Performance Issue: pfSense meets DOCSIS 3.0



  • So, I recently upgraded my DOCSIS 3.0 cable connection to a "up to 200/10 Mbps down/up" connection. Now it seems my pfSense box can't handle it. Bypassing the pfSense box I get 165/8.5 Mbps, which is pretty close to advertised speeds.

    With the pfSense box it is another story. First I was getting a 75/4.5 Mbps and I figured it was because of the old, cruddy 3Com NICs I had. So I went out and purchased two Intel PRO/1000 GT cards. Now I'm getting 110/4.5 Mbps. Better, but still nowhere near what I'm getting when bypasssing the pfSense box. I'm just using it as a router/firewall, not running any extra packages. During the speedtest the CPU usage doesn't hit 10%.

    The machine is:
    Athlon XP something underclocked to ~1.1GHz
    ASUS M7V266
    2 GB 266MHz DDR2



  • My DOCSIS3.0 is only setup for 50/5 right now and my pfsense atom box has no issues with that speed. You did the right thing by upgrading to gbit cards as 100/10 wont cut it. What slot type is your card? I'm wondering if your motherboard bus can't keep up.. Is there a way for you to boot your pfsense box using a live Linux cd and run a speedtest? This way you can make sure your hardware can handle it. If your provider has its own speedtest website(TWC does for all their locations) Use that first then a speedtest site that is the close to your location.



  • I am using my providers speedtest. Speedtest.net is not reliable above 50 Mbps. I'll see about whipping up a Linux Live CD.


  • Rebel Alliance Developer Netgate

    Why underclock the CPU? Let it run full speed, you may be hitting a bottleneck there trying to push 200.

    Watch the output of "top -SH" while running the speed test, see what it shows.



  • Doesn't seem to be overloading the CPU.

    $ top -SH
    last pid: 56291;  load averages:  0.10,  0.07,  0.02  up 3+01:57:28    23:03:13
    82 processes:  2 running, 65 sleeping, 2 zombie, 13 waiting
    
    Mem: 53M Active, 19M Inact, 30M Wired, 524K Cache, 18M Buf, 387M Free
    Swap: 1024M Total, 1024M Free
    
      PID USERNAME PRI NICE   SIZE    RES STATE    TIME   WCPU COMMAND
       11 root     171 ki31     0K     8K RUN     72.6H 71.09% idle: cpu0
       33 root     -68    -     0K     8K -        8:29 12.99% em1 taskq
       32 root     -68    -     0K     8K -        7:17  9.18% em0 taskq
       27 root     -68    -     0K     8K WAIT     0:54  1.27% irq4: em0 uhci0+
    48459 root      -8    0 40712K 13980K piperd   0:12  1.17% php
      755 root       4    0  6168K  4188K kqread   0:52  0.49% lighttpd
       12 root     -32    -     0K     8K WAIT     7:39  0.00% swi4: clock sio
     1485 root       8   20  3492K  1816K wait     1:42  0.00% sh
       15 root      44    -     0K     8K -        0:59  0.00% yarrow
      428 root      44    0  3268K  1120K select   0:42  0.00% syslogd
      441 root     -58    0 10836K  8000K bpf      0:29  0.00% tcpdump
      443 root      -8    0  3156K   768K piperd   0:26  0.00% logger
       45 root      20    -     0K     8K syncer   0:17  0.00% syncer
        5 root      -8    -     0K     8K -        0:17  0.00% g_down
        4 root      -8    -     0K     8K -        0:16  0.00% g_up
      770 root       4    0 45832K 19212K accept   0:12  0.00% php
      759 root       4    0 45832K 19212K accept   0:12  0.00% php
       20 root       8    -     0K     8K -        0:12  0.00% thread taskq
    
    

    The reason the CPU is underclocked is so that I can undervolt the fan without overheating issues to keep things quiet.



  • I'm getting very simliar results on my docsis 3 connection, and I have 2 of them.  I wasn't going to post anything until further testing tomorrow, but after seeing your post I wanted to say that I'm having similar issues.  I plan to do further testing on a basic system tomorrow.  I'm running a quad core 2.4 with 4GB's on one system and 8GB's on the other.  My systems have Intel Pro Nics as well, but I was thinking my vlans and the way I trunk my internet connections was/is playing a part in the speed.

    Thanks,

    Andy



  • Weird thing is the upload stays @ 4,5Mbit while the download speed increases, when you swap the NIC.

    Is this a fresh install/config? Or could you test a fresh install/config?

    Your CPU/NIC/Board should be able to handle this just fine.



  • This might sound obvious to some  but have you made sure you have turned off:

    -Squid Transparent mode
    -Traffic shaping
    -Snort
    -Hardware check suming off

    Boot off LIVE CD like others have said and do your test with a generic setup. Or boot off a Knoppix CD of Win XP PE disc and bench with your isp's site.
    My 2 cents.



  • Have you tried reducing your MTU size a little? Some ISPs that have moved to DOCSIS 3.0 use GRE tunnels between the modem and node. Maybe a setting of 1492 or 1424 would do well.



  • Which version of pfsense are you running? There have been issues with the em driver in the 2.0 snapshots.


Locked