pfSense APU3C4, Gigabit and PPPoE

24unix

Hi, forum,

I’m using pfSense for some years now, and am quite happy.
Since 1.5 years I’ve got FTTH, and it worked well, my plan was 200/100.
Now my provider made me an offer, 1000/500 for a few bucks more.

But when they made the switch, the result was disappointing.

The upstream is quite good, but the downstream is not. I asked for their support, and they sent a technician, and he made a test, 1000/500 is available. But not through my pfSense :(

I began to search for a solution, found this page: https://docs.netgate.com/pfsense/en/latest/hardware/tune.html#pppoe-with-multi-queue-nics

And finally, this one: https://teklager.se/en/knowledge-base/apu2-1-gigabit-throughput-pfsense/

I made all changes, but the result is not satisfying.

The problem seems to be that FreeBSD can't handle PPPoE in a good way:

„PPPoE connection type cannot use Receive Side Scaling load balancing, and the Intel i210 / 211 NIC multi-queue feature cannot be used (the NIC will use only queue 0, and not the others), because all the WAN traffic will be encapsulated into one stream, and by definition that cannot be load-balanced into multiple receive queues.“
[..]
„You can also consider using OpenWRT, which easily reaches 1Gbit/s with PPPoE.“

So, I could change the hardware or the software. Or is there any other option?

stephenw10

@24unix said in pfSense APU3C4, Gigabit and PPPoE:

Or is there any other option?

Not really, not currently at least.

One core of the 1GHz CPU is not powerful enough to pass 1Gbps with the PPPoE overhead (netgraph)

Steve

24unix

@stephenw10 Thanks for your reply.

I installed OpenWRT, it's a little bit better, but far from 1 GB :(

However, under Linux the system load (htop) is much lower than under FreeBSD.

stephenw10

Still all loaded on one CPU core? Might be some tuning required there to make it use the cores/queues correctly. I've never tried that with OpenWRT.

24unix

@stephenw10
I just issued a speedtest manually, there are peaks on one core reaching 100%.

Should I try something like iperf instead of speedtest(.net, cli version)

Googles result in the browser:

Strange, that upstream is higher than paid …

stephenw10

@24unix said in pfSense APU3C4, Gigabit and PPPoE:

Should I try something like iperf instead of speedtest(.net, cli version)

As long as you are not running it on the firewall.

Try just using a PPPoE session from a laptop dircetly and test there. Make sure you actually can see 1G at all.

Steve

24unix

@stephenw10
That works, that was, what the technician did.
Some kind of dongle in the patch panel leading to the FTTH media box and then with his smartphone he got 1000+ as a result.

Setup is straightforward, media box on the wall, a cable from there into the rack in a patch panel, and then patched to the APU.
Directly on the panel GB (via PPPoE) is available.

stephenw10

Well I would want to make sure I could see that same result to the same test servers you are using now. Otherwise you could be chasing an issue that's actually somewhere upstream.

24unix

@stephenw10 OK, I can try that tomorrow.

My wife arrived home, it’s not nice if I’m hunting kbit while she wants to watch Netflix :)

I’ve got a server with a spare NIC, if it’s GB (I’m not sure) I can try it with this one.

However: Both speedtest.net and Google show similar results.

stephenw10

@24unix said in pfSense APU3C4, Gigabit and PPPoE:

My wife arrived home, it’s not nice if I’m hunting kbit while she wants to watch Netflix :)

Ha, yeah, priorities!

24unix

@stephenw10 After some further reading:

I enabled Software flow offloading and hardware flow offloading.

Now, I will wait for a while what Zabbix measures …