Slow speed with pfSense

FuriousRage

Hi. i have
Version 2.2.6-RELEASE (amd64)
built on Mon Dec 21 14:50:08 CST 2015
FreeBSD 10.1-RELEASE-p25

I have 250/100 Mbps fiber connection. pfSense is connected directly to the fibre converter. internet –-> fibre converter ---> pfSense ---> lan(switch)

when i run speedtest from my computer i get about 20-25 Mbps downhill, and around 65-70 mbps up.
When i take my tablet/"laptop" and connect it by wire directly into the fiber converter, i get near 100/100 (this "laptop" only do 100 Mbps), so internet works as it should.

I have switched cables with between the fibre converter in the box it sits in at the door. and the one pfsense are connected to the wall (that goes to the box at the door), still same slow speeds.

I have also tested```
fetch -o /dev/null http://speedtest.tele2.net/1GB.zip
/dev/null                                    100% of 1024 MB  24 MBps 00m41s

I have disabled hardware offload and rebooted.
I dont use squid and only packages installed are Apcupsd and mailreport.
I dont use traffic shaping either.
16 GB of ram installed and only 2% used.
Load average 0.03, 0.02, 0.00

I used to have  the ability to max my connection, but now pfSense barely give 10%.

> BIOS Information
> Vendor: American Megatrends Inc.
> Version: F4
> Release Date: 06/28/2014
> Address: 0xF0000
> Runtime Size: 64 kB
> ROM Size: 8192 kB
> Characteristics:
> PCI is supported
> BIOS is upgradeable
> BIOS shadowing is allowed
> Boot from CD is supported
> Selectable boot is supported
> BIOS ROM is socketed
> EDD is supported
> 5.25"/1.2 MB floppy services are supported (int 13h)
> 3.5"/720 kB floppy services are supported (int 13h)
> 3.5"/2.88 MB floppy services are supported (int 13h)
> Print screen service is supported (int 5h)
> 8042 keyboard services are supported (int 9h)
> Serial services are supported (int 14h)
> Printer services are supported (int 17h)
> ACPI is supported
> USB legacy is supported
> BIOS boot specification is supported
> Targeted content distribution is supported
> UEFI is supported
> BIOS Revision: 4.6
> 
> System Information
> Manufacturer: Gigabyte Technology Co., Ltd.
> Product Name: H97N-WIFI
> Version: To be filled by O.E.M.
> Serial Number: To be filled by O.E.M.
> UUID: 03D40274-0435-05E5-7506-9B0700080009
> Wake-up Type: Power Switch
> SKU Number: To be filled by O.E.M.
> Family: To be filled by O.E.M.
> 
> Base Board Information
> Manufacturer: **Gigabyte Technology Co., Ltd.**
> Product Name: **H97N-WIFI**
> Version: x.x
> Serial Number: To be filled by O.E.M.
> Asset Tag: To be filled by O.E.M.
> Features:
> Board is a hosting board
> Board is replaceable
> Location In Chassis: To be filled by O.E.M.
> Chassis Handle: 0x0003
> Type: Motherboard
> Contained Object Handles: 0

CPU Type Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Current: 3200 MHz, Max: 3201 MHz
4 CPUs: 1 package(s) x 4 core(s)

cablenic WAN
(DHCP) up  1000baseT <full-duplex>cablenic LAN up  1000baseT</full-duplex>

[b] Status: Interfaces[/b]

[b]WAN interface (wan, em0)[/b]
Status up
DHCP
up 
MAC address 68:05:ca:2a:7d:66
IPv4 address 46.59.52.191 
Subnet mask IPv4 255.255.255.0
Gateway IPv4 46.59.52.1
IPv6 Link Local fe80::6a05:caff:fe2a:7d66 
ISP DNS servers 127.0.0.1
46.227.67.134
46.227.67.135
8.8.8.8
8.8.4.4
MTU 1500
Media 1000baseT <full-duplex>In/out packets 3429034/3671788 (4.20 GB/967.15 MB)
In/out packets (pass) 3429034/3671788 (4.20 GB/967.15 MB)
In/out packets (block) 3629/67 (929 KB/36 KB)
In/out errors 0/0
Collisions 0

[b]LAN interface (lan, em1)[/b]
Status up
MAC address 74:d4:35:e5:75:9b
IPv4 address 10.220.0.1 
Subnet mask IPv4 255.255.255.0
IPv6 Link Local fe80::1:1 
MTU 1500
Media 1000baseT <full-duplex>In/out packets 689346/600629 (452.85 MB/349.49 MB)
In/out packets (pass) 689346/600629 (452.85 MB/349.49 MB)
In/out packets (block) 290/574 (41 KB/53 KB)
In/out errors 0/0
Collisions 0</full-duplex></full-duplex>

FuriousRage

Nobody doesnt even got any idea what could be wrong and what i could do to check/fix?

KOM

Mainboard details aren't all that important.  What type of NIC is em0 & em1?

ctirado

Could traffic shaping or limiter be turned on in pfSense accidentally? I would check that first.

Carlos

KOM

Those kinds of things are very hard to turn on accidentally, considering how much configuration they require.

Derelict

I would look hard at the ethernet between the fiber converter and pfSense's WAN NIC. Make sure everything is good and they're both negotiating gig.

What is the make/model of the fiber converter?

I would look for errors on the WAN NIC.

I might try a managed switch with a GBIC and a blank VLAN between pfSense and the fiber so you can get error counters and statistics on both sides. You'd be replacing the fiber converter with a blank vlan with one untagged copper and one untagged fiber port. You probably want to disable spanning tree on the VLAN and/or ports.

I would call the ISP and see what they see as far as errors on their port.

An i5 ought to easily do 250/100.

David_W

@Derelict:

I might try a managed switch with a GBIC and a blank VLAN between pfSense and the fiber so you can get error counters and statistics on both sides. You'd be replacing the fiber converter with a blank vlan with one untagged copper and one untagged fiber port. You probably want to disable spanning tree on the VLAN and/or ports.

This would be my recommended approach if the "fiber converter" is just a fiber <-> copper media converter.

If, however, the "fiber converter" is actually an ONT on a PON network, this won't work, as you can only use an ONT authorised by the network operator (which almost always means one they supplied). My recommended approach in this scenario is similar - connect the "fiber converter" and the pfSense interface via a switch, for example using a dedicated VLAN. I use this approach successfully with a VDSL2 bridge.

Disabling spanning tree on such a VLAN is a good idea, especially in the media converter scenario. The ISP's network will probably filter it or otherwise ignore it, but the possibility remains that they might not take too kindly to spanning tree traffic coming from your end of the connection.

Guest

Ok to be fair at first you should not be using the speedtest in the Internet, that we all should be verify your test
results by making perhaps related to the same hardware also same results.

CPU Type Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz

With this CPU and pfSense together you might be or must be able to route 1 Gbit/s at the WAN Interface
with ease. So it could be pending on more or less things we should all thing about and proof.

• It could be that your modem is having a auto sensing mismatch at the LAN port of the modem
  and the WAN port of the pfSense. Could this be? In pfSense you will see perhaps "1000 MBit/s full Duplex auto."
  But in real life there will be perhaps only a 10 MBit/s or 100 MBit/s connection.
• The "modem" is not a pure modem, nut a real router and your pfSense got only over DHCP a IP address
  that will be changing then more or less often.
• PowerD (hi adaptive) is not enabled and the CPU is not able to deliver enough power if needed
• mbuf size is not high up to perhaps something around 1.000.000 the size should be related to
  the amount of available RAM, but with 15 GB you have no problems at all
• if a SSD is used you could also enable TRIM support at this stage and time
  (not really related to the problem you have here in case, but also useful for your SSD drive)

Questions:

• What NIC or NICs you are using?
  (Vendor, model, ports, speed)
• Are all unused things will be disabled in the BIOS?
  (things such as Jumbo Frames, network enhancing and LAN Optimizer, WiFi,….)
• deactivating onBoard Intel and Qualcomm Atheros gaming networking and install a new 2/4 Port Intel NIC

Your Internet connection is about 250/100 MBit/s (Megabit) and if you got then 25 MB/s (Magebyte)
that means you got perhaps nearly the theoretical maximum from ~32 MB/s, can it be the you was not
right counting? Only a thought!

FuriousRage

Hi all.
thanks for the replies.
I just ran a speedtest.net and got

I havent changed anything, so it must been a hickups at the ISP area for almost a week.

Anyways, seems its been resolved by its own.

Guest

I have 250/100 Mbps fiber connection.

Pending on this you got it fully I mean, because you must count the TCP/IP overhead on top of this
and shorten it a bit for passing the NAT part and firewall rules. So all is fine on your side as I see it right.

FuriousRage

@BlueKobold:

I have 250/100 Mbps fiber connection.

Pending on this you got it fully I mean, because you must count the TCP/IP overhead on top of this
and shorten it a bit for passing the NAT part and firewall rules. So all is fine on your side as I see it right.

Unfortunately, the good speeds only held for a few days, i am still down to 10% of my possible max.
I have concluded with testing that it is somewhere at my pfSense box, but i cannot find out what could possible be the problem.
Reboots doesnt help. I saw an earlier post, i dont have a modem (like cable, isdn).
This system is less then a year old afaik, but i wounder if perhaps the usb key could be the culprit and a reinstall on a new one would help..

heper

a broken usb key will get you filesystem errors & perhaps boot issues. It's unlikely to cause a slow wan link.

do you get fast speeds when you connect a different system (laptop/desktop) directly on the converter ?
what speeds do you get from pfsense console ?
)

FuriousRage

@heper:

a broken usb key will get you filesystem errors & perhaps boot issues. It's unlikely to cause a slow wan link.

do you get fast speeds when you connect a different system (laptop/desktop) directly on the converter ?
what speeds do you get from pfsense console ?
)

Hi.
When i use my Asus Transformetbook T200T, i can make the network cards 100/100, directly connected to the converter.
When i tried the download thru pfSense cli, using a close to me service to download both a 100Mb and a 1Gb file to "/dev/null"(?), im getting the same speed, roughly around 25 Mbps download, i have changed to new/old/other cables both on the converter side, and between the wall and pfSense box.
I am going to stop by a store today and pick up a few more new patch cables to change to completely new cables on both side. I cannot do anything about the wall installed cable.

FuriousRage

Hmm.
It seems new cables did not help :(
And buying a new 2-4 port PCIx card costs almost the same as buying a pfSense hardware in the store, and im not sure if its the nic or not.
The WAN card is an Intel PCIx, lan uses the onboard, but im testing the speed with fetch directly at the pfSense ssh console.