DEC750 realistic 10G expectations

ou1 · February 21, 2026, 03:40:35 PM

Quote from: Greg_E on February 20, 2026, 08:10:07 PMNot to be too far off topic, I can't even get gigabit fiber to my house, and cable is not reliable because they haven't upgraded their plant in 20 years.

And then the question of a static IP... Generally no or lots of money.

I need to remember not to take fiber for granted. I'm not even with the best fiber provider in Switzerland, like @patient0, but it's cheap, fast, very reliable, and lets you bring your own hardware (as long as it's on their list of approved hardware). I don't have static IPv4 but I'm using godns to update a DNS record from one of my domains, which is good enough for me.

shadesh · February 26, 2026, 10:26:36 AM

Quote from: ou1 on February 16, 2026, 09:55:46 AMI've come across this blog post, which also confirms that the DEC750 wouldn't be capable of reaching 10Gbps in my use case

https://blog.shade.sh/index.php/archive/2116

I've turned on hyperthreading in BIOS and applied these settings which allow all 8 cores to process interrupts as described in the post. This got my internet iperf3 performance up to 6.2Gbps, speedtest.net to 5Gbps, which is a small improvement, but I guess this is as fast as it will get.

Hey there ;) Glad that my Posts are still somehow useful. I did a lot of tests on my Init7 10G line and never got over the maximum posted on my blog.
But im open for other missing optimisation vaules, i maybe had overseen. My personal opinion is, that you need at least the DEC850 to reach true 10G

Seimus · February 26, 2026, 10:36:54 AM

Honestly I think you cant actually get 10G ~ wirerate.

When you check the specs, vendor tested. You can see 4 important things:

QuoteFirewall Throughput - 10Gbps = BackPlane
Firewall Packets Per Second - 830Kpps = Backplane
Firewall Port to Port Throughput - 8.5Gbps = Throughput per single 10G NIC
Firewall Port to Port Packets Per Second - 719Kpps = Throughput per single 10G NIC

https://shop.opnsense.com/dec700-series-opnsense-desktop-security-appliance/

These basically specify what is the by vendor "guaranteed performance". Realistically speaking the MAX you should get is 8.5G, but that will heavily depend on your implementations.

If you have for example shaper enabled, try to disable it if it will not help to increase the raw output.

Regards,
S.

passeri · February 26, 2026, 10:51:26 AM

I had a look at the brochure. In the fine print it appears to me to say that packets per second are measured with 500 byte packets but this number is multiplied by 1500 [byte packets] to get throughput. Ergo, it cannot be achieved. Did I misread?

Seimus · February 26, 2026, 11:50:35 AM

QuoteAll measurements are based upon TCP traffic unless stated otherwise. Total Firewall Throughput is calculated based on system utilisation and port-to-port performance test in full duplex. Maximum PPS is measured using 100 byte packets. IPS performance is measured using ET Open and standard 1500 byte package size. SSL VPN is measured using AES256GCM16+SHA512. Concurrent sessions are based upon memory available, where one state consumes 1KB of memory and 1GB of memory is reserved for system tasks. Latency is measured as an average over 60 seconds.

PPS is measured with 100B size, this is to measure the performance and include small sized packets. Basically to see how much MAX pps you can route/switch before you see a performance degradation.

Throughput does not have mentioned what packet size or tool was used for measurement. But I would guess they used default L3 MTU size (1500B).

Regards,
S.

nero355 · February 26, 2026, 03:48:56 PM

Quote from: Seimus on February 26, 2026, 10:36:54 AMHonestly I think you cant actually get 10G ~ wirerate.

I think so too based on personal experience with Dedicated Hosting/Server Rental setups in the past :
- Standard speed 1 x 10 Gbps = 6,5 Gbps effectively.
- Standard speed 2 x 10 Gbps in LACP with Layer 3+4 Hashing = 13 Gbps effectively.

Only one special customer who did a lot of optimizing on their own reached about 8 to 8,5 Gbps on a single 10 Gbps connection.
And he used OpenBSD instead of Debian/Ubuntu/CentOS/Gentoo which other customers were using most of the time !!

NIC brands varied from Intel to Mellanox to whatever a lot of various HPE 1x10 Gbps and 2x10 Gbps models were using at the time...
All of them only had SFP+ ports by the way!

So this sounds logical IMHO :

QuoteFirewall Throughput - 10Gbps = BackPlane
Firewall Port to Port Throughput - 8.5Gbps = Throughput per single 10G NIC

Realistically speaking the MAX you should get is 8.5G, but that will heavily depend on your implementations.

:)

passeri · February 26, 2026, 10:06:04 PM

Quote from: Seimus on February 26, 2026, 11:50:35 AMPPS is measured with 100B size, this is to measure the performance and include small sized packets. Basically to see how much MAX pps you can route/switch before you see a performance degradation.

Throughput does not have mentioned what packet size or tool was used for measurement. But I would guess they used default L3 MTU size (1500B).

Regards,
S.

I see it says different things in different brochures from different periods. This came from a DEC 700 Series brochure:

QuoteMaximum PPS is measured using 100 byte sized packages. All throughput numbers are based upon maximum packets per second multiplied by standard 1514byte frame size minus additional overhead where applicable

the clear implication being that they took the 100 byte rate and multiplied it by ~1500. I mentioned 500 bytes because that rather than 100 is in the DEC 600 Series brochure.

This is generally consistent with what is being reported here.

DEC750 realistic 10G expectations

ou1

February 21, 2026, 03:40:35 PM #15

shadesh

February 26, 2026, 10:26:36 AM #16

Seimus

February 26, 2026, 10:36:54 AM #17

passeri

February 26, 2026, 10:51:26 AM #18

Seimus

February 26, 2026, 11:50:35 AM #19

nero355

February 26, 2026, 03:48:56 PM #20

passeri

February 26, 2026, 10:06:04 PM #21