OpnSense SFP+ connection to 2g fiber ONT is limited to 1g.

[cologuy]

So as a test I connected a 10g SFP+ module from my M470 to a Sodola 8 port switch using a SFP+ module, (both Cisco SFP-10g-SR modules) and then an RJ45 connection from a 2.5g port on the switch to the fiber ONT 10g RJ45 port. The Sodola switch has 8 2.5g rj45 ports and 1 SFP+ port. The download is still maxing out at 1g.

Any chance OpnSense is capping throughput at 1g? I've used OpnSense for years but this is the first time I've have more than 1g WAN throughput. Anyone else using OpnSense with > 1g WAN? Surely thousands are?

The 10g only RJ45 modules will be here tomorrow so I guess that's my next test.

[meyergru]

So, did you actually try the tips in the link I posted in #1?

[ProximusAl]

>>My use of OPNSense is actually *above* the M470, using the exact same modules and fibre leads.

Can you expand on this? Do you mean *above* physically in the picture?

Thanks for the input.

No, I mean above the watchguard as in the M470 is downstream of multiple OPNSense routers.

In my picture the 3 little black routers (R86S) all run OPNSense, One for each separate 10G leased line (MultiWAN with BT and Virgin in the M470) and the 3rd one at the bottom is for routing IPv6 as the WG is crap with IPv6.

[cologuy]

Yes, #10 regarding the CPU speed? I tried an updated Xeon E3-1260LV5 CPU with no change. Or did I miss something in that post?

So, did you actually try the tips in the link I posted in #1?

[cologuy]

Got it, thanks for the clarification.

>>My use of OPNSense is actually *above* the M470, using the exact same modules and fibre leads.

Can you expand on this? Do you mean *above* physically in the picture?

Thanks for the input.

No, I mean above the watchguard as in the M470 is downstream of multiple OPNSense routers.

In my picture the 3 little black routers (R86S) all run OPNSense, One for each separate 10G leased line (MultiWAN with BT and Virgin in the M470) and the 3rd one at the bottom is for routing IPv6 as the WG is crap with IPv6.

[meyergru]

Yes, #10 regarding the CPU speed? I tried an updated Xeon E3-1260LV5 CPU with no change. Or did I miss something in that post?

So, did you actually try the tips in the link I posted in #1?

No. follow this link and look in point 10 in the first posting. There is more than one tip w/r to low speeds.

[newsense]

...I seem to be capped at 1g (950mbs)...

Been following this thread and I'm surprised this didn't come up yet:

Did you set up traffic shaping for 1Gb way back when and forgot to adjust it for the 2Gbps plan ?

[cologuy]

No traffic shaping is setup. Thanks for the input.

...I seem to be capped at 1g (950mbs)...

Been following this thread and I'm surprised this didn't come up yet:

Did you set up traffic shaping for 1Gb way back when and forgot to adjust it for the 2Gbps plan ?

[cologuy]

This point 10?

Code Select Expand

10. You do not get close to your ISP's advertised speed? Some CPUs are not sufficient for fast internet connections. Look for ones with high single-thread performance - especially, if you need PPPoE, VPN and/or Zenarmor or other IDS (disable them for tests). For more than 1 GBps, you may need something along the range of an N100, for more than 2.5 Gbps you will look at CPUs with even more punch. There are many websites to compare CPU speeds or look in the hardware and performance section.
Also note this about RSS. That being said, hand-me-down systems often are sub-par w/r to being used for OpnSense, because desktops with older CPUs tend to use way more power such that the higher energy cost may soon outweigh the investment on a modern appliance in a 24/7 scenario.

Also: Disable any traffic shaper, especially when you just upgraded your plan to a higher speed.

That being said: How are you measuring? Single stream performance may not utilize your connection fully, so if you use iperf, try "-P4". Also, do not measure from OpnSense itself, but route the connection through it, in order not to put more strain by running the test client or server on it. You can use OOKLA speedtest in a browser, this is multithreaded.


Yes, #10 regarding the CPU speed? I tried an updated Xeon E3-1260LV5 CPU with no change. Or did I miss something in that post?

So, did you actually try the tips in the link I posted in #1?

No. follow this link and look in point 10 in the first posting. There is more than one tip w/r to low speeds.

[cologuy]

Tested with 2 different 10g only RJ45 modules and I'm still limited to 1g download speed. I'm guessing at this point that
OpnSense is not allowing the M470 perform at full speed on the SFP+ ports. 

[meyergru]

Yes. There are links in the original article, pointing to instructions on enabling RSS.

Please disable the traffic shaper to test if that has any impact, regardless of having set the correct limits. Same goes for any type of IDS.

[cologuy]

Thanks! I missed the link.

I used this guide and enabled RSS.

Code Select Expand


    net.isr.bindthreads = 1
    net.isr.maxthreads = -1
    net.inet.rss.enabled = 1
    net.inet.rss.bits = 2


Same result, still 1g download. Traffic shaper was never setup and nothing is listed under rules/status/etc. No IDS setup.

Yes. There are links in the original article, pointing to instructions on enabling RSS.

Please disable the traffic shaper to test if that has any impact, regardless of having set the correct limits. Same goes for any type of IDS.