"
Hello All,
After a couple days of testing, I think there may be a software issue with PF. I've tried various configurations over a couple different hardware setups and keep experiencing the exact same issue. Full details below.
I currently have a fiber link of 1gbit up/1gbit down. Connecting directly to the fiber modem without going through the firewall, my speed tests run 950mbit up and 950mbit down. I have run the tests multiple times over a period of an hour to verify there's no deviation in that speed when connected directly to the modem.
Now, I have built a couple firewalls during my tests:
1) Intel Xeon E3-1220 v3 @ 3.10GHz, 250GB Samsung SSD, 8GB ram, 2x Intel CT Desktop NICs (Intel EXPI9301CTBLK)
2) Virtual Machine, AMD Ryzen 5950x. Assigned 8 threads to the HyperV VM. 128gb HD on 4x raid 10 SSDs. 8gb ram. Intel NICs
On both machines, I have the exact same experience:
1) I power up the firewall
2) I do a speedtest. The speedtests are 950mbit up/down like they are when directly plugged in
3) I watch some YouTube videos for about 5 minutes.
4) I do another speedtest. The speedtests are 600-700mbit down and only 60mbit up.
5) I reboot
6) Speedtest returns back to normal
I have performed the speedtests using a Windows 10 Machine and also a Windows Server 2019 machine. I have plugged the Ethernet cables directly from the test machines directly into the firewall LAN port (no middle switches).
Additionally, I have also tried installing pfsense on the same machines to see if it was something to do with opnsense. I experienced the exact same issue. Speed drops after the firewall has been online for a few minutes.
The performance seems to deviate. Occasionally it will come back up to the 950mbit, but the majority of the time the speed is slower. The upload rate is the primary issue. It is always below 100mbit for some reason.
I have tried enabling RSS in the tuneables. That did not help. I tried disabling Spectre and Meltdown mitigations. Disabling the meltdown mitigations for some reason causes it to run slower on the Xeon processor - Download never goes above 600mbit, but the upload seems to be a little faster than 60mbit when it goes into slow down mode.
I've tried enabling and disabling the "Hardware CRC", "Hardware TSO", "Hardware LRO" in the interface settings. I tried enabling/disabling interface scrubbing.
When performing speedtests, I watch the opnsense interface statistics to make sure the speeds match what the speedtests shows. They are very close to each other. This shows that there's no background activity occurring other than the speedtest.
Since I have this issue with opnsense and pfsense, the only thing that makes sense to me is an issue with PF. Anyone have a similar issue?
After a couple days of testing, I think there may be a software issue with PF. I've tried various configurations over a couple different hardware setups and keep experiencing the exact same issue. Full details below.
I currently have a fiber link of 1gbit up/1gbit down. Connecting directly to the fiber modem without going through the firewall, my speed tests run 950mbit up and 950mbit down. I have run the tests multiple times over a period of an hour to verify there's no deviation in that speed when connected directly to the modem.
Now, I have built a couple firewalls during my tests:
1) Intel Xeon E3-1220 v3 @ 3.10GHz, 250GB Samsung SSD, 8GB ram, 2x Intel CT Desktop NICs (Intel EXPI9301CTBLK)
2) Virtual Machine, AMD Ryzen 5950x. Assigned 8 threads to the HyperV VM. 128gb HD on 4x raid 10 SSDs. 8gb ram. Intel NICs
On both machines, I have the exact same experience:
1) I power up the firewall
2) I do a speedtest. The speedtests are 950mbit up/down like they are when directly plugged in
3) I watch some YouTube videos for about 5 minutes.
4) I do another speedtest. The speedtests are 600-700mbit down and only 60mbit up.
5) I reboot
6) Speedtest returns back to normal
I have performed the speedtests using a Windows 10 Machine and also a Windows Server 2019 machine. I have plugged the Ethernet cables directly from the test machines directly into the firewall LAN port (no middle switches).
Additionally, I have also tried installing pfsense on the same machines to see if it was something to do with opnsense. I experienced the exact same issue. Speed drops after the firewall has been online for a few minutes.
The performance seems to deviate. Occasionally it will come back up to the 950mbit, but the majority of the time the speed is slower. The upload rate is the primary issue. It is always below 100mbit for some reason.
I have tried enabling RSS in the tuneables. That did not help. I tried disabling Spectre and Meltdown mitigations. Disabling the meltdown mitigations for some reason causes it to run slower on the Xeon processor - Download never goes above 600mbit, but the upload seems to be a little faster than 60mbit when it goes into slow down mode.
I've tried enabling and disabling the "Hardware CRC", "Hardware TSO", "Hardware LRO" in the interface settings. I tried enabling/disabling interface scrubbing.
When performing speedtests, I watch the opnsense interface statistics to make sure the speeds match what the speedtests shows. They are very close to each other. This shows that there's no background activity occurring other than the speedtest.
Since I have this issue with opnsense and pfsense, the only thing that makes sense to me is an issue with PF. Anyone have a similar issue?
