Messages

Add another tunable. This time, we're allowing NIC drivers to use ISR queues.

Code Select Expand

net.isr.dispatch = deferred

Lukas, I was aware of the other tunables but I did not find this particular one in the Opnsense docs, whether on the page yourreference or in a search. I did find it offered by Gemini.

Are you able to comment further on the source for this one please, and its actual effects? My reading of the referenced page is that it may be unnecessary.

The Link i stombeld over the "rss" tuning. Boosting OPNsense PPPoE FTTP speeds with some quick changes /  [xda-developers.com]

Then i searched in the opnsense Docs and found under "Performance" all the things i needed.
Opnsense Performance

For me next to to rss where the rss.bits (net.inet.rss.bits = X / bit depending on core count) the biggest improvment, which now also makes sense. :)

Thank you for the additional explanation, meyergru. From the links I conclude that it is a case of test in your own environment. I had maxthreads and bindthreads set, with dispatch set now. I might re-do the process with testing.

Hey sorry for the late response.
I will prep the source for you in the next days. Generally i was squezzing google out und checked around what people had for problems and solutions. Then i fall over a guy who had very similar problems. :)

My next problem is currently the high latency (aprox 10 - 15ms) but i am sure i can optimize there to same also with my vpn speed of aprox 20 - 50 mbps.
I am also just startet with the firewall stuff one year ago. So there is a lot to learn.

after some more research i found the problem. There is still one question about.


Offical Docs Opnsense:
https://docs.opnsense.org/troubleshooting/performance.html

Code Select Expand

net.isr.maxthreads = -1
net.isr.bindthreads = 1Add another tunable. This time, we're allowing NIC drivers to use ISR queues.

Code Select Expand

net.isr.dispatch = deferredNext up is to add tunables enabling RSS. (Note that net.inet.rss.bits should be set to the square root of how many cores you have.)

Code Select Expand

net.inet.rss.enabled = 1
net.inet.rss.bits = 2
for other systems (DEC697 has 4-cores):

Code Select Expand

net.inet.rss.bits = x

Code Select Expand

for 4-core systems, use '2'
for 8-core systems, use '3'
for 16-core systems, use '4'
Etc.

next is working on latency but that has now a bit time.
can be closed :)

[speedtest]

Shortly some information what i had and what happends.

Befor i bought the DEC697 i was running opnsense on a VM (4 Cores and 4 Gig RAM) with a NIC (you can find it in the link).
NIC: 2-Port- Gigabit Ethernet-Networkcard

The VM runs on Proxmox and i was getting 1 Giga IN and OUT without any problems. I only had low VPN-Connections (aprox. 10Mbit).
I thought it would be about the encrypting and so on which is no well possible in a VM.
This was running now around 1 year and i wanted to get better VPN Performance and also get the Firewall out oft he virtualisation.
The VM-Firewall was also running on 25.7 the lasts months.


Now i got the DEC697, with ist 5 Gbit of Firewall and 600 Mbit of VPN (IPSec).
I did the following:

• 2 days ago i installed and update the firmware (also to 25.7 over serial-interface).
• Imported the Backup from the old Firewall (VM-Version Community) also into the Community (DEC697)
• Reasigned the Interfaces, changed the rules.
• Confirmed the changes and was after a few minutes back online
• I did a speedtest and had seen the following results

Traffic Inbound / Outbound / First 600Mbit download / Second 950Mbit Upload ??


Virtual Machine / Performance


DEC679 / Performance

How to finde the bottelneck of the probleme here?