Max 3mbit/s download through squid???
-
Hi Guys
I have a vmware hosting the pfsense, and a few other servers. pfSense is 1.2.3, and Squid is 2.7.8_1
I've just recently had some seriours performance issues, so I'm trying to figure out what's wrong, apparently the upload speed is way to low compared to specs, but I also discovered something else.
When I use the Squid proxy the local ISP speed test doesn't go much above 3 mbit/s, whilst testing without the Squid gives the appropriate 9 mbit/s (it's a 10 mbit/s line, so it's pretty close).
When I look at the VMWare, I don't see any performance issues present, I don't see any major CPU spikes, I have a CPU reservation of 1200 MHz, but it doesn't even use 300 MHz according to the graphs.
I also have SquidGuard running, but I don't see any change when disabling it.Is Squid just that slow???
-
AFAIK squid runs on production with 120mbps.
OS and squid needs to be tuned. defaults != top performance. -
And any hints on where and what to 'tune'?
-
Do you have the traffic shaper enabled?
If so, squid transfers from pfSense to your LAN will be limited by the size of your downstream bandwidth, due to how traffic shaping works. Traffic is shaped when leaving an interface on the box, not where it enters. As a consequence, interactions with the router itself are also limited.
-
Nope, no traffic shaping, I did consider it, and had it enabled briefly some time ago, but could read from the forum that on a vmware it wasn't considered stable, so I disabled it again.
-
Please search the forum before posting. This has been discussed close to 100 times.
http://forum.pfsense.org/index.php/topic,14673.0.html -
I did search the forum, but the search on this forum is lousy, and I didn't find the thread you refer to, because I didn't search for the right words.
But thankyou for the hint, it didn't change anything… -
This worked wonders for me:
http://forum.pfsense.org/index.php/topic,7186.msg59302.html#msg59302
-
That's what I have at the moment, very odd I think.
I wonder if the freeswitch package is creating some sort of havoc here?
That's the only 'new' package I'm using.
Maybe I need to change it to a hardware box…
Some soekris hardware, it's just bugging me that I can't have it all run on one box. -
You're trying to run a squid cache on an embedded box? What kind of storage?
CF would probably be really slow to read/write cache data on such a box
-
I ran pfsense 1.2.3 with squid and freeswitch on a soekris net5501-70 (500/512) for months with no such issue. It ran fine on a CF card, but I switched that out after a while for a 100GB SATA drive. I took it down recently only because of the SATA problems on the newer soekris boards, which they're offering to repair free.
-
No, I'm not running it at a soekris at the moment, I'm running it on vmware at the moment, but I'm contemplating a change if it's the platform that's to blame…
-
VM architecture in general makes everything slower. The Fastest vm type is a Hypervisor but still has its performance penalties too. All VM Networking have slowdowns because the overhead VMs need for internal VLANs and if you are trying to handle it with one NIC then I can see where you might have a performance problem.
-
VM architecture in general makes everything slower. The Fastest vm type is a Hypervisor but still has its performance penalties too. All VM Networking have slowdowns because the overhead VMs need for internal VLANs and if you are trying to handle it with one NIC then I can see where you might have a performance problem.
Interesting. By chance, do you have any published data to prove this point? Or, is this first-hand knowledge? Not trying to be confrontational, just asking because I am hosting a few pfSense VMs on ESX and I would like to know what kind of performance to expect.
-
First of, no, I'm running it with 2 nics, one internal and one external (and a third DMZ which is purely virtual).
Hmm, Hypervisor is a general term for the software that creates the virtual environment, are you thinking about Hyper-V (from M$), then it's definetely not the fastest. They will perform windows virtualization better than other 'non-para-virtualized' hypervisors.
You can gain a lot of performance enhancements by doing it para-virtualized, which hyper-v wants to do with Windows (and Linux, but with problems), a much more compatible product is XEN, that will do para-virtualized for a lot more platforms, and do it better.Only problem is that with paravirtualized you have some system drivers that can completely crash all virtual machines, and render them unsalvagable (speaking of experience), which was why we switched all virtual environments to VMWare a year ago at work.
But para-virtualized systems requires specially compiled kernels, and special drivers, so going with hyper-v you are really locking yourself down to M$ until all the kernels are available, which for us was an absolute nono.
