New Spectrum Gigabit Internet/Slower Download Speeds Than Expected
-
I recently upgrade to Spectrum's fastest plan in Tampa, FL, which is 1000/35. My spouse and I work from home, video & screen sharing, so an upgrade was needed from the base 200/10 package. I did confirm I am receive the upload/download speeds from Spectrum via plugging directly into the provided modem from Spectrum, while on the phone with customer service. Both WAN/LAN interfaces are 1000baseT <full-duplex>, with MTU 1500.
However, I am not achieving close to the 1Gbps download speed as anticipated. I am hitting sub-300mbps consistently, and I am looking into setting I can adjust to improve the download speed. I have removed limiters and traffic shaping. I have looked at my switches and everything seems great.
Netgate SG-1100
Release: 22.05-RELEASE
CPU: ARM Cortex-A53 r0p4
1 GB RAMWith top -aSH
last pid: 1075; load averages: 0.37, 0.38, 0.24 up 12+18:59:58 12:11:14
158 threads: 3 running, 128 sleeping, 8 zombie, 19 waiting
CPU: 1.5% user, 0.6% nice, 1.3% system, 0.7% interrupt, 95.9% idle
Mem: 29M Active, 99M Inact, 193M Wired, 102M Buf, 640M Free
I used iperf3 through pfsense from both a laptop & a raspberrypi (running pihole):
pi@raspberrypi:~ $ iperf3 -c speedtest.serverius.net -p 5002 -4 -V
iperf 3.6
Linux raspberrypi 5.10.103-v7l+ #1529 SMP Tue Mar 8 12:24:00 GMT 2022 armv7l
Control connection MSS 1448
Connecting to host speedtest.serverius.net, port 5002
[ 5] local 192.168.XX.XX port 52940 connected to 178.21.16.76 port 5002
Starting Test: protocol: TCP, 1 streams, 131072 byte blocks, omitting 0 seconds, 10 second test, tos 0
[ ID] Interval Transfer Bitrate Retr Cwnd
[ 5] 0.00-1.00 sec 1.63 MBytes 13.7 Mbits/sec 0 386 KBytes
[ 5] 1.00-2.00 sec 3.48 MBytes 29.2 Mbits/sec 0 546 KBytes
[ 5] 2.00-3.00 sec 4.66 MBytes 39.1 Mbits/sec 0 765 KBytes
[ 5] 3.00-4.00 sec 4.16 MBytes 34.9 Mbits/sec 1 617 KBytes
[ 5] 4.00-5.00 sec 4.85 MBytes 40.7 Mbits/sec 0 683 KBytes
[ 5] 5.00-6.00 sec 4.85 MBytes 40.7 Mbits/sec 0 731 KBytes
[ 5] 6.00-7.00 sec 4.10 MBytes 34.4 Mbits/sec 1 549 KBytes
[ 5] 7.00-8.00 sec 4.04 MBytes 33.9 Mbits/sec 0 585 KBytes
[ 5] 8.00-9.00 sec 4.04 MBytes 33.9 Mbits/sec 0 608 KBytes
[ 5] 9.00-10.00 sec 4.04 MBytes 33.9 Mbits/sec 0 621 KBytes
Test Complete. Summary Results:
[ ID] Interval Transfer Bitrate Retr
[ 5] 0.00-10.00 sec 39.9 MBytes 33.4 Mbits/sec 2 sender
[ 5] 0.00-10.00 sec 38.7 MBytes 32.5 Mbits/sec receiver
CPU Utilization: local/sender 2.9% (0.2%u/2.7%s), remote/receiver 2.3% (0.2%u/2.1%s)
snd_tcp_congestion cubic
rcv_tcp_congestion cubiciperf Done.
Connecting to host speedtest.serverius.net, port 5002
[ 4] local 192.168.XX.XX port 57535 connected to 178.21.16.76 port 5002
Starting Test: protocol: TCP, 1 streams, 131072 byte blocks, omitting 0 seconds, 10 second test
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-1.01 sec 1.00 MBytes 8.33 Mbits/sec
[ 4] 1.01-2.01 sec 1.62 MBytes 13.5 Mbits/sec
[ 4] 2.01-3.01 sec 1.50 MBytes 12.7 Mbits/sec
[ 4] 3.01-4.01 sec 1.50 MBytes 12.6 Mbits/sec
[ 4] 4.01-5.00 sec 1.62 MBytes 13.7 Mbits/sec
[ 4] 5.00-6.00 sec 1.62 MBytes 13.6 Mbits/sec
[ 4] 6.00-7.01 sec 1.50 MBytes 12.6 Mbits/sec
[ 4] 7.01-8.01 sec 1.50 MBytes 12.5 Mbits/sec
[ 4] 8.01-9.01 sec 1.50 MBytes 12.6 Mbits/sec
[ 4] 9.01-10.00 sec 1.62 MBytes 13.8 Mbits/sec
Test Complete. Summary Results:
[ ID] Interval Transfer Bandwidth
[ 4] 0.00-10.00 sec 15.0 MBytes 12.6 Mbits/sec sender
[ 4] 0.00-10.00 sec 14.9 MBytes 12.5 Mbits/sec receiver
CPU Utilization: local/sender 2.7% (1.4%u/1.3%s), remote/receiver 1.1% (0.2%u/0.9%s)iperf Done.
What other settings should I be focusing on to increase the download speeds? Or what questions do I need to ask to produce an improvement on my download speeds? I've never seen the CPU reach a high percentage of utilization.
-
I think the appliance is just too slow. Netgate promotes it with 472 MBit/s L3 forwarding. Firewalling is less. I would consider an upgrade to a faster appliance.
-
This post is deleted! -
Did you ever resolve this? I'm having the same issues. You gotta love getting an "upgrade" with 90% reduction in B/W.
I also noticed my pfBlockerNG-devel is way out of date. I'm still running v3.1.0_4.
I just checked and I don't have any Traffic Shaping applied, so I'm going to update pfBlockerNG-devel to see if that does anything.
-
@rbuseraccount the testing methodology was incorrect as OP was testing only 1 stream on iperf. The 1100 should do up to 927Mbps but according to the spec sheet.
-
@rbuseraccount I haven’t made much progress. I’m not sure of my next step to take. If it’s an appliance issue, the cost associated is a deterrent. The What and How for testing is what I need to understand next.
-
@tenorbro if you plug in your computer directly into the cable modem. Your computer gets a public IP. You do a Speedtest. What’s the result?
-
@michmoor It’s been a month since I tested with the new modem, but I was receiving the 900+ mbps Down and 35+ mbps Up. So I knew I was received what Spectrum was selling. I plugged my Mac directly into the modem and ran Speedtest.net.
-
@tenorbro what services do you have running?
Are you policy routing through a VPN? -
@michmoor My raspberry pie runs Pi-hole and DNS. I have Firewalla monitoring my network. I don’t use a VPN unless I’m outside of my network, and that’s hosted on Firewalla using OpenVPN.
-
I hear you there!
I never had Traffic Shaping configured and I updated my pfBlockerNG-devel version, but that did nothing.... -
The 1100 will never pass 1Gbps with firewall+NAT running in a test like that. I would expect it to pass somewhere in the 400-500Mbps given low enough latency. That's with a close to default config. Any additional packages or VPNs etc will reduce that.
Steve
-
@stephenw10
The performance specs have it in the > 900Mbps for routing and 600Mbps for firewall features which i assume NAT or VPN but its difficult to say as that particular metric doesnt really mean anything as its not associated with a package or service function [NAT? Rules? Or NAT and Rules? VPN? IPS?.]
I
https://shop.netgate.com/products/1100-pfsense -
That’s exactly what I have running, but I do use a VPN. Of course, I’ve tested with and without the VPN running, so that hasn’t done anything.
I “registered” my modem via the Spectrum website last night and it was showing as good. I have yet to open the packaging for their crappy router that came with it. I know that until now, using an ISP’s router wouldn’t have been a factor, but starting to think they’re somehow throttling my bandwidth by 90% until I install—and register—their router. Thoughts?
I’m willing to install that, register it, then switch back to my own stuff. I was getting > 200Mbps before uninstalling the older Spectrum router/modem combo.
BTW, I run from ISP modem to a beefy custom built PC tower that only has pfSense loaded, then to my WIFI router, then out to my 8-port smart switch, and run everything else from that smart switch.
My desktop is plugged directly into the switch with CAT-5e, the rest of my machines run on WiFi.
They all get ~25Mbps!
️ -
@rbuseraccount For what it's worth, I did call Spectrum and sat on the phone with the rep to confirm I was receiving 900+ Down and 35+ Up when I plugged my computer into the EN2251 modem.
https://d15yx0mnc9teae.cloudfront.net/sites/default/files/Spectrum%20D3.1%20EMTA%20Data%20Sheet%281%29.pdf
-
I also tested for bufferbloat, and it's not great either. My worry is traffic shaping could resolve bufferbloat but reduce speeds. Is this a valid concern?
https://www.waveform.com/tools/bufferbloat?test-id=b8563aa8-fea7-4e66-b2f7-0788925b2695
-
@tenorbro screenshot what services you have running on pfsense
-
@michmoor it also shows 472 and 191 for IMIX Traffic.
See
https://www.netgate.com/blog/choosing-the-right-netgate-applianceThe 1100 shares a 1g connection internally. The switch ports use VLANs to isolate them.
(The 2100 has the same CPU but a separate WAN interface.)
Also
https://forum.netgate.com/topic/145052/sg-1100-throughput/17 -
@tenorbro I’m sorry to say this, but it’s your pfSense appliance that is limiting you. The SG-1100 tops out at about 300mbps in real life one client firewall (average latency) setups.
This is due to the fact it only has one NIC where all ports are connected via a switch and uses VLAN separation to create interfaces.
So at about 300mbit the interrupt rate becomes the limiting factor in synthetic real life one client tests.
One Nic and One Client always hashes to the same thread, so that thread goes to about 100% of what a CPU core can deliver (= ~300mbps). This explains why you never see a fully loaded CPU, but only 50% (= one thread @ 100%)The synthetic numbers netgate published are “worthless” when it comes to L3 (no firewall, and pure lab optimized conditions) and firewall (pure lab). You need to look at the IMIX numbers, and that is still with more than one client.
To make full use of your 1Gbe you need a SG-4100 or higher.
-
@steveits yep I see that. You’re right. It’s a platform limitation. Thanks for making me double check.
