Speed Limited to 16,3MBytes/s with P4 Hardware
-
Hello,
I have installed pfSence 2.0.3 on old hardware to serve as a firewall router for a 10 person office.
I have a 200Mbits/s symmetric fibre connexion but when I try to download files from the internet I am always limited to 16,3MBytes/s or 132Mbits/s.I tried to download directly on pfSense and I get 27MBytes/s which seams to be my internet connexion limit. I have no idea what is causing the bottleneck on the pfSense box.
I only have the pfBlocker package, I have disable and removed all traffic shaping. I do the tests directly behind the pfsense (no switch nor wifi).
Here is the hardware description :
- Intel Pentium 4 @3,0GHz
- 1GB RAM
- 2x PCI NIC RTL8169/8110 Gigabit Ethernet
Even with the PCI limit of 133MB/s for both cards I don't think it is the issue here. 30MB/s x2 = 60MB/s < 133MB/s
But I may be wrong. Maybe there is something specific about the P4 platform.Any hints about this issue are welcome. Anyone got experience with pfsense with P4?
Regards
-
Get Intel NICs
-
I can get much better than that on a 1.2GHz P4-M using Intel Gigabit NICs.
Is that CPU hyperthreading? I assume it is, try disabling that.
What does 'top -SH' show when you are trying to push the maximum throughput?Steve
-
I can get much better than that on a 1.2GHz P4-M using Intel Gigabit NICs.
Is that CPU hyperthreading? I assume it is, try disabling that.
What does 'top -SH' show when you are trying to push the maximum throughput?Steve
Will hyperthreading slow it down on a older single core P4 cpu?
-
I'm not sure but it's easy to try so why not. ;) It used to be common FreeBSD thinking that disabling hyperthreading would usually speed up the machine. Less so more recently but that's an old box. By running two threads in a single core you reduce the maximum single thread speed due to overheads, thread switching etc. Since the main firewall process, pf, is single threaded this could come into play.
Steve
-
Thanks for the replies,
How can I disable hyperthreading? in BIOS settings?
Here is the top command when I tried pushing throughput.
last pid: 54889; load averages: 0.06, 0.03, 0.00 up 0+20:03:49 16:20:41 87 processes: 4 running, 71 sleeping, 12 waiting CPU: 0.0% user, 0.0% nice, 0.0% system, 28.9% interrupt, 71.1% idle Mem: 37M Active, 13M Inact, 57M Wired, 756K Cache, 30M Buf, 1363M Free Swap: 4096M Total, 4096M Free PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND 11 root 171 ki31 0K 16K RUN 1 19.9H 100.00% {idle: cpu1} 12 root -28 - 0K 104K CPU0 0 24:13 61.28% {swi5: +} 11 root 171 ki31 0K 16K RUN 0 19.3H 42.29% {idle: cpu0} 12 root -32 - 0K 104K WAIT 0 14:40 0.39% {swi4: clock} 14 root 44 - 0K 8K - 1 1:14 0.00% yarrow 244 root 76 20 3348K 1184K kqread 1 0:59 0.00% check_reload_status 0 root 44 0 0K 48K sched 1 0:43 0.00% {swapper} 30090 root 44 0 5076K 3172K select 1 0:23 0.00% openvpn
-
Yes, in BIOS.
-
Is that 'top' or 'top -SH'?
Either way you've one virtual core doing nothing at all and the other one with plenty of spare cycles. Your CPU is not the throttle point in this system. I would suspect the NICs after that. Also make sure whatever you're testing with is capable of sending/receiving the required (or well in excess of) bandwidth. I've been caught by that before.
Steve
-
This was 'top -SH' .
I didn't had the chance to try without HT yet.
For the testing system, it's working fine as I tried to push the throughput of my local gigabits switches and I got a transfer rate of 112MB/s with wget. That's how I found the bottleneck was the pfsense box.
For the NICs, is there other drivers to try?
-
You can try a 2.1 snapshot which has newer drivers. However if the NICs are a similar age to the rest of your system it's unlikely to make much difference. :-\
Steve
-
I'm getting a P4 box tomorrow from my work I hope.. I have a 105Mbit connection I'll probably be doing some testing and report back my results.. Is the 200Mbit split between the 2 nics? If that's the case then I don't see where their be a problem.. Unless like previous posted it's the cards themselves.. And you could get a dual-gigabit intel nic and see how that does..