Low throughput

pasco

Hi guys

I've bought this decent machine: http://www.aliexpress.com/item/Educational-router-firewall-server-fanless-firewall-pc-with-4-82583V-Gigabit-Ethernet-4G-RAM-32G-SSD/32242293349.html

Now I got an fiber line with 1Gbit/s down- and upload - pretty nice. But on speedtests I "only" got 540 Mpbs download speed and 250 Mpbs (plus/minus a bit).

I checked some guides, also the https://doc.pfsense.org/index.php/Low_Throughput_Troubleshooting, but it didn't helped. I got 4 Intel 82583V Gigabit NICs onboard and an Atom D2550 1.86 GHz, 4GB Ram and 32 GB SSD on it. I can't see any hardware limitations on the diagnostic page.

Does anyone have a hint where the bottle neck could be? I can't find it…

Before I tried an pcengines apu4 and got about 400 Mpbs down- and upload with the exactly same config...

Thanks so much for any help in advance,
p@sco

EDIT:  I've just tried to run a fresh install of pfsense. I get then around 540 Mpbs download and 540 Mpbs upload...strange. So there must be something in my (old) config that lowers the upload. But still, I don't get the +920 Mpbs I'm looking for..

EDIT2: I'm using a TP-Link MC220L Mediaconverter..I hope this thing is not the bottle neck :-)

Harvy66

A  1.86ghz Atom CPU is not going to be a very powerful software firewall. We're not quite at the point where $300 for a software firewall that can move 1Gb/s of a single flow.

Check System Activity. I could be wrong, but I suspect very high cpu usage under load.

pasco

Hmm, my system activity log looks like that while I'm at speedtest…looks like there is plenty of free resources or am I wrong?

last pid: 86067;  load averages:  0.09,  0.04,  0.01  up 0+23:01:26    20:52:07
160 processes: 5 running, 133 sleeping, 22 waiting

Mem: 16M Active, 80M Inact, 187M Wired, 30M Buf, 3643M Free
Swap: 8192M Total, 8192M Free

PID USERNAME PRI NICE  SIZE    RES STATE  C  TIME    WCPU COMMAND
  11 root    155 ki31    0K    64K RUN    1  22.9H 100.00% [idle{idle: cpu1}]
  11 root    155 ki31    0K    64K CPU3    3  22.9H 100.00% [idle{idle: cpu3}]
  11 root    155 ki31    0K    64K CPU2    2  22.9H  93.16% [idle{idle: cpu2}]
  11 root    155 ki31    0K    64K CPU0    0  22.8H  80.66% [idle{idle: cpu0}]
    0 root    -92    -    0K  288K -      2  4:07  21.78% [kernel{em0 que}]
    0 root    -92    -    0K  288K -      2  2:03  14.06% [kernel{em1 que}]
30093 root      29    0  262M 31748K piperd  1  0:02  3.08% php-fpm: pool nginx (php-fpm)
  12 root    -60    -    0K  352K WAIT    3  2:56  0.00% [intr{swi4: clock}]
    5 root    -16    -    0K    16K pftm    0  0:46  0.00% [pf purge]
    0 root    -16    -    0K  288K swapin  1  0:37  0.00% [kernel{swapper}]
17180 root      52  20 17000K  2568K wait    1  0:30  0.00% /bin/sh /var/db/rrd/updaterrd.sh
  15 root    -16    -    0K    16K -      2  0:13  0.00% [rand_harvestq]
25159 dhcpd    20    0 24804K 13520K select  0  0:08  0.00% /usr/local/sbin/dhcpd -user dhcpd -group _
40654 root      20    0 30140K 17968K select  2  0:06  0.00% /usr/local/sbin/ntpd -g -c /var/etc/ntpd.c
44165 root      20    0 14516K  2316K select  3  0:05  0.00% /usr/sbin/syslogd -s -c -c -l /var/dhcpd/v
31924 root      20    0 46196K  7984K kqread  3  0:05  0.00% nginx: worker process (nginx)
  12 root    -72    -    0K  352K WAIT    1  0:05  0.00% [intr{swi1: netisr 1}]
  21 root      16    -    0K    16K syncer  3  0:04  0.00% [syncer]

Thanks
P@sco

mevans336

I have a different version, but that same chip. I could never break 550Mbps. As Harvy66 suspects, if you watch the CPU graph as you try and push 1Gbps, it spikes to 100%.

Guest

Now I got an fiber line with 1Gbit/s down- and upload - pretty nice. But on speedtests I "only" got 540 Mpbs download speed and 250 Mpbs (plus/minus a bit).

Let us please talk about the testing procedure, what is coming out if you are taking iPerf and in front of the
WAN interface (over a switch) is acting as a server and behind the LAN interface will be one PC acting as a
iPerf client? Only doing a speed test over the Internet is not really a test you can count on and other will be
able to reproduce it again.

I checked some guides, also the https://doc.pfsense.org/index.php/Low_Throughput_Troubleshooting, but it didn't helped.

You should be perhaps better to go with reading that announcement from pfsense first, its about the
needed hardware minimum to archive several MBit/s throughput at the WAN interface. Link
Under that link you will be able to find this statement about throughput arching:
10-20 Mbps We recommend a modern (less than 4 year old) Intel or AMD CPU clocked at at least 500MHz.
21-100 Mbps We recommend a modern 1.0 GHz Intel or AMD CPU.
101-500 Mbps No less than a modern Intel or AMD CPU clocked at 2.0 GHz. Server class hardware
with PCI-e network adapters, or newer desktop hardware with PCI-e network adapters.
501+ Mbps Multiple cores at > 2.0GHz are required. Server class hardware with PCI-e network adapters.

I got 4 Intel 82583V Gigabit NICs onboard and an Atom D2550 1.86 GHz, 4GB Ram and 32 GB SSD on it. I can't see any hardware limitations on the diagnostic page.

Please read the lines above.

Does anyone have a hint where the bottle neck could be? I can't find it…

Intel lower end Atoms, several years old would do perhaps a good job but are not the strongest ones too.

Before I tried an pcengines apu4 and got about 400 Mpbs down- and upload with the exactly same config…

read the lines above again please.

pasco

Thanks for your answers.

I have a different version, but that same chip. I could never break 550Mbps. As Harvy66 suspects, if you watch the CPU graph as you try and push 1Gbps, it spikes to 100%.

So I probably have too little cpu power, even though I couldn't see the cpu power was used 100% while I was trying to push 1 Gpbs.

Let us please talk about the testing procedure, what is coming out if you are taking iPerf and in front of the
WAN interface (over a switch) is acting as a server and behind the LAN interface will be one PC acting as a
iPerf client? Only doing a speed test over the Internet is not really a test you can count on and other will be
able to reproduce it again.

I will have a test with iPerf as you described. I tested it with a speedtest-Server at my ISP.

101-500 Mbps  No less than a modern Intel or AMD CPU clocked at 2.0 GHz. Server class hardware
with PCI-e network adapters, or newer desktop hardware with PCI-e network adapters.
501+ Mbps  Multiple cores at > 2.0GHz are required. Server class hardware with PCI-e network adapters.

So I will get something stronger, with more CPU power and server class hardware.

Cheers
P@sco

mevans336

Those recommendations are ancient. You definitely don't need server-class hardware. Any modern Atom will push 1Gbps as long as that is all it is doing - i.e. you're not asking it to perform Snort IDS or OpenVPN at 1Gbps also. Try to find something with Intel QuickAssist, like the Atom C23xx series.

pfSense sells a official router that uses a C2358 Dual Core 1.7GHz Atom (we have one and can push 1Gbps with it) - but as you can see, in the reviews, others say they can also. It's fanless too.

https://store.pfsense.org/SG-2440/