pfSense Support Subscription

Author Topic: slow throughput on SG-4860 (~600mbs on 1gbs line)  (Read 1498 times)

0 Members and 1 Guest are viewing this topic.

Offline SpaceBass

  • Full Member
  • ***
  • Posts: 122
  • Karma: +1/-0
    • View Profile
slow throughput on SG-4860 (~600mbs on 1gbs line)
« on: August 27, 2017, 01:08:33 pm »
Hey folks - I recently upgraded to a SG-4860 to take advantage of a speed bump in my FiOS connection to their 1 gig service.

After the upgrade I am maxing out at about 500-700 mbs ...although I rarely get about 600.

I was so sure it was the line or Verizon gateway that I scheduled a service visit before checking anything else. When we connected directly to the Verizon gateway (which is in bridge mode, BTW) it pulled a sold 950mbs. I say we, because I was able to replicate with a laptop directly connected.

I've run speed tests using curl and iperf from the PF box with nothing else connected - so I'm reasonably sure it's not other devices sipping data while I'm testing.

I have 3 site-to-site VPNs running too (the test doesn't go through any of them, FWIW). But I assume they create some processor overhead, even if there isn't much/any traffic flowing. My LAN has 4 vLANS which may also create some overhead...?

On a related note - I have hardware cypto enabled on both ends, and the tunnels max out well below the line speed of either endpoint.

I've also read it might be a single vs multi thread issue. I've tried running speed tests on multiple machines at the same time and the result is a sum total of about 600 mbps.

It could be my cabling - I've swapped the WAN cable already. And I don't think it's the switches on the LAN side since I've connected directly to the SG-4860's LAN port and run the tests from the PF box itself.

Anyone have any more tips for troubleshooting?

Offline ivor

  • Administrator
  • Sr. Member
  • *****
  • Posts: 586
  • Karma: +134/-125
    • View Profile
    • Netgate
Re: slow throughput on SG-4860 (~600mbs on 1gbs line)
« Reply #1 on: August 28, 2017, 09:37:37 am »
Are these results from speedtest trough the tunnel? Sorry, it's not that clear to me.
Need help fast? Commercial support: https://www.netgate.com/support/

Offline SpaceBass

  • Full Member
  • ***
  • Posts: 122
  • Karma: +1/-0
    • View Profile
Re: slow throughput on SG-4860 (~600mbs on 1gbs line)
« Reply #2 on: August 29, 2017, 05:36:33 pm »
Are these results from speedtest trough the tunnel? Sorry, it's not that clear to me.

Totally on me! I wasn't clear!

~600mbs is from the LAN side of the firewall and LAN clients straight to 'the internet'...
I did the ole curl -o spedtest , Fast.com and several public iperf servers

(through OVPN tunnel I max out at 50 mbs...again, another thread I need to start once I resolve this :) )

Offline ivor

  • Administrator
  • Sr. Member
  • *****
  • Posts: 586
  • Karma: +134/-125
    • View Profile
    • Netgate
Re: slow throughput on SG-4860 (~600mbs on 1gbs line)
« Reply #3 on: August 30, 2017, 05:02:10 am »
Check MTU's on your ports, modem and switch. 4860 can do 1Gbps without any problems so it's MTU or cables perhaps.
Need help fast? Commercial support: https://www.netgate.com/support/

Offline SpaceBass

  • Full Member
  • ***
  • Posts: 122
  • Karma: +1/-0
    • View Profile
Re: slow throughput on SG-4860 (~600mbs on 1gbs line)
« Reply #4 on: August 30, 2017, 07:56:30 pm »
Check MTU's on your ports, modem and switch. 4860 can do 1Gbps without any problems so it's MTU or cables perhaps.

played around with different MTUs tonight: 1450, 1400, 1350, 1300 and for good measure 9000 ... no appreciable change in speed.

I also swapped cables with some from work which were in a setup pulling 1gpbs symmetrically. So it's not the cables.

I watched the processors during the tests and at least one pegs each time. I'm thinking perhaps the 4860 can do 1gpbs total, but not in a single thread?

Offline ivor

  • Administrator
  • Sr. Member
  • *****
  • Posts: 586
  • Karma: +134/-125
    • View Profile
    • Netgate
Re: slow throughput on SG-4860 (~600mbs on 1gbs line)
« Reply #5 on: August 31, 2017, 03:56:37 am »
Check MTU's on your ports, modem and switch. 4860 can do 1Gbps without any problems so it's MTU or cables perhaps.

played around with different MTUs tonight: 1450, 1400, 1350, 1300 and for good measure 9000 ... no appreciable change in speed.

I also swapped cables with some from work which were in a setup pulling 1gpbs symmetrically. So it's not the cables.

I watched the processors during the tests and at least one pegs each time. I'm thinking perhaps the 4860 can do 1gpbs total, but not in a single thread?

When was the unit purchased? If it's recent, please submit a ticket to https://customercare.netgate.com/ and reference this thread. We'll figure out what's going on a lot faster.

Thanks!
Need help fast? Commercial support: https://www.netgate.com/support/

Offline chrismacmahon

  • Administrator
  • Jr. Member
  • *****
  • Posts: 91
  • Karma: +2/-0
    • View Profile
Re: slow throughput on SG-4860 (~600mbs on 1gbs line)
« Reply #6 on: August 31, 2017, 02:21:08 pm »
If you upgraded your config from an older machine to a newer one you might have to enable powerd to get your speeds.

System -> Advanced -> Miscellaneous, enable PowerD, HiAdaptive

Offline Kreeblah

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
Re: slow throughput on SG-4860 (~600mbs on 1gbs line)
« Reply #7 on: September 01, 2017, 10:22:49 am »
Are you having the SG-4860 terminate a PPPoE connection?  If so, that's your problem.  I get about the same performance on mine because of a FreeBSD bug.  There's more info at https://redmine.pfsense.org/issues/4821.

Offline SpaceBass

  • Full Member
  • ***
  • Posts: 122
  • Karma: +1/-0
    • View Profile
Re: slow throughput on SG-4860 (~600mbs on 1gbs line)
« Reply #8 on: September 02, 2017, 09:20:02 am »
If you upgraded your config from an older machine to a newer one you might have to enable powerd to get your speeds.

System -> Advanced -> Miscellaneous, enable PowerD, HiAdaptive

Thanks - I've tried both ways and unfortunately, PowerD seems to --if anything --slow things down further.

Offline hescominsoon

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Re: slow throughput on SG-4860 (~600mbs on 1gbs line)
« Reply #9 on: September 06, 2017, 05:48:46 pm »
Are you using Snort?  if so turn it off and try again as Snort is single threaded.  Your performance with one snort instance is actually above average considering you have an Atom cpu in there. 

Offline SpaceBass

  • Full Member
  • ***
  • Posts: 122
  • Karma: +1/-0
    • View Profile
Re: slow throughput on SG-4860 (~600mbs on 1gbs line)
« Reply #10 on: September 06, 2017, 06:23:56 pm »
Are you using Snort?  if so turn it off and try again as Snort is single threaded.  Your performance with one snort instance is actually above average considering you have an Atom cpu in there.

no snort here :)

Offline tman222

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +6/-0
    • View Profile
Re: slow throughput on SG-4860 (~600mbs on 1gbs line)
« Reply #11 on: September 11, 2017, 08:41:00 pm »
What happens when you plug the SG-4860 WAN interface directly into the ONT - do you still experience throughput issues?  From what I can gather form your first post, the pfSense box is actually downstream of the Verizon gateway - is there any particular reason why you decided to set it  up that way? 

Hope this helps.

Offline SpaceBass

  • Full Member
  • ***
  • Posts: 122
  • Karma: +1/-0
    • View Profile
Re: slow throughput on SG-4860 (~600mbs on 1gbs line)
« Reply #12 on: September 11, 2017, 10:57:43 pm »
What happens when you plug the SG-4860 WAN interface directly into the ONT - do you still experience throughput issues?  From what I can gather form your first post, the pfSense box is actually downstream of the Verizon gateway - is there any particular reason why you decided to set it  up that way? 

Hope this helps.

You might be on to something. Admittedly itís years since I could claim even a working understanding of how VZ was implementing FiOS. Back then Iíd get a huge ONT on the side of my house.

In this install they ran a really super slim single strand fiber from the pole straight through my exterior wall and into a Verizon router. That router has an AD/DC supply zip tied to it. Otherwise thereís no ONT that I can see.

Should I get a fiber to ether exchanger for my PF box? I have a jar full of  gbics I havenít used in years ;)

Offline tman222

  • Jr. Member
  • **
  • Posts: 60
  • Karma: +6/-0
    • View Profile
Re: slow throughput on SG-4860 (~600mbs on 1gbs line)
« Reply #13 on: September 12, 2017, 06:35:22 pm »
I think there might be some confusion as to what we are calling the Verizon Gateway and ONT.   The ONT includes the device (looks like a modem) that takes fiber as input and provides ethernet/coax outputs.  The Verizon Gateway (at least to me) is the router/firewall Verizon provides - with gigabit I assume they would have given you the black G1100 (Fios Quantum Gateway) unless you decided to keep the (red colored) Actiontec.  Do you have your pfSense box currently plugged into the ONT directly or into the Verizon Gateway (router/firewall)?

Hope this helps.

Offline hescominsoon

  • Newbie
  • *
  • Posts: 21
  • Karma: +0/-0
    • View Profile
Re: slow throughput on SG-4860 (~600mbs on 1gbs line)
« Reply #14 on: September 22, 2017, 07:27:15 pm »
Are these results from speedtest trough the tunnel? Sorry, it's not that clear to me.

Totally on me! I wasn't clear!

~600mbs is from the LAN side of the firewall and LAN clients straight to 'the internet'...
I did the ole curl -o spedtest , Fast.com and several public iperf servers

(through OVPN tunnel I max out at 50 mbs...again, another thread I need to start once I resolve this :) )
Keep in mind FIOS is rated UP TO @940 megabits even though they advertise gigabit.  It may not be anything with your gear you might jsut be hitting a bandwidth limitation in your aarea.  I ahve a freind that subs to VZ Gb and he rarely sees above 800 himself.