Messages

I think I needed a reboot :)

Hello,

So I decided to get DEC750 and give it a go, if all went one, I may deploy some of them in office network, currently I am running latest CE 25.1.3 but noticed that the thermal widget doesn't show any data, I switched between AMD, intl and NONE/ACPI, still showing nothing, however running sysctl -a | grep temperature does report temperature, so was wondering what I am missing?

P.S configuration is restored from APU6, had to adjust the correct interfaces in assignment, but nothing else, everything else works as expected

Predecessor of that one, yes. German Telekom fibre, VLAN 7, PPPoE, three internal VLANs, 900 Mbit/s downstream. Telekom guarantees 700+something-ish. CPU is not maxed out during the speed test.

Sound promising, it is a bit above my price range but seems worth it!

At work a DEC690 does it easily. German Telekom fibre. Probably a bit outside of your price range but for comparison.

You mean this one? https://shop.opnsense.com/product/dec697-opnsense-desktop-security-appliance/ ?

and this is with vlans as well?

After a bit of disappointment with PPPoE limitation with APU6, I am looking for new affordable hardware, I did read few posts in the forum and was thinking about Protectli V1410 , however, anyone has PPPoE benchmark data? or any other affordable devices that can get 1.0 Gibt/s on PPPoE interface with single thread?

Seems like this is the issue after testing and reading some more threads here, oh well, I guess I am stuck behind this ISP router for a bit then :)

The GX-412TC in its fastest configuration has 1.4 Ghz and only about 11% of the performance of an N100. Your board limits the CPU to 1 GHz, so it is right at its limit with 250 MBit/s.

interesting, still the same APU can do 1.0 Gib/s from internet to LAN but not over PPPoE? also CPU load on OPNSense while on PPPoE doesn't hit 60%

Adding to that, the router I tested and worked fine and got me max speed, is ASUS AC87U, which is 10 years old, I know they are custom build for that and ARM, however I still get the full speed and not with the APU.

I am facing a bit of a performance issue when using my APU6 directly behind ONT, basically my download max is 250 Mib/s while it should 900+ Mib/s here is summery:

* PPPoE is configured correctly, I can get a session but not my full speed
* I am using APU6 4GB ram https://www.pcengines.ch/apu6b4.htm
* LAN <---> APU6 "OPNSense 25.1.2-amd64" <---> ISP Router "PPPoE" <---> ONT <---> INTERNET and I am getting my full speed 900+ Mib/s to my LAN

* LAN <---> APU6 "OPNSense 25.1.2-amd64" <---> ONT <---> INTERNET and I am getting max 250 Mib/s on my LAN

I tried with compression off, hardware offloading off, same results 250 Mib/s max download speed

and this made me wonder, since when I am behind ISP router, my LAN still getting full bandwidth via the OPNSense box, but not while I am running PPPoE directly, is there some tweaks needs to be done? some kernel parameter? I think PPPoE is capped on the kernel or something

[1. No VLAN, no bridge, OPNsense and Mac on same switch:]

I have this small desktop switch with Gbit throughput and interfaces and I just setup a new OPNsense installation - virtualised in bhyve, but network interfaces passed through.

What I see in iperf3 on my Macbook Pro to/from that OPNsense:

1. No VLAN, no bridge, OPNsense and Mac on same switch:

Code Select Expand

root@OPNsense:~ # iperf3 -c 192.168.1.214 -P4
[...]
[SUM]   0.00-10.00  sec  1.10 GBytes   947 Mbits/sec  147             sender
[SUM]   0.00-10.07  sec  1.10 GBytes   941 Mbits/sec                  receiver


2. Tagged VLAN on OPNsense, untagged on Mac, both on same switch:

Code Select Expand

iperf3 -c 192.168.1.214 -P4
[...]
[SUM]   0.00-10.00  sec  1.10 GBytes   945 Mbits/sec    0             sender
[SUM]   0.00-10.02  sec  1.10 GBytes   939 Mbits/sec                  receiver


3. Bridge on tagged VLAN on OPNsense, untagged on Mac, both on same switch:

Code Select Expand

iperf3 -c 192.168.1.214 -P4
[...]
[SUM]   0.00-10.00  sec  1.10 GBytes   945 Mbits/sec    0             sender
[SUM]   0.00-10.03  sec  1.10 GBytes   939 Mbits/sec                  receiver


Kind regards,
Patrick

Wish I could get this results, I will try again ! also one I added wan to be PPPoE , things went really bad, but that's also in openWRT, might be other MTU settings or something.

Thanks again

I do not experience loss of throughput when I use a single trunk interface to a switch or an LACP lagg to a pair of switches with FreeBSD and VLANs. Something else must be misconfigured in your setup. I grant that the bridge approach might become a performance bottleneck if you create 10 or more bridges. For a single one, also no noticeable degradation.

All with 1 Gbit/s infrastructure. 10 Gbit/s might indead bring FreeBSD to its limits.

Network still way less than 10Gbit/s , I will have to source LACP enabled switch and try again , thanks for the support

10 VLANs on each LAN port, 10 bridge interfaces ...

Or buy a cheap 5- or 8-port switch like "anything from Ubiquiti". If you pick a model with PoE you can supply power to your APs on the go.

That's exactly what I did  " for both suggestion " , I went down the route of creating 10 VLANs on each interface and then 10 bridges  , each bridge will have same vlan from both interfaces, this performance was so bad! 50% loss of throughput / bandwidth.

Then we with having LAGG in LB mode "No switch with LAGG support", was better performance than the bridge setup but still 30% loss of throughput.

Then single interface with a switch as you mentioned, still was almost 20% loss...

Ended up re-flashing the APU with openWRT last night after few days of trying to optimise the setup, but I do need OPNsesne firewall, so might add that as a extra layer just to do firewalling and nothing else

The diagram is up to date and is what being used for testing, however forget what I am trying to do and you tell me how do you design the following test case:

- You have 1 Router, with 3 ethernet ports running opnsense , one port is WAN "could be PPPoE or WAN to ISP modem, the other two ports are assigned for you LAN, one access point " will be TAGGING 10 VLANs " will be connected to one port, and a 2nd AP with the same 10 VLANS will be connected to the 2nd point.

- How do you configure those LAN ports / VLANs on opnsense?

A simple diagram attached for this test scenario

Are you always testing with just two devices?  And only adding more VLANs to the bridge?  Or are you adding more devices as well?


It looks like you're trying to have OPNSense route inter VLAN traffic as well as cross VLAN traffic.  Is there a specific use case for this?  Why not use switches?

Just two devices for now, one connected directly to LAN no vlan port and other connected to VLAN port , just adding more VLANs, no more devices yet, I am still trying to figure out the best setup

So, I just want to go from device with VLAN outside , later I will have firewall rules to access some vlans from other VLANS, also I am getting way better performance if I joined the igb2 and igb3 into LAGG with LB instead of bridge , but still testing that, still nto sure what would be the best approach

Can you post a diagram?  You didn't really answer my questions.

Based on my understanding of what you've set up, I'm not surprised that a LAGG performs better than a bridge, as you're offloading the inter VLAN routing to an actual switch instead of trying to force OPNSense to do it.

The switch doesn't do LAGG, there is only one single cable to the switch :) I didn't use LACP, but here is a diagram

I did try two tests " for vlans" one on LAGG LB device " switch connected only to 1 port and as far as I know LB doesn't require negotiation, not like LACP. 2nd test is VLAN on bridge

igb2--> vlan0.1.40--->bridge0
igb3--->vlan0.2.40--->bridge0

Also single cable connected

LAGG perferomed much better than bridges, but direct LAN with no VLAN performed best

Are you always testing with just two devices?  And only adding more VLANs to the bridge?  Or are you adding more devices as well?


It looks like you're trying to have OPNSense route inter VLAN traffic as well as cross VLAN traffic.  Is there a specific use case for this?  Why not use switches?

Just two devices for now, one connected directly to LAN no vlan port and other connected to VLAN port , just adding more VLANs, no more devices yet, I am still trying to figure out the best setup

So, I just want to go from device with VLAN outside , later I will have firewall rules to access some vlans from other VLANS, also I am getting way better performance if I joined the igb2 and igb3 into LAGG with LB instead of bridge , but still testing that, still nto sure what would be the best approach 

just to be clear, once the members are added to the bridge, performance goes down