Extremely slow LAN SSH transfer speed

unguzov

I have 2 WAN and one LAN.

I want to upload a big file from LAN to firewall with winscp but my speed is only 300 Kb/sec (with 100 Mbps switch)?!?!? Traffic shaper is off, only nTOP package is running.

Upload from firewall to internet is OK (speed is over 700 Kb/sec)…

System logs:

May 29 14:58:17 kernel: xl3: tx underrun, increasing tx start threshold to 240 bytes
May 29 14:58:17 kernel: xl3: transmission error: 90
May 29 14:57:04 kernel: xl3: tx underrun, increasing tx start threshold to 180 bytes
May 29 14:57:04 kernel: xl3: transmission error: 90
May 29 14:41:30 kernel: xl3: tx underrun, increasing tx start threshold to 120 bytes
May 29 14:41:30 kernel: xl3: transmission error: 90
May 29 14:39:58 sshd[3531]: subsystem request for sftp
May 29 14:39:58 sshd[3531]: Accepted keyboard-interactive/pam for root from 83.XXX.XXX.XXX port 63725 ssh2

razor2000

What are the specs of your pfsense firewall?  Are you using a full install of an embedded setup?  I have found that the cpu speed of the host firewall is EXTREMELY important as it is the one dealing with the encryption of the data stream.  That is not to say that you don't have another issue which may be causing this, however.

unguzov

@razor2000:

What are the specs of your pfsense firewall?  Are you using a full install of an embedded setup?  I have found that the cpu speed of the host firewall is EXTREMELY important as it is the one dealing with the encryption of the data stream.  That is not to say that you don't have another issue which may be causing this, however.

Hi,
My firewall is: 6.2-RELEASE-p11 #0 Sun Feb 24 16:32, full install

CPU: Intel(R) Pentium(R) 4 CPU 2.53GHz,
3 NICs 3Com 3c905B-TX Fast Etherlink XL
Memory: 512 MB DDR

I have no problem with Internet routing, downloading and uploading from WAN side or downloading from internet at the workstations. The problem is only at the LAN side (worsktation to firewall LAN interface).

I also tested on second pfSense box and get same result… Is this a bug?

Perry

I tried a winscp transfer test and get around 30Mbps(300KB)
1.3GHz AMD Athlon (pfsense)–-Gb lan nic------100Mbps switch------Gb nic----3GHz P4(winscp)

Things i would try
Try with a crossover cable to eliminate the switch

I also tested on second pfSense box and get same result… Is this a bug?

If hardware spec is the same you could.
The ifconfig -m xl3 will show the supported media types for the nic. it might be wrong
Replace nic to intel.

@http://www.freebsd.org/cgi/man.cgi?query=dc&sektion=4:

TX underrun – increasing TX threshold  The device generated a
    transmit underrun error while attempting to DMA and transmit a packet.
    This happens if the host is not able to DMA the packet data into the
    NIC's FIFO fast enough.  The driver will dynamically increase the trans-
    mit start threshold so that more data must be DMAed into the FIFO before
    the NIC will start transmitting it onto the wire.

unguzov

@Perry:

I tried a winscp transfer test and get around 30Mbps(300KB)
1.3GHz AMD Athlon (pfsense)–-Gb lan nic------100Mbps switch------Gb nic----3GHz P4(winscp)

Things i would try
Try with a crossover cable to eliminate the switch

I also tested on second pfSense box and get same result… Is this a bug?

If hardware spec is the same you could.
The ifconfig -m xl3 will show the supported media types for the nic. it might be wrong
Replace nic to intel.

@http://www.freebsd.org/cgi/man.cgi?query=dc&sektion=4:

TX underrun – increasing TX threshold  The device generated a
    transmit underrun error while attempting to DMA and transmit a packet.
    This happens if the host is not able to DMA the packet data into the
    NIC's FIFO fast enough.  The driver will dynamically increase the trans-
    mit start threshold so that more data must be DMAed into the FIFO before
    the NIC will start transmitting it onto the wire.

My tests with Windows and IPCop on the same hardware shows that problem is not in NIC. I think that problem is in pfSense NIC driver or SSH daemon. It is not cheap to buy Intel Pro NICs when firewall costs $150 US and is used for 5 workstations. It will be good if more people tests pfSense to know what hardware/software make this problem (or this happens only on my 2 pfSense boxes  :D)

ifconfig on xl3:

# ifconfig -m xl3
xl3: flags=8943 <up,broadcast,running,promisc,simplex,multicast>mtu 1500
        options=9 <rxcsum,vlan_mtu>capabilities=49 <rxcsum,vlan_mtu,polling>inet 192.168.155.254 netmask 0xffffff00 broadcast 192.168.155.255
        inet6 fe80::250:4ff:fe0b:e464%xl3 prefixlen 64 scopeid 0x4
        ether 00:50:04:0b:e4:64
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
        supported media:
                media autoselect
                media 100baseTX mediaopt full-duplex
                media 100baseTX
                media 10baseT/UTP mediaopt full-duplex
                media 10baseT/UTP
                media 100baseTX mediaopt hw-loopback
#</full-duplex></rxcsum,vlan_mtu,polling></rxcsum,vlan_mtu></up,broadcast,running,promisc,simplex,multicast>