WAN Performance Problem
-
Hi all
I'm running pfsense 2.1 RC0 on a Hyper-V platform (Windows 8). Although not officially supported, the setup is great, bacause you can run pfsense on a normal Window 8 Machine whitout using addional hardware. The only problem i have is the WAN performance. Whatever i do, the troughput is always around 40-60Mbit, but never more. I generated some traffic from another VM or from the Hyper-V host, same result
When i generate traffic from one internal pfsense interface to another, the troughput is fine (100Mbit, because of the legacy Hyper-adapters). Also when i connect a PC directly to the modem's interface, i get the full performance. I any case the ressource load on the pfsense is not above 20%.
Any ideas are really appreciated!
Liceo
-
No ideas? Many thanks in advance!
-
Update: I installed the current stable release from scratch without any packages any only two Interfaces (WAN/LAN), same result…
-
Are you doing caching, intrusion detection, filtering etc?
I ask this because I'm interested in if you are using virtual disks or seperate drive with its own high speed interface?
Because I've often been limited by drive speed in some configs. But I don't know yours.
-
Thanks for your reply!
Are you doing caching, intrusion detection, filtering etc?
Not sure wich setting you actually mean (sorry i'm not a pfsense pro), but i did not changed the config manually (all default on the WAN Interface / firewall config). Just let me know which setting i should check.
I ask this because I'm interested in if you are using virtual disks or seperate drive with its own high speed interface?
Because I've often been limited by drive speed in some configs. But I don't know yours.pfSense runs as any other virtual machine on a single 10GB virtual disk (vhdx file). The disk file is placed on a RAID1 Array (two disks) and a don't see any load on the host OS
-
No idea. Stumped.
I'm used to seeing performance hits on my VMs because the virtual disks are never as fast as physical disks and it also taxes the CPUs to use them.
However, if disk I/O isn't your issue, I don't know what is. -
ok, but thanks anyway ;-)
-
Push ::) … Sorry have to try it again, hopefully someone can help!
-
What speed do you get directly from the modem?
Have you tested any other VM connected similarly to pfSense?
Have you tried testing the speed directly from the pfSense VM rather than through it?
Steve
-
The only problem i have is the WAN performance. Whatever i do, the troughput is always around 40-60Mbit, but never more. I generated some traffic from another VM or from the Hyper-V host, same result
What are you using to test the performance?
Are you able to saturate the WAN link with multiple concurrent TCP connections?
What is the real inrterface name of the pfSense WAN interface (e.g. fxp1,le0, …)?
Can the hypervisor provide a PCI passthrough mode which would give pfSense direct control of the WAN interface (bypassing the virtual switch)?
When i generate traffic from one internal pfsense interface to another, the troughput is fine (100Mbit, because of the legacy Hyper-adapters).
Does this traffic go through pfSense or just through one of the switches?
-
I have tested the following:
1.
Shut down pfsense. Take a virtual machine and connected it to the same virtual switch as pfsense is using (WAN, de0). I'm using the legacy network Adapter, same as used for the pfsense virtual machine. Now the Client get an public IP address. The Speed test against cnlab.ch shows me the full 100Mbit.2.
Power on pfsense. Use the same virtual machine and connect it to another virtual switch. This virtual switch is connected to the Interface de3 (LAN) on pfsense. Now i repeat the same test: Only 50-60Mbit are measured.I use a second PC which is connected to de1 (another LAN) and copy a 1GB file from this PC to the virtual machine (same as above) on de3. I measure the full 100Mbit on both directions (50% cpu utilization).
My conclusions are:
- Problem cannot caused by the hypervisor or the virtual switch
- Problem cannot caused by the legacy NIC
- Problem doesn't occur when it goes over pfsense from de1 to de3
-
Are you able to saturate the WAN link with multiple concurrent TCP connections?
No. tried with JDownloader, get always not more than 50-60Mbit
What is the real inrterface name of the pfSense WAN interface (e.g. fxp1,le0, …)?
de0
Can the hypervisor provide a PCI passthrough mode which would give pfSense direct control of the WAN interface (bypassing the virtual switch)?
No. Only Server 2012 has the Option to make use of single root I/O virtualization (SR-IOV).
-
What is the real inrterface name of the pfSense WAN interface (e.g. fxp1,le0, …)?
de0
Does the hypervisor give you the option of emulating other NICs? If its available, I suggest you try emulating Intel gigabit NICs.
-
What is the real inrterface name of the pfSense WAN interface (e.g. fxp1,le0, …)?
de0
Does the hypervisor give you the option of emulating other NICs? If its available, I suggest you try emulating Intel gigabit NICs.
Unfortunately, pfsense doesn't support this NIC driver yet..
-
A good NIC is a NIC that works best is most vetted and most supported while still providing most of the speed you need. So, good ones are old ones and old ones are dirt cheap. Like $20 cheap.
-
A good NIC is a NIC that works best is most vetted and most supported while still providing most of the speed you need. So, good ones are old ones and old ones are dirt cheap. Like $20 cheap.
Sure, but pfsense is a virtual machine. I talk about virtual NICs and the Hyper-V synthetic adapter (similar to the vmx3 adapter in vmware) is not supported by pfsense.
-
I had issues get the 64 bit version of 2.1 to work well in ESXi. Kept dropping connectivity and going offline with multi-wan especially. For me, the 32 bit version was much better and worked right away. But I one on 32 bit version, I didn't hit any of your problems.
Haven't had much more than a couple of installs though. Not hardly the 2.1 expert. -
I tested also with 2.0.3, same result…
-
So the DEC NIC is the only other choice? (Edit: it seems it is: link) The de(4) driver is old and supports many different cards, I've seen it give trouble before on real hardware. I agree with Wallabybob this could well be your problem.
You should try testing the bandwidth from the pfSense VM directly so that you're only tesing the WAN connection. You can do this by downloading a large file from the console:[2.0.3-release][root@pfsense.fire.box]/root(2): fetch -o /dev/null http://download.thinkbroadband.com/50MB.zip /dev/null 100% of 50 MB 1961 kBps 00m00sThat file works well for me in the UK, you may have to choose something else.
Steve
-
Have you tested any other VMs using the legacy NICs?
The legacy network adapter requires processing in the management operating system that is not required by the network adapter.
Hard to believe it could slow it that much but you never know….
Steve
