Slow WAN after upgrade

[mother-64]

Which driver? Are VLANs involved? Promiscuous mode enabled in intrusion detection?


Cheers,
Franco

igb (i210AT) / no vlan / no IDS or anything fancy
WAN through pppoe

Can we backtrack to 20.1 through the same commands you wrote?

[sToRmInG]

For what it's worth when I recall this correct support for i210AT / i211AT was merged into the em driver starting from FreeBSD 12 while when using FreeBSD 11 the driver for those NICs was the igb one.

What would be interesting to know is if you see any spikes in CPU usage.
There is / was a bug inside pf which caused high CPU utilization. With the CPU at its limit the throughput of course went down from what it originally was.
Not sure if this bug was present in FreeBSD 12 though: https://reviews.freebsd.org/D24803

[franco]

Looking at this patch... it is not present in 12.1 so there might be an issue there, but probably always has been.


Cheers,
Franco

[jaybowee]

Looking at this patch... it is not present in 12.1 so there might be an issue there, but probably always has been.


Cheers,
Franco

I didn't notice higher CPU but I did notice higher temp. 20.1 runs around 49c to about 52. 20.7 was 56c to about 59. Don't know if this helps but its what I observed.

[franco]

20.1 came out in January, 20.7 in July... are you sure this is comparable? Are you in the Northern Hemisphere? :)


Cheers,
Franco

[sToRmInG]

Looking at this patch... it is not present in 12.1 so there might be an issue there, but probably always has been.


Cheers,
Franco

The issue was introduced in 11.3 afaik. There might be a possibility that it is also present on 12.X but as I said I'm not sure if this was present at all in 12.X. It might very well be that 12.X was unaffected by this bug.

As far as I can tell I neither had such an issue with OPNsense 20.7 BETA nor with some other fw brand based on FreeBSD 12.0.

[franco]

Ok, at least that explains why we didn't see it in < 20.7 because we still used 11.2 then.


Cheers,
Franco

[falk]

Hi,

I can confirm that for me it was slow hardware.

I changed to `Intel(R) Core(TM) i7-3770 CPU @ 3.40GHz (8 cores) and 32G memory`
And now I can utilize all bandwidth..

Perhaps it is somewhat overkill, but it works :)

Will try to enable IPS and such things later.

--
Regards Falk

[NoOne777]

I'm using a quad-core XEON with 32GB Ram an my speed caps @approx 600Mbps ... while speedtesting, CPU goes nowhere near 100% ... :( This MB is equipped with 2x SFP+ 10G capable NICs, I doubt it's the hardware in my case. :( Back to 20.1 and my speed is back. :(

[mother-64]

Unlikely to be hardware issue on my side, CPU usage is always extremely low, memory usage <10%, disk usage <5%.

[biomatrix]

I hate to just say I have this problem too - but;
20.7 is significantly slower for me -
HARDWARE :
Watchguard M500 - CPU upgrade to i3-4160T - 8 GB ram, I120 GB ssd - IGB interfaces (chipset eludes me)

orginally setup with 19.1 -
full IDS/IPS (hyperscan, not even sure if that's good?)
sensi beta.
DNS-SEC

I could max out speedtests with Speedtest-CLI in the low 900mbit range - (1gbit/40mbp) as configured.
internet was rather snappy as expected. (DNS resolves)

upgraded to 20.1 - nothing notably changed in speed/bandwidth - still was able to track around the 900s.
internet experience never notably changed.

I stopped checking for bit - so, this could have happened BEFORE 20.7; I have no way of really knowing.
DNS did start acting up, but - I just assumed it was "pandemic" related.


Seen this thread - and went to check - I was barely able to hit 300s - I assumed it was the day. DNS resolves
slow, but not bad.
after a few days of not going over 300s - I decided to make these changes :

disable Sensi : no change
disable IPS/IDS : speedtests double to 600s.
DNS resolves much faster.

I don't know if i am helping, or just muddying the waters. if it seems it's totally unrelated, I apologize.

[gauthig]

To see if it was just a new requirement to upgrade hardware or a problem with Netmap, did a fresh install on Dell R330, E5-1270 V5, 16GB ram, 4 port Intel Pro 1000 (IGB)

Tested with iperf3 service running on LAN (IGB1) OPNSense from a Client

No IPS/IDS/Sensei
       client to server 980mbs
       server to client (-R) 985mbs

Enable IPS (No Sensei) only 1 rule enable abuse.ch
       client to server 620mbs
       server to client (-R) 905mbs

Sense enabled (IPS Off)
       client to server 580mbs
       client to server 880mbs


Installed 12.1 with BSD 11 - no issues, very little change in IPS or Sensei vs non IPD or Sensei.

Would love to migrate to Hardened BSD 12 but not at this time. 

*************UPDATE**********************

I keep reading that the IGB drivers are fine with netmap and I should not be seeing the results I am.  I have done all the tests with the iperf package on the LNA interface and a server class machine on the same switch.  I just re-tested using scp to both a real file and to /dev/null.  Very strange results as now I am only about 5% slower than with Sensei or IPS off.  Not sure why iperf would be so effected when netmap is enabled but a file copy is not.   They both do the same, transfer data to the same interface. 

[iam]

This issue affects 20.7.2 too.

[mimugmail]

Yep, there were no upstream changes so nothing it add to 20.7.2

[jaybowee]

Can anyone confirm that this issue has been resolved with 20.7.4? I'm still on 20.1.9 waiting to upgrade but won't do it if I can't reach 1 gb throughput.

TIA