Slow throughput on 50meg connection

  • Okay latest pfsense 2.1.4 Intel em nics.  Why can't I get better than 8meg through the box? Naturally, the first thing I thought of was duplex mismatch but I've triple checked that and when I connect my ASA up to it and put a winbloze laptop on, I can see the full speed.  I'm a big fan of pfsense and FreeBSD in general and this makes no sense to me. Specs of the box are Supermicro motherboard 8GB RAM, Intel 82457  /82456 NICs, core 2 processor.

    Disabled all offloading, even added nic tweaks to the loader.conf to no avail. No crc issues, or any other errors on the network.

    Internet->pfsense (running HAVP)->PC=8megs

    Internet->ASA->windows laptop=48-50megs

    This is really frustrating and I'm about ready to chalk it up to a bad server but having said that, I tried installing pfsense on a VM with it's own dedicated NICs and got the same result.

    Folks, what am I missing?

  • I can tell you that my PFsense box is running on less than half your specs and pushing twice your bandwidth (100 Mbit business line) like a champ.

    My specs:

    P4-2.4 Ghz
    40 GB HDD
    512 MB ram
    2 - Intel 100 Mbit NICs (1 - onboard, 1 - PCI)

    Anything is possible as they say, so I'm leaving a remote chance that your iso was corrupted while downloading, but I'm about 98% sure the issue is not the OS.  There are just too many rock solid installs out there.

    Things to check:

    • Verify you haven't misconfigured the traffic shaper

    • You are running HAVP, which means all your traffic is going through a proxy and being written to temp file, which is then held in the proxy until it is verified to be clean by the scanning thread.  This is going to slow you down by design.  Having said that, is HAVP alone cutting your bandwidth from 50 Mbit to 8 Mbit, not sure, but since you have it installed, it's just one more thing to troubleshoot.  I'd suggest uninstalling it.

    • Are you running Squid in conjunction with HAVP?  Verify bandwidth throttling has not been configured

    • Try different NIC's

    • Try a different machine altogether

    • check your cabling (replace custom with pre-made)

    • check for irregular light patterns @ layer 2… this can indicate a bad cable or a failing NIC

    • Probably not the case, but worth a look… verify the PC does not have any QOS/Packet Prioritzing software running locally.

    Personally, I would disable HAVP and Squid (if installed), re-download a fresh copy of the 64 bit Live CD with installer, re-install, and re-do your bandwidth test with no packages installed and no shaper configured.  Barring a hardware issue, I'm betting you'll see your full bandwidth, which will verify a configuration issue or HAVP is crippling your speeds.

    PFsense can handle a 50 Mbit connection without blinking.  I find it very hard to believe PFsense itself is involved here in any way.

  • Netgate Administrator

    That sort of throttling I too would look for a duplex mismatch first. How did you test for a mismatch? Is that 8Mbits or 8Mbytes? Either way whatever your hardware is if it can take 8GB or RAM it should have no difficulties. Please give more details of your setup.
    Has issue this just started? I see you've been running pfSense in the past.


  • Have a look on your PFTOP while downloading…

    Throughput comparison of a cheap design (APU): APU 2GB + 32GB SSD = top up at 100Mbit/s (8MB/s) on IPSec VPN (AES128) interface. The link was a 200Mb Fiber.

  • LAYER 8 Global Moderator

    I am running pfsense in a vm on a hp microserver n40l so not a lot of umph there.  And I have no issues with my 50/10 comcast internet connection.  I actually see 57 to 58ish down and 11 to 12ish up..

    I have not done anything with backend configurations or tweaking.. Out of the box running 2.1.4 i386

    Downloads I see 6.8 to 6.9MBps – so clearly rocking the full pipe..  With only 8mbps I too would look to a duplex mismatch sort of error or only coming up at 10mbit on the connection.

    You clearly should not have to tweak anything to get 50mbps through that box without any problems.

  • Thanks for the replies I'll try the i386 version (was on 64) and I'll report back.

  • You won't have been able to boot correctly if your CPU were 32bits.

    Look at your speed and duplex (both LAN / WAN) in Stauts -> Interface.

  • I've quadruple checked ALL interfaces to 100/full on both pfsense and switches and so I installed the 32 bit and here's the latest.

    From the console I'm now getting full bandwidth.

    From console:
    Retrieving configuration…
    Retrieving server list...
    Testing from .....
    Selecting best server based on latency...
    Hosted by TRANSTELCO (Nogales) [108.03 km]: 22.223 ms
    Testing download speed….....................................
    Download: 47.11 Mbits/s
    Testing upload speed..................................................
    Upload: 33.66 Mbits/s

    From a client on the internal interface:
    Hosted by TRANSTELCO (Nogales) [108.03 km]: 22.223 ms
    Download 53.64 Mbits/s
    Upload 11.30 Mbits/s

    Okay, so what have I learned?  It would appear the 32 bit version likes my hardware more than the 64 bit?  maybe?

    Comments? Questions?  I've got many.

  • Netgate Administrator

    Can you give us more details on your hardware? Years ago the 64bit build may have been less well tested but today there are probably more people running that than 32bit.


  • I'd be happy to just give me a couple of days.

  • 32/64 NIC drivers ?

    Sometimes, you could have trouble selecting "Autodetect" in speed and duplex, depdending on which hardware couple you are using (PF <-> Switch). Sometimes you will have to force it manually.

    Does a 64bit NIC driver couldinterfer with speed an duplex autodetect ?

  • How did you run from the command line?

  • LAYER 8 Global Moderator

    [2.1.4-RELEASE][root@pfsense]/root(1): cd /tmp

    [2.1.4-RELEASE][root@pfsense]/tmp(2): wget -O speedtest-cli –no-check-certificate

    [2.1.4-RELEASE][root@pfsense]/tmp(3): chmod +x speedtest-cli

    [2.1.4-RELEASE][root@pfsense]/tmp(4): ./speedtest-cli
    Retrieving configuration…
    Retrieving server list...
    Testing from Comcast Cable (24.13.xx.xx)...
    Selecting best server based on latency...
    Hosted by ServerCentral (Chicago, IL) [40.85 km]: 20.297 ms
    Testing download speed….....................................
    Download: 56.79 Mbits/s
    Testing upload speed..................................................
    Upload: 11.13 Mbits/s

Log in to reply