf that is wired test, and then your browser test if via wifi??
If that is the case - what does the controller show for your wifi connection for your clients PHY? I see 400+ easy via phone and tablets using wifi and unifi AP.. Not on a sg1100, but a sg4860.. But as you show from iperf test your sg110 can route/firewall/nat at 500mbps without too much trouble.
-
@johnpoz thanks for staying with me here. I never do any speed testing over WiFi as I am aware the WiFi connection may be the bottleneck.
so just like the iperf3 test, the internet speed test was performed wired, same LAN side config as the second iperf3 test:
Macbook1 -> cat6a -> UniFi 24p switch -> cat6a -> SG-1100 (LAN) -> SG-1100 (WAN) -> cat6a -> ISP connectbox (modem/router in bridged mode).The SG-1100 that I tested had not been restored to factory defaults prior to testing.
-
@cabledude well that good to know..
Take your switch out of the test.. And also is that browser based test? Use their app.. I have seen slow results with browser mode sometimes.
Also is that single mode or multi mode for the test? I have to assume you tried using different test servers.. The one it auto picks is not always the best.
-
@johnpoz When I bypass the switch I get 300’s for the netgate. so there is definitely something there. But still no 500. The sequence will start around 500 but appears to be throttled down towards the end of the sequence.
I use safari 15.1 browser on big sur, the same method for SG-1100 and USG. I get ultra consistent 500’s on the USG using safari.
I’m on the road for today and tomorrow so further testing will be delayed, sorry.
Pete
-
@cabledude something up if your iperf test shows 500.. I don't have a 1100 to test with.. But I have seen some oddshit with browser at times..
I never have any issues hitting my 500/50 with my sg4860..
-
@johnpoz Today I am ordering a second SG-1100 (1) to have a spare firewall in case of malfunction and (2) to play with and learn. I expect delivery some time next week. Will get back to you as soon as I have tested that box with default settings.
-
@johnpoz I took delivery of my spare SG-1100 and out of the box it is doing 500/40 using a selection of internet based speed tests. I am going to adjust settings on the spare unit and build up the config from a factory reset starting point until I get to identical settings. Will monitor speed after each adjustment to determine which steps or components start slowing it down.
Will be back.
Pete
-
@cabledude possible you had enabled shaping/limiting of some sort?
-
@johnpoz said in iperf3 server on wan, and client on lan : but how?:
@cabledude possible you had enabled shaping/limiting of some sort?
Nope, I did look for something like that, but no traffic shaping in pfSense and none in UniFi, at least not for the VLAN my laptop is in.
Will investigate some more.
Thanks,
Pete
