OPNsense Forum
Archive => 17.1 Legacy Series => Topic started by: xiaotuzi on March 26, 2017, 11:51:41 am
-
I recently upgraded my internet connection to 500/500 Mbit.
However when i measure the speed through OPNsense I only get around 200/250 but when I measure directly with my laptop I get full speed.
I have a previous thread regarding performance with OPNsense on ESXi as I thought that might be the reason - I then tried to build a standalone machine to see if that helped but that did very little to the performance.
I'm running latest version with disable of hardware offload. 3 VLans. one realtek and one intel nic.
The CPU or memory is in no way maxed out when testing.
Intrusion detection is also running - could that be the culprit ?
Is there some tweaks that could be made to give me full speed ?
-
The accepted way to troubleshoot is to reduce the problem. You know that it is "fixed" with no filter at all (direct laptop connection)
I would build the absolute minimum configuration, e.g. outbound NAT only, and play with the hardware and tunable settings to maximise throughput. Then introduce features you want and weigh up for each if you're willing to pay the performance tax and/or tune more to reduce the impact.
The old adage still holds; tweak it until it breaks, then take it back a notch ;-)
Bart...
-
I would suggest disabling intrusion detection and testing the speed.
-
Well I will give you my two cents. I have just started with Opnsense and my knowledge is only around 17.1.x
Their is a performance problem with network cards if it is not setup correctly. Intel if the settings are put into boot and sysctl it helps on throughput by over 400 Mbit to 300 Mbit ( my opinion these setting below should be installed when setting up opnsense because you know what network interface you are dealing with in the install program ). I took Qotom-Q190G4N-S08 which is just J1900 intel junk cpu @ 2ghz and intel network interface.
This was after using a high power 16 core 6386 Opteron with 64gb ram and intel network interfaces and loaded Opnsense on that to test out what kind of hardware is needed to do 1gig at full speed. I saw the cpu would not even go over 10% for 1 core ( sit around %5 to 7% of 1 core ) with everything turned on with Opnsense doing 1gig from WAN<->LAN constant for over 4 hours.
So, I decided to try as low end as I can go. I picked up Qotom-Q190G4N-S08 and loaded it with Opnsense and configure it with IPv6 & IPv4 with Intrusion Detection on but with IPS mode off ( If I turn IPS mode on then IPv6 will stop working for some reason. Why I do not understand but it but dose that on 17.1.1, 17.1.2 and 17.1.3 ). With the same Opteron config with IPS off vs on with Opteron the Qotom-Q190G4N-S08 dose 900 Mbit ( 50 Mbit + or - ) WAN<->LAN speeds. Only different between config was no IPv6 and IPS on vs J1900 with IPv6 on and IPS off but ID on.
I have the loader.conf.local with these 2 lines
legal.intel_ipw.license_ack=1
legal.intel_iwi.license_ack=1
Same lines has I had on Opteron box just move the file over. I can not make the J1900 CPU go above 2.0ghz even tho it should run 2.5ghz. powerd with "-a hiadaptive" dose not work on J1900 and I can not get the sysctl to push the clock rate up to see if that extra 100/150 of throughput is because of cpu at 2.0ghz or 2.5ghz would give the extra 100 Mbit to 150 Mbit missing for 1gig WAN<->LAN. Speeds of 850 Mbit to 900 Mbit the cpu runs near .8 to 1.2 on uptime on 4hr speed test. So one core of the 4 cores in J1900 is getting near or over 100% use with htop. Why I think it could be CPU on the J1900.
I have not tried this with realtek network interfaces so I can not say the speed difference. I would guess the throughput you are having issues with could be the network interface of realtek. Even this J1900 junk cpu can do almost 1gig. I think it is all about network interface not the CPU. This is just my opinion so far on what little I have played around with opnsense. I have been a FreeBSD person from before FreeBSD when it was called 386BSD. So I know FreeBSD very good. Can get the most of of FreeBSD normally.
I think the problem is realtek in your case not opnsense. You could hit up ebay really fast with a 20 or 30 dollars and pick up a 4 or 2 port intel network card from ebay. Would be my suggestion to you. Swap out interfaces and try putting everything across intel network ports and set the loader.conf.local and see if the speed moves up. That would tell you if it is realtek network or some other kind of IO or CPU or MEMORY issues you could be having.
-
I think the problem is realtek in your case not opnsense. You could hit up ebay really fast with a 20 or 30 dollars and pick up a 4 or 2 port intel network card from ebay. Would be my suggestion to you. Swap out interfaces and try putting everything across intel network ports and set the loader.conf.local and see if the speed moves up. That would tell you if it is realtek network or some other kind of IO or CPU or MEMORY issues you could be having.
And I second this statement. FreeBSD has had issues with RealkTek Drivers AND took some severe presvation to get compiled into the BSD (I'm a noob, was on my FreeNAS. Had to compile on separate FreeBSD machine and move the .o file - So Complicated) - If you can; remove the RealTek (Is in onboard, Disable it) my experience FreeBSD and RealTek is a no-go.
/C/