OPNSENSE and RealTek-NIC

Started by foresthus, March 12, 2021, 12:46:10 PM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
May 14, 2021, 01:04:38 PM #15
Hi Folks,

I now tested another configuration: https://bsd-hardware.info/?probe=57bd6d4d0c

The downloadrate is the same for INTEL-NICs with sensei included. My provider gives me a download up to 600MBit Download and 150MBit Upload.

New ideas?

Code Select
root@opnsense:~ # speedtest-cli
Retrieving speedtest.net configuration...
Testing from SWN Stadtwerke Neumuenster GmbH (89.56.28.134)...
Retrieving speedtest.net server list...
Selecting best server based on ping...
Hosted by Marco Bungalski GmbH (Verden) [133.13 km]: 8.853 ms
Testing download speed................................................................................
Download: 139.92 Mbit/s
Testing upload speed...
Upload: 131.67 Mbit/s
May 14, 2021, 03:52:26 PM #16
Can you try more in-depth testing to get an idea of where the bottlenecks are?

Run "top -aSCHIP" on the OPNsense router via an SSH session while also speed testing on clients behind the OPNsense router. Get traffic pushing through the router to simulate actual throughput instead of just a CLI speedtest on one interface of the router.

Monitor the top output and see if there is a process(s) that is loading up and causing a bottle neck.

Based on the output provided from the CLI test, it looks like it's just running a single thread. That could very likely be your bottleneck right there.

Try to check multithreaded speeds. https://www.dslreports.com/speedtest is a good test to check. I would also recommend downloading Linux ISOs via torrent, that's a good way to test if you can max out your connection speed.
May 26, 2021, 10:22:02 PM #17
Hi, after replacing my intel-nics to a newer version, the problem with the download and upload-rate is not that good as I wished to have.

NOW:
https://bsd-hardware.info/?probe=d8b645d95d
>> 82576 Gigabit Network Connection: The device is supported by FreeBSD versions 7.1 and newer.

BEFORE:
https://bsd-hardware.info/?probe=57bd6d4d0c
The device is supported by FreeBSD versions 6.1 and newer.

I hope they will fix it.


Therefor this is aother proof, that the addon sensei/sunvalley has got the problem with using net_map.
May 26, 2021, 10:25:57 PM #18
May 27, 2021, 12:50:52 AM #19
Hmm, you didn't mention before that you were using Sensei? That's a major factor that would have been good to know.  ;)

You need to re-baseline and just run the performance tests with Sensei disabled and no other IPS/IDS packages running. If you have a traffic shaper configured, turn that off too.

Then re-run a download test with your newest (igb) network adapter and report back the results. I would suggest either using two iperf clients to push traffic through the firewall, or use a single client on the LAN side to download several linux ISOs via torrent. This should max out your connection and give you a good idea of what the max throughput will be.

While doing the above tests, also watch the output of this command at the SSH console: top -aSCHIP
Screenshot the CPU usage of that console when the throughput tests are running.
May 31, 2021, 09:09:57 AM #20
Quote from: opnfwb on May 27, 2021, 12:50:52 AM
Hmm, you didn't mention before that you were using Sensei? That's a major factor that would have been good to know.  ;)

You need to re-baseline and just run the performance tests with Sensei disabled and no other IPS/IDS packages running. If you have a traffic shaper configured, turn that off too.

Then re-run a download test with your newest (igb) network adapter and report back the results. I would suggest either using two iperf clients to push traffic through the firewall, or use a single client on the LAN side to download several linux ISOs via torrent. This should max out your connection and give you a good idea of what the max throughput will be.

While doing the above tests, also watch the output of this command at the SSH console: top -aSCHIP
Screenshot the CPU usage of that console when the throughput tests are running.

I will test that and will be back. thnx 4 the ideas.
August 11, 2021, 02:32:02 AM #21
@foresthus how did you go? I looked up the specifications of your machine and it looked ok, so I'm surprised you had issues.

Any progress?
August 11, 2021, 03:15:24 PM #22
I've been running OPNSense on a Minisforum GK41 for about two weeks now.  It contains 2 RTL8111/8168/8411 PCI Express Gigabit Ethernet Controllers and a Celeron J4125.

I haven't had any issues maxing out a 1Gbps symmetrical PPPoE pipe.  It's pretty close to maxing out a single core at 1Gbps, as expected.  Enabling the NIC hardware features (CRC, TSO, LRO) made a minimal impact but I've had no issues with stability or performance.

If you're on PPPoE you will want to choose a CPU with good single core performance, even paired with an Intel NIC.
August 11, 2021, 11:50:29 PM #23
Quote from: hemirunner426 on August 11, 2021, 03:15:24 PM
I've been running OPNSense on a Minisforum GK41 for about two weeks now.  It contains 2 RTL8111/8168/8411 PCI Express Gigabit Ethernet Controllers and a Celeron J4125.

I haven't had any issues maxing out a 1Gbps symmetrical PPPoE pipe.  It's pretty close to maxing out a single core at 1Gbps, as expected.  Enabling the NIC hardware features (CRC, TSO, LRO) made a minimal impact but I've had no issues with stability or performance.

If you're on PPPoE you will want to choose a CPU with good single core performance, even paired with an Intel NIC.


Thank you for your response, I think the processor I'll end up using is this one

https://ark.intel.com/content/www/us/en/ark/products/97121/intel-core-i5-7500t-processor-6m-cache-up-to-3-30-ghz.html

With 4 or 8GB

I'll be using about 40 clients on it (but only 4 or 5 heavy hitters, like PS5, Desktop PC)
I am curious about this Sensei plugin so I'd like to use that.

Looking like an M.2 E Key, Realtek RTL 8111F I think ($30)  plus the Intel i219LM on the mainboard.

Would this be reliable and ok?
August 11, 2021, 11:54:50 PM #24
The 7500T should be quite fast for firewall duties. If you can, I would really try to avoid any realtek NICs. Obviously if you have already purchased the hardware, you are stuck with what it can do. But given that you're in the process of spec'ing out a new solution, just avoid Realtek from the beginning and it'll be very trouble free.

A lot of folks still use realtek NICs and don't have issues. However if you get to choose from the start, I think we'd all admit they wouldn't be our first choice.
August 12, 2021, 12:26:57 AM #25
Quote from: opnfwb on August 11, 2021, 11:54:50 PM
The 7500T should be quite fast for firewall duties. If you can, I would really try to avoid any realtek NICs. Obviously if you have already purchased the hardware, you are stuck with what it can do. But given that you're in the process of spec'ing out a new solution, just avoid Realtek from the beginning and it'll be very trouble free.

A lot of folks still use realtek NICs and don't have issues. However if you get to choose from the start, I think we'd all admit they wouldn't be our first choice.

I actually don't have the E Key eithernet adapter.  It looks like it's in excess of 80$ US to get a single, Intel E Key M.2 2230 adapter which would fit in a micro PC like that, with shipping.

It's about $25 US to go Realtek and some people report no issues at all.  I'm leaning towards taking the risk on Realtek 8111F

Print
Go Up Pages 1 2
User actions