OPNsense Forum
English Forums => Hardware and Performance => Topic started by: Vincent Chen on February 14, 2018, 02:53:58 am
-
Hello, all
I am new to forum and use OPNsense for a while. I borrowed a network appliance which is similar to qotom, a small destop equipped Intel celeron N3060 and 4 i211 network port, which can transfer file using filezilla speeding up to 100MB per second. But my own device is a old PC with AMD sempron 2200 CPU and 2 intel pro / 1000 network adapter for LAN and DMZ, this old PC can transfer file from DMZ to LAN using filezilla only up to 50MB per second. I tried to upgrade this old PC with Intel core i3 560 CPU and mother board once, but transfer speed still only limited to 50MB per second. I wonder what's the bottleneck limited my old PC network performance and how to improve it.
Any advice would be appreciated.
-
First thing first, try to use iperf to asses the maximum possible speed giving your hardware.
If iperf data transfer is at about 100 MB/s (roughly 1 Gb/s) then your bottleneck is the storage in either the sender or the receiver (or maybe both, at about the same limit). Then, you know what to do.
PS I wouldn't be surprised at all to find that your "lazy one" is your old HDD (from your old PC), 50 MB/s is expected, quite good for an old HDD
-
I thought HD is the bottleneck at first until I borrow this network applicance. OPNsense has 2 interface, DMZ and LAN. ftp server is connect to DMZ and my PC is connect to LAN. If OPNsense hardware is network appliance described earily post, transfer speed from DMZ to LAN can be up to 100Mb per second. If OPNsense hardware is my old PC, transfer speed from DMZ to LAN dropped to 50Mb per second. Upgrade PC's CPU will not increase transfer speed. I can't figure out why PC's transfer speed is slower than network applicance.
BTW: PC's NIC chip is Intel 82540EM.
-
The Sempron 2200 is a 14 year old CPU. This Socket A platform only supported PCI and AGP connectivity.
A PCI NIC will not be able to push full gigabit speeds, and will operate even slower when sharing the PCI bus with other traffic intensive devices (sound cards, other NICs, etc.).
The N3060 that you tested is orders of magnitude faster and uses PCI Express connectivity for all of the NICs, allow full duplex gigabit traffic on all ports. If you want to go faster, you'll need to upgrade your OPNsense hardware platform. You won't need to spend much, a $50 Intel Core2 Dell desktop from ebay and a dual port or quad port Intel PCI-e NIC will do full gigabit with NAT.
-
@opnfwb, my applause for your comment, it slipped in between the lines for me, and wasn't able to realize how really old is the platform OP is talking about.
Also the advice regarding replacement is quite good.
@Vincent Chen: Only if a replacement with a (much) smaller and quitter/ silent HW is desired - since gigabit speed impose an upgrade anyway - I would suggest an (alike) appliance. Otherwise, for a cheap PC gigabit solution, go as opnfwb said.
Be aware, though, that a Core 2 Duo/ Quad doesn't have AES-NI HW instruction set, much needed for an as speedy as possible encrypted VPN connection. You will have gigabit speed, but a very low encryption, and as such, throughput speed where encryption is implied.
-
With new hardware the only alternative I can sugest is the A4-5000 mini-itx or micro atx MB, it's AMD so it might not have the hard performance hit on I/O like the intel chips due to spectre and meltdown.
Also maybe an intel dual or 4 nic card has they can do checksum in the nic while realtek drivers where/are not really optmized on OpenBsd, don't know how they are now but it really did had a cpu performance hit has well.
Other then that you really need Pci express for gigabit speeds on those small boards, I think most pci usually goes through the southbridge along with the other stuff (audio, sata, etc) and the lanes are really not that high so concurrency will be in effect, pci express usually is directly connected to the cpu so the lanes are usually dedicated.
-
Thank you very much for your advice. That explains why even Intel core i3 CPU cannot speed up network performance. My NIC are all PCI interface. I will try to replace NIC with PCIe interface.