Performance issue on APU 4d4 - don´t know why

Started by Gafzgarrr, January 03, 2022, 06:09:23 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
January 03, 2022, 06:09:23 PM
Hello Floks,

i have some strange performance issues on my Opnsense, which runs on an APU4d4 Board.

Speedtests only get me 10/8Mbit/s!
But i have 200/8 from my ISP. And this speed is accessable direkt at the bride modem Port.

I tried many trouble shooting. I stopped suricata, netflow and ntopng.
But allways the same behavior. (but CPU is not that much).

Strange thing is: 5 - 10 Minutes after rebooting the system, i get my full speed (213/9Mbit/s).
After 10 Minutes it lowers to about 100Mbit, and after 15 Minutes it is 10Mibt again.

Same behavior, after i disable and enable packet filering.

There must be something in my Rules or in the pf-engine, whitch causes this issue.

Any ideas???

PS: i only use standard rules and GeoIP Filter.
January 04, 2022, 10:09:00 PM #1 Last Edit: January 04, 2022, 10:24:03 PM by Gafzgarrr
Okay small win.
i deactivated Multi-WAN in the firewall settings, since i only have one WAN.

Now Speed goes up to 30-50Mbit/s.
But not what i want in final.

---UPDATE: false information, after about 15 Minutes it is again at 12 Mbit/s
January 04, 2022, 10:52:47 PM #2
Don't have a solution, but don't trust your figures either. I am on a 300/30 connection and can obtain full speed with a 2D4. Within LAN iPerf can almost max out my gigabit nic. Maybe recheck cables or perform a reinstall? Also check latest APU firmware
January 05, 2022, 05:47:51 PM #3
UPDATE: found out, that i have an 88% block-rate.
all IPv6 ICMP Packets.
How can i block those packets without disturbing my system?
January 05, 2022, 10:40:48 PM #4
What is in your rule? BLOCK or REJECT? If it is REJECT, change it to BLOCK.

https://docs.opnsense.org/manual/firewall.html

Are you using IPv6? If not, disable IPv6 altogether (on the interface)
January 06, 2022, 01:09:50 PM #5
i don´t use IPv6.
The block rules are automatic since i deny v6 unter Firewall/Settings/advanced

v6 is not configurated on my WAN-interface. But i get flooded by ICMPv6 Broadcast packets.
January 06, 2022, 06:11:11 PM #6
I fail to see why you should see such traffic if you do not use IPv6 and have IPv6 disabled on all interfaces
January 06, 2022, 07:16:15 PM #7
These are IPv6 multicast packets transported over layer 2 broadcast. So they arrive at the interface whether one wants them or not. I'd take that to the ISP at this point of the discussion.
Deciso DEC750
People who think they know everything are a great annoyance to those of us who do. (Isaac Asimov)
January 07, 2022, 08:32:21 PM #8
hey guys,

ISP says this is normal.
Do you think so?
(see Pictures)
Print
Go Up Pages1
User actions