LACP Not work

semos2k

I have a pfSense 2.0.1 x64 installed on a server with 9 1Gbps network ports each, 1 of them integrated and the other 8 into 2 PCI-X cards with 4 ports each have two interfaces configured LAGG each with 4 ports and the "PROTO" in "LACP"

LAGG-LAN (em0, em1, em2, em3)
LAGG-DMZ (em4, em5, em6, em7)

The first LAGG-LAN is connected to a 3Com 4500G switch set to "Link Aggregation" static from port 1 to 4
The second LAGG-DMZ is connected to a 3Com 4500G switch set to "Link Aggregation" static from port 1 to 4

when running tests with Iperf not increase the bandwidth, I have tried from different computers and different vlan but does not exceed the bandwidth provided by a single port. The next exit was executed from a computer and is reaching the maximum, when run from several teams this starts a decrease depending on the equipment used by others.

Client connecting to 192.168.210.21, TCP port 5001
TCP window size: 0.13 MByte (default)
–----------------------------------------------------------
[  4] local 192.168.1.133 port 55251 connected with 192.168.210.21 port 5001
[ ID] Interval      Transfer    Bandwidth
[  4]  0.0- 1.0 sec  63.1 MBytes  530 Mbits/sec
[  4]  1.0- 2.0 sec  60.5 MBytes  508 Mbits/sec
[  4]  2.0- 3.0 sec  61.9 MBytes  519 Mbits/sec
[  4]  3.0- 4.0 sec  64.4 MBytes  540 Mbits/sec
[  4]  4.0- 5.0 sec  61.6 MBytes  517 Mbits/sec
[  4]  5.0- 6.0 sec  63.2 MBytes  531 Mbits/sec
[  4]  6.0- 7.0 sec  63.0 MBytes  528 Mbits/sec
[  4]  7.0- 8.0 sec  62.2 MBytes  522 Mbits/sec
[  4]  8.0- 9.0 sec  63.2 MBytes  531 Mbits/sec
[  4]  9.0-10.0 sec  56.8 MBytes  476 Mbits/sec
[  4]  0.0-10.0 sec  620 MBytes  520 Mbits/sec

LAGG - LACP (4 NIC                                                        1 NIC
pc1 –------            ------- srv1                              pc1                                  srv1
                pfSense                            equal to              -------  pfSense  -------
pc2 --------            ------- srv2                              pc2                                  srv2

Thanks beforehand for any contribution.

cmb

From a single source to a single destination with LACP you'll never get more than the speed of one of the ports, as the balancing is done by MAC addresses, just the nature of how LACP works. The fact you can't get 1 Gbps wire speed is another matter, what kind of CPU is in that system, and is it at 100% when you're pushing 500 Mbps?

semos2k

I am using the dmz side 1 xeon server with two ports and two vm esxi only do the work of iperf in server mode.
in the lan I have two computers which make iperf clients pointing to each of the servers.

Clients.                  Servers
192.168.1.131 => 192.168.210.21
192.168.1.132 => 192.168.210.254

cmb

the firewall is running on bare metal, just the iperf client and server in ESX? I'd run all of it on bare metal to eliminate any hypervisor-induced limits on throughput.

What speed Xeon? A "Xeon" could be anything from a Pentium II to the latest and greatest new procs.

semos2k

pfSense server has a Xeon 2 processor 3.2 GHz 1 MB cache and memory 8GB 350ml hp g4, the server in the DMZ is a ml380 g4 processor 3.6GHz with 2MB and two network ports there is the esxi with two virtual machines.

In the area of ​​the LAN I have two computers a macbook pro and a vostro 400 intel processors both with each having a port 1Gbs

cmb

That's plenty to push a gigabit.

semos2k

What would be the recommended hardware for an infrastructure where the DMZ has 7 servers each with a gigabit port, the LAN has 200 computers.

cmb

What you have is more than adequate for most networks like you describe. That of course depends, if you need to route 7 Gbps between those servers and your LAN, you don't want a firewall at all, you need a very fast router.