WAN Port slow

Started by kingfisher77, April 12, 2020, 05:04:41 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
April 12, 2020, 05:04:41 PM
Hi, since we have cable with 1Gbit down/50Mbit up we experience slow net performance. If we connect directly to the cable modem (FritzBox 6591) we have around 800Mbit down/40Mbit up. If we go through our OPNsense Ghz small (SML20083D) we experience only ~100-200MBit/~4-10Mbit.

Our setup is straight forward, no special requirements. OpnSense is connect to the FritzBox via Exposed Host.

Very could we start to narrow down the problem?
April 12, 2020, 05:08:58 PM #1
A good troubleshooting startpoint are:
Interface -> Settings

  • Hardware CRC
  • Hardware TSO
  • Hardware LRO
April 12, 2020, 05:26:21 PM #2
Thanks! Checked them off and on (where disabled). No difference :/

I was thinking that the cpu is to slow. But top shows around 30-40% usage for python process.
April 12, 2020, 05:29:17 PM #3
Adventuring through internet pipes
My Blog
April 12, 2020, 05:37:24 PM #4
Ah, thats a point. Will look for a new hardware - any suggestions for 1Gbit?
April 12, 2020, 06:28:02 PM #5
Quote from: kingfisher77 on April 12, 2020, 05:37:24 PM
Ah, thats a point. Will look for a new hardware - any suggestions for 1Gbit?

Myself and quite a few people people have Qotom Devices, then you can buy how much CPU power you want.
You can also look at PC Engines APUs, depends what country your in to what works cheapest.

If size/power consumption isn't an issue, you could look at getting an old server and a 4 port Intel NIC.
You could even get an used corporate desktop (i3,i5 something like that), and put a 4 port Intel NIC in that. I know a people who've done that too.
Adventuring through internet pipes
My Blog
April 12, 2020, 08:27:44 PM #6
Thank you, i'll talk to the https://www.apu-board.de/, lets see what they suggest. Thank you!
April 12, 2020, 09:24:53 PM #7
Quote from: kingfisher77 on April 12, 2020, 08:27:44 PM
Thank you, i'll talk to the https://www.apu-board.de/, lets see what they suggest. Thank you!
Rebranded Quotom or other OEM chinese mini PC on slightly more than doubled price...
Proxmox enthusiast @home, bare metal @work.
April 12, 2020, 09:46:12 PM #8
April 13, 2020, 06:38:34 PM #9
Quote from: kingfisher77 on April 12, 2020, 09:46:12 PM
I am not sure which CPU/Setup would fit best für my needs.

What do you think about this one?

https://de.aliexpress.com/item/32920921042.html?gps-id=pcStoreLeaderboard&scm=1007.22922.122102.0&scm_id=1007.22922.122102.0&scm-url=1007.22922.122102.0&pvid=e2793994-0169-4314-98b1-dbbd6ef8189e&spm=a2g0o.store_home.smartLeaderboard_819228523.32920921042

I've got the 7100u in mine with 4GB Ram. With the Qotom store on AliExpress double check its the cheapest listing, some bazaar reason they list the products many times, with different prices for the same thing.

You going to do any IPS or anything like that?
Adventuring through internet pipes
My Blog
April 14, 2020, 10:08:29 PM #10
I run a https://www.dell.com/us/en/business/servers/poweredge-r210/pd.aspx?refid=poweredge-r210&cs=04&s=bsd that I found on Ebay they are older servers but they run great, I'm on 1gb and I normally have about 940mb throughput
April 15, 2020, 07:48:45 AM #11
I ordered this one: https://www.ipu-system.de/produkte/ipu675.html. Much to much of almost everything but who knows what comes up. Delivery from China does take a long time nowadays.
April 17, 2020, 09:26:30 AM #12
The new firewall is up and running. Nice  :)

But there is no change in speed  :(

Directly connected to Fritzbox speed is optimal. With Opnsense in between not. Just 200-300Mbit and 3-10Mbit upload.

I measure directly on the firewall at the WAN port. Changed the kabel already. Changed each apparently relevant setting in OpnSense. I'm at a bit of a loss.

What else could i optimize?
April 18, 2020, 12:06:32 PM #13
Solved it finally. I had a routed IP address on the Upstream Gateway to the bridged Fbox. With the new Fbox and 1Gbit bridging is not possible anymore. "Exposed Host" is the alternativ. On the firewall i changed noting, just switched to "Exposed host" in the Fbox.

A second Upstream Gateway in the 192. net solved the problem for me. Fbox is natting and the "old" gateway is still there (not as upstream) handling the routet IP address.

Don not know exactly where the problem was, but it is solved now :)

Thank you for your ideas.
Print
Go Up Pages1
User actions