root@opnsense:~ # speedtest-cliRetrieving speedtest.net configuration...Testing from SWN Stadtwerke Neumuenster GmbH (89.56.28.134)...Retrieving speedtest.net server list...Selecting best server based on ping...Hosted by Marco Bungalski GmbH (Verden) [133.13 km]: 8.853 msTesting download speed................................................................................Download: 139.92 Mbit/sTesting upload speed...Upload: 131.67 Mbit/s
Hmm, you didn't mention before that you were using Sensei? That's a major factor that would have been good to know. You need to re-baseline and just run the performance tests with Sensei disabled and no other IPS/IDS packages running. If you have a traffic shaper configured, turn that off too.Then re-run a download test with your newest (igb) network adapter and report back the results. I would suggest either using two iperf clients to push traffic through the firewall, or use a single client on the LAN side to download several linux ISOs via torrent. This should max out your connection and give you a good idea of what the max throughput will be.While doing the above tests, also watch the output of this command at the SSH console: top -aSCHIPScreenshot the CPU usage of that console when the throughput tests are running.
I've been running OPNSense on a Minisforum GK41 for about two weeks now. It contains 2 RTL8111/8168/8411 PCI Express Gigabit Ethernet Controllers and a Celeron J4125.I haven't had any issues maxing out a 1Gbps symmetrical PPPoE pipe. It's pretty close to maxing out a single core at 1Gbps, as expected. Enabling the NIC hardware features (CRC, TSO, LRO) made a minimal impact but I've had no issues with stability or performance.If you're on PPPoE you will want to choose a CPU with good single core performance, even paired with an Intel NIC.
The 7500T should be quite fast for firewall duties. If you can, I would really try to avoid any realtek NICs. Obviously if you have already purchased the hardware, you are stuck with what it can do. But given that you're in the process of spec'ing out a new solution, just avoid Realtek from the beginning and it'll be very trouble free.A lot of folks still use realtek NICs and don't have issues. However if you get to choose from the start, I think we'd all admit they wouldn't be our first choice.