net.isr.dispatch=deferred
I don't want to be unfriendly, but I'm definitely going to close this thread if people keep comparing apples and oranges.Cheers,Franco
Hello Franco,I disagree as this isn't apples to oranges comparison, but as this thread is going on (started in July 2018 and still no resolution), comparing other firewalls with OPNsense running on the SAME hardware and saying what we are trying to solve the issue is the only thing we can do "on our side". And up to now, not a single dev produced some help in this thread as to why we might be having the issue or some path of resolution/explanation.The PCEngine hardware is used by a lots of people around the world (privately and commercialy) since many years (before OPNsense was forked) and it provides a lot and fills a segment on the market that other commercial brands can't even achieve for the same price (reliability and low power usage). So we want to maximize our investment AND also use OPNsense because we like/prefer it over other firewalls. Trying to muzzle or threathened us by closing the thread isn't the right direction imo and isn't what I am expecting from the OPNsense forum - and is a reason many of us left "that other well known firewall" for OPNsense. We are not bitching but we are kind of fed up (in a way) by the lack of help or feedback by the guys who are making OPNsense.So to be back on the thread itself, since other firewalls (Linux-based firewalls) are able to max the gigabit speed on any of the NIC of the APU2 from PCengine, we are all puzzled as to why OPNsense isn't capable of doing it. FreeBSD has the best TCP/IP stack of the *NIX out there so what is the problem? We are not all Operating System developpers and thus are not equipped to check what's going on when a transfer is occuring on the APU2's NICs. Is there an issue with FreeBSD/HardenedBSD and the Intel's NIC of the APU2? Is there some other issue with FreeBSD/HardenedBSD not being able to turbo the AMD cpu at 1.4Ghz? Anything else?We post on these forums to get (we hope) some answers from the devs themselves on some of the issues we encounters - like this one. So please, dont turn into that other company but instead maybe forward the questions to the dev team so they can take a look.Thank you for your comprehension.
The reason why probably no dev answerd is that maybe none of the devs have either an APU or such a high bandwidth. Keep in mind that this is a community project. I for myself have only VDSL100 .. I have no idea how to help because I can't reproduce.Maybe you can start with installing fresh pfsense, do a sysctl -a, output to file, do same for opnsense, and the diff them. Maybe pf has some other defaults. Keep in mind that pfsense has about 100x bigger community, so the chance that one guy with an APU and enought knowledge to solve this and report the fix (not the problem) to upstream is 100x higher.
https://www.max-it.de/kontakt/Michael MuenzAddress above ...
First of all: I have absolutely no clue. Please Ignore this if I'm completely wrong.Is it perhaps HardenedBSD related?It might be tuning away from performance by using different defaults than other OS?e.g.https://bsdrp.net/documentation/technical_docs/performance#entropy_harvest_impactSuggestts reducing kern.random.harvest.mask from 511 to 351 for performance gain.OPNsense default seems to be 2047.Now i take a look and see:# sysctl kern.random kern.random.harvest.mask: 675832^16+2047=67583Some different Byte is set.Tho i never tested 66047 nor 65887 nor 351.And this thread almost a year ago:https://forum.opnsense.org/index.php?topic=12058.0more recentlyhttps://forum.opnsense.org/index.php?topic=15686.msg71923#msg71923Perhaps someone who understands this stuff can give advice how to tune?
