25.1 Dog slow on fresh install - Need insight

[epimpin]

So I recently cut over to 25.1 coming from pFsense latest community and I seem to be running into some sort of compatability issue that the logs dont specifically give any clues to as far as I can tell.
My system is an old cpu but should have no problem running freebsd.

My system is an i5-650 "Westmere(clarksdale)",Q57 chipset, 8gb ddr3 1333, dual port intel 1000base-T nic and 120gb Samsung 840 EVO in zfs single stipe single drive config (no raid) using onboard intel gfx.

On pfsense it was major overkill and I am an advanced to to expert level user and have been using since m0n0wall dating back to 2006ish, switched to smoothwall with 3.0 and 3.1 and back to pfsense in about 2013 till recent when I decided to try opnsense.

Ive done a bit of research over at freebsd forum and found user reports about intel gfx driver possibly being an issue in 13.0+?

The real issue is the the system is so dogged slow that diagosing the issue is almost impossible with 3 to 4 minute load times on the webgui for a single save proc and 20+ minute reboot times.

IF I can get the system to actually dump the bootlog I will post it but so far for logs all I get are timeouts.

[epimpin]

Things Ive managed to do is enable and configure PowerD cfg and enable intel CPU on-die temp mon, dumped ram usage, cpu usage times and disk stats and all look fine afaik Its just after cpu and system detection on init during boot every module takes for EVER to load for some reason.

[epimpin]

Further developments:  on boot the real slowdown seems to occur when UNBOUND Dns starts. Unbount starts, signals done then loads again and signals done again. I dont believe this should be loading twice.

When viewing diagnostics> activity I can see the process py3././././filter/update_tables.py (python 3.11) utilizing 100.00% of a single thread 100% of the time.

EDIT: It appears these two issues are unrelated.

Could someone please shed some light on this issue. I do not currently have the device connected to the web so I do not have any hotfix updates if there are any.

[epimpin]

My settings for everything outside of running the wizard adding powerD cfg and enabling on die cpu temp are bone stock, Not a single fw rule nor state table population. Am I expecting too much from this OS?

It appears the vibe im getting from what im reading in this forum searching key terms related to my own issue that opnsense is just dog slow even on fast systems and it seems devs possibly are adding issues faster than they can correct existing issues where the cost of innovation is greater than the value of outcome. Correct me if you think Im mistaken here.

[newsense]

Am I expecting too much from this OS?

Good question, how much faster is FreeBSD 14.2 on that 11+ year old dual core CPU ? Did you find anything related to your issue on FreeBSD forum and/or bugzilla ?

[epimpin]

Am I expecting too much from this OS?

Good question, how much faster is FreeBSD 14.2 on that 11+ year old dual core CPU ? Did you find anything related to your issue on FreeBSD forum and/or bugzilla ?

To answer your first question directly, pfsense 23.1+  was able to run with less than 50% cpu utilization under moderate load, 70% - 100% with the rare extreme load and 3-12% normal idle with background loads while also running lots of addons including squidproxy, suricata and snort, 50gb logfiles, dns forward and resolver, netflow, ldap and ccdp plugins, bgp forwarding, iperf, rrd graphing, radius server, TFTP server on opt1 and more including some non pfsense approved plugins such as speedtest.net plugin as well as an opnvpn always on vpn and the obvious defaults such as kea and NTP with remote link to NIST secure NTP servers without ever hitting 100% utilization all on spinning rust, not even ssd. I could do 980mbps sustained on outbound with minimum inspection.

To further expand on this the epyc 3201 used in deciso's opnsense hardware offering between 3k and 5k usd is only 150pts higher in single core single thread performance and about 3.5x multithread mutlicore performance than my cpu and can handle 15 to 21 gbps firewall throughput  performance not including tdp rating as this doesnt matter in my case.  Furthermore my cpu beats the Intel xeon D offerings in every bench again just with a higher tdp. There should be no reason for this to be a point of contention and the cpu is not being pinned whatsoever while loading things and it seems to be a bug.

Yes I found something about the default intel gfx driver and switching to freebsd vga driver but so far thats about it. Although the cpu is a q2 2010 release it should be plenty fast for the application and the system meets exactly the recommended spec on opnsense man pages.

Just the loading from page to page seems broken on opnsense and my dashboard homepage errors out on every widget, its all red with exclamation marks and so far I have not seen so much as an error in system logs. Im beginning to think my install may be botched somehow despite verifilying my install media twice against sha256 hash.

Could you tell me if there is a post-install logfile that logs initial installation? It may bear clues as to what is going on.

To elaborate further, I am planning to expand the wan profile to a higher speed tier and due to opnsense's ability to reach higher throughput than pfsense while maintaining service stability and having a more mature freebsd base I am exploring opnsense deployment. My internal network is all fiber 40g running cumulus and HPE and gigamon equipment directing selective flows to and from multi-wan's.
This is my production homelab btw.

[newsense]

Did the battery die and reset the BIOS to some improper defaults to boot with by chance ?

Also, your barebones setup can be easily run from the boot medium, simply log in with root instead of installer and adjust a couple network settings on the fly. Is that still taking ages to run ?


Assuming the BIOS settings are correct, do you experience the same weird behavior when installing 24.7 which is FreeBSD 14.1 ?

https://pkg.opnsense.org/releases/24.7/

[epimpin]

I did replace the bios battery as the machine has been running for many years straight running pfsense and cleared cmos and configured bios from scratch.

I have not tried installing ealier versions or testing with a live boot But I will try that right now to test.

[meyergru]

Maybe I am pointing out the obvious, but did you disable Spectre and MeltDown mitigations? OpnSense defaults would be one major difference to plain FreeBSD, and probably pfSense, too.

[epimpin]

Maybe I am pointing out the obvious, but did you disable Spectre and MeltDown mitigations? OpnSense defaults would be one major difference to plain FreeBSD, and probably pfSense, too.

Ahh now with this you may be onto something. I did not. I do know that there was no effect with the implementation used for the mitigations in pfsense with this particular system possibly having to do with the fact that this system was never issued spectre and meltdown mitigations in bios release and maybe the fact that AES-NI acceleration was being used on pfsense. I also dont know if the pti switch effects have changed in implementation in anyway since freebsd 14.1.

This is an easy fix I will try and update.

[epimpin]

Update, After a hard restart I was able to startup in about 5 minutes but it still took one minute to log into webui.

[epimpin]

Ive solved the issue, it was a platform specific issue in regards to a physical hardware issue. I reseated my ram and boom, 30 second boot times. Although this is the second time ive reseated I guess once just wasnt enough. Thank you to Newsense and Meyergru for at least attempting to help and please forgive me for thinking this was a software issue.