Slow WAN after upgrade

[falk]

So its back to normal or not? I'm not upgrading until it is fixed. I may wait for a point release before I upgrade. 20.7 seems to be full of bugs.

My installation is not up to speed.
I have an pretty weak hw, but speed has gone down with no IPS or such.
And the fixes suggested in this thread has not fixed the performance for me atleast.

--
Regards Falk

[banym]

Hi Falk,

can you please share info about your system and configuration?

[flexibug]

Similar problem here. Nothing changed except upgrade to 20.7.1. Download speeds down from ~530 MBit to ~340, upload about the same (about ~52 MBit/s) on a nominal 600/60 DOCSIS cable. Powerd set to "maximum" (different setting doesn't change anything). Switching off IDP (suricata) reverts to previous speeds. Switching IDP back on lowers speed again. Box is a Quad Xeon 1225v3 with way too much RAM, usually between ~20% to ~50% CPU (ntopng running with only a few other plugins on the same box).

Update: Network ports used are an internal Intel I217-LM and a quad-port 82571EB/82571GB PCI card.

Is there an "easy" way to completely revert the box to 20.1.9_1 or even the last 19 release ("opnsense-revert -r 20.1.9 opnsense" as root user only results in "Fetching opnsense.txz : .. failed")? Trying:

Code Select Expand

root@opnengine:/ # opnsense-update -usBP -m "https:\/\/opnsense-mirror.hiho.ch" -n "FreeBSD:11:amd64" -r "20.1"
root@opnengine:/ # opnsense-update -pf
Updating OPNsense repository catalogue...
pkg-static: https://opnsense-mirror.hiho.ch/FreeBSD:12:amd64/FreeBSD:11:amd64/meta.txz: Not Found
repository OPNsense has no meta file, using default settings
pkg-static: https://opnsense-mirror.hiho.ch/FreeBSD:12:amd64/FreeBSD:11:amd64/packagesite.txz: Not Found
Unable to update repository OPNsense
Error updating repositories!



seems to always inject FreeBSD:12:amd64. How could I avoid this so that to update points to a valid path?

Or is it mandatory to reinstall from scratch using a config backup?

[mother-64]

Can you guys list your NIC also if you have a similar problem?

Observing the same:
20.1.9: 230/45mbit
20.7.1: 130-160/45mbit

same sync, only difference is opnsense version, i tried my backup msata with pfsense and speed is up to normal.

no ids, nothing fancy just upgraded the old install, also tried the powerd (adaptive/max), hasn't changed anything.

used hw: APU.2C4 with intel i210AT

We have the same NIC, so maybe it's a driver problem.
Looks like there was an update from FreeBSD 11.x to FreeBSD 12.x, some sort of code merge between em and igb drivers, although it doesn't mean there is something wrong... https://www.reddit.com/r/freebsd/comments/alpt9j/freebsd_112_to_120_upgrade_igb_moved_to_em/

From what I understand
OPNsense 20.1 => HardenedBSD 11.x => FreeBSD 11.x
OPNsense 20.7 => HardenedBSD 12.x => FreeBSD 12.x

[agh1701]

Has anyone filed a bug report on github?

https://github.com/opnsense/core/issues

[murmelbahn]

I can confirm the issue. I have two installations. One on an APU and the other one virtualized on an ESXi. With the APU there were no issues at all. The virtualized OPNsense however has very littte upload speed (87.6Mbits before, 0.1Mbits after). After enabling the "Power Savings" on "maximum" the issue is resolved.

[flexibug]

Besides the WAN-side performance drop since the upgrade to 20.7., I can see a lower average CPU usage on the same box, in the very same environment, although power settings are set to maximum now. I monitored this using OPNSense system information as well as with the Zabbix agent - however, the Zabbix agent version changed with the upgrade as well.

CPU utilization: idle time rose from 85% to avg. 98%, and CPU load went from 0.3 (5 min avg. per core) down to about 0.04. Could anyone confirm something similar as well?

[flexibug]

Is there any link to the procedure about why switching from FreeBSD 11 to 12 does not imply a major number of OPNSense, e.g. from 20.1 to 21.1 (instead of 20.7), if there is a chance of messed up network drivers coming with the new version of FreeBSD? Why is it so "hard" to move back from 20.7 (FreeBSD 12 based) to 20.1 (FreeBSD 11 based)? The OPNSense (update and download) mirrors use a completely different path for this. Having more trouble to revert back from 21 to 20 would at least be kind of more understandable for me (e.g. minor vs. major versions)...

[mr.yx]

would also like to know, 20.7.1 is not usable in this state.

[mother-64]

Is there any link to the procedure about why switching from FreeBSD 11 to 12 does not imply a major number of OPNSense, e.g. from 20.1 to 21.1 (instead of 20.7), if there is a chance of messed up network drivers coming with the new version of FreeBSD? Why is it so "hard" to move back from 20.7 (FreeBSD 12 based) to 20.1 (FreeBSD 11 based)? The OPNSense (update and download) mirrors use a completely different path for this. Having more trouble to revert back from 21 to 20 would at least be kind of more understandable for me (e.g. minor vs. major versions)...

Yes I find the way OPNsense manage their releases messy. But what is worse is that it's not even clear on the wiki on which HardenedBSD versions all the different OPNsense releases are based on.
Add to that the HardenedBSD website which is really bad -- this doesn't help to understand what is going on.

[flexibug]

I just did the move back from 20.7 to 20.1 although it was more than just messy. The "config backup" function lost very much on first sight. After having installed all (most?) "lost plugins", many of the "lost plugins's settings" were back. Weird experience, not at all what I expected with a "backup". However, download speed is back! I am tempted to second the opinion there might be a problem with ethernet/network drivers since FreeBSD 11.

I am just a bit fed up with this because I dropped my APU (PC Engines 4-core jaguar 1GHZ AMD) in favor of a new XEON platforn (4-core 3.2GHZ Intel) a few OPNSense releases ago (17?), and now, with that multiplied power, I am kind of facing similar performance drawbacks again. Is this really how it should be in the realm of "open source"?

[mimugmail]

A restore of config only restores config, it doesnt install plugins for you. There is an approach which would try to so this also but I'm unsure about its current state

[mimugmail]

Is there any link to the procedure about why switching from FreeBSD 11 to 12 does not imply a major number of OPNSense, e.g. from 20.1 to 21.1 (instead of 20.7), if there is a chance of messed up network drivers coming with the new version of FreeBSD? Why is it so "hard" to move back from 20.7 (FreeBSD 12 based) to 20.1 (FreeBSD 11 based)? The OPNSense (update and download) mirrors use a completely different path for this. Having more trouble to revert back from 21 to 20 would at least be kind of more understandable for me (e.g. minor vs. major versions)...

Yes I find the way OPNsense manage their releases messy. But what is worse is that it's not even clear on the wiki on which HardenedBSD versions all the different OPNsense releases are based on.
Add to that the HardenedBSD website which is really bad -- this doesn't help to understand what is going on.

Thats not true, in release notes it's stated they updated to HBSD 12.1.

It's like downgrading Win10 to Win8, no matter at which time of the year this happens.

[franco]

Wow, this thread feels like a car crash.


Cheers,
Franco

[flexibug]

Maybe this would be another type of ,,backup", however,

A restore of config only restores config, it doesnt install plugins for you. There is an approach which would try to so this also but I'm unsure about its current state

I would like to see an automated procedure that requests installation of plugins for which configuration data can be found in a backup, and then configures those plugins accordingly. I am hoping the approach you mention will make it into a final release soon.