Interface Interrupt
-
Hi.
I have 4 physical interfaces on pfSense Plus 24.03.
2 WAN
1 LAN
1 split into 2 VLANs.The main WAN and LAN has HFSC to control upload and download respectively.
The other WAN and 2 VLANs is running using a TailDrop Limiter.
My question is about the interrupts only on LAN interface.
Both WAN are PPPoE.
What is happening? I cannot achieve the full speed from my ISP. I've changed the cable, switch port, check configurations like auto-negotiation and so forth.
The netgate support told me to inser the dispatch deferred value on loader.conf.local but, nothing seems to solve this issue, I can barely achieve 50% of the speed and using the ISP modem directly attached to the machine I can run in full speed.
Does someone have a clue on what to do?
Thanks in advance.
-
Which interface is re0?
What CPU do you have? What rate does the ISP actually provide?
What sort of CPU usage do you see when testing?
I would check at the command line using:
top -HaSPSteve
-
@stephenw10 Good morning!
Which interface is re0?
This isn't the LAN interface I'm talking about. re0 is divided into 2 different VLANs.What CPU do you have? What rate does the ISP actually provide?
The ISP provides 600Mb downstream and 300Mb upstream.What sort of CPU usage do you see when testing?
Using top -HaSP during download:
Using top -HaSP during upload:
My download speed does not reach beyond 150Mbps.
The upload speed goes well, near the maximum rate.By the way, the em interface where LAN resides is:
Thank you for the reply Steve.
Best regards! -
Ok so no significant CPU usage. And the re0 NIC is not in use during the test.
It seems likely to be a traffic shaping issue. If you disable the shaping as a test does it then pass the expected speed?
-
@stephenw10 I've tried this with no success.
I'm running HFSC because it's the only way to maintain a stable connection for the entire facility, avoiding sudden drops, poor meeting quality and all sort of things that the network administrator will be blamed of.
The examples above are real.
Follow below my TS configuration and to justify the reason I built this configuration, the parameters was based on speed metrics running on an empty facility, no link usage at all.
I can only reach near 50% of the down speed.
-wan1 hfsc 350Mb -qInternet queue limit 500 bw 330Mb ul 330Mb ls 330Mb -qDNS queue limit 500 sched codel bw 5% ls 5% -qBulk queue limit 600 sched codel bw 26% ls 26% -qACK queue limit 500 sched codel bw 20% rt 20% ls 20% -qVoip queue limit 50 sched codel bw 5% rt 5% ls 5% -qMeet queue limit 300 sched codel bw 27% rt 27% ls 27% -qTech queue limit 500 sched codel bw 4% ul 100Mb ls 4% -qLive queue limit 500 sched codel bw 2% rt 2% ls 2% -qDefault queue limit 500 sched default codel bw 10% ls 10% -lan hfsc 350Mb -qInternet queue limit 500 bw 330Mb ul 330Mb ls 330Mb -qDNS queue limit 500 sched codel bw 5% ls 5% -qBulk queue limit 600 sched codel bw 26% ls 26% -qACK queue limit 500 sched codel bw 20% rt 20% ls 20% -qVoip queue limit 50 sched codel bw 5% rt 5% ls 5% -qMeet queue limit 300 sched codel bw 27% rt 27% ls 27% -qTech queue limit 500 sched codel bw 4% ul 100Mb ls 4% -qLive queue limit 500 sched codel bw 2% rt 2% ls 2% -qDefault queue limit 500 sched default codel bw 10% ls 10%All queues and floating rules was built on bare hands without the wizard usage.
Please let me know if I can provide any more configurations.
Thank you.
-
Hmm, so with the shaping you are seeing ~150Mbps down out of an expected 600. But without shaping you see close to 300Mbps?
I assume you have confirmed that 600Mbps is actually possible with a direct connection?
-
@stephenw10 That's correct.
Reaching approximately 350Mbps from a wired machine (windows 10 I use for hyper V) without TS. Then I built TS based on this flow assuming that this speed is the maximum speed I can achieve under the real usage scenario.
Using my daily driver (macOS Sonoma 14.4.1) only wireless (UniFi, 5GHz only, 40MHz wide, fully patched, controlling the environment using a self-hosted controlller) with TS active the down speed does not go beyond 150Mbps but the upload speed goes fine almost reaching 300Mbps.
Without TS it's impossible to work and maintain at least more than 100 wireless devices on a daily basis.
Using the ISP modem directly it's possible to achieve the full speed.
At the end of the day I will try to test down and up speed without TS.
Thank you.
-
Hmm, well the fact you can't get close to 600Mbps even from a machine that isn't shaped seems suspect. Do you see errors on any interface there?
I would also always test from a wired connection however much the wifi seems like it should easily pass it!
-
@stephenw10 The only interface showing errors is LAN int (em1).
In errors and interrupts.All other interfaces does not show any in/out errors nor interrupts.
Wireless connection is stable and rock solid but I can't achieve higher speeds.
Check my machine status on the UniFi controller.
-
Hmm, well you can try running a speed test fro pfSense itslef using the speedtest cli package. That would rule out the LAN NIC.
-
@stephenw10 Stephen I can't find this package to install. How can I use it?
Thank you.
-
@powerchords Hi. I've found the package. Follow below the result:
-
Hmm, well that's impressively slow! Is that traffic falling into a default queue maybe? It would only be matched by outbound floating rules on WAN.
Does a speedtest run on a client behind pfSense against that same server report a better speed?
-
@stephenw10 Hello.
Follow below the speedtest result from my macOS.
This traffic flows through default queue because it uses 8080 port, and this port is not mapped on any floating rule.
Thank you Stephen.
-
Is that actually the same server you're testing against? The ping time looks different.
The default queue doesn't seem to present any restriction from what information you have given us. It wouldn't affect downloads at all since the only queue it can hit is outbound on the WAN. So you should be seeing much better than that from the firewall itself.