FTTP problems, TCP Recieve Window (RWIN)?

k1e0x

Hi all, I've upgraded my DSL to a FTTP connection (Verizon)

I have the 15m/2m package.

However pfSense seems to preform very slowly with it. My speed tests using pfSense is around 3m/768k. Now when I use the ghetto Verizon router I get around full speed (13m/1.5m est.)

I've modified several sysctl settings to configure it to values either verizon recommends or dslreports users recommend.

MTU is 1492

I have now set in /etc/sysctl.conf
kern.ipc.maxsockbuf=653400
net.inet.tcp.recvspace=522720
net.inet.tcp.sendspace=130680
net.inet.tcp.rfc1323=1

and set kern.ipc.nmbclusters="16384" in /boot/loader.conf

This should be correct for my speed.

http://www.speedguide.net/analyzer.php reports

« SpeedGuide.net TCP Analyzer Results » 
Tested on: 10.12.2007 23:31 
IP address: 71.164.xx.xxx 

TCP options string: 020405ac0103030401010402 
MSS: 1452 
MTU: 1492 
TCP Window: 1045440 (multiple of MSS) 
RWIN Scaling: 4 
Unscaled RWIN : 65340 
Reccomended RWINs: 63888, 127776, 255552, 511104 
BDP limit (200ms): 41818kbps (5227KBytes/s)
BDP limit (500ms): 16727kbps (2091KBytes/s) 
MTU Discovery: ON 
TTL: 47 
Timestamps: OFF 
SACKs: ON 
IP ToS: 00000000 (0) 

I'm still not seeing the speed I should be though.. hmm ??

How do I set the Unscaled RWIN value?

cmb

You need to stop messing with settings, the defaults are configured appropriately for your situation. The stuff you're messing with is only applicable to traffic initiated by the firewall itself anyway, not traffic it passes.

I'd start with a reinstall to get back to known good settings. Then look for interface errors under Status -> Interfaces. You might want to check that speedguide.net page from multiple machines. What it shows is how your client PC is configured, not your firewall. (well, except in the case of MSS, as pfSense will MSS clamp your connections at 1452 MSS/1492 MTU to avoid MTU problems with PPPoE)

What are the specs of your hardware? If it's something extremely low powered, it might not be fast enough for that fast of a connection.

You have some sort of problem, but mucking with your TCP/IP settings on your firewall and clients isn't going to help (unless it's broken from messing with).

k1e0x

Reinstall is not necessary. I can comment out the lines and go back to default, if I like.

Default is
net.inet.tcp.recvspace=65228
net.inet.tcp.sendspace=65228

Client is configured identically.

The machine is a k7 700m with 512m in ram and 3com 3c905 cards. (Verizons router is 533m with 32m in ram, not bad.)

Maybe I'll swap out the nic's and see if I cant get better performance.

k1e0x

Identical results with Realtek 8139 and ADMTEK AN985 nic's. I didn't think it would be hardware because wouldn't the hardware cap at the same rate in both directions if that was its max?

Tested with configured and unconfigured clients. Speed is totally horrible 1/3 what it should be.

Hmm, I'm officially stumped.

k1e0x

I got bad news. Smoothwall on the same hardware does not have the same problem. It runs at full speed. This sucks because I really like the features in pfSense.

I'll put it back on to debug it if you like. I just need to know what data to collect from it.

gmckinney

@k1e0x:

I got bad news. Smoothwall on the same hardware does not have the same problem. It runs at full speed. This sucks because I really like the features in pfSense.

I'll put it back on to debug it if you like. I just need to know what data to collect from it.

Curious - what version of FreeBSD was running in the Smoothwall version?

gm…

k1e0x

@gmckinney:

@k1e0x:

I got bad news. Smoothwall on the same hardware does not have the same problem. It runs at full speed. This sucks because I really like the features in pfSense.

I'll put it back on to debug it if you like. I just need to know what data to collect from it.

Curious - what version of FreeBSD was running in the Smoothwall version?

gm…

None: Linux smoothwall 2.6.16.53 #1 Thu Aug 16 12:34:52 BST 2007 i686 GNU/Linux

gmckinney

Oh DUH!  Did not think to check to see if Linux or FreeBSD…

Have you tried monowall to see how it runs???  I think it is based on FreeBSD 4.1.

gm...

razor2000

There is something wrong/off with your setup.  I've used pfsense to control several Fios setups I've had and it works flawlessly.  My most recent install was with a business 15/2 plan that had 5 static ip's.  You haven't mentioned your Verizon router model, whether it's the lovely giant sized Actiontec router or something else.  Another important item is how your Fios is connection to it.

Please look at the following two links and see if they help out.

http://forum.pfsense.org/index.php/topic,3573.0.html

http://forum.pfsense.org/index.php/topic,4301.0.html

Let us know some more info and the results.

Good luck….

k1e0x

It is a MI424-WR, but I don't need to bridge it, I asked the tech not to use MoCA and went with Cat5 from the ONT.

Hmm well maybe FreeBSD is having a problem with the nics or something that Linux does not have and that slow is down? I'm not really sure, I looked at the dmesg and interfaces and did not see any errors.

razor2000

OK, same setup I've used, so my next questions are:

Since you listed the specs of the box you are using for your pfsense, would you happen to have another (spare) computer that you could use to build another one.  I'd prefer something Intel based and not based off the K7 platform.  Stick with the 3com nics if you have them (though Intel nics are preferred) and see what happens.

There have been reports here in the past about certain setups running slow with pfsense but just fine with some Linux OS on the same box (smoothwall, ipcop, etc…).

k1e0x

Not off hand at the moment but this may be possible soon. I'll repost here if I ever swap the box out.