Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Squeezing Performance

    Scheduled Pinned Locked Moved General pfSense Questions
    7 Posts 4 Posters 1.4k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      MagikMark
      last edited by

      Doing Experiment on how to squeeze every bit of performance of my box with 500/500 line. Tried the settings found on Calamel org and found out it made my connection very stable. However, burst speed has significanly reduced. It feels like ur not getting what u paid for. Here are the settings in my Loader conf:

      net.inet.tcp.hostcache.enable="0"
      net.inet.tcp.hostcache.cachelimit="0"
      hw.igb.num_queues="0"
      hw.igb.rxd="1024"
      hw.igb.txd="1024"
      net.isr.defaultqlimit="2048"
      net.inet.tcp.soreceive_stream="1"
      machdep.hyperthreading_allowed="0"
      net.isr.maxthreads="-1"
      net.isr.bindthreads="1"
      hw.igb.max_interrupt_rate="64000"
      hw.igb.rx_process_limit="-1"
      hw.igb.tx_process_limit="-1"
      net.inet.ip.maxfragpackets="0"
      net.inet.ip.maxfragsperpacket="0"
      net.inet.tcp.syncache.hashsize="1024"
      net.inet.tcp.syncache.bucketlimit="100"
      net.pf.source_nodes_hashsize="1048576"
      autoboot_delay="3"
      hw.hn.vf_transparent="0"
      hw.hn.use_if_start="1"
      net.link.ifqmaxlen="128"

      Can u help me decern which settings are impeding my burst speed? Burst speed goes back to normal once those settings are removed

      R 1 Reply Last reply Reply Quote 0
      • R
        rcoleman-netgate Netgate @MagikMark
        last edited by

        @magikmark What hardware are you using? This will greatly effect your performance.

        Ryan
        Repeat, after me: MESH IS THE DEVIL! MESH IS THE DEVIL!
        Requesting firmware for your Netgate device? https://go.netgate.com
        Switching: Mikrotik, Netgear, Extreme
        Wireless: Aruba, Ubiquiti

        M 1 Reply Last reply Reply Quote 0
        • M
          MagikMark @rcoleman-netgate
          last edited by MagikMark

          @rcoleman-netgate

          I have a mini itx in a sff case. AMD Ryzen 3200G, 16GB of Memmory and 256GB SSD. I'm using I350 T4 (dell). The said settings were used to be in the system turnables under the advance settings. I discovered when i booted pfsense in console mode, there was a message asking me to move those under Loader.conf

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @MagikMark
            last edited by SteveITS

            @magikmark fwiw, use loader.conf.local so it isn’t overwritten.

            Don’t have an answer for your question sorry.

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote 👍 helpful posts!

            1 Reply Last reply Reply Quote 2
            • M
              MagikMark
              last edited by MagikMark

              These are my custom system turnables. It was formulated to reduce latency in the network by making sure packets are multiples of RWIN as discussed in speedguide.net

              I welcome feedbacks so maybe others would benefit as well.

              net.inet.tcp.recvspace 4170240

              net.inet.tcp.sendspace 4170240

              kern.ipc.maxsockbuf 16681000

              dev.igb.0.fc 0

              dev.igb.1.fc 0

              dev.igb.2.fc 0

              dev.igb.3.fc 0

              dev.igb.4.fc 0

              dev.igb.0.eee_control 0

              dev.igb.1.eee_control 0

              dev.igb.2.eee_control 0

              dev.igb.3.eee_control 0

              dev.igb.4.eee_control 0

              net.route.netisr_maxqlen 2048

              net.inet.ip.intr_queue_maxlen 2048

              net.inet.tcp.minmss 536

              net.local.stream.sendspace 16384

              net.local.stream.recvspace 16384

              net.inet.tcp.mssdflt 1448

              dev.igb.0.iflib.rx_budget 65160

              dev.igb.1.iflib.rx_budget 65160

              dev.igb.2.iflib.rx_budget 65160

              dev.igb.3.iflib.rx_budget 65160

              dev.igb.4.iflib.rx_budget 65160

              net.inet.tcp.recvbuf_max 8340480

              net.inet.tcp.sendbuf_max 8340480

              net.inet.tcp.sendbuf_inc 65160

              net.inet.tcp.recvbuf_inc 65160

              net.inet.tcp.abc_l_var 44

              net.inet.tcp.initcwnd_segments 44

              hw.pci.enable_msix 1

              hw.pci.enable_msi 0

              net.inet.tcp.tso 0

              net.isr.dispatch deferred

              net.inet.udp.maxdgram 16384

              kern.ipc.soacceptqueue 1024

              net.inet.tcp.cc.abe 1

              net.inet.tcp.rfc6675_pipe 1

              net.inet.tcp.sack.enable 1

              net.inet.tcp.syncache.rexmtlimit 0

              net.inet.ip.maxfragpackets 0

              net.inet.ip.maxfragsperpacket 0

              net.inet6.ip6.maxfragpackets 0

              net.inet6.ip6.maxfrags 0

              kern.random.fortuna.minpoolsize 128

              net.inet.tcp.delayed_ack 1

              net.inet.tcp.delacktime 20

              net.inet.tcp.keepidle 10000

              net.inet.tcp.keepintvl 5000

              net.inet.tcp.isn_reseed_interval 4500

              net.inet.tcp.syncookies 0

              net.raw.recvspace 65160

              net.raw.sendspace 65160

              net.inet.raw.recvspace 8340480

              net.inet.raw.maxdgram 8340480

              net.inet6.ip6.auto_linklocal 0

              hw.intr_storm_threshold 9000

              net.inet.ip.redirect 0

              net.inet6.ip6.redirect 0

              If there are any deprecated entries pls let me know

              H 1 Reply Last reply Reply Quote 0
              • H
                heper @MagikMark
                last edited by heper

                @magikmark
                why do you need to tweak anything with that system?

                it should do 500/500 without breaking a sweat if you don't have any addons

                also the settings provided by calomel do not always apply for routers

                M 1 Reply Last reply Reply Quote 0
                • M
                  MagikMark @heper
                  last edited by

                  @heper

                  I just would like to squeeze every bit of performance. I'm running suricata, pfblocker and AdGuard Home inside my pfSense.

                  I think I was able to bring back the bursting experience by making sure all offloadings are disabled and leaving to default, parameters that impact security. The advise found in the link above I think is so strict.

                  Speed is very stable now and it's bursting to ny subscribed speed

                  1 Reply Last reply Reply Quote 0
                  • First post
                    Last post
                  Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.