OPNsense Forum
Archive => 20.7 Legacy Series => Topic started by: jaybowee on August 04, 2020, 11:12:54 pm
-
Hello all,
I have been testing the upgrade and found that my speed is cut in half after the upgrade. I can go back to 20.1 and it returns to normal. Has anyone else had this problem?. Some may not see it if you don't get 1gb down. Mine is 900/45 but when I upgrade I get 590/45. Clean install both versions to get the same results.
-
I just noticed a similar issue, I blamed my ISP at first.
I'm on 1Gbps/40Mbps, right after a reboot I get ~950Mbps down, after its been up a bit it drops to ~130Mbps down and it's always that cap for some reason. It's happened every boot for me now.
-
Hi,
I have the same issue with my 500/500 connection.
After the update I get ~280M up/down.
I guess that my hw are getting over the edge with this update.
But when doing a iperf3 one of the cores gets bogged down on 100%.
```
PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND
0 root -76 - 0 288K CPU1 1 3:13 100.00% [kernel{if_io_tqg_1}]
```
--
Regards Falk
-
Hi,
I have the same issue with my 500/500 connection.
After the update I get ~280M up/down.
I guess that my hw are getting over the edge with this update.
But when doing a iperf3 one of the cores gets bogged down on 100%.
```
PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND
0 root -76 - 0 288K CPU1 1 3:13 100.00% [kernel{if_io_tqg_1}]
```
--
Regards Falk
Mine isn't CPU related, I rarely even see over 40% util. My load averages are usually around 0.15. I'm not sure what's causing the slowdown on my system. I'm on brand new hardware as well.
-
Well I went back to the previous version. Can't take a 400 mb hit like that. My cpu is 2.4 ghz 8 cores and runs under 10% so something is up with the latest version.
-
i have the same.
when i disable scricata i get my 1GBit back.
with scricata enabeld it dorps so ~600MBit
-
Hello,
please always mention if you are using IPS/IDS or Proxy.
It is a total different setup if you make use of that technology or if you are just doing Firewalling/NAT.
The speed and throughput can differ depending on configuration and active ruleset of any IPS/IDS.
Share details so others can verify your setup with their setups.
Regards,
Dominik
-
Hello,
please always mention if you are using IPS/IDS or Proxy.
It is a total different setup if you make use of that technology or if you are just doing Firewalling/NAT.
The speed and throughput can differ depending on configuration and active ruleset of any IPS/IDS.
Share details so others can verify your setup with their setups.
Regards,
Dominik
Fair point, I'm using IPS, my speeds seem fine even with IPS for a bit then it degrades to near nothing. Seemed ok before 20.7 not sure if its the Suricata update or what.
Sent from my GM1917 using Tapatalk
-
Hello,
please always mention if you are using IPS/IDS or Proxy.
It is a total different setup if you make use of that technology or if you are just doing Firewalling/NAT.
The speed and throughput can differ depending on configuration and active ruleset of any IPS/IDS.
Share details so others can verify your setup with their setups.
Regards,
Dominik
I don't use proxy, ips/ids or anything strange, just normal FW/NAT.
With 20.1 the performance of the hw was just on the limit, but in 20.7 it bogs the cpu almost at half the speed.
```
CPU: Intel(R) Atom(TM) CPU D525 @ 1.80GHz (2 cores)
NIC: 82583V Gigabit Network
MEM: 4G
```
--
Regards Falk
-
Like I said. Clean install on both versions. Everything default and the issue remains.
-
same here :(
-
Can't seem to locate the source for the WAN slowdown. I disabled IPS and tried a download and I still can't get over 120-130 Mbps on a gigabit connection. If I reboot the box I can get ~950Mbps for a short time, then it falls back down. CPU and RAM usage very low. So strange and frustrating.
-
Exactly my problem as well.
-
Hello All,
Test the energy management setting once
on Hightadaptive! All others reduce the transfer rates to about 50%.
Greetings from Germany
-
Hello All,
Test the energy management setting once
on Hightadaptive! All others reduce the transfer rates to about 50%.
Greetings from Germany
Thanks for the idea, I've been in hiadaptive. Wonder if setting to max might help.
Grüße aus den USA (best I can do ;) )
-
So as @Mondmann mentioned power settings. I set mine to maxiumum and tested and my speeds were back to 100% what I would expect. Then set it back to hiadaptive and speeds are still fine. Wonder if it's a powerd bug causing the performance issue. Gonna keep testing this.
-
@FullyBorked
if after the reboot of OPNsense everything is still OK then the problem seems to be solved...
Greetings from Germany :)
@Mod
closed and pinned?
-
I can't confirm this
-
setting it from hiadaptiv to max went from ~600 to ~700, but close to ~940 which it used to be. Also on hiadaptiv
-
So its back to normal or not? I'm not upgrading until it is fixed. I may wait for a point release before I upgrade. 20.7 seems to be full of bugs.
-
So its back to normal or not? I'm not upgrading until it is fixed. I may wait for a point release before I upgrade. 20.7 seems to be full of bugs.
Mine still seems fine, I'm very confused on why it's working now. I don't know if changing power fixed it or one of the other 5 billion things I've tried. In my opinion you should wait till the first point release before upgrading. Let most of the larger bugs get sorted. Wish I had waited...
-
I agree... thinking I'll wait a bit. 20.1.9 seems to be working fine for now.
-
I just installed 20.7 on a brand new Qotom Q575G6.
Previously on a Protectli (Celeron 2.4 Ghz, 8G RAM, 32 SSD) and I got 950+ Mbps via Speedtest.net without Sensei and 600 Mbps with Sensei default settings.
On Qotom Q575G6 (i7 2.7 Ghz, 16 G RAM, 512 SSD) and I get 950+ Mbps via Speedtest.net without Sensei and ~250 Mbps with Sensei default settings. If I enable bypass mode on Sensei I get 950+ Mbps again.
I have tried enabling PowerD (helps a little ~280 Mbps), but that didn't help very much.
I'm wondering if there is a related issue.
-
Morning Gentlemen,
i am reading about the powermodes here. My box is set to hi adaptive.
Do i have to enable the "Use Power D" option or can i set all beneath options to max?
thanks
armin
-
Hello All,
Test the energy management setting once
on Hightadaptive! All others reduce the transfer rates to about 50%.
Greetings from Germany
I can confirm that this does NOT solve the issue. Both 20.7 and 20.7.1 have this issue. I will have to go back to the previous version.
-
"I just installed 20.7 on a brand new Qotom Q575G6.
Previously on a Protectli (Celeron 2.4 Ghz, 8G RAM, 32 SSD) and I got 950+ Mbps via Speedtest.net without Sensei and 600 Mbps with Sensei default settings.
On Qotom Q575G6 (i7 2.7 Ghz, 16 G RAM, 512 SSD) and I get 950+ Mbps via Speedtest.net without Sensei and ~250 Mbps with Sensei default settings. If I enable bypass mode on Sensei I get 950+ Mbps again.
I have tried enabling PowerD (helps a little ~280 Mbps), but that didn't help very much.
I'm wondering if there is a related issue."
I have the exact same issue w/ 20.7.1 and Sensei, Sensei enabled ~250 and disabled full bandwidth. Had the support staff at Sensei take a look and indicated no problem, which I disagree. Did not have the issue prior to 20.7. My setup is a Core i5, 32GB RAM, and intel NICs.
-
OPNsense 20.7-amd64
FreeBSD 12.1-RELEASE-p7-HBSD
https://forum.opnsense.org/index.php?topic=17363.0
hmmmm.....
-
I'm having the same problem ... ~940 Mbps on 20.1 dropped to no more than ~700Mbps (running on ESXi 7, quad core xeon). Reverted to a pre-upgrade snapshot and the speed is back! :(
-
I have been observing a drop in download speed as well, about 10Mbps; you might think this is not a lot but it is proportionally to what I normally have which is 70/20.
I was blaming my ISP first but it seems to correlate with my upgrade from 20.1 to 20.7.
I am not using anything fancy like IPS/IDS.
edit: "Intel i210-AT Gigabit Ethernet" (from manufacturer)
"Intel I210 Gigabit Network Connection" (from `pciconf -lv` command)
-
Observing the same:
20.1.9: 230/45mbit
20.7.1: 130-160/45mbit
same sync, only difference is opnsense version, i tried my backup msata with pfsense and speed is up to normal.
no ids, nothing fancy just upgraded the old install, also tried the powerd (adaptive/max), hasn't changed anything.
used hw: APU.2C4 with intel i210AT
-
So its back to normal or not? I'm not upgrading until it is fixed. I may wait for a point release before I upgrade. 20.7 seems to be full of bugs.
My installation is not up to speed.
I have an pretty weak hw, but speed has gone down with no IPS or such.
And the fixes suggested in this thread has not fixed the performance for me atleast.
--
Regards Falk
-
Hi Falk,
can you please share info about your system and configuration?
-
Similar problem here. Nothing changed except upgrade to 20.7.1. Download speeds down from ~530 MBit to ~340, upload about the same (about ~52 MBit/s) on a nominal 600/60 DOCSIS cable. Powerd set to "maximum" (different setting doesn't change anything). Switching off IDP (suricata) reverts to previous speeds. Switching IDP back on lowers speed again. Box is a Quad Xeon 1225v3 with way too much RAM, usually between ~20% to ~50% CPU (ntopng running with only a few other plugins on the same box).
Update: Network ports used are an internal Intel I217-LM and a quad-port 82571EB/82571GB PCI card.
Is there an "easy" way to completely revert the box to 20.1.9_1 or even the last 19 release ("opnsense-revert -r 20.1.9 opnsense" as root user only results in "Fetching opnsense.txz : .. failed")? Trying:
root@opnengine:/ # opnsense-update -usBP -m "https:\/\/opnsense-mirror.hiho.ch" -n "FreeBSD:11:amd64" -r "20.1"
root@opnengine:/ # opnsense-update -pf
Updating OPNsense repository catalogue...
pkg-static: https://opnsense-mirror.hiho.ch/FreeBSD:12:amd64/FreeBSD:11:amd64/meta.txz: Not Found
repository OPNsense has no meta file, using default settings
pkg-static: https://opnsense-mirror.hiho.ch/FreeBSD:12:amd64/FreeBSD:11:amd64/packagesite.txz: Not Found
Unable to update repository OPNsense
Error updating repositories!
seems to always inject FreeBSD:12:amd64. How could I avoid this so that to update points to a valid path?
Or is it mandatory to reinstall from scratch using a config backup?
-
Can you guys list your NIC also if you have a similar problem?
Observing the same:
20.1.9: 230/45mbit
20.7.1: 130-160/45mbit
same sync, only difference is opnsense version, i tried my backup msata with pfsense and speed is up to normal.
no ids, nothing fancy just upgraded the old install, also tried the powerd (adaptive/max), hasn't changed anything.
used hw: APU.2C4 with intel i210AT
We have the same NIC, so maybe it's a driver problem.
Looks like there was an update from FreeBSD 11.x to FreeBSD 12.x, some sort of code merge between em and igb drivers, although it doesn't mean there is something wrong... https://www.reddit.com/r/freebsd/comments/alpt9j/freebsd_112_to_120_upgrade_igb_moved_to_em/
From what I understand
OPNsense 20.1 => HardenedBSD 11.x => FreeBSD 11.x
OPNsense 20.7 => HardenedBSD 12.x => FreeBSD 12.x
-
Has anyone filed a bug report on github?
https://github.com/opnsense/core/issues (https://github.com/opnsense/core/issues)
-
I can confirm the issue. I have two installations. One on an APU and the other one virtualized on an ESXi. With the APU there were no issues at all. The virtualized OPNsense however has very littte upload speed (87.6Mbits before, 0.1Mbits after). After enabling the "Power Savings" on "maximum" the issue is resolved.
-
Besides the WAN-side performance drop since the upgrade to 20.7., I can see a lower average CPU usage on the same box, in the very same environment, although power settings are set to maximum now. I monitored this using OPNSense system information as well as with the Zabbix agent - however, the Zabbix agent version changed with the upgrade as well.
CPU utilization: idle time rose from 85% to avg. 98%, and CPU load went from 0.3 (5 min avg. per core) down to about 0.04. Could anyone confirm something similar as well?
-
Is there any link to the procedure about why switching from FreeBSD 11 to 12 does not imply a major number of OPNSense, e.g. from 20.1 to 21.1 (instead of 20.7), if there is a chance of messed up network drivers coming with the new version of FreeBSD? Why is it so "hard" to move back from 20.7 (FreeBSD 12 based) to 20.1 (FreeBSD 11 based)? The OPNSense (update and download) mirrors use a completely different path for this. Having more trouble to revert back from 21 to 20 would at least be kind of more understandable for me (e.g. minor vs. major versions)...
-
would also like to know, 20.7.1 is not usable in this state.
-
Is there any link to the procedure about why switching from FreeBSD 11 to 12 does not imply a major number of OPNSense, e.g. from 20.1 to 21.1 (instead of 20.7), if there is a chance of messed up network drivers coming with the new version of FreeBSD? Why is it so "hard" to move back from 20.7 (FreeBSD 12 based) to 20.1 (FreeBSD 11 based)? The OPNSense (update and download) mirrors use a completely different path for this. Having more trouble to revert back from 21 to 20 would at least be kind of more understandable for me (e.g. minor vs. major versions)...
Yes I find the way OPNsense manage their releases messy. But what is worse is that it's not even clear on the wiki on which HardenedBSD versions all the different OPNsense releases are based on.
Add to that the HardenedBSD website which is really bad -- this doesn't help to understand what is going on.
-
I just did the move back from 20.7 to 20.1 although it was more than just messy. The "config backup" function lost very much on first sight. After having installed all (most?) "lost plugins", many of the "lost plugins's settings" were back. Weird experience, not at all what I expected with a "backup". However, download speed is back! I am tempted to second the opinion there might be a problem with ethernet/network drivers since FreeBSD 11.
I am just a bit fed up with this because I dropped my APU (PC Engines 4-core jaguar 1GHZ AMD) in favor of a new XEON platforn (4-core 3.2GHZ Intel) a few OPNSense releases ago (17?), and now, with that multiplied power, I am kind of facing similar performance drawbacks again. Is this really how it should be in the realm of "open source"?
-
A restore of config only restores config, it doesnt install plugins for you. There is an approach which would try to so this also but I'm unsure about its current state
-
Is there any link to the procedure about why switching from FreeBSD 11 to 12 does not imply a major number of OPNSense, e.g. from 20.1 to 21.1 (instead of 20.7), if there is a chance of messed up network drivers coming with the new version of FreeBSD? Why is it so "hard" to move back from 20.7 (FreeBSD 12 based) to 20.1 (FreeBSD 11 based)? The OPNSense (update and download) mirrors use a completely different path for this. Having more trouble to revert back from 21 to 20 would at least be kind of more understandable for me (e.g. minor vs. major versions)...
Yes I find the way OPNsense manage their releases messy. But what is worse is that it's not even clear on the wiki on which HardenedBSD versions all the different OPNsense releases are based on.
Add to that the HardenedBSD website which is really bad -- this doesn't help to understand what is going on.
Thats not true, in release notes it's stated they updated to HBSD 12.1.
It's like downgrading Win10 to Win8, no matter at which time of the year this happens.
-
Wow, this thread feels like a car crash.
Cheers,
Franco
-
Maybe this would be another type of „backup“, however,
A restore of config only restores config, it doesnt install plugins for you. There is an approach which would try to so this also but I'm unsure about its current state
I would like to see an automated procedure that requests installation of plugins for which configuration data can be found in a backup, and then configures those plugins accordingly. I am hoping the approach you mention will make it into a final release soon.
-
It was added to 20.7. I'm really unsure why this is relevant at all here or why feature requests are added in the forum despite the persistence on our part to open GitHub issues, which people did and other people actually worked on.
https://github.com/opnsense/changelog/blob/master/doc/20.7/20.7.r1#L47
Cheers,
Franco
-
It was added to 20.7.
https://github.com/opnsense/changelog/blob/master/doc/20.7/20.7.r1#L47
Thanks for clarification and pointing this out (again). Despite my disappointment about the 25% performance decrease on the WAN side in my environment that 20.7. brought for me, and my urge to go back to 20.1., I should have read the doc more thoroughfully.
-
20.1 is certainly an option for the time being. We're still gathering data. The report that WAN speed drops is, unfortunately, a stab in the dark for trying to figure out what is wrong. It could be driver issues, hardware issues that the driver doesn't handle anymore, scheduler related, Netmap related, or just plain power management that is not behaving the same way as some have seen.
We've had a nice run on HardenedBSD/FreeBSD 11 so far for a few years and people have asked to update the kernel constantly because of... "reasons". When we actually update the kernel reluctantly there are "reasons" against updating of course. For us that is an impossible situation and users need to understand what they are asking.
There's no way to stay on an old operating system version indefinitely and there is no way it will ever be the same once moving forward. Especially in open source you see nasty surprises when you put no effort in a particular topic and then see it disappoint later on. That much we have learned over the last couple of years and that not only applies to the operating system itself, but also to third party updates, browser changes and sometimes even mistakes stemming from direct work on OPNsense.
To conclude, what you have with OPNSense 20.7.1 is probably the worst OPNsense you have ever used, because we try to include improvements into each (to the untrained eye even "messy") release so tomorrow is not going to be so bad than today feels. ;)
Cheers,
Franco
-
Hi Falk,
can you please share info about your system and configuration?
Hi,
Sure, it's nothing exciting :)
Hardware:
Intel(R) Atom(TM) CPU D525 @ 1.80GHz (2 cores)
https://www.checkfirewalls.com/2200.asp
Config:
No special usage, no IPS, proxy or anything such cool.
I just have use NAT on a 500M/Bits uplink.
I have tried a few "tweaks" from the "internetz" with no luck (no change of performance better/worse).
What kind of more info are you interested of, if it is more sensitive information, perhaps It's better to take it offlist?
--
Regards Falk
-
Hm, this is a quite old CPU. Maybe the jump from FreeBSD 11 to 12 respects more recent CPUs (Just a guess)
-
Hm, this is a quite old CPU. Maybe the jump from FreeBSD 11 to 12 respects more recent CPUs (Just a guess)
Yeah I agree.
And I have no illusion that I'm going to hit 1G with it :)
I just wanted to chime in that I had the same "problem" / outcome as OP.
But I guess that the newer hardware OP uses had other problems with IPS and such, so I guess that I'm just out of hw for the the latest FreeBSD update :)
--
Regards Falk
-
Is there any link to the procedure about why switching from FreeBSD 11 to 12 does not imply a major number of OPNSense, e.g. from 20.1 to 21.1 (instead of 20.7), if there is a chance of messed up network drivers coming with the new version of FreeBSD? Why is it so "hard" to move back from 20.7 (FreeBSD 12 based) to 20.1 (FreeBSD 11 based)? The OPNSense (update and download) mirrors use a completely different path for this. Having more trouble to revert back from 21 to 20 would at least be kind of more understandable for me (e.g. minor vs. major versions)...
Yes I find the way OPNsense manage their releases messy. But what is worse is that it's not even clear on the wiki on which HardenedBSD versions all the different OPNsense releases are based on.
Add to that the HardenedBSD website which is really bad -- this doesn't help to understand what is going on.
Thats not true, in release notes it's stated they updated to HBSD 12.1.
It's like downgrading Win10 to Win8, no matter at which time of the year this happens.
What is not true?
Clearly it wouldn't hurt if the wiki had a table listing which FreeBSD/HBSD version is used on each release, rather than browsing all the releases docs to find out.
-
It's listed in the changelog which should be read before every update
-
As one of the users who was seeing wan performance degradations with 20.7 I have resolved those problems. The primary problem every minute or a change of promiscuous mode for the Ethernet NICs was resolved by a clean install of 20.7. My second performance issue turned out to be due to SFP+ module (transceiver) that was degrading performance. With those problems resolved I am able to sustain download speeds through OPNSense of 1.2 Gbit (Gigabit cable service provisioned at 1.2 Gb). I do not have IDS/IPS configured at this time.
-
As one of the users who was seeing wan performance degradations with 20.7 I have resolved those problems. The primary problem every minute or a change of promiscuous mode for the Ethernet NICs was resolved by a clean install of 20.7. My second performance issue turned out to be due to SFP+ module (transceiver) that was degrading performance. With those problems resolved I am able to sustain download speeds through OPNSense of 1.2 Gbit (Gigabit cable service provisioned at 1.2 Gb). I do not have IDS/IPS configured at this time.
Thx for your feedback 8)
-
Looking at Intel network (em/igb) adapters specifically.... would someone with the issue try this kernel?
# opnsense-update -kr 20.7.1-nopromisc
# opnsense-shell reboot
Thanks,
Franco
-
Hi Franco... I can try this tonight and post my results. BTW: thanks so much for your work. :)
-
Looking at Intel network (em/igb) adapters specifically.... would someone with the issue try this kernel?
# opnsense-update -kr 20.7.1-nopromisc
# opnsense-shell reboot
Thanks,
Franco
This doesn't seem to change anything for me. Someone else with a greater bandwidth reduction than me should confirm.
-
Which driver? Are VLANs involved? Promiscuous mode enabled in intrusion detection?
Cheers,
Franco
-
Didn't work for me. I did a clean install and didn't touch anything. Went to speedtest and still 590mbps down max on 20.7 same with 20.7.1. I get 920mbps down on 20.1.
My hardware:
Intel Atom C2758 2.4GHz 8-Core Processor; ASPEED AST2400, VGA Max. Resolution: 1920 x 1200 @60Hz
Includes 8GB DDR3-1600MHz ECC SODIMM; Supports 4x 204-pin DDR3 SODIMM, Maximum 64GB capacity, Supports ECC Un-buffered Memory, 1333MHz Minimum, 1.5V or 1.35V
Supports 2x 3.5" drives or 1x 3.5" drives + 1 Full height PCI-E x8 (2.0)
4x Intel I354 GbE and 1x Realtek 8211E-PHY for IPMI
-
Which driver? Are VLANs involved? Promiscuous mode enabled in intrusion detection?
Cheers,
Franco
igb (i210AT) / no vlan / no IDS or anything fancy
WAN through pppoe
Can we backtrack to 20.1 through the same commands you wrote?
-
For what it's worth when I recall this correct support for i210AT / i211AT was merged into the em driver starting from FreeBSD 12 while when using FreeBSD 11 the driver for those NICs was the igb one.
What would be interesting to know is if you see any spikes in CPU usage.
There is / was a bug inside pf which caused high CPU utilization. With the CPU at its limit the throughput of course went down from what it originally was.
Not sure if this bug was present in FreeBSD 12 though: https://reviews.freebsd.org/D24803
-
Looking at this patch... it is not present in 12.1 so there might be an issue there, but probably always has been.
Cheers,
Franco
-
Looking at this patch... it is not present in 12.1 so there might be an issue there, but probably always has been.
Cheers,
Franco
I didn't notice higher CPU but I did notice higher temp. 20.1 runs around 49c to about 52. 20.7 was 56c to about 59. Don't know if this helps but its what I observed.
-
20.1 came out in January, 20.7 in July... are you sure this is comparable? Are you in the Northern Hemisphere? :)
Cheers,
Franco
-
Looking at this patch... it is not present in 12.1 so there might be an issue there, but probably always has been.
Cheers,
Franco
The issue was introduced in 11.3 afaik. There might be a possibility that it is also present on 12.X but as I said I'm not sure if this was present at all in 12.X. It might very well be that 12.X was unaffected by this bug.
As far as I can tell I neither had such an issue with OPNsense 20.7 BETA nor with some other fw brand based on FreeBSD 12.0.
-
Ok, at least that explains why we didn't see it in < 20.7 because we still used 11.2 then.
Cheers,
Franco
-
Hi,
I can confirm that for me it was slow hardware.
I changed to `Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz (8 cores) and 32G memory`
And now I can utilize all bandwidth..
Perhaps it is somewhat overkill, but it works :)
Will try to enable IPS and such things later.
--
Regards Falk
-
I'm using a quad-core XEON with 32GB Ram an my speed caps @approx 600Mbps ... while speedtesting, CPU goes nowhere near 100% ... :( This MB is equipped with 2x SFP+ 10G capable NICs, I doubt it's the hardware in my case. :( Back to 20.1 and my speed is back. :(
-
Unlikely to be hardware issue on my side, CPU usage is always extremely low, memory usage <10%, disk usage <5%.
-
I hate to just say I have this problem too - but;
20.7 is significantly slower for me -
HARDWARE :
Watchguard M500 - CPU upgrade to i3-4160T - 8 GB ram, I120 GB ssd - IGB interfaces (chipset eludes me)
orginally setup with 19.1 -
full IDS/IPS (hyperscan, not even sure if that's good?)
sensi beta.
DNS-SEC
I could max out speedtests with Speedtest-CLI in the low 900mbit range - (1gbit/40mbp) as configured.
internet was rather snappy as expected. (DNS resolves)
upgraded to 20.1 - nothing notably changed in speed/bandwidth - still was able to track around the 900s.
internet experience never notably changed.
I stopped checking for bit - so, this could have happened BEFORE 20.7; I have no way of really knowing.
DNS did start acting up, but - I just assumed it was "pandemic" related.
Seen this thread - and went to check - I was barely able to hit 300s - I assumed it was the day. DNS resolves
slow, but not bad.
after a few days of not going over 300s - I decided to make these changes :
disable Sensi : no change
disable IPS/IDS : speedtests double to 600s.
DNS resolves much faster.
I don't know if i am helping, or just muddying the waters. if it seems it's totally unrelated, I apologize.
-
To see if it was just a new requirement to upgrade hardware or a problem with Netmap, did a fresh install on Dell R330, E5-1270 V5, 16GB ram, 4 port Intel Pro 1000 (IGB)
Tested with iperf3 service running on LAN (IGB1) OPNSense from a Client
No IPS/IDS/Sensei
client to server 980mbs
server to client (-R) 985mbs
Enable IPS (No Sensei) only 1 rule enable abuse.ch
client to server 620mbs
server to client (-R) 905mbs
Sense enabled (IPS Off)
client to server 580mbs
client to server 880mbs
Installed 12.1 with BSD 11 - no issues, very little change in IPS or Sensei vs non IPD or Sensei.
Would love to migrate to Hardened BSD 12 but not at this time.
*************UPDATE**********************
I keep reading that the IGB drivers are fine with netmap and I should not be seeing the results I am. I have done all the tests with the iperf package on the LNA interface and a server class machine on the same switch. I just re-tested using scp to both a real file and to /dev/null. Very strange results as now I am only about 5% slower than with Sensei or IPS off. Not sure why iperf would be so effected when netmap is enabled but a file copy is not. They both do the same, transfer data to the same interface.
-
This issue affects 20.7.2 too.
-
Yep, there were no upstream changes so nothing it add to 20.7.2
-
Can anyone confirm that this issue has been resolved with 20.7.4? I'm still on 20.1.9 waiting to upgrade but won't do it if I can't reach 1 gb throughput.
TIA
-
Wait a few days until people return with test results on Iperf to verify.
-
Ok so I gave it a few days and decided to give it a try. Upgrade and clean install. Still the problem is there. I don't know what to do but to either stay on 20.1.9 or give pfsense a try.
-
To me this looks like a core/kernel/driver issue, so if you have some time to kill I would definitely try pfsense 2.4.x release (based on FreeBSD 11.3, so it will probably work) *and* the dev 2.5.X dev version based on FBSD 12.1. If you get your usual speed using the 2.5.x, it would probably mean the problem comes from the modification introduced by HBSD in opnsense.
https://docs.netgate.com/pfsense/en/latest/releases/versions.html
-
Or use 20.1 and keep cool while we figure the bugs out in FreeBSD 12 where they actually are. ;)
-
This is most likely due to FreeBSD 12. However since this was introduced in July, it's seems a "bug" reducing WAN throughput from 1gb to 518 mbps would be one of your top priorities. ;)
-
You are invited to jump in and help :) This is a community project :)
-
This is most likely due to FreeBSD 12. However since this was introduced in July, it's seems a "bug" reducing WAN throughput from 1gb to 518 mbps would be one of your top priorities. ;)
Sooner or later people will realise that we do not write FreeBSD code and if FreeBSD barely makes this a priority this top priority has nobody who will quickly deal with the issue despite all the friendly nudging in a sub forum of a related downstream project.
Cheers,
Franco
-
This is most likely due to FreeBSD 12. However since this was introduced in July, it's seems a "bug" reducing WAN throughput from 1gb to 518 mbps would be one of your top priorities. ;)
Sooner or later people will realise that we do not write FreeBSD code and if FreeBSD barely makes this a priority this top priority has nobody who will quickly deal with the issue despite all the friendly nudging in a sub forum of a related downstream project.
I can see that it must be very frustrating to field constant questions on issues that are not related to OPNsense as such but rather the upstream OS. And particularly if the interest from FreeBSD to fix them is only lukewarm at best, as you imply above.
However I think one must also realise that for most users, myself included, OPNsense is not so much a "downstream project" to FreeBSD, as it is an appliance with a very specific purpose. It is actually of no consequence to me whether it is based off FreeBSD, Linux, or something else as long as it delivers on the features, configurability, performance and level of security that I need. I spend 98% of the time that I manage OPNsense in the web GUI. I would hazard a guess that vast majority of OPNsense users are the same.
Given what you say about FreeBSD above, and how long this has been going on, I think it actually raises questions on the longevity and viability of FreeBSD as base OS? Hopefully I'm wrong..!
-
PS. I’m still on 20.1...
-
You are wrong, cause you cant even imagine how many months it would take to port it. Just stick to 20.1 for a while ... There are no security risks.
-
For the vast majority of FreeBSD users 12.0 was good enough. One has to think 12.1 is already an improvement and 12.2 is on the way now as well which we will target for 21.7 (explicitly not 21.1 in case it is the same or worse). In particular, "iflib" is causing most of these OPNsense-bound worries and for FreeBSD it was worth integrating in version 12 thus why would we debate how it's not a right fit in the first place? It's not our decision to make and looking forward is the only possible solution from our perspective... so there will be FreeBSD 13 at some point anyway and we will tag along for the ride because we cannot and will not start our own OS.
Cheers,
Franco