Intervlan performance slow on my C2758 atom 8 core.
-
HiAdaptive did not do anything
Oh really sad, in normal it does the following, if the machine gets stressed it uses the full 2,4GHz and
if less power is used it saves electric power by running the CPU only a sometimes like 60MHz or 800MHz
like it is needed, and so if this is not enabled it can be that the cpu frequency is only and static running
at 600MHz or 800MHz and this will then not really unleash or delivers the performance and on top the
needed throughput, that you will need from time to time!Zeroshell was the same as what pfSense is doing, LACP with 6 ports.
Did you remember the settings like "active - active" or anything else, that you are not really
using or configuring this time together with pfSense? -
@BlueKobold:
HiAdaptive did not do anything
Oh really sad, in normal it does the following, if the machine gets stressed it uses the full 2,4GHz and
if less power is used it saves electric power by running the CPU only a sometimes like 60MHz or 800MHz
like it is needed, and so if this is not enabled it can be that the cpu frequency is only and static running
at 600MHz or 800MHz and this will then not really unleash or delivers the performance and on top the
needed throughput, that you will need from time to time!Zeroshell was the same as what pfSense is doing, LACP with 6 ports.
Did you remember the settings like "active - active" or anything else, that you are not really
using or configuring this time together with pfSense?It was just configuring in the interfaces file like any linux distro.
auto bond0 iface bond0 inet static address 192.168.1.10 gateway 192.168.1.1 netmask 255.255.255.0 bond-mode 4 bond-miimon 100 bond-slaves noneSomething like that, there's nothing really to state active or passive.
I do have a layer 3 switch., the Cisco C2960X-48TS-L is not a full L3 switch but has routing capabilities and ACL.
I just don't know if I can define all the same rules in the switch and also allow certain hosts/networks outbound on pfSense to different gateways (OpenVPN clients)
From what I've read, you're supposed to use a transit network from the switch to pfsense so pfsense doesn't really know the internal vlans of the switch. In this case I don't think I can selectively route traffic outbound to different OpenVPN gateways.
-
From what I've read, you're supposed to use a transit network from the switch to pfsense so pfsense doesn't really know the internal vlans of the switch. In this case I don't think I can selectively route traffic outbound to different OpenVPN gateways.
You will be able to create a VLAN50 as an example and the Gateway of this VLAN50 will be then the IP address
from the pfSense box! So you could set up routes to any other VLANs and all would be fine. Thats it.Ok perhaps you wont to walk on this way but it is a really fine solution to get all LAN traffic fast routet
nearly wire speed pending on the power of your switch and the entire LAN will be also alive if the pfSense
box gets rebooted or is failing. -
Your C2960X-48TS-L is not a layer 3 switch, it runs the LANBase feature set. No routing possible.
If your switch is a C2960XR switch, then you are in tall cotton - by all means use it for your inter-VLAN routing and inter-VLAN access control lists.
Set up your VLANs on your switch and use it to route between them. Create a private IP network between the switch and the pfsense box and make the switch's default route the IP address of pfsense.
I don't think the 2960XR will originate any routing protocols, so you'll have to create routes on the pfsense box that route your VLAN subnets back to the switch.
You will be much happier with this setup.
-
I wish the netgate guys would chime in on threads like this.
-
Sorry didn't reply back for a while on this thread.
I think I've figured out the issue, maybe not, who knows.
But basically the LAGG algorithm is sending/receiving the file transfer on the same port on pfSense, so it's doing full duplex transfer. Now theoretically, the gigabit ethernet can handle 2000mbps total. But I ran iperf between 2 machines using the simultaneous option, and the max I was about to get was about 450mbps both ways the same time. So not sure why? Anyhow when I transfer a file the other direction, the algorithm uses 2 ports on pfSense, so then I'm getting closer to 1Gb in that direction.
Either way, I think I will upgrade to 10Gbe with the Chelsio card, that should solve any Gb bottlenecks.
-
But basically the LAGG algorithm is sending/receiving the file transfer on the same port on pfSense, so it's doing full duplex transfer.
I am not really sure but all depends on the configuration you made! You can also configure that one
LAN port is "doing" RX and the other is "doing" the TX part! And then you will be getting out;- 1 GBit/s > TX
- 1 GBit/s > RX
And this might be then even 1 GBit/s and not 2 GBit/s! But for sure the entire LAG (LACP) is building
a aggregated 2 GBit/s fat pipe!Now theoretically, the gigabit ethernet can handle 2000mbps total.
That is the exactly point where you are failing or made a so called thinking false in my eyes!
1 GBit/s line (cable) is able to send and receive 1 GBit/s over 4 adders of the cable in each direction
and this is then 1 GBit/s in each direction and not 2 GBit/s in one direction.But I ran iperf between 2 machines using the simultaneous option, and the max I was about to get was about 450mbps both ways the same time. So not sure why?
If the technical and theoretical max throughput of a 1 GBit/s line is 125 MBit/s and with your LAG (LACP)
you will get out then in normal and as a max. 500 MBit/s (4 x 125 MBit/s) but you got 450 MBit/s + the
TCP/IP overhead that must be count on this on top you will be getting also nearly the macimum, or am I
wrong with this?Anyhow when I transfer a file the other direction, the algorithm uses 2 ports on pfSense, so then I'm getting closer to 1Gb in that direction.
Then perhaps the network load you were producing with iPerf was not high enough perhaps I mean?
Either way, I think I will upgrade to 10Gbe with the Chelsio card, that should solve any Gb bottlenecks.
It is the best option as today in my eyes!!! The Chelsio card is fully offloading tasks such as VLANs based
on using an ASIC/FPGA on its NIC and it is better driver supported in pfSense! So you will be able to
fully unload from your pfSense box many TCP/IP based tasks and on top you will saving ports and
getting more throughput then now.
