Speed loss due hardware configuration??
-
Dear all,
I am currently setting up the software-test environment for our lab and a pfSense firewall seemed to be the best option. Despite my enthusiasm and affinity for technical problems, I cannot figure out what causes the following problem: only having 100Mbit/s download speed (or less) although having a 1Gbit/s connection.
Here the firewall setup:
The pfSense firewall is running on an 'old' computer (i7-860, 16GB DDR3, 2x128SSD as ZFS-Mirror, ASRock H55M/USB3, Dual-Port PCIe Gigabit Network-card with Intel 82576).
If I am not mistaken, the hardware configuration for the firewall and its intended purpose is rather an overkill. Additionally, it is worth mentioning that the wireing in our building is rather special. Although we receive the internet connection from our ISP via cable, the entire building has fibre wire connection.
Here the complete connection plan:
Our ISP provides us with a Fritzbox (FB) 6591 and two static IPv4 adresses. One IP-adress is for the FB (Gateway-IP) and the other one free for us to decide. LAN-port 1 at the FB is reserved to connect directly to the FB, LAN-port 2 is set as exposed host and directs all requests unfiltred to our IP-adress, which hits our pfSense firewall. LAN-port 3 and 4 at the FB are deactivated. When I connect my laptop directly with the FB via Ethernet-cable (CAT6), I do get the full 1 Gbit/s down speed.
Nonetheless, since the FB is located in the server-room in the basement, to which I only have limited access, I am using a media converter (TP-Link MC220L Gigabit-Ethernet-Mediaconverter, 802.3ab, 802.3z, Hot-Swap) to convert ethernet to fiber wire (single mode) and on the nineth floor, where we have our server room, back from fibre wire (single mode) to ethernet. When connecting the pfSense firewall and performing a speed test, we are down to 10Mbit/s. Even if I connect the firewall directly with the FB in the basement, the speed is down to 100Mbit/s.
I realized that the dashboard of pfSense shows that the connection chooses 100base-TX instead of 1000base. Some google-research provided me with some hints that the media-converter might be problematic, but not to such an extent. Really?
Could it be that the Intel 82576 has issues with LRO and need adjustments like (suggested here: link)echo "dev.igb.0.enable_lro=0" >>/etc/sysctl.conf echo "dev.igb.1.enable_lro=0" >>/etc/sysctl.conf
Anyone experienced a similar problem and the above code lines solved the issue?
I hope you guys can provide me with some help.Cheers, Chris
-
LRO should be disabled anyway.
What does the interface actually show? Tryifconfig -vvvm igb0
(assuming igb0)It sounds like it might be linking at half duplex if you're seeing 10Mbps. Maybe the media converter doesn't support auto-select link speed?
What speed do you get with a laptop connected to media converter in place or pfSense?
Steve
-
@stephenw10 Hey,
I hope I can re-open that old post of mine. Shortly after my post I moved to a different hospital for a short research stay and completely forgot about that problem since I was swamped with new tasks. I figured out that in my absence a colleague of mine managed to get the internet speed up to 100 mBit/s, which is still not 1000 mBit/s. I have to say that our department is not very good in fixing problems, it seems.
So I started again investigating the issue. When I attach my laptop directly, I do get in fact the full 1000 mBit/s.
The output ofifconfig -vvvm igb0
isigb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=e120bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6> capabilities=f53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,NETMAP,RXCSUM_IPV6,TXCSUM_IPV6> ether 00:1b:21:38:2b:60 inet6 fe80::21b:21ff:fe38:2b60%igb0 prefixlen 64 scopeid 0x1 inet 109.90.218.66 netmask 0xfffffffc broadcast 109.90.218.67 media: Ethernet autoselect (100baseTX <full-duplex>) status: active supported media: media autoselect media 1000baseT media 1000baseT mediaopt full-duplex media 100baseTX mediaopt full-duplex media 100baseTX media 10baseT/UTP mediaopt full-duplex media 10baseT/UTP nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
The NIC seems capable of 1000baseT full-duplex.
Cheers!
-
Yeah, anything using the igb(4) driver should be 1G capable.
The fact it's negotiating to 100M makes me wonder if it's simply a bad cable or port somewhere. How is it physically connected?
What do you see with a laptop connected to the fibre converter?
Steve
-
@stephenw10 Physically it is wired modem --> media converter (1) --> mediaconverter (2) --> pfsense
Once I connect my laptop directly with mediaconverter (2) using an ethernet cable (CAT6), I do get the full speed. I just changed the ethernet cable connection mediaconverter (2) and pfsense from CAT6 to CAT5...no change, still 100 mbit/s. Could it really be that I need a SFP network card to avoid mediaconverter (2)? I am running out of potential problem points to tackle. -
It's failing to negotiate the link speed with the converter for some reason.
Try a different NIC as WAN in pfSense.
Try a different media converter if you can.
You could try setting the interface to 1000baseT full duplex but that should never be required for Gigabit.
Steve