My first build for Centurylink Gigabit Fiber w/ Jetway NF9HHG-2930
-
I've been doing research over the past few months on routers, wifi and networking in general. After spending a bunch of time on SmallNetBuilder and playing with my Asus AC68U, I realized a couple of things:
1. Consumer routers don't fully utilize a gigabit internet connection.
2. Most measurements online don't talk about performance of simultaneous upstream and downstream.I'm paying ~ $150 a month for Centurylink's gigabit service, but I'm not fully able to use it. I don't want my hardware to be the limiting factor.
I'm connecting directly to a Cat 6 cable from Centurylink bypassing their provided router. My goal with my build is to have a router using PFSense that works with my Centurylink Fiber connection (PPPoE ugh…) that will reach ~ 900 Mbps down while also doing ~900 Mbps up.
I'd also like to selectively route Netflix via a VPN (4K works better via a VPN than direct via Centurylink) as well as run a VPN Server so I can connect in remotely.
From searching, it looks like this should do the trick:
Jetway NF9HG-2930 Intel Celeron Quad Core Fanless PC w/ 4X Intel LAN, 2GB, M350- It has 4 Intel ethernet ports which I've read work better than realtek
- It has 4 cores on the processor
- It is fanless
I bought it via amazon http://www.amazon.com/gp/product/B00XO9QUJ4, but in retrospect should have ordered it from MitxPC and added the 8gb ram and 32gb mSATA drive there rather than ordering things piecemeal:
http://www.mitxpc.com/proddetail.php?prod=EKJNF9HGM350
I'm excited to do this build to see if it'll meet all my needs and once built will be looking forward to sharing my results.
-
I'm excited to do this build to see if it'll meet all my needs and once built will be looking forward to sharing my results.
Some speed tests would be fine to see what is going on. Would you share this with us?
-
Seems like a nice option! I would also be interested on know more. Not sure if you are planning to add more stuff other than leave it as a "simple" router/firewall" but Snort, Squid, ntopng, etc would be interesting to see how it performs!
-
@BlueKobold:
I'm excited to do this build to see if it'll meet all my needs and once built will be looking forward to sharing my results.
Some speed tests would be fine to see what is going on. Would you share this with us?
I agree, I would like to see the throughput on that connection as well. Testmy.net has the capability to max out your connection over several mirrors, and keep track of your results as you progress through the build out for you.
-
OK. I got the build done and have had it running for a few weeks. I played around with Snort and a few other services but have since turned them off in an effort to try and find the fastest configuration I can.
I also benchmarked it against my Centurylink provided Technicolor C2000t Router and I'm not able to match the speed of that router. Here are some tests I performed on the Centurylink.
Centurylink Technicolor C2000t
All speeds are in MbpsSpeedTest.net
- Portland (Comcast): 936 down, 894 up http://www.speedtest.net/result/5002820262.png
- Seattle (Metapeer): 930 down 843 up http://www.speedtest.net/result/5002826681.png
- San Francisco (Fast Metrics): 758 down 814 up http://www.speedtest.net/result/5002829839.png
Testmy.net
- San Francisco: 344 down 103.1 up
- Colorado: 230 down 77 up
And here are the tests for my PFSense build:
Jetway NF9HHG-2930 PFSense Build
All speeds are in MbpsSpeedTest.net
- Portland (Comcast): 561 down, 531 up - http://www.speedtest.net/result/5002770207.png
- Seattle (Metapeer): 569 down 643 up - http://www.speedtest.net/result/5002777972.png
- San Francisco (Fast Metrics): 534 down 705 up http://www.speedtest.net/result/5002781361.png
Testmy.net
- San Francisco: 288 down 96.9 up
- Colorado: 163.2 down 74 up
I've got a bunch of screenshots of my config and what's running https://www.evernote.com/l/AByfF_IR1QtGJ7OUj0sMPN91TEC9SNllXz0
Things unique to my setup
- No UPNP, 2 open ports - 1 for plex, 1 for ssh.
- PPPoE and VLAN tagging is required for the Centurylink Connection.
Other than those two things, it's a pretty bog standard PFSense config on hardware that doesn't seem to break a sweat and Intel Gigabit NICs.
In both cases, I tested with a Macbook Pro Core i7 as the only device plugged in to the router via a Thunderbolt Ethernet adaptor.
Is there any advice for how to benchmark the performance of the box in a controlled environment? Or other things to try to increase performance?
-
In researching the speed issue with pfSense and gigabit PPPoE connections (I have CenturyLink Gigabit as well), I opened a support ticket with pfSense. pfSense will not attain gigabit speeds with PPPoE (https://redmine.pfsense.org/issues/4821). It does not appear that this is going to be corrected anytime soon, so I am strongly considering abandoning the platform. I would prefer to have a router that can handle any speed, regardless of protocol in use.
-
As you reported in your support ticket, I'm seeing the same thing that queue1 has no rx packets.
$ sysctl -a | grep '\.igb\..*x_pack' dev.igb.0.queue0.tx_packets: 63657806 dev.igb.0.queue0.rx_packets: 198004723 dev.igb.0.queue1.tx_packets: 61807912 dev.igb.0.queue1.rx_packets: 0
Thanks for clearing that up! I'll stop pulling out my hair and look for alternatives.
-
I bought it via amazon http://www.amazon.com/gp/product/B00XO9QUJ4, but in retrospect should have ordered it from MitxPC and added the 8gb ram and 32gb mSATA drive there rather than ordering things piecemeal:
This would be one of the best supported devices for pfSense as I know it, you can turn pfSense into a real
UTM device that is capable to realize, Squid & SquidGuard, Snort & pfBlocker-NG, HAVP & ClamAV, so it will
be really powerful and strong enough for any kind of home set up.- Turn on PowerD (hi adaptive)
- Activate TRIM support for the mSATA
- Then High up the mbuf size to 1.000.000
Create a loader.conf.local and insert their all made custom changes that they will survive the next
update or upgrade from the pfSense were all files will be new written in the entire system.After doing this, and I mean all three things please, please test it once more again and report it to us.
Testmy.net has the capability to max out your connection over several mirrors, and keep track of your results as you progress through the build out for you.
Would be nice in my eyes, but a proper test with netIO or iPerf will be the best to test it out.
Seems like a nice option! I would also be interested on know more. Not sure if you are planning to add more stuff other than leave it as a "simple" router/firewall" but Snort, Squid, ntopng, etc would be interesting to see how it performs!
pf, Snort, Squid & SquidGuard, HAVP, would be really good running at this platform.
Centurylink Technicolor C2000t
This is not a comparable device against a x86 hardware where pfSense is running on.
This routers will be doing it mostly in silicon! So a ASIC/FPGA is doing all the job inside of this router family.
To be sure that you will be able to compare it against x86 hardware, it would more be fair to compare it against
a SG-4860 or SG-8860 from the pfSense store.Jetway NF9HHG-2930 PFSense Build
It is really a strong device and powerful enough for all things to realize, but at this time together with pfSense
and PPPoE it would be only running on one CPU core at the WAN port, because PPPoE is only CPU single Core
threaded and so you will not be able to archive even the top performance. Mostly it helps really out to get a
static public IP Address from your ISP that you can really don´t PPPoE at the WAN port, to archive the top
of the performance given by this device.It does not appear that this is going to be corrected anytime soon, so I am strongly considering abandoning the platform. I would prefer to have a router that can handle any speed, regardless of protocol in use.
PPPoE is at this time using one single CPU core only, but this might be not for ever and they are working on
to solve this issue. So the SG-4860 is capable to arvhive 1 GBit/s at the WAN port and 500 MBit/s IPSec VPN
throughput together with Snort and pfBlocker-NG. So that you need PPPoE for your Internet connection is not
the point to call it lame or a not use able device for pfSense.I would be glad to hold a SG-4860 or SG-8860 in my hands to play around with it!!!
-
Jetway NF9HHG-2930 PFSense Build
It is really a strong device and powerful enough for all things to realize, but at this time together with pfSense
and PPPoE it would be only running on one CPU core at the WAN port, because PPPoE is only CPU single Core
threaded and so you will not be able to archive even the top performance. Mostly it helps really out to get a
static public IP Address from your ISP that you can really don´t PPPoE at the WAN port, to archive the top
of the performance given by this device.It does not appear that this is going to be corrected anytime soon, so I am strongly considering abandoning the platform. I would prefer to have a router that can handle any speed, regardless of protocol in use.
PPPoE is at this time using one single CPU core only, but this might be not for ever and they are working on
to solve this issue. So the SG-4860 is capable to arvhive 1 GBit/s at the WAN port and 500 MBit/s IPSec VPN
throughput together with Snort and pfBlocker-NG. So that you need PPPoE for your Internet connection is not
the point to call it lame or a not use able device for pfSense.I would be glad to hold a SG-4860 or SG-8860 in my hands to play around with it!!!
WHAT ?!?!
PPPoE only use a single core ?
-
WHAT ?!?!
What you mean with this "What"?
PPPoE only use a single core ?
Yes, at this time it uses only one single CPU core either how much CPU cores are there being.
Surely not for ever and they are working on it, but at this time it so as I was reporting. -
@BlueKobold:
WHAT ?!?!
What you mean with this "What"?
–
I was surprised