SLOOOW transfert between LAN <-> OPT1



  • My pfSense :
    1.2-RELEASE (built on Sun Feb 24 17:04:58 EST 2008)
    Running on x86 PC with 3 NICS (all 3Com 3C905B-TX)

    Ok, here's my setup:

    PFSENSE-LAN (xl1) –---- Hub 192.168.1.0/24
                          |
    INTERNET ----- PFSENSE-WAN (xl0)
                          |
                  PFSENSE-OPT1 (xl2) ----- Switch 192.168.2.0/24

    The purpose of this setup is that OPT1 contains private hosts only and i want to restrict access to these hosts from WAN and the hosts from LAN1 except for only the ones i choose (static mapping all the way).

    I got a backup server on the OPT1 side. I have to push stuff from hosts in the LAN on the server in the OPT1.
    What is wierd is that my transfert are never going faster than 900kb/s and more than often the speed is about 200kb/s in average.  >:(
    The hub/switch and all the interfaces are 100Mb capable or more.
    I was expecting something around 10mb/s, but I'm nowhere near that.

    *** What I found is very strange :
    When I'm uploading from LAN to OPT1, the Traffic Graph for LAN shows 10mb/s IN and around 200kb/s for OUT.
    Shouldn't be opposite ?? What am i missing ???

    I got the same problem when doing transfert from a LAN host to a OPT1 host.
    The problem is absent when i do transfert on the same interface (about 20 times faster).

    Is it normal behavior ? Is it the firewall slowing down the stream ? The CPU usage never goes up more than 20% and 15% for the ram. I am not logging any packets.

    I'm getting same result with different UTP cable and i disabled my firewall rules. The issue does not seem to lay there.

    Any help would be GREATLY appreciate, because right now the nightly backup takes forever on the new setup and is overlapping with the day work.

    Thank you!



  • Do you have any traffic shaping active?



  • No traffic shapping, no load balancing, no VPN… pretty basic stuff.

    My firewall rules :

    on WAN

    BLOCK  *  *              *  OPT1 net      *  *

    on LAN

    PASS    *  192.168.1.20  *  OPT1 net      *  *
    BLOCK  *  LAN net        *  OPT1 net      *  *

    on OPT1

    PASS    *  OPT1 net      *  192.168.1.20  *  *
    BLOCK  *  OPT1 net      *  *              *  *

    My transfers are made between 192.168.1.20 and 192.168.2.100.



  • no bridging neither



  • OPT1 interface (xl2)

    Status          up
    MAC address    00:50:04:0f:05:bf
    IP address      192.168.2.1 
    Subnet mask    255.255.255.0
    Media          100baseTX <full-duplex>In/out packets  173304/1121253 (35.48 MB/1.45 GB)
    In/out errors  1548/1
    Collisions     0

    Does that mean my card is defect ?
    What is considered an error ?</full-duplex>



  • ping test result : always over 25% packet lost

    I'm gonna change the NIC card on monday.

    If changing the card doesn't fix anything then i'm gonna remove pfSense.
    Never had so much trouble with a simple routing gateway…



  • As unreasonable as it sounds, it might be the cable…. ;)



  • I found the problem!!

    Just to let you know, if somebody ran in same sort of issue:

    It was the video card  ???

    Once removed, everything run smooth haha.

    The In/Out errors on the interface were due to underrun; The NIC card was not receiving packets fast enough from the DMA. The video card was slowing down the interrupt or something…
    Anyway, now it's fast and it rox!


Log in to reply