OPNSense on Protectli max WAN speed of 600Mbps

Networking & Firewalls
#1

Hi, everyone!

Great stuff here, and thanks, Tom for all your videos.

I’ve just upgraded my Spectrum service to 1Gig and had a tech come out and confirm I’m getting better than 940 through my Motorola cable modem.

The problem I’m having is max speedtest results on a Windows 10 box connected directly to the same Unifi 1G switch as the Protectli LAN port. I get up to 650, occasionally a bit higher, but nowhere near the 940 I get connected directly to the modem.

I tried running speedtest-cli directly on the firewall, but the results were even more abysmal - around 340.

Anybody else have a similar issue getting full speed through the firewall?

My Protectli is about a year old, four ports with an i3 chip - CPU and memory are generally below 10%.

Thanks in advance, and apologies if this was discussed and I didn’t find the thread in my search.

Art

#2

Correction - The vault I have is Intel Quad Core (Atom E3845) - not i3.

Thanks again!

Art

#3

Do you use PPPOE? If so, that can cause only a single core to be used. Setting the isr handling to be deferred per this doc can help, but I also has other suggestions that may, or may not apply to your hardware APU2 1Gbit throughput on pfSense (configuration instructions)

#4

Thanks!

I’ll take a look.

Art

#5

Yes. I followed a similar instruction sheet on their site for OPNSense:

I didn’t see a huge difference, but in reading the link you sent, that version talks about getting the full gigabit using two connections - I was just trying a single speed test.

I’m going to test with two connections and see what happens.

Thanks agian.

#6

With two clients running speedtest the router is still getting 660Mbps max.

#7

Does your Protectli box have Realtek or Intel NICs? Sometimes Realtek NICs on a lower frequency CPU are not able to reach gigabit speeds (900+ Mbits).

It would also worth to have a look via the CLI to see if any core is maxed out during the speed test [especially soft IRQs].
Regards,
Adrian

#8

Thanks, Adrian.

The Protectli box I have says they’re Intel NICs. I’ll monitor the cores to see if it’s pegging one of them during the test. Great idea. Thanks again!

Art