4. Can't get Internet speed over 380Mbit with 1.2.3 release

Can't get Internet speed over 380Mbit with 1.2.3 release

  • F

    Hi

    My problem is that I can't figure out how to make the firewall faster, I feel capped at 380mbit, and I turned off all stuff I can think of.

    I only have these service running:
    cron
    dnsmasq
    ntpd
    dhcpd
    miniupnpd

    I Disables the PF scrubbing to gain some extra speed but still can't get over 380.

    The speed test itself is downloading huge .jpg files over http.

    If I use my computer directly on Internet I go easy over 380Mbit.

    I allow all towards internet and just a few others firewall rules, nothing special just NAT and simple firewall rules.

    This is during the speed test, you can see the CPU's don't use much at all of the idle time.
    (ps auxe)

    root      11 100.0  0.0    0    8  ??  RL  Wed04PM 1672:36.77  [idle: cpu3]
    root      13 99.6  0.0    0    8  ??  RL  Wed04PM 1674:35.70  [idle: cpu1]
    root      12 95.0  0.0    0    8  ??  RL  Wed04PM 1662:59.50  [idle: cpu2]
    root      14 79.1  0.0    0    8  ??  RL  Wed04PM 1646:58.87  [idle: cpu0]

    Is there anything I missed to speed up pfsense?
    Something with the network cards ?

    I love to ge some inputs regarding this problem I have and how to find a solution.

    0

  • The hardware you're running (and version of pfSense) matters, but as you didn't tell us what you're using all I can do is point you at the sizing guidance.

    0
  • F

    It's just me on that Internet line not hundreds of other people. (A personal fibre connection to my house)

    Iam using:  Intel atom dual core cpu 1.x Ghz. (shows as 4 cores)

    Guide tells me: 501+ Mbps - server class hardware with PCI-X or PCI-e network adapters. No less than 3.0 GHz CPU.
    Why dose not my CPU show any high load during speed tests then ?

    And I think a 3Ghz CPU for simple NAT sound very strange… with snort and other stuff loaded I can understand but not just with simple NAT going on.

    Another reflextion is how can my laptop 3 years old at 2Ghz and running windows Vista fronting Internet with its builtin firewall perform better then pfsens running under linux?

    I think that A dual core atom 1.4Ghz should beable to perform alot more then just around 400mbit NAT firewalling with only me using it ?

    Something is missing in this picture.. Please help me understand the problem here.

    0

  • What about the network cards? What about the interrupt rate etc?

    0
  • F

    Hi

    Can you give me some linux command to run to get the output information you need to help me. (Iam no linux guru when it about drivers and hardware)

    Thanks alot for trying to sovle this problem.

    Using Realtek RTL8111C-GR Gigabit LAN

    0

  • You don't have to be Linux guru - pfSense uses FreeBSD ;)

    The top command (from the command line) will give you lots of useful information.

    0
  • F

    Top I know.. and this is my output when I do speed tests:

    I can't see any problem here, why pfsense is soo slow.

    $ top
    last pid: 21428;  load averages:  0.02,  0.04,  0.00  up 0+01:59:36    20:18:18
    34 processes:  1 running, 33 sleeping

    Mem: 34M Active, 12M Inact, 48M Wired, 36K Cache, 32M Buf, 1896M Free
    Swap: 4096M Total, 4096M Free

    PID USERNAME  THR PRI NICE  SIZE    RES STATE  C  TIME  WCPU COMMAND
    18325 root        1  -8    0 41736K 16992K piperd 1  0:08  0.29% php
      562 root        1  4    0  7216K  4692K kqread 2  0:03  0.20% lighttpd
      625 nobody      1  44    0  3156K  1296K select 3  0:02  0.00% dnsmasq
      383 root        1  44    0  3268K  1132K select 2  0:01  0.00% syslogd
    1356 root        1  8  20  3492K  1420K wait  1  0:01  0.00% sh
      619 root        1  4    0 42760K 16084K accept 2  0:01  0.00% php
      402 root        1 -58    0  5716K  2508K bpf    0  0:01  0.00% tcpdump
    1086 root        1  8  20  3156K  780K nanslp 0  0:01  0.00% check_reload_status
      403 root        1  -8    0  3156K  772K piperd 2  0:00  0.00% logger
      957 root        1  44    0  3188K  1120K select 0  0:00  0.00% miniupnpd
      462 root        1  44    0  3268K  1388K select 1  0:00  0.00% inetd
      347 _dhcp      1  44    0  3156K  1296K select 2  0:00  0.00% dhclient
      898 dhcpd      1  44    0  3156K  2056K select 1  0:00  0.00% dhcpd
    1001 root        1  8    0  3240K  1264K nanslp 0  0:00  0.00% cron
      563 root        1  8    0 39688K  5248K wait  2  0:00  0.00% php
      611 root        1  8    0 39688K  5276K wait  3  0:00  0.00% php
      585 root        1  8    0 39688K  5248K wait  2  0:00  0.00% php
      626 root        1  8    0 39688K  5276K wait  0  0:00  0.00% php

    0
  • F

    when I enable Device polling it get capped at aound 180Mbit only.

    When I Disables the PF scrubbing I get around 80Mbit extra speed.

    Not much more I can do from the interface to test why pfsens is soo slow.

    0
  • F

    Maybee test the 2.0 beta and see if it's faster.

    0
  • C

    A relatively slow box with cheap NICs isn't going to do much more than that. Atoms with Intel gig cards can hit about 500 Mb. 2.0 may be a bit faster, but you're trying to accomplish more than your hardware can do. Normally I would expect the CPU to be maxed out, but you may be hitting bus speed limits or other limits of your hardware.

    0
Log in to reply
 

Products

Services

Support

News

Resources

Company

Our Mission

We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

Subscribe to our Newsletter

Product information, software announcements, and special offers. See our newsletter archive for past announcements.

© 2020 Rubicon Communications, LLC | Privacy Policy