Can't get Internet speed over 380Mbit with 1.2.3 release
-
Hi
My problem is that I can't figure out how to make the firewall faster, I feel capped at 380mbit, and I turned off all stuff I can think of.
I only have these service running:
cron
dnsmasq
ntpd
dhcpd
miniupnpdI Disables the PF scrubbing to gain some extra speed but still can't get over 380.
The speed test itself is downloading huge .jpg files over http.
If I use my computer directly on Internet I go easy over 380Mbit.
I allow all towards internet and just a few others firewall rules, nothing special just NAT and simple firewall rules.
This is during the speed test, you can see the CPU's don't use much at all of the idle time.
(ps auxe)root 11 100.0 0.0 0 8 ?? RL Wed04PM 1672:36.77 [idle: cpu3]
root 13 99.6 0.0 0 8 ?? RL Wed04PM 1674:35.70 [idle: cpu1]
root 12 95.0 0.0 0 8 ?? RL Wed04PM 1662:59.50 [idle: cpu2]
root 14 79.1 0.0 0 8 ?? RL Wed04PM 1646:58.87 [idle: cpu0]Is there anything I missed to speed up pfsense?
Something with the network cards ?I love to ge some inputs regarding this problem I have and how to find a solution.
-
The hardware you're running (and version of pfSense) matters, but as you didn't tell us what you're using all I can do is point you at the sizing guidance.
-
It's just me on that Internet line not hundreds of other people. (A personal fibre connection to my house)
Iam using: Intel atom dual core cpu 1.x Ghz. (shows as 4 cores)
Guide tells me: 501+ Mbps - server class hardware with PCI-X or PCI-e network adapters. No less than 3.0 GHz CPU.
Why dose not my CPU show any high load during speed tests then ?And I think a 3Ghz CPU for simple NAT sound very strange… with snort and other stuff loaded I can understand but not just with simple NAT going on.
Another reflextion is how can my laptop 3 years old at 2Ghz and running windows Vista fronting Internet with its builtin firewall perform better then pfsens running under linux?
I think that A dual core atom 1.4Ghz should beable to perform alot more then just around 400mbit NAT firewalling with only me using it ?
Something is missing in this picture.. Please help me understand the problem here.
-
What about the network cards? What about the interrupt rate etc?
-
Hi
Can you give me some linux command to run to get the output information you need to help me. (Iam no linux guru when it about drivers and hardware)
Thanks alot for trying to sovle this problem.
Using Realtek RTL8111C-GR Gigabit LAN
-
You don't have to be Linux guru - pfSense uses FreeBSD ;)
The top command (from the command line) will give you lots of useful information.
-
Top I know.. and this is my output when I do speed tests:
I can't see any problem here, why pfsense is soo slow.
$ top
last pid: 21428; load averages: 0.02, 0.04, 0.00 up 0+01:59:36 20:18:18
34 processes: 1 running, 33 sleepingMem: 34M Active, 12M Inact, 48M Wired, 36K Cache, 32M Buf, 1896M Free
Swap: 4096M Total, 4096M FreePID USERNAME THR PRI NICE SIZE RES STATE C TIME WCPU COMMAND
18325 root 1 -8 0 41736K 16992K piperd 1 0:08 0.29% php
562 root 1 4 0 7216K 4692K kqread 2 0:03 0.20% lighttpd
625 nobody 1 44 0 3156K 1296K select 3 0:02 0.00% dnsmasq
383 root 1 44 0 3268K 1132K select 2 0:01 0.00% syslogd
1356 root 1 8 20 3492K 1420K wait 1 0:01 0.00% sh
619 root 1 4 0 42760K 16084K accept 2 0:01 0.00% php
402 root 1 -58 0 5716K 2508K bpf 0 0:01 0.00% tcpdump
1086 root 1 8 20 3156K 780K nanslp 0 0:01 0.00% check_reload_status
403 root 1 -8 0 3156K 772K piperd 2 0:00 0.00% logger
957 root 1 44 0 3188K 1120K select 0 0:00 0.00% miniupnpd
462 root 1 44 0 3268K 1388K select 1 0:00 0.00% inetd
347 _dhcp 1 44 0 3156K 1296K select 2 0:00 0.00% dhclient
898 dhcpd 1 44 0 3156K 2056K select 1 0:00 0.00% dhcpd
1001 root 1 8 0 3240K 1264K nanslp 0 0:00 0.00% cron
563 root 1 8 0 39688K 5248K wait 2 0:00 0.00% php
611 root 1 8 0 39688K 5276K wait 3 0:00 0.00% php
585 root 1 8 0 39688K 5248K wait 2 0:00 0.00% php
626 root 1 8 0 39688K 5276K wait 0 0:00 0.00% php -
when I enable Device polling it get capped at aound 180Mbit only.
When I Disables the PF scrubbing I get around 80Mbit extra speed.
Not much more I can do from the interface to test why pfsens is soo slow.
-
Maybee test the 2.0 beta and see if it's faster.
-
A relatively slow box with cheap NICs isn't going to do much more than that. Atoms with Intel gig cards can hit about 500 Mb. 2.0 may be a bit faster, but you're trying to accomplish more than your hardware can do. Normally I would expect the CPU to be maxed out, but you may be hitting bus speed limits or other limits of your hardware.