Pfsense VS Ipfire Connections Speed



  • ;D ,  Hi everyone,

    I am currently using a Supermicro X7SPA-H-D525 with a 80gb 2.5 hdd with 4 gb ram. I installed Pfsense 2.02 x64 and compare it to IPfire which is another firewall router based on Linux.
    When I download files from say Microsoft website, the files when being downloaded with Pfsense is around 400kb/s under a 250mb/s up and down fiber line. When I use IPFire downloading the same file, the file download speed could go up to 2mb/s or more. The throughput is more and faster than I expected of IPFire.
    Is there anything that I can do to improve or to get this speed back in Pfsense?
    All I know is in terms of download, IPfire wins big but in terms of functionality, PFsense smokes IPfire big time. I tried a lot of time to do port forwarding but it won't work in IPfire. In then end, have to use another tab which is external access in Ipfire which is quite stupid to me. I maybe a linux newbie, but this way it was setup seems to be very different from PFsense. Is it possible that my hardware is not powerful enough?

    Thanks.
    Regards.



  • @kirlcheah:

    Is it possible that my hardware is not powerful enough?

    An Alix (single core, single thread 500MHz CPU) is reported as capable of getting throughput of around 80Mbps when running pfSense. Your hardware should certainly be much more capable.

    I suggest that downloading some file from the internet from some host without specifying file size, host, number of hops, loading of intermediate hops, server loading etc is probably not a very good indicator of firewall throughput performance. Lots of fiewalls generally run many concurrent connections. Perhaps being able to run 20 concurrent connections at 200kbps would be more useful than being able to run one connection at 2Mbps (for example).

    Perhaps your ISP offers a "speedtest" service that is "close" to your system and so less subject to the vagueries of internet loading.

    Perhaps the transfer of a "largish" file (say a CD image) by torrent (many concurrent connections to many sites) would be a more useful metric than a single connection file transfer.

    It would seem you should be able to get downloads through pfSense much faster than 400kbps, Does the pfSense page Status -> Interfaces report any interface errors?



  • I use a D2500CC, which is also an Atom board (1.86GHz dual core, I think) and which is also equipped with Intel 82574L NICs. It has 2GB RAM installed. I run pfSense 2.0.2 x86 with the SMP kernel. I achieve 100MBit/s download rate (ISP limit) with the CPU load at around 20%.

    I guess you have no "power saving features" enabled, which could decrease performance. That would be too easy, and it shouldn't decrease performance that much.

    Maybe you receive a performance penalty because you run a x64 version? You might try the x86 version.



  • In the Interface, it does not report any interface error…..
    How do you check on the power saving enabled? X86 version and the X64 version performs the same... Same old speed. Once i load IPfire, the same file can be downloaded at 2mbps... which is strange... I do you see any logs about hardware issue?



  • http://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards

    this is most likely an issue with one of your network cards. Check post above for solutions


  • Netgate Administrator

    400kbps is ridiculously slow. Your hardware should be good for ~500Mbps of firewall/NAT. It points at some connection problem like mismatched duplex settings somewhere.
    I note that the file you are using as a test can only be downloaded at 2Mbps even though your connection is 250Mbps. That's not a good test file.  ;)

    Power saving features in pfSense are enbled via powerd in System: Advanced: Miscellaneous:  However the D525 does not support Speedstep so powerd won't be active (it's disabled by default).

    Steve



  • What does the Status: Dashboard tell you? Is the CPU maxed out, or running idle (when downloading at the amazingly low speed of 400kbps)? Is MBUF usage getting to the limit? Memory usage? Swap going past 0%? What is your state table size?

    Edit: if CPU load is above 25%, what does top -SH tell you?



  • @Klaws:

    What does the Status: Dashboard tell you? Is the CPU maxed out, or running idle (when downloading at the amazingly low speed of 400kbps)? Is MBUF usage getting to the limit? Memory usage? Swap going past 0%? What is your state table size?

    Edit: if CPU load is above 25%, what does top -SH tell you?

    The CPU load is at paltry 13%. MBUF is not going up. 3352/256000. Memory is only 5%, swap is stuck at 0% State Table is 413/389000. Strange….



  • @stephenw10:

    400kbps is ridiculously slow. Your hardware should be good for ~500Mbps of firewall/NAT. It points at some connection problem like mismatched duplex settings somewhere.
    I note that the file you are using as a test can only be downloaded at 2Mbps even though your connection is 250Mbps. That's not a good test file.  ;)

    Power saving features in pfSense are enbled via powerd in System: Advanced: Miscellaneous:  However the D525 does not support Speedstep so powerd won't be active (it's disabled by default).

    Steve

    However changing the power saving does affect the speed. Enabling it, today i get around 2.5mbps. When I disable it, means run full power, i get around 3.6mbps. Might have been the fastest…..


  • Netgate Administrator

    Yeah I phrased that badly, I meant to say….
    Powerd is disabled by default so unless you have enabled it yourself it won't be running. Enabling it will not provide any significant power savings (or even measurable) because the desktop Atom CPUs don't support speedstep. That doesn't mean it won't effect performance though as it will still attempt to use cpu throttling. See this for why that's not much use.

    Steve


Log in to reply