Is There A Bandwidth Limit for WAN Connections



  • I apologize if this question has been asked before but I am sparring with AT&T Managed Internet Services and I would like to verify something. I recently upgraded our data service from a single T-1 to 3 bonded T-1s to get 4.5 MB of bandwidth. Due to my office location, I'm stuck using AT&T (they have been very bad) and the turn-on has been a disaster (going on 3 weeks). After a lot of work, I'm now showing only 3 MB of bandwidth which I am interpreting to mean that only 2 of the 3 T-1s are operational. Speed tests confirm this as well. AT&T is insisting that all 3 T-1s are working and they show maximum bandwidth to my location. They further insist that my "firewall" is limiting the amount of bandwidth it sees on the WAN. I don't believe this is true but I cannot find anything that documents if pfSense places a limit on the amount of bandwidth it can handle from a WAN connection. I am using pfSense 1.2.3-Release. WAN & LAN interfaces are Intel Pro/1000 MT network cards. Does anybody know if there is indeed such a limitation on WAN connections?



  • One shouldn't place too much significance on a performance test without knowing the significant parameters under which the test operates. For example, your speed test - is it a single TCP connection or multiple connections? (Do you get a better aggregate result running concurrent tests? If the protocol used in the test wasn't TCP, what was it?) Was there any packet loss during the test? What is the bandwidth over the whole path between the endpoints? (Perhaps you know only the bandwidth between your endpoint and the internet.) How congested is the path between the two end-points? etc etc,.



  • I am not interested in getting an absolute result per se. All I'm looking for is to have the maximum bandwidth I've paid for from AT&T available to my location. That is not happening. AT&T is trying to pass the buck to me by saying that it's my firewall (pfSense) that is throttling back my bandwidth. I use pfSense at home on Time Warner and my bandwidth there maxes out at 15MB using the 2.0 Beta of pfSense so I really believe there is no limitation. I used Speedtest (www.speedtest.net) to get another view on the overall bandwidth available on my connection. My connection should be showing 4.5MB on the WAN side. Instead, it was maxed out all day yesterday at 3MB and just now it's showing only 3MB again so I am of the belief think AT&T has not set my circuit up correctly. Thanks for the response.



  • Actually there is a bandwidth limit for all interfaces : your hardware.
    though based on what you say you are running on I doubt that is the problem (nics anyway)

    Things I would consider doing:
    Having a tech come out with their own router and equipment to test speed. (have them bring a modem)
    disable one of the T1's or have them enabled/connect 1 by one



  • What terminates the T1's at your end?  If you have access to the router (or whatever), can you verify the status of the 3 interfaces?


  • Rebel Alliance Developer Netgate

    I would try to see if you can get at least snmp access to the device terminating the T1s. That would let you monitor the traffic flowing on the physical ports (and likely on the bonded virtual interface as well) so you can see for yourself if there is a problem with a circuit.

    pfSense wouldn't limit the bandwidth in that way unless (a) you enabled the traffic shaper and told it to, or (b) you have really old hardware that can't handle that speed.

    Seeing as a really old WRAP device that is <200MHz can handle ~25Mbit, (b) isn't likely, especially if you are using gigabit NICs.

    Try to max out the line for a while (bittorrent, etc) and see what your RRD graphs in pfSense show. It could also be that your speed test is getting 3Mbit but other misc network traffic on your line at the time is taking up the remaining 1.5Mbit.



  • AT&T is blowing smoke about your router. There's nothing keeping your router from using all 4.5 Mbps of your connection. Or 10 Mbps, or 100 Mbps, or 1000 Mbps. There are other people using PfSense in much larger applications than yours.

    But it's worth noting that the speed you're getting on the WAN link to the first router and the speed you're measuring on speedtest.net are not the same. It's pretty much true that only AT&T can measure the connection speed of the T1, unless you somehow have access to the T1 termination equipment and you know how to ask it what the connection speed is. Also, you will lose about 10% or so of the actual connection speed to TCP overhead, and even if you had a Speedtest.net server connected directly to the router at AT&T, the connection speed and "internet" speed will be different as a result of that. So I would expect a maximum capacity of about 4.09 Mbps on 3 T1s and 2.73 Mbps on 2 T1s. If you're getting somewhere in between those two numbers, then AT&T isn't lying to you about the connection speed (especially if you're getting slightly more than 3Mbps - that would be impossible if only two T1s were working).


Log in to reply