ZanArmor cut my Internet speed in half

[axel2078]

I have a 1 GB fiber connection from AT&T.  I normally get around 980 - 995 MB/s through the LAN connections in my house.  About a month ago, I enabled ZenArmor on my OPNsense system and it was doing just the basic functions since I was using the free version.  I noticed recently that whenever I run speed checks, I'm seeing around 450 MB/s at my LAN connections.  The highest I got was around 500 MB/s.  I thought this was kind of odd given the speeds I used to get.  I thought that maybe something was wrong on AT&T's end, so I logged into the AT&T gateway device that sits in front of OPNsense and I ran a speed test from it and it was pulling down around 995 MB/s, so I knew the issue was downstream and most likely on OPNsense.  I knew that the only change I had made recently was enabling ZenArmor, so I turned it off, and then my download speeds increased dramatically, just like I was getting before.  It's staying off for now.

[athurdent]

You might want to list your OPNsense hardware.
My N100 HUNSN appliance does 2.5G Zenarmor just fine.

[axel2078]

I'm running it on a Protectli system that I got back in 2021 I think.  Maybe it's not beefy enough?  Is there a way OPNsense can dump an export of the hardware config?

[Seimus]

So most likely you have a device with CPU "J3160, J3710, J4125"

ZenArmor doesn't currently support multi-core, performance is thus heavily dependent on single core performance

https://www.zenarmor.com/docs/introduction/hardware-requirements

Regards,
S.

[almodovaris]

Yup, at 113 MB/s downloads from Usenet, one core of my N100 is used by Eastpect maximally 75% (usually in the 60s, sometimes in the 50s, using Debian, it can be very similar for OPNsense).

That's 904 Mbps effective speed (using yenc and TLS 1.3 connections).

[Greg_E]

I haven't heard anyone mention Usenet in a very long time!

[almodovaris]

And at about 100 MB/s it is usually in the 50s, sometimes in the lower 60s.

[almodovaris]

And with a T-Bao N9N Eastpect at one core stays below 60%, at 110 MB/s download.

[almodovaris]

Coming back to the N100, that one core is now mostly in the 50s, rarely in the 60s, at 110 MB/s download.

[Greg_E]

How are you monitoring the cores? The best I can find is temperature for each core, but even then all cores seem to run up at about the same rate. This is with an AMD processor so it may not work the same, but thought I would ask so I can see how Zenarmor might be messing with my system.

Overall, I'm not seeing a lot of CPU and as I mention all 8 threads (4 cores) show roughly the same temperature.

Code Select Expand

AMD Ryzen Embedded V1756B with Radeon Vega Gfx (4 cores, 8 threads)

[almodovaris]

How?

# top

If a process is 100% or below, it is only one core.

[Greg_E]

OK, I've just been monitoring from the GUI.

[athurdent]

How?

# top

If a process is 100% or below, it is only one core.

Code Select Expand

top -aHSs1 usually works well for me there.

[Greg_E]

I'll have to open up SSH on my LAN so I can get into that part of the system, or is there a hidden terminal that I can use through the GUI (I haven't found one yet but might be looking in the wrong places).

[Patrick M. Hausen]

SSH it is. No terminal in the UI.