Wan Interface speed issues

mollet

i have a big issue with RC 2.6.0.
This is my WAN Interface speed with 2.5.2

on 2.5.2

This is my WAN Interface speed with 2.6.0++

on 2.6.0

i honestly dont know what causes the issue but its the same even on 2.7.X

i really try to move away my customers from Sophos to PFsense and happy to buy a sub but since trying pfsense i only had bad luck with simple things that should work out of the box.

Its a hyper-v virtual machine on Windows Server 2019. Works normal on 2.5.2 expect the fact that i cant use ipsec on 2.5.2 due to phase2 doublications.

skogs

@mollet
That is a very extreme change. Curious if it is a hyper-v only issue. I just tested a couple systems and seem normal, but they're running on real hardware. Previous virtualized tests stunk unless turning off all the network unload stuff. Did you check those? (System - Advanced - Network - bottom of page)

mollet

@skogs i tried messing around a little bit.
So far i could improve it a little bit by adding 2 legacy network devices (old network cards) to the vm and assign it to the virtual switch. Here is the result.

legacy network adapters

as you can see, it is a little bit better but still far away from 2.5.2.
I also tried the suggested changes with the checksum and such but it havent made any difference.

Its a fully patched WIndows Server 2019 machine (no windows firewall enabled).
This is the Hardware Network Adapters used.
Hardware Nics

Lan is connected to the I350-T4 on Port 3 and Wan is connected to the I350-T4 on Port 2

skogs

On the bright side apparently the I350 NICs are fully supported by BSD; and it hasn't changed any since 12.2 which is what the pfsense 2.5 was sitting on top of.

I would have expected something funky changing from 2.4.x perhaps, but not 2.5.x.
Might be worth trying out the I210s. Exact same driver runs them. Might be something funky with the 4 banger network card and an IO scheduler or something.

When it is slow is there a cpu performance hit happening?

mollet

@skogs no, cpu performance and ram stays the same

netblues

@mollet Are you using the same virtual adapters in both cases?
How did 2.6 come to life?
Clean install or 2.5.2 cloning and online upgrade?

mollet

@netblues ive tried both already, fresh install and update from 2.5.x

ive also setup 2 completly new virtual machines, one with gen1 and one with gen2.
Both have the same problem shown above.

Same virtual adapter ? well, no, its the same physical adapter cause it has 4 ports but it has 4 single virtual adapters in hyper-v and the one iam using is exclusive only for this virtual machine, nothing else is on the adapter. first cable goes to the cable modem, sencond goes to the dsl modem and the third to the 10gbit switch.

iam really lost... dont know what could cause this to happen...
As there isnt a speed problem with 2.5.2, it should be clear that there is a bug in 2.6.0. It couldnt be an hardware or hyper-v interface / virtual switch problem as its only in 2.6.0 and above...

netblues

Try running iperf to a physical machine INSIDE your network and see what you get there.
You should be able to saturate 1g links easily both ways.
This will eliminate anything external.

Since I'm running 2.6rc on kvm (using virtio adapters) I don't see any speed issues when running under a hypervisor.
Of course kvm is not hyper-v, and as far as speed is concerned, the type of the card being virtualy emulated is the key component.

skogs

It has been a long time since I was cursed with supporting hyper-v so this might be a stupid idea now; just in case though:
Might be helpful on the host to uninstall the NICs and then refresh reinstall. I think you can turn off the queueing and offload functions on the NICs themselves on the host side too.
I know these adjustments might not be applicable anymore; and even more so that it shouldn't make any difference between 2.5.x and 2.6.x. Sometimes just click widgets and it magically fixes itself.
I know it also might sound stupid, but make sure everything is set autonegotiate and linking at gig. If anything along the way got manually set, the other end doesn't see the sync pulse so will default to 10M half duplex or 100M or something stupid. Again...shouldn't be impacted by 2.5x or 2.6.x ... but I've found my own work to be off at times and it only really appear at a bad time. Sometimes I look at something and wonder how it ever worked at all.

If nothing else, we all appreciate the valuable testing you're doing on hyperv and 2.6.x

mollet

@skogs @netblues

thanks for your replys. I was able to improve the performance by switching ports to the two onboard 10Gbit X550 Network cards.

This what i see now, still only a quarter of whats possible but alot better then 3Mbit ;)

physically on 10Gbit 550X nics

mollet

so, i decided to do a fresh pfsense install (2.6.0 - latest build) on my homeserver (the one windows server 2019 ran on) on a different SSD,

well, its not the hardware, thats sure.

bare metal

maverick_slo

@mollet
I have 2.6.0 on Hyperv 2019.
Have 300/30 link from provider..
Results:

So basically all fine.
Settings:

skogs

This might be horrendously off topic, but I'll mention anyway since I've bumped into it a few times.
The newer instance isn't set up with snort/suricata on inline mode is it? My speed has always taken a massive dive if I let it sit inline. It is a large price to pay for those few packets compared to legacy mode.