Performance Issue: pfSense meets DOCSIS 3.0

Mr Alpha

So, I recently upgraded my DOCSIS 3.0 cable connection to a "up to 200/10 Mbps down/up" connection. Now it seems my pfSense box can't handle it. Bypassing the pfSense box I get 165/8.5 Mbps, which is pretty close to advertised speeds.

With the pfSense box it is another story. First I was getting a 75/4.5 Mbps and I figured it was because of the old, cruddy 3Com NICs I had. So I went out and purchased two Intel PRO/1000 GT cards. Now I'm getting 110/4.5 Mbps. Better, but still nowhere near what I'm getting when bypasssing the pfSense box. I'm just using it as a router/firewall, not running any extra packages. During the speedtest the CPU usage doesn't hit 10%.

The machine is:
Athlon XP something underclocked to ~1.1GHz
ASUS M7V266
2 GB 266MHz DDR2

Cino

My DOCSIS3.0 is only setup for 50/5 right now and my pfsense atom box has no issues with that speed. You did the right thing by upgrading to gbit cards as 100/10 wont cut it. What slot type is your card? I'm wondering if your motherboard bus can't keep up.. Is there a way for you to boot your pfsense box using a live Linux cd and run a speedtest? This way you can make sure your hardware can handle it. If your provider has its own speedtest website(TWC does for all their locations) Use that first then a speedtest site that is the close to your location.

Mr Alpha

I am using my providers speedtest. Speedtest.net is not reliable above 50 Mbps. I'll see about whipping up a Linux Live CD.

jimp

Why underclock the CPU? Let it run full speed, you may be hitting a bottleneck there trying to push 200.

Watch the output of "top -SH" while running the speed test, see what it shows.

Mr Alpha

Doesn't seem to be overloading the CPU.

$ top -SH
last pid: 56291;  load averages:  0.10,  0.07,  0.02  up 3+01:57:28    23:03:13
82 processes:  2 running, 65 sleeping, 2 zombie, 13 waiting

Mem: 53M Active, 19M Inact, 30M Wired, 524K Cache, 18M Buf, 387M Free
Swap: 1024M Total, 1024M Free

  PID USERNAME PRI NICE   SIZE    RES STATE    TIME   WCPU COMMAND
   11 root     171 ki31     0K     8K RUN     72.6H 71.09% idle: cpu0
   33 root     -68    -     0K     8K -        8:29 12.99% em1 taskq
   32 root     -68    -     0K     8K -        7:17  9.18% em0 taskq
   27 root     -68    -     0K     8K WAIT     0:54  1.27% irq4: em0 uhci0+
48459 root      -8    0 40712K 13980K piperd   0:12  1.17% php
  755 root       4    0  6168K  4188K kqread   0:52  0.49% lighttpd
   12 root     -32    -     0K     8K WAIT     7:39  0.00% swi4: clock sio
 1485 root       8   20  3492K  1816K wait     1:42  0.00% sh
   15 root      44    -     0K     8K -        0:59  0.00% yarrow
  428 root      44    0  3268K  1120K select   0:42  0.00% syslogd
  441 root     -58    0 10836K  8000K bpf      0:29  0.00% tcpdump
  443 root      -8    0  3156K   768K piperd   0:26  0.00% logger
   45 root      20    -     0K     8K syncer   0:17  0.00% syncer
    5 root      -8    -     0K     8K -        0:17  0.00% g_down
    4 root      -8    -     0K     8K -        0:16  0.00% g_up
  770 root       4    0 45832K 19212K accept   0:12  0.00% php
  759 root       4    0 45832K 19212K accept   0:12  0.00% php
   20 root       8    -     0K     8K -        0:12  0.00% thread taskq

The reason the CPU is underclocked is so that I can undervolt the fan without overheating issues to keep things quiet.

geewhz01

I'm getting very simliar results on my docsis 3 connection, and I have 2 of them.  I wasn't going to post anything until further testing tomorrow, but after seeing your post I wanted to say that I'm having similar issues.  I plan to do further testing on a basic system tomorrow.  I'm running a quad core 2.4 with 4GB's on one system and 8GB's on the other.  My systems have Intel Pro Nics as well, but I was thinking my vlans and the way I trunk my internet connections was/is playing a part in the speed.

Thanks,

Andy

SeventhSon

Weird thing is the upload stays @ 4,5Mbit while the download speed increases, when you swap the NIC.

Is this a fresh install/config? Or could you test a fresh install/config?

Your CPU/NIC/Board should be able to handle this just fine.

roja

This might sound obvious to some  but have you made sure you have turned off:

-Squid Transparent mode
-Traffic shaping
-Snort
-Hardware check suming off

Boot off LIVE CD like others have said and do your test with a generic setup. Or boot off a Knoppix CD of Win XP PE disc and bench with your isp's site.
My 2 cents.

SteveThing

Have you tried reducing your MTU size a little? Some ISPs that have moved to DOCSIS 3.0 use GRE tunnels between the modem and node. Maybe a setting of 1492 or 1424 would do well.

clarknova

Which version of pfsense are you running? There have been issues with the em driver in the 2.0 snapshots.