Pfsense dramatically reducing broadband speed
-
Hi. We have installed a Draytek Vigor 120 modem on a new broadband line, and connected to a PC it is giving download speeds of around 19Mb over PPPoE. When we connect our pfsense box with a PPPoE interface we are only getting 0.7 Mb downstream of it. Any suggestions about what we need to configure to correct this would be gratefully received!
-
What hardware?
Possibly needing MSS clamping smaller than is enabled, possibly a junk NIC that doesn't play nicely with your modem, possibly a bad cable. Those generally the most likely cause of something along those lines.
-
Or, along the same lines, a duplex mismatch between WAN port and modem.
-
At first an on top, that is an even coming back evergreen theme.
Hi. We have installed a Draytek Vigor 120 modem on a new broadband line, and connected to a PC it is giving download speeds of around 19Mb over PPPoE.
Hello, a pure modem will not be doing SPI/NAT/Firewall rules, this at first!
A modem is a also not a router or a firewall device and so there will be done
nothing, only let the data flow through. It is not a secret and only tended to
pfSense that putting a device such as a router or a firewall behind a modem
that the the data flow will be more or less stocking a bit and a bit throughput
will went away always. So at today you can count something like SPI/NAT will
take more or less 3% - 5% and ion some rarely cases also 8% from the total
throughput. But this is nothing compared against if firewall rules will be coming
on top of this game, then we are talking about much more power is used to handle
this load then. And yes also pfSense and other firewall or router distros want to
see good supported and really fast hardware as well. Let us have a closer look to
the Mikrotik Routers: You will have 100% cpu power at the start, then setting up
SPI & NAT and you will have nearly loosing 10% - 20% of the cpu power, but if
you set up then some firewall rules and some mangle rules with QoS and VLANs
you will loose 60% of the total CPU power and also the throughput.And the same will be shown up if Squid & SquidGuard, DPI, IDS/IPS and VPN
comes to that situation on top.When we connect our pfsense box with a PPPoE interface we are only getting 0.7 Mb downstream of it.
Then you should have a look to the pfSense store, there are hardware appliances shown
that can handle different loads and set up quite easily.Self made pfSense boxes should also be using hardware that is matching and facing up the
to the entire set up and needs of usage.Any suggestions about what we need to configure to correct this would be gratefully received!
You first please;
- What kind of hardware is in the game?
- USB Stick, SSD/HDD, mSATA or SATA-DOM as installation medium?
- How many users must be served?
- Which services will be offered LAN inside?
- What kind of services the pfSense is running? (IDS/IPS, Squid, AV Scan,…)
- What hardware is really in usage? (CPU, RAM, SSD/HDD, mSATA, NICs, Board,...)
So we can come closer to the point why and when the throughput breaks in so hard.
The tip with the MSS and duplex mismatch I would really test out because this could be
mostly the angle point where something runs false or is quite needed. -
Hi. We have installed a Draytek Vigor 120 modem on a new broadband line, and connected to a PC it is giving download speeds of around 19Mb over PPPoE. When we connect our pfsense box with a PPPoE interface we are only getting 0.7 Mb downstream of it. Any suggestions about what we need to configure to correct this would be gratefully received!
[edited for not registering what was posted above]
What speed do you get if you plug the draytek directly into a windows pc?Instructions at the bottom of the webpage, but for XP.
https://www.draytek.co.uk/archive/kb_vigor100_setup.html
[edited for not registering what was posted above]In the UK as its mainly ADSL unlike other countrys, you'll need to adjust the MTU to 1492 in pfsense (which is default iirc), PPoE ie cable tends to be MTU 1500, which might also be worth checking.
-
@cmb:
What hardware?
Possibly needing MSS clamping smaller than is enabled, possibly a junk NIC that doesn't play nicely with your modem, possibly a bad cable. Those generally the most likely cause of something along those lines.
Our hardware is a LinITX ALIX 2D3 LX800 (3NIC+USB) pfSense Firewall Kit
-
Is the poor performance skewed in one direction? Faster Uploads, slow downloads or slow uploads, faster downloads?
Is Status > Interfaces counting any In/out errors on WAN?
Realtek NICs. My money's on one side being full-duplex and one side being half-duplex. Do you have a dumb switch you can put between the WAN NIC and the modem? Or even a blank VLAN on a managed switch? Then you could actually see what's going on.
-
Our hardware is a LinITX ALIX 2D3 LX800 (3NIC+USB) pfSense Firewall Kit
Pretty old but it is able to deliver around 80 MBit/s for normal.
- As told before the modem is having a dublex miss match perhaps and is connected only with 10 MBit/s!
- other services are narrowing down the throughput likes Snort, Squid &SquidGuard, ClamAV
- The pfSense should be activating MSS clamping perhaps.
- DNS entries are false
- miss configuration at some points ?
