Slow WAN after upgrade

Started by jaybowee, August 04, 2020, 11:12:54 PM

Previous topic - Next topic
Print
Go Down Pages 1 2 3 4 5 6
User actions
August 19, 2020, 10:54:00 AM #45
It was added to 20.7. I'm really unsure why this is relevant at all here or why feature requests are added in the forum despite the persistence on our part to open GitHub issues, which people did and other people actually worked on.

https://github.com/opnsense/changelog/blob/master/doc/20.7/20.7.r1#L47


Cheers,
Franco
August 19, 2020, 11:20:27 AM #46
Quote from: franco on August 19, 2020, 10:54:00 AM
It was added to 20.7.
https://github.com/opnsense/changelog/blob/master/doc/20.7/20.7.r1#L47
Thanks for clarification and pointing this out (again). Despite my disappointment about the 25% performance decrease on the WAN side in my environment that 20.7. brought for me, and my urge to go back to 20.1., I should have read the doc more thoroughfully.
August 19, 2020, 11:45:38 AM #47
20.1 is certainly an option for the time being. We're still gathering data. The report that WAN speed drops is, unfortunately, a stab in the dark for trying to figure out what is wrong. It could be driver issues, hardware issues that the driver doesn't handle anymore, scheduler related, Netmap related, or just plain power management that is not behaving the same way as some have seen.

We've had a nice run on HardenedBSD/FreeBSD 11 so far for a few years and people have asked to update the kernel constantly because of... "reasons". When we actually update the kernel reluctantly there are "reasons" against updating of course. For us that is an impossible situation and users need to understand what they are asking.

There's no way to stay on an old operating system version indefinitely and there is no way it will ever be the same once moving forward. Especially in open source you see nasty surprises when you put no effort in a particular topic and then see it disappoint later on. That much we have learned over the last couple of years and that not only applies to the operating system itself, but also to third party updates, browser changes and sometimes even mistakes stemming from direct work on OPNsense.

To conclude, what you have with OPNSense 20.7.1 is probably the worst OPNsense you have ever used, because we try to include improvements into each (to the untrained eye even "messy") release so tomorrow is not going to be so bad than today feels. ;)


Cheers,
Franco
August 19, 2020, 07:40:49 PM #48
Quote from: banym on August 17, 2020, 06:07:16 PM
Hi Falk,

can you please share info about your system and configuration?

Hi,

Sure, it's nothing exciting :)

Hardware:
Intel(R) Atom(TM) CPU D525 @ 1.80GHz (2 cores)
https://www.checkfirewalls.com/2200.asp

Config:
No special usage, no IPS, proxy or anything such cool.
I just have use NAT on a 500M/Bits uplink.

I have tried a few "tweaks" from the "internetz" with no luck (no change of performance better/worse).

What kind of more info are you interested of, if it is more sensitive information, perhaps It's better to take it offlist?

--
Regards Falk
August 19, 2020, 08:11:40 PM #49
Hm, this  is a quite old CPU. Maybe the jump from FreeBSD 11 to 12 respects more recent CPUs (Just a guess)
August 19, 2020, 08:53:34 PM #50
Quote from: mimugmail on August 19, 2020, 08:11:40 PM
Hm, this  is a quite old CPU. Maybe the jump from FreeBSD 11 to 12 respects more recent CPUs (Just a guess)

Yeah I agree.
And I have no illusion that I'm going to hit 1G with it :)
I just wanted to chime in that I had the same "problem" / outcome as OP.

But I guess that the newer hardware OP uses had other problems with IPS and such, so I guess that I'm just out of hw for the the latest FreeBSD update :)

--
Regards Falk
August 19, 2020, 09:09:05 PM #51
Quote from: mimugmail on August 19, 2020, 07:51:52 AM
Quote from: mother-64 on August 18, 2020, 11:33:00 PM
Quote from: flexibug on August 18, 2020, 10:41:28 PM
Is there any link to the procedure about why switching from FreeBSD 11 to 12 does not imply a major number of OPNSense, e.g. from 20.1 to 21.1 (instead of 20.7), if there is a chance of messed up network drivers coming with the new version of FreeBSD? Why is it so "hard" to move back from 20.7 (FreeBSD 12 based) to 20.1 (FreeBSD 11 based)? The OPNSense (update and download) mirrors use a completely different path for this. Having more trouble to revert back from 21 to 20 would at least be kind of more understandable for me (e.g. minor vs. major versions)...
Yes I find the way OPNsense manage their releases messy. But what is worse is that it's not even clear on the wiki on which HardenedBSD versions all the different OPNsense releases are based on.
Add to that the HardenedBSD website which is really bad -- this doesn't help to understand what is going on.

Thats not true, in release notes it's stated they updated to HBSD 12.1.

It's like downgrading Win10 to Win8, no matter at which time of the year this happens.
What is not true?
Clearly it wouldn't hurt if the wiki had a table listing which FreeBSD/HBSD version is used on each release, rather than browsing all the releases docs to find out.
August 19, 2020, 09:15:35 PM #52
It's listed in the changelog which should be read before every update
August 20, 2020, 07:11:33 AM #53
As one of the users who was seeing wan performance degradations with 20.7 I have resolved those problems. The primary problem every minute or a change of promiscuous mode for the Ethernet NICs was resolved by a clean install of 20.7.  My second performance issue turned out to be due to SFP+ module (transceiver) that was degrading performance. With those problems resolved I am able to sustain download speeds through OPNSense of 1.2 Gbit (Gigabit cable service provisioned at 1.2 Gb). I do not have IDS/IPS configured at this time.
August 20, 2020, 07:35:34 AM #54
Quote from: retatefw on August 20, 2020, 07:11:33 AM
As one of the users who was seeing wan performance degradations with 20.7 I have resolved those problems. The primary problem every minute or a change of promiscuous mode for the Ethernet NICs was resolved by a clean install of 20.7.  My second performance issue turned out to be due to SFP+ module (transceiver) that was degrading performance. With those problems resolved I am able to sustain download speeds through OPNSense of 1.2 Gbit (Gigabit cable service provisioned at 1.2 Gb). I do not have IDS/IPS configured at this time.

Thx for your feedback 8)
August 20, 2020, 11:19:42 AM #55
Looking at Intel network (em/igb) adapters specifically.... would someone with the issue try this kernel?

# opnsense-update -kr 20.7.1-nopromisc
# opnsense-shell reboot


Thanks,
Franco
August 20, 2020, 11:20:53 AM #56
Hi Franco... I can try this tonight and post my results. BTW: thanks so much for your work. :)
August 20, 2020, 12:43:07 PM #57
Quote from: franco on August 20, 2020, 11:19:42 AM
Looking at Intel network (em/igb) adapters specifically.... would someone with the issue try this kernel?

# opnsense-update -kr 20.7.1-nopromisc
# opnsense-shell reboot


Thanks,
Franco
This doesn't seem to change anything for me. Someone else with a greater bandwidth reduction than me should confirm.
August 20, 2020, 01:08:10 PM #58
Which driver? Are VLANs involved? Promiscuous mode enabled in intrusion detection?


Cheers,
Franco
August 20, 2020, 01:19:26 PM #59 Last Edit: August 20, 2020, 01:23:30 PM by jaybowee
Didn't work for me. I did a clean install and didn't touch anything. Went to speedtest and still 590mbps down max on 20.7 same with 20.7.1. I get 920mbps down on 20.1.

My hardware:

Intel Atom C2758 2.4GHz 8-Core Processor; ASPEED AST2400, VGA Max. Resolution: 1920 x 1200 @60Hz
Includes 8GB DDR3-1600MHz ECC SODIMM; Supports 4x 204-pin DDR3 SODIMM, Maximum 64GB capacity, Supports ECC Un-buffered Memory, 1333MHz Minimum, 1.5V or 1.35V
Supports 2x 3.5" drives or 1x 3.5" drives + 1 Full height PCI-E x8 (2.0)
4x Intel I354 GbE and 1x Realtek 8211E-PHY for IPMI

Print
Go Up Pages 1 2 3 4 5 6
User actions