Netgate SG-1000 microFirewall

Author Topic: slow throughput on SG-4860 (~600mbs on 1gbs line)  (Read 1824 times)

0 Members and 1 Guest are viewing this topic.

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4995
  • Karma: +199/-43
  • Debugging...
    • View Profile
Re: slow throughput on SG-4860 (~600mbs on 1gbs line)
« Reply #30 on: October 26, 2017, 09:58:18 pm »
In a connection where you have A linked to the WAN of B and the lan of B connected to the wan of C,

an iperf test from A to C will tell you the most about the health of B, which is hopefully the pfsense.

Nice picture.  You couldn't take a bigger one?  (kidding)

Offline SpaceBass

  • Full Member
  • ***
  • Posts: 129
  • Karma: +2/-0
    • View Profile
Re: slow throughput on SG-4860 (~600mbs on 1gbs line)
« Reply #31 on: November 15, 2017, 08:02:45 pm »
With my SG-4860 back and running, i wanted to revisit this thread.

Between a wired workstation (over a switch) to my PF box, i get a little north of 1gbps in each direction. So the bottleneck isn't there.

I've also learned some things about IPerf and traffic and threading (which is to say I learned very little but knew next to nothing when I started).

If I run a multithreaded test with a larger transfer size I get marginally better performance. But still not 1gbps

Code: [Select]
iperf -c -w 1MB -P 5
Client connecting to, TCP port 5001
TCP window size: 1.00 MByte (WARNING: requested 1.00 MByte)
[  9] local port 52292 connected with port 5001
[  8] local port 52291 connected with port 5001
[  5] local port 52288 connected with port 5001
[  7] local port 52289 connected with port 5001
[  6] local port 52290 connected with port 5001
[ ID] Interval       Transfer     Bandwidth
[  9]  0.0-10.0 sec   150 MBytes   126 Mbits/sec
[  8]  0.0-10.0 sec   151 MBytes   127 Mbits/sec
[  6]  0.0-10.0 sec   150 MBytes   126 Mbits/sec
[  5]  0.0-10.0 sec   150 MBytes   125 Mbits/sec
[  7]  0.0-10.0 sec  79.1 MBytes  66.3 Mbits/sec
[SUM]  0.0-10.0 sec   680 MBytes   570 Mbits/sec


  • Guest
Re: slow throughput on SG-4860 (~600mbs on 1gbs line)
« Reply #32 on: November 17, 2017, 12:31:29 pm »
It might be able that more the one issue will be invited in that case.

First of all PPPoE usage of the Internet account, this is then more single CPU core threaded and 
nothing can help you out with it either another more powerful or strong CPU.

The gateway device from the ISP if it will be not a real or pure modem, but more a router will be also
doing NAT at the WAN port, and then you will be also able to ask you ISP what to do or how to solve
this problem. Perhaps he will send you another "box" that is doing not NAT or is acting as a pure modem.

The SG-4860 unit is doing for someone called @gonzopancho at a 1Gbit/s symmetric Internet connection
nearly or around ~900 MBit/s and together with the TCP/IP overhead and passing firewall rules through it,
it might be the nearly 1 GBit/s real throughput.

If you now gets only 500 - 600 MBit/s I personally would do a fresh and full install without any additional packets
and have a look what is going on then. The ADI 2.4.1 serial Image is able to download and pretty new, so it could be
if you are using VLANs at the WAN port that the version 2.4.0 will be a better option at this time for you.

Can you set this up for us and your self? Before doing so please do a configuration backup but donīt play it back
on the fresh installation to prevent a typo or earlier set up false in the test. Normally it will take 30 minutes for you.

And then you will be able to see what is going on in real. Would be my way in that case.