Protectli FW2B Upload Speeds Slow

Started by nodakbarnes, November 08, 2024, 08:05:24 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
November 08, 2024, 08:05:24 PM
So I recently got FTTH from Kinetic Windstream and have symmetric 1Gbps service.
The issue I am running into is that the upload appears to be capped at 30Mbps.
Download speeds are fine at 930 Mbps.
The service is terminated in the home with an Adtran SDX 601q GPON ONT with a 2.5 GbE interface which feeds the WAN input on the FW2B.
I can get full 930 Mbps up and down directly connected with a laptop to the ONT.
I re-installed OPNSense from scratch and still slow uploads.
In desperation I installed pfSense and it had the exact same issue.
Finally, I installed Sophos Firewall on the FW2B and it worked as expected (full up and down speeds).
What am I missing here?
There is no special requirement by this ISP for this fiber service that I am aware of.
I also tried both OPNSense and pfSense on my LattePanda Sigma which has 2.5 GbE interfaces to match the ONT but it also has slow upload speed.
The only common thread I can discern is OPNSense/pfSense are based on FreeBSD versus Suse Linux for Sophos Firewall.
Settings for the WAN port are the same in Sophos as well as OPNSense/pfSense.
I've used this setup in my previous home with fiber and never experienced this slow upload.
The ISP will not help because the issue is only there with my equipment.
I really want to get OPNSense back on the box as Sophos just feels dirty.
Thanks in advance for any suggestions.
Wally
November 08, 2024, 08:08:52 PM #1
I also have the problem and have the exact same firewall , maybe its a driver issue? maybe we just need to go back to an older version?  but looking more towards Protectli maybe we need to flash something?
November 08, 2024, 08:14:43 PM #2
I thought the same thing but when I switched to the LattePanda Sigma hardware I assumed the problem would not follow but it did.
November 08, 2024, 08:19:55 PM #3
Have you rolled back to the previous version to see if the issue goes away? right now im just going through the motions as to what could be blocking the traffic.. i thought it was one of the security features we have but still nothing ...so frustrating lol
November 08, 2024, 08:32:54 PM #4
I have not tried an older version but may eventually.
Still, I would not consider that a valid fix as I do not like running older versions for security reasons.
I did notice that with Sophos Firewall the interfaces are swapped (igb0 is LAN, igb1 is WAN) so I may reinstall OPNSense and assign the interfaces similar to Sophos.
Not sure why that would make a difference but it's the only thing I haven't tried yet.
November 08, 2024, 08:38:30 PM #5
@Drunkenfetus do you possibly have an Adtran ONT as well?
November 08, 2024, 08:48:19 PM #6
Noteworthy Differences Between 24.7.7 and 24.7.8

The 24.7.8 update introduced patches to Intel network drivers (ixgbe, igb, igc, and e1000), which could be directly impacting your upload speeds if you're using Intel NICs. The previous 24.7.7 version does not include these driver updates, suggesting it might be more stable for your setup.

November 09, 2024, 03:43:13 AM #7
So I loaded an old version of OPNSense on the LattePanda Sigma and then started updating and testing between updates with interesting results:

23.7 - UP/DOWN > 900 Mbps
23.7.12_5 - UP/DOWN > 900 Mbps
24.1.5_3 - UP/DOWN > 900 Mbps
24.1.10_8 - UP/DOWN > 900 Mbps
24.7.1 - UP/DOWN > 900 Mbps
24.7.8 - UP/DOWN ~ 600 Mbps

So there is definitely some regression going on with the 24.7.8 update in regards to the interface drivers.

I'll keep testing it to see if the upload slows back down on 24.7.8 but so far it has not been capped at 30 Mbps like before yet.
November 09, 2024, 10:31:18 AM #8
Might be useful to report in this topic as well?

https://forum.opnsense.org/index.php?topic=43372.0
November 09, 2024, 07:09:28 PM #9
Thanks for the info...looks like 24.7.8 included the intel4 kernel but there is now an intel6 which I may try:

Code Select
# opnsense-update -zkr 24.7.8-intel6
November 09, 2024, 07:14:50 PM #10
I also heard back from Protectli support which suggested I swap the interfaces in the OPNsense console (Option #1).

This sounds encouraging as that is the configuration it lands on by default using Sohos Home Firewall.
November 09, 2024, 09:36:33 PM #11
I have done all of it and i still cant see any improvement ....

596.8 Mbps download
3.24 Mbps upload
Latency: 4 ms

770.8 Mbps download
2.46 Mbps upload
Latency: 5 ms
November 09, 2024, 11:28:08 PM #12
Have you tried iperf from one side of the FW to another ? Discussing drivers when tests are done over the internet where there's no way of controlling what happens once the traffic has left the firewall is a waste of time.
November 10, 2024, 07:48:55 AM #13
Are you using PPPoE to establish the connection? Linux has a far better implementation of PPPoE than BSD from my understanding. There are some threads about people complaining about slow uploads on PPPoE.
,,The S in IoT stands for Security!" :)
November 10, 2024, 12:52:39 PM #14
Quote from: Gauss23 on November 10, 2024, 07:48:55 AM
Are you using PPPoE to establish the connection? Linux has a far better implementation of PPPoE than BSD from my understanding. There are some threads about people complaining about slow uploads on PPPoE.

The CPU in the LattePanda Sigma should have no issues doing 1Gbit PPPoE. Even a N5105 does 2.5Gbit PPPoE without an issue. Given that there were no issues with older 24.7.x versions, it's most likely caused by the recent Intel NIC driver updates. Maybe it's worth testing 24.7.7, the last version before these changes.
Print
Go Up Pages1 2
User actions