Config tuning after server move.

Started by TomT, February 02, 2025, 10:42:25 PM

Previous topic - Next topic
Print
Go Down Pages1 2
User actions
February 02, 2025, 10:42:25 PM
Hi.
I've moved my config from an AMD GX-420CA system to an Intel N100 system, apart from updating the temperature sensors and adding the following tuneables, is there anything else I need to update or change to get the max performance out of this ?

net.isr.dispatch: deferred
net.isr.bindthreads: 1
net.isr.maxthreads: -1
net.inet.rss.bits: 2
net.inet.rss.enabled: 1

Speedtests seem good, may be 20/30Mbps slower than the ISP router.
Any tips for tweaking the last bit out of the connection ?

I have IPSec and WireGuard VPNs configured, do I need to do anything else for them ?

In plugins I have two entries in red.
os-realtek-re (missing)
os-udpbroadcastrelay (missing)

I don't need either of those, how do I clear the red entries ?

Thanks
February 03, 2025, 12:35:49 AM #1
I've still got powerd enabled, should it be for an Intel N100 ?
If I have to disable it, is there anything else I need to enable or configure?
Thanks
February 03, 2025, 03:58:40 AM #2
This is a must for N100 and later CPUs, reboot after installation.

Code Select
pkg install os-cpu-microcode-intel-1.1
You can fix the missing plugins in the Firmware section.
February 03, 2025, 06:40:50 AM #3
I ended up disabling PowerD on an N100 and used this post:

Do I need to enable PowerD

Note that the thread mixes up SpeedStep and Speed Shift in a few places!  I think this is the right way around:

QuoteSpeedStep is the "old" method - needs PowerD.
Speed Shift is the new method and its available since 6th Gen of Intel CPUs (I think) - doesn't need PowerD.
February 03, 2025, 09:49:46 AM #4
Quote from: newsense on February 03, 2025, 03:58:40 AMThis is a must for N100 and later CPUs, reboot after installation.

Code Select
pkg install os-cpu-microcode-intel-1.1
You can fix the missing plugins in the Firmware section.

Thanks I'll install that and reboot.

I ran the plugin conflict checker which install the kissing plugins. I then uninstalled them as they aren't needed.
February 03, 2025, 09:51:24 AM #5
Quote from: pouakai on February 03, 2025, 06:40:50 AMI ended up disabling PowerD on an N100 and used this post:

Do I need to enable PowerD

Note that the thread mixes up SpeedStep and Speed Shift in a few places!  I think this is the right way around:

QuoteSpeedStep is the "old" method - needs PowerD.
Speed Shift is the new method and its available since 6th Gen of Intel CPUs (I think) - doesn't need PowerD.

Thanks is this as simple as disabling PowerD or do tuneables ned setting?
Thanks
February 03, 2025, 10:57:59 AM #6
Disable PowerD.

The N100 has on by default all enabled on FreeBSD, you can check your LOG if is really the case. If yes PowerD does not control the CPU anymore.

Regards,
S.
Networking is love. You may hate it, but in the end, you always come back to it.

OPNSense HW
APU2D2 - deceased
N5105 - i226-V | Patriot 2x8G 3200 DDR4 | L 790 512G - VM HA(SOON)
N100   - i226-V | Crucial 16G  4800 DDR5 | S 980 500G - PROD
February 03, 2025, 05:16:52 PM #7
Thanks,

I've disabled PowerD is there anything specific I need to check in the logs ?

Does System: Settings: Miscellaneous:  Hardware acceleration need enabling ? if it does, is that Intel Quick Assist ?

Thanks
February 03, 2025, 11:35:37 PM #8
Everything seems to be running ok.
Reading another blog there are suggestions for the following tuneables.

hw.ibrs_disable = 1
net.inet.ip.intr_queue_maxlen = 3000
hw.igc.max_interrupt_rate = 20000
hw.igc.rx_process_limit = 5000

Are these worth doing, will they help me get similar speeds to my ISPs router ?
Thanks
February 04, 2025, 12:20:05 AM #9
Since you use PPPoE: Did you optimize your MTU? 20-30 Mbps less with 900 MBps theoretical limit means 2% lesser throughput. If your MTU is not optimized to yield 1500 bytes after PPPoE and VLAN overhead, speed may decrease even (or especially) if you clamp your MSS to counter other problems.

See point 9 here.

Also, you can try traffic shaping (see official docs).
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
February 04, 2025, 06:46:47 PM #10
Quote from: meyergru on February 04, 2025, 12:20:05 AMSince you use PPPoE: Did you optimize your MTU? 20-30 Mbps less with 900 MBps theoretical limit means 2% lesser throughput. If your MTU is not optimized to yield 1500 bytes after PPPoE and VLAN overhead, speed may decrease even (or especially) if you clamp your MSS to counter other problems.

See point 9 here.

Also, you can try traffic shaping (see official docs).

Thanks.
I've run the mtu.sh script and it recommended 1484
Looking in the GUI the MTU was set to 1492 ( Calculated PPP MTU: 1484 )

Does that mean I need to change it ?

Thanks
February 04, 2025, 07:21:20 PM #11 Last Edit: February 04, 2025, 07:23:44 PM by meyergru
1. You have to set the MTU to a value <= your possible MTU, or you will have problems with sites without PMTU discovery.
2. To optimize that, it should be = your possible MTU.
3. With some hardware setups and ISPs, you can use even more than 1500 bytes on the underlying physical link, thus giving you again 1500 bytes even with PPPoE and / or VLANs in use, which overheads would normally have to be deducted from the physical link's MTU (often 1500).

To reiterate on #3, I gave detailed instructions here: https://forum.opnsense.org/index.php?topic=44271.msg220936#msg220936, this was linked in my instructions under point #9 already.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
February 05, 2025, 09:53:51 AM #12
Quote from: meyergru on February 04, 2025, 07:21:20 PM1. You have to set the MTU to a value <= your possible MTU, or you will have problems with sites without PMTU discovery.
2. To optimize that, it should be = your possible MTU.
3. With some hardware setups and ISPs, you can use even more than 1500 bytes on the underlying physical link, thus giving you again 1500 bytes even with PPPoE and / or VLANs in use, which overheads would normally have to be deducted from the physical link's MTU (often 1500).

To reiterate on #3, I gave detailed instructions here: https://forum.opnsense.org/index.php?topic=44271.msg220936#msg220936, this was linked in my instructions under point #9 already.


Please correct me on this.. Should my MTU be set to 1500, so the calculated will then be 1492 ?
I've never understood how this is meant to work.

Thanks
February 05, 2025, 10:36:33 AM #13 Last Edit: February 05, 2025, 10:48:14 AM by meyergru
I don't really know what to tell you beyond what I already said or linked any more.

You have to set your WAN MTU at a maximum of what actually is possible (mtu.sh can tell you what that is) - otherwise you will see real problems sooner or later. Probably, you can make something more than 14xx Bytes available by enlarging the MTU (to, say, 1512 bytes) of the underlying layers of your internet connection in order to optimize the payload/gap ratio (that depends on if your ISP can do it and your particular hardware). You may be able to get a net 1500 bytes MTU over the WAN interface.

Detailed instructions on how to do that have been given. If you want to get the last 2% speed, you will have to experiment with the MTUs (yes - there are multiple of them, on different layers) yourself.
Intel N100, 4 x I226-V, 16 GByte, 256 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
February 05, 2025, 04:41:56 PM #14
Thanks again.

My confusion is related to what I set vs what is computed.
If I enter the value from the MTU script, that makes the computed a lower value.

Should the WAN MTU be the script value, or should the computed value be the script value ?

Thanks
Print
Go Up Pages1 2
User actions