Slow throughput on ALIX 2D13
we are running pfSense 2.0 on ALIX 2D13 for a week now on a 100/10 cable line.
Prior to pfSense we used a virtualised IPcop getting around 93/8mbit.
Now with pfSense the traffic maxes out at around 30mbit when downloading from http or ftp.
CPU utilization is slightly below 50%.
Network behind is gigabit, we're testing from a Ubuntu VM.
No VPN in use, no packages, no traffic shaping, …
Any ideas why the traffic is this slow?
Maximum throughput with filtering enabled:
NAT - 85 Mbps
Routing - 85 Mbps
Bridge - 85 Mbps
IPsec maximum throughput without and with VPN1411 accelerator:
3DES: 13.7 Mbps vs 34.6 Mbps
AES: 19.4 Mbps vs 34.2 Mbps
AES256: 13.5 Mbps vs 34.2 Mbps
Looks like you can get up to 85Mbits/s … perhaps you need to hard set duplex and speed.
i know these metrics.
why do you think i have to hard set duplex and speed?
they are on "100baseTX <full-duplex>" on all interfaces.</full-duplex>
Some switch or router models have to have speed and duplex set to get max performance. Was the case with a Cisco router we had. Otherwise, I would restart everything and retest. Could be something simple like an arp table not behaving. If you have a free IP on the WAN stick a server out there and test the throughput through the pfSense. Do you get better performance on non-http and ftp downloads? If you use torrent, does it still top out at 30 or will it saturate the line?
Our Cisco DPC3000 is connected directly to pfSense - before it was connected to a HP DL380 G7, higher speeds worked there on auto-sense settings.
ARP table should be clean as our support pushed a new bootimage onto it shortly after the switch to pfSense. Some reboots were also done.
I don't want to change the auto-sense setting as I'm a two hour car ride away from the machine (in case anything goes wrong).
Is there a possibility to access the DPC3000 and set the network speed? I'm afraid not.
I just tried torrents - the maximum is around 30mbit, however cpu load is from 60% to 70%.
Then I don't really know. I could speculate about PCI bus speed and perhaps the two ports you picked are on the same one. Perhaps someone with one of these could comment on the theoretical speed versus actual speed.
Do you have powerd on?
Network equipment (including appliances like your pfSense box) should always have their speed and duplex set manually if you want consistent throughput. I've lost count of the number of issues I've had because a device somewhere in the chain decided to pick half-duplex rather than full, or 10Mbit/s instead of 100 or 1000.
Also, the 500MHz Alix devices are capable of about 85Mbit/s in a single direction, and only with 1500 byte packets. As soon as the packet size drops, or as soon as you start pushing bidirectional traffic, the throughput drops, so you might think about your testing methodology.
This is why if you are going to have more than 10 or 20MBits, I would go for one of those supermicro atom servers. They are more money, but they can do alot more. We have one at a data center with 100Mbits symmetric burstable to 250Mbits and it handles that with ease. It is limited to about 320Mbits because of the bus though.
Thanks for your replies!
Yesterday I tried using "device polling". While the webUI was very slow around 80mbit were possible via FTP.
Today 2.0.1 came out, instantly tried it and now we have up to 70mbit without device polling.
This value seems okay for me given the Alix hardware specs.