PfSENSE througput

Eleander

Hi all,

New to the forums so if posted in the wrong one pls let me know.
At the moment I have 5 pfSENSE boxes configured within my network.
IPSEC links are created between the sites.

I've recently upgraded my internet lines to a higher speed, allthough when performing speedtests they are quite low.
When connected directly to the modem I get +-40 Mbps down & 5 up. When directly behind the pfSENSE I get about 10 Mbps down and 3Mbps up!

Any ideas? Haven't activated any Limiters or traffic shaping.

Kind regards,

Me

stephenw10

Disappointing.  :(
What hardware are you running pfSense on?
Is that test via the VPN?

Steve

Eleander

Different types of hardware.
On most sites though I've dedicated boxes with:

Version 2.0-RELEASE (i386)
built on Tue Sep 13 18:02:53 EDT 2011

You are on the latest version.
Platform nanobsd (4g)
NanoBSD Boot Slice pfsense0 / ad0s1
CPU Type Geode(TM) Integrated Processor by AMD PCS

$ ifconfig
vr0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:00:24:cc:21:30
inet x.x.x.X netmask 0xfffffe00 broadcast x.x.x.X
inet6 x.x.x.x vr0 prefixlen 64 scopeid 0x1
nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vr1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
options=8280b <rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate>ether 00:00:24:cc:21:31
inet6 x.x.x.x%vr1 prefixlen 64 scopeid 0x2
inet x.x.x.x netmask 0xffffc000 broadcast x.x.x.X
nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
status: active

VIA6105 chipsets with SOEKRIS 2155/0133
SO I presume ALIX boards</full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></rxcsum,txcsum,vlan_mtu,wol_ucast,wol_magic,linkstate></up,broadcast,running,simplex,multicast>

Eleander

I've found my throughput problems, allthough another arises.
Throughput, strangely enough, had to do with my ports not being on autonegotiate, allthough my internal & external ports (not pfSENSE box) are at 100 full duplex.

Now I need to put an extra switch between my box and the providers modem to keep my box WAN interface active.
Otherwise it drops its connections. Putting it at 10Mbits isn't an option while my downloadspeeds are at a nice 70Mbits.
Even changing the cabel, which is only 10m long doens't change a bit.

ANy ideas?
I'm getting stuff on my nerves and about to kick all these boxes out

jms703

@Eleander:

CPU Type Geode(TM) Integrated Processor by AMD PCS
VIA6105 chipsets with SOEKRIS 2155/0133

Your problem is most likely that you are limited by your hardware. Faster CPU or a CPU with crypto extensions will help. Better NICs (intel) will free up your CPU also.

jms703

@Eleander:

CPU Type Geode(TM) Integrated Processor by AMD PCS

Your post is missing a lot of helpful information. What kind of Geode? The Geode LX has AES-128 acceleration builtin.

How are your IPSec VPNs configured? If you have a Geode LX, verify that your IPSec VPN is using AES-128.

jms703

One more reply.

See this doc:

http://doc.pfsense.org/index.php/Are_cryptographic_accelerators_supported

and all your questions should be answered.

Eleander

jms,

Didn't have the chance to thank you for your replies.
Allthough I verified all your options I went with the first one.

Had a donator so I changed all my hardware to Dell 745 Boxes with Dualcore & 2GB RAM.
Installed a Intel NIC with 2 GB ports in an PCI-X slots and installed fresh boxes.

Now everything works like a charm.
Allthough I still couldn't figure out what happened.

Kind regards,

Me