Can't get Internet speed over 380Mbit with 1.2.3 release

fableman

Hi

My problem is that I can't figure out how to make the firewall faster, I feel capped at 380mbit, and I turned off all stuff I can think of.

I only have these service running:
cron
dnsmasq
ntpd
dhcpd
miniupnpd

I Disables the PF scrubbing to gain some extra speed but still can't get over 380.

The speed test itself is downloading huge .jpg files over http.

If I use my computer directly on Internet I go easy over 380Mbit.

I allow all towards internet and just a few others firewall rules, nothing special just NAT and simple firewall rules.

This is during the speed test, you can see the CPU's don't use much at all of the idle time.
(ps auxe)

root      11 100.0  0.0    0    8  ??  RL  Wed04PM 1672:36.77  [idle: cpu3]
root      13 99.6  0.0    0    8  ??  RL  Wed04PM 1674:35.70  [idle: cpu1]
root      12 95.0  0.0    0    8  ??  RL  Wed04PM 1662:59.50  [idle: cpu2]
root      14 79.1  0.0    0    8  ??  RL  Wed04PM 1646:58.87  [idle: cpu0]

Is there anything I missed to speed up pfsense?
Something with the network cards ?

I love to ge some inputs regarding this problem I have and how to find a solution.

Cry Havok

The hardware you're running (and version of pfSense) matters, but as you didn't tell us what you're using all I can do is point you at the sizing guidance.

fableman

It's just me on that Internet line not hundreds of other people. (A personal fibre connection to my house)

Iam using:  Intel atom dual core cpu 1.x Ghz. (shows as 4 cores)

Guide tells me: 501+ Mbps - server class hardware with PCI-X or PCI-e network adapters. No less than 3.0 GHz CPU.
Why dose not my CPU show any high load during speed tests then ?

And I think a 3Ghz CPU for simple NAT sound very strange… with snort and other stuff loaded I can understand but not just with simple NAT going on.

Another reflextion is how can my laptop 3 years old at 2Ghz and running windows Vista fronting Internet with its builtin firewall perform better then pfsens running under linux?

I think that A dual core atom 1.4Ghz should beable to perform alot more then just around 400mbit NAT firewalling with only me using it ?

Something is missing in this picture.. Please help me understand the problem here.

Cry Havok

What about the network cards? What about the interrupt rate etc?

fableman

Hi

Can you give me some linux command to run to get the output information you need to help me. (Iam no linux guru when it about drivers and hardware)

Thanks alot for trying to sovle this problem.

Using Realtek RTL8111C-GR Gigabit LAN

Cry Havok

You don't have to be Linux guru - pfSense uses FreeBSD ;)

The top command (from the command line) will give you lots of useful information.

fableman

Top I know.. and this is my output when I do speed tests:

I can't see any problem here, why pfsense is soo slow.

$ top
last pid: 21428;  load averages:  0.02,  0.04,  0.00  up 0+01:59:36    20:18:18
34 processes:  1 running, 33 sleeping

Mem: 34M Active, 12M Inact, 48M Wired, 36K Cache, 32M Buf, 1896M Free
Swap: 4096M Total, 4096M Free

PID USERNAME  THR PRI NICE  SIZE    RES STATE  C  TIME  WCPU COMMAND
18325 root        1  -8    0 41736K 16992K piperd 1  0:08  0.29% php
  562 root        1  4    0  7216K  4692K kqread 2  0:03  0.20% lighttpd
  625 nobody      1  44    0  3156K  1296K select 3  0:02  0.00% dnsmasq
  383 root        1  44    0  3268K  1132K select 2  0:01  0.00% syslogd
1356 root        1  8  20  3492K  1420K wait  1  0:01  0.00% sh
  619 root        1  4    0 42760K 16084K accept 2  0:01  0.00% php
  402 root        1 -58    0  5716K  2508K bpf    0  0:01  0.00% tcpdump
1086 root        1  8  20  3156K  780K nanslp 0  0:01  0.00% check_reload_status
  403 root        1  -8    0  3156K  772K piperd 2  0:00  0.00% logger
  957 root        1  44    0  3188K  1120K select 0  0:00  0.00% miniupnpd
  462 root        1  44    0  3268K  1388K select 1  0:00  0.00% inetd
  347 _dhcp      1  44    0  3156K  1296K select 2  0:00  0.00% dhclient
  898 dhcpd      1  44    0  3156K  2056K select 1  0:00  0.00% dhcpd
1001 root        1  8    0  3240K  1264K nanslp 0  0:00  0.00% cron
  563 root        1  8    0 39688K  5248K wait  2  0:00  0.00% php
  611 root        1  8    0 39688K  5276K wait  3  0:00  0.00% php
  585 root        1  8    0 39688K  5248K wait  2  0:00  0.00% php
  626 root        1  8    0 39688K  5276K wait  0  0:00  0.00% php

fableman

when I enable Device polling it get capped at aound 180Mbit only.

When I Disables the PF scrubbing I get around 80Mbit extra speed.

Not much more I can do from the interface to test why pfsens is soo slow.

fableman

Maybee test the 2.0 beta and see if it's faster.

cmb

A relatively slow box with cheap NICs isn't going to do much more than that. Atoms with Intel gig cards can hit about 500 Mb. 2.0 may be a bit faster, but you're trying to accomplish more than your hardware can do. Normally I would expect the CPU to be maxed out, but you may be hitting bus speed limits or other limits of your hardware.