Hey, all.
I received a new DEC750 a couple days ago and finally got it installed today. I installed a fresh image of 22.1 and restored my config. Everything worked perfectly.
After doing some throughput testing, it seems slower than I expected. For example:
I'm only seeing around 1.8Gbps between VLANs using iperf3. This is over a Ubiquiti DAC cable that seems to work just fine, otherwise.
When doing speed tests from the internet, I'm only seeing ~700Mbps with IPS turned on. When it's turned off, I get line speed.
The interesting part is that the CPU never spikes over 40%. Is anything in that stack locked to a single core? I'm hoping that there's some tunable that may give me a little more speed.
Thanks for any advice you folks can provide!
there may be some tweaks coming in regards to RSS which should help in speed boost.
Have you read anything regarding the opnsense folks recommending rss for 1st party hardware at this point?
not from that perspective...
here's the topic: https://forum.opnsense.org/index.php?topic=24409.0;topicseen
Given that I currently use IPS, this is the kicker for me:
Quote
When Suricata is running in IPS mode, Netmap is utilized to fetch packets off the line for inspection. By default, OPNsense has configured Suricata in such a way that the packet which has passed inspection will be re-injected into the host networking stack for routing/firewalling purposes. The current Suricata/Netmap implementation limits this re-injection to one thread only. Work is underway to address this issue since the new Netmap API (V14+) is now capable of increasing this thread count. Until then, no benefit is gained from RSS when using IPS.
I think I'll just wait until RSS and Suricata mature a bit. Thanks for the info!