Awful pfSense Performance Help



  • Hi everyone -

    I am having some very debilitating issues with my pfSense setup. I have a 2.2.1 machine with

    • C2D E6550 @ 2.33 GHz, 4GB RAM, a TP-LINK TG-3269 gigabit PCI NIC (LAN), and the onboard gigabit NIC for the WAN - I believe it is Intel

    All the box is really doing is DHCP, Squid, and most of the default features on a 60/50 mbit/sec connection. I have two Ubiquiti UAP-LR running on the LAN, and currently, about 30 connections. The APs are load balanced @35 users/AP, and I have set the download limit (for wireless connections) to 3000 kbit/sec. When I ran the iperf test (wired), I repeatedly get:

    –----------------------------------------------------------
    Client connecting to 10.0.0.1, TCP port 5001
    TCP window size: 8.00 KByte (default)

    [156] local 10.0.0.10 port 61119 connected with 10.0.0.1 port 5001
    [ ID] Interval      Transfer    Bandwidth
    [156]  0.0-10.2 sec  5.29 MBytes  4.37 Mbits/sec

    This is at a time when there is very little activity, and the CPU usage is basically nothing. I am beginning to suspect that the LAN NIC is the culprit, but I am not sure how to tell for sure.

    Any ideas? What should I do? THANKS GUYS!


  • Netgate

    What kind of switch?  Does Status > Interfaces show any errors?  Does looking at the ethernet counters on the client or the switch ports show any errors?

    What kind of iperf numbers do you get running the other way?

    iperf -s -u

    iperf -c server_ip -r -u -b 100m



  • First of all, I want to thank you, Derelict, for your help.

    No in/out errors or collisions on either interface. Can you please explain this to me: " Does looking at the ethernet counters on the client or the switch ports show any errors?"

    What does this information show me, and where can I find it?

    Results from _iperf -s -u

    iperf -c server_ip -r -u -b 100m_

    $ iperf -c 10.0.0.10 -r -u -b 100m -p 135
    –----------------------------------------------------------
    Server listening on UDP port 135
    Receiving 1470 byte datagrams
    UDP buffer size: 41.1 KByte (default)


    Client connecting to 10.0.0.10, UDP port 135
    Sending 1470 byte datagrams
    UDP buffer size: 56.0 KByte (default)

    [ 10] local 10.0.0.1 port 1142 connected with 10.0.0.10 port 135
    [ ID] Interval      Transfer    Bandwidth
    [ 10]  0.0-10.0 sec  120 MBytes  101 Mbits/sec
    [ 10] Sent 85466 datagrams
    [ 10] Server Report:
    [ 10]  0.0-10.0 sec  97.1 MBytes  81.5 Mbits/sec  0.204 ms 16188/85464 (19%)
    [ 10]  0.0-10.0 sec  1 datagrams received out-of-order
    [  9] local 10.0.0.1 port 135 connected with 10.0.0.10 port 52510
    [  9]  0.0-10.0 sec  56.3 MBytes  47.2 Mbits/sec  0.256 ms    0/40148 (0%)


  • Netgate

    Can you please explain this to me: "Does looking at the ethernet counters on the client or the switch ports show any errors?"

    On the client and in your switch.  No idea what you have or how to access it.  Slow throughput in one direction might be an ethernet duplex mismatch.  Error counters usually reveal that.

    [ 10]  0.0-10.0 sec  97.1 MBytes  81.5 Mbits/sec  0.204 ms 16188/85464 (19%)
    [  9]  0.0-10.0 sec  56.3 MBytes  47.2 Mbits/sec  0.256 ms    0/40148 (0%)

    Not outstanding but not bad.  81Mbit on a 100Mbit line is reasonable.  47 is not horrible.  Both much better than your original posting of  4.37Mbit

    Are you positive you weren't testing through a limiter?



  • Thank you for your reply, Derelict.

    I just want to let you and everyone else know that I replaced the Realtek LAN card with an Intel PT server card, and the problem pretty much went away. Way better performance. Thanks for your help!