WAN Upgrade from 10mb to 20mb but no change from behind firewall



  • The ISP engineer ran tests from behind their equipment and it showed the increase. He then tested from one of the local user ports and it showed no increase. I'm not sure where it is being throttled and looking for suggestions of how to test. Pfsense 2.0 on a dell 1850



  • If you have traffic shaping turned on, it might affect the speed of transfer.
    It could also be a very old server with a 10Mbit card in it and it not capable of 20Mbit … what is your link speed showing in the dashboard or interfaces tab?



  • A Dell PowerEdge 1850 has at least one Xeon 2.8GHz CPU with two 1Gbps NICs.  My guess would be traffic shaping is set to 10Mbps.

    On the off chance, is the BIOS the latest version?  Have you upgraded the firmware on the NICs?



  • Using the shaper or limiters would be the common cause there.



  • I have no limiters or traffic shaping in use. the dashboard shows "1000baseT <full-duplex>" for both WAN and LAN. The only package I use is squid. I disabled it but same results. How can I test from shell on the router WAN?</full-duplex>



  • @jpmtg:

    How can I test from shell on the router WAN?

    Install the iperf package.



  • Installed. My home connection is pretty weak so not sure how I can test offsite as from what I understand of iperf is that I also have to run it from another location and get some port forwarding going. Is there a public test server people use or will my test be limited to my home speed? Thanks for helping me out.

    BIOS on the dell 1850 is newest and both NIC are on the newest firmware. Not sure how to check which driver freebsd is using or what the newest one is for linux though. I am new to linux but so far I am enjoying it as I grew up on a DOS prompt. It is funny how we come full circle in life.


  • Netgate Administrator

    Just use the fetch command to retreive a file from a known fast server. E.g.

    
    [2.0-RC3][root@pfsense.fire.box]/root(10): fetch -o /dev/null http://download.thinkbroadband.com/20MB.zip
    /dev/null                                     100% of   20 MB  984 kBps 00m00s
    
    

    Steve

    P.S. FreeBSD (and hence pfSense) is not Linux!  ;)



  • @stephenw10:

    Just use the fetch command to retreive a file from a known fast server. E.g.

    
    [2.0-RC3][root@pfsense.fire.box]/root(10): fetch -o /dev/null http://download.thinkbroadband.com/20MB.zip
    /dev/null                                     100% of   20 MB  984 kBps 00m00s
    
    

    Steve

    P.S. FreeBSD (and hence pfSense) is not Linux!  ;)

    I did the same test file as you and got around 780 kBps. I went to a few conversion sites and seems this is around 6mb speed? I am stumped as to how it is being throttled still :(

    P.S. Thanks for the heads up of FreeBSD not being from linux. It was based off of Unix then?



  • @jpmtg:

    how I can test offsite as from what I understand of iperf is that I also have to run it from another location and get some port forwarding going. Is there a public test server people use or will my test be limited to my home speed?

    Just put a test machine on the WAN and another on the LAN. This will test the routing throughput of pfsense, leaving the ISP out of the equation.


  • Netgate Administrator

    I think perhaps thinkbroadband or my own ISP had limited the connection because my actual connection is DSL synced at 22Mbps. I can usually get close to 20Mbps real speed.
    Today I retried it and:

    
    [2.0-RC3][root@pfsense.fire.box]/root(2): fetch -o /dev/null http://download.thinkbroadband.com/50MB.zip
    /dev/null                                     100% of   50 MB 1961 kBps 00m00s
    
    

    So, close to 16Mbps. Still not what I know is possible but it's busy time of day. If I'm doing any serious testing I wait until after midnight when I know I'm getting less contention and it doesn't count towards my bandwidth limit.  ;)

    One thing that might be causing you trouble is that ISPs often have a cap on your bandwidth somewhere in their network. It's entirely possible that they increased your line speed but didn't reset the bandwidth cap.

    Steve



  • @jpmtg:

    P.S. Thanks for the heads up of FreeBSD not being from linux. It was based off of Unix then?

    It's worth reading the intro paragraphs here:
    http://en.wikipedia.org/wiki/Berkeley_Software_Distribution

    And if you scroll down there's an image on the right that shows the hierarchy of where the different *nix systems came from.



  • @stephenw10:

    I think perhaps thinkbroadband or my own ISP had limited the connection because my actual connection is DSL synced at 22Mbps. I can usually get close to 20Mbps real speed.
    Today I retried it and:

    
    [2.0-RC3][root@pfsense.fire.box]/root(2): fetch -o /dev/null http://download.thinkbroadband.com/50MB.zip
    /dev/null                                     100% of   50 MB 1961 kBps 00m00s
    
    

    So, close to 16Mbps. Still not what I know is possible but it's busy time of day. If I'm doing any serious testing I wait until after midnight when I know I'm getting less contention and it doesn't count towards my bandwidth limit.  ;)

    One thing that might be causing you trouble is that ISPs often have a cap on your bandwidth somewhere in their network. It's entirely possible that they increased your line speed but didn't reset the bandwidth cap.

    Steve

    It was around 1am when I did the test and I didn't see anything else going on. The ISP engineer did a test from their laptop directly connected to WAN and got 22Mbps. From behind the firewall it was 7Mbps. I just noticed that the upload test they did from their equipment showed an increase over what we had previously. It is showing 17Mbps and prior we would have around 8Mbps. So this at least lets me know that only download is being throttled?


  • Netgate Administrator

    Hmm, OK.
    So you have cable WAN or some connection that provides ethernet to your pfSense WAN?
    What does your pfSense box say about the status of your interfaces (GUI > Status > Interfaces), are they all 100Mbps full duplex (or faster)?

    What is the state of your pfSense box? Is it a fresh install? Any packages? Anything else?  ::)

    Steve



  • @stephenw10:

    Hmm, OK.
    So you have cable WAN or some connection that provides ethernet to your pfSense WAN?
    What does your pfSense box say about the status of your interfaces (GUI > Status > Interfaces), are they all 100Mbps full duplex (or faster)?

    What is the state of your pfSense box? Is it a fresh install? Any packages? Anything else?  ::)

    Steve

    AT&T MetroE 20Mbps fiber

    WAN and LAN Interfaces:
    1000baseT <full-duplex>Packages:
    iperf
    Lightsquid
    nmap
    squid
    squidGuard

    Fresh install 2.0-RELEASE (i386)
    built on Tue Sep 13 17:00:00 EDT 2011</full-duplex>



  • Here are the results using the ISP's test site.

    From the tech's laptop plugged directly into the WAN:

    and here is my test from behind router:


  • Netgate Administrator

    It's hard to say quite what is being measured there. What is the difference between 'download speed' and 'download capacity'?

    You have quite a few things running on pfSense that could potentially be causing delays; squid and squidguard.

    Can you hook up a machine directly to the AT&T connection and test from there?

    Can you boot your pfSense machine from the LiveCD to test without any packages?

    Steve



  • @stephenw10:

    It's hard to say quite what is being measured there. What is the difference between 'download speed' and 'download capacity'?

    You have quite a few things running on pfSense that could potentially be causing delays; squid and squidguard.

    Can you hook up a machine directly to the AT&T connection and test from there?

    Can you boot your pfSense machine from the LiveCD to test without any packages?

    Steve

    I had previously disabled squid and tested again with no change. I will work on testing via live cd next time I am on site.



  • Don't just disable them, uninstall them and reboot. You want to make sure that it is package causing the issue and not something deeper. Check your floating rules to make sure shaper has not rules. Remove shaping if there is some there.

    Even better, backup your config. Re-install pfsense and give it enough just to start passing traffic, then test speed.

    There might be NIC driver issues, what type of NICs are they again?



  • @jpmtg:

    I will work on testing via live cd next time I am on site.

    That would be a good plan and without wrecking your existing install, get the most basic config possible to get online and see how that's diff.


Log in to reply