Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
Hardware and Performance
»
10G NAT/Firewall performance problems
« previous
next »
Print
Pages: [
1
]
Author
Topic: 10G NAT/Firewall performance problems (Read 5863 times)
farmwald
Newbie
Posts: 2
Karma: 0
10G NAT/Firewall performance problems
«
on:
February 23, 2019, 10:27:24 pm »
I have a 10Gbps fiber connection. Currently, I use a UBNT EdgeRouter Infinity router/firewall, which works quite well. I get 4Gbps down, 5.5 Gbps up with speedtest, which seems about right.
I'm testing other firewalls, specifically OpenWRT, OPNSense, and PFSense on some medium to good performance PCs (i3-8100 and i7-7xxx) with 32GB of memory.
For straight routing (no firewall no NAT), all of the firewalls give me well over 6 Gbps - probably limited by the test rather than the router - on all of the PCs I've tested. This is fine.
When I use Speedtest (i.e., using NAT and a firewall), I get very odd results:
OpenWRT 18.06.2 ~100 Mbps down, > 4 Gbps up
OPNSense 19.1 (and 18.7) - ~100 Mbps down, > 4 Gbps up
PfSense CD 2.4.4r1 - 4 Gbps down, > 4 Gbps up
These are fresh installs, with no tweaks or tuning. The numbers are consistent across different PCs. I'm using an Intel X540-T2 for all tests and I've tested 3 PCs with every firewall, so it's not hardware dependent.
Clearly, there is a problem with my use of OPNSense and OpenWRT, but I don't what to try to fix this.
Why does PFSense work out-of-the-box, and nothing else?
Any suggestions?
Logged
mimugmail
Hero Member
Posts: 6766
Karma: 494
Re: 10G NAT/Firewall performance problems
«
Reply #1 on:
February 23, 2019, 11:00:31 pm »
Try to set MSS on LAN to 1300
Logged
WWW:
www.routerperformance.net
Support plans:
https://www.max-it.de/en/it-services/opnsense/
Commercial Plugins (German):
https://opnsense.max-it.de/
farmwald
Newbie
Posts: 2
Karma: 0
Re: 10G NAT/Firewall performance problems
«
Reply #2 on:
February 24, 2019, 12:02:10 am »
Quote from: mimugmail on February 23, 2019, 11:00:31 pm
Try to set MSS on LAN to 1300
That fixed it. 25x faster from Speedtest.
Thanks.
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
Hardware and Performance
»
10G NAT/Firewall performance problems