SG-2440 Bandwidth Performance
-
I bought a SG-2440 last week to replace a dying PIX firewall. I have been using pfSense in multiple other places as well, so this was a great option. However, I've been sitting here with it on my desk doing some benchmarking of it's performance (literally out of the box configuration, DHCP on wan, Static + DHCP on lan) using iperf and iperf3 and was curious if I'm doing something wrong. In it's default config I'm only able to get about 750-800Mbit up/down through the box. If I remove the box and go direct, I pull 980-990Mbit so I know it's not the hardware involved. Is this the max this box can do? As I ask as I'm thinking of getting a few more to replace some aging PC hardware we're using pfSense with right now (locations with Gigabit, using 7-8 year old PC's, but they handle full Gigabit just fine), and I want to make sure I get a big enough box to actually push Gigabit through.
-
Good question. I am also in the market for a gigabit capable router. Let me know if you get an answer.
-
What was the CPU usage at the time?
-
So basically I'm testing 2 scenarios
1. WAN -> LAN (so receiving data).. I max out at just over 750Mbps in this scenario. The load is 1 CPU at 100% utilization (system), while the other is at around 60% (interrupt)
2. LAN -> WAN (so pushing data).. I max out at just over 800Mbps in this scenario. The load is 1 CPU at 100% utilization (system), while the other is at around 20% (interrupt)I tried to do bi-directional using iperf 2 vs 3, and due to the load that 1 stream puts on the box, the other stream just sits idle.
What I don't understand is the difference in interrupt processing in the two different scenarios.
During this testing (I ran 10 minutes at a time using iperf 3) in both scenarios. This was repeatable. I was also monitoring the CPU frequency via sysctl during this, and it was jumping up to 2100 (turbo boost I guess? as the CPU in this unit is a 1.74Ghz I believe).
I also tested this by removing the pfSense box and just going direct to direct to ensure that the hardware I was utilizing was not a limitation and was getting over 940Mbps both directions (even bi-directional I was able to push/pull simultaneously above 900Mbps)
So my guess is this is just the absolute limit of this processor.. For what I bought it for, this is fine, however it tells me that I need to buy a more powerful box for the other locations.