Hi everyone, I’m new to this forum. I’m curious if anyone else has encountered this with the SG-3100 or other routers/firewalls where VLAN throughput is measurably less than when using a native interface.
I recently upgraded my Xfinity internet to their 1 Gbps / 35 Mbps plan, and after some troubleshooting realized that when coming from a VLAN interface, the download topped out around 800Mbps. If I came in from a native LAN network of the SG-3100, I got 940 Mbps. The results are very repeatable.
Here are some key details.
- I tested this on 2.4.5_1, and on a completely fresh install of 21.02-p1. I even simplified and recreated my firewall rules from scratch.
- I have 6 VLANs defined in pfSense and in Unifi.
- No packages installed, after the fresh install.
- No traffic shaping.
- The SG-3100 is attached to a Unifi US-24-G1 switch. I can reproduce the drop in speed by switching the switch port from the native LAN profile to a VLAN profile.
- I tested internet throughput using multiple speedtest sites, but mostly using the Ookla SpeedTest app on Windows.
- I’ve tested inter-VLAN throughput using iperf3, and I consistently get around 770 Mbps (close to my internet speed tests).
- I’ve tested from multiple computers.
- While performing the speed tests, I’ll see the SG-3100’s CPU hit 50ish%, so I don’t think it’s a CPU bottleneck there.
- I have since switched to running pfSense 2.5 on a spare desktop with a 4th gen i5 and a quad port Intel NIC, where I get my full internet and inter-VLAN speeds. So this proves it’s not a Unifi switch bottleneck.
I’m curious what other’s thoughts are on this. Am I missing something? Or is it already known that the SG-3100 can’t do full gig speed over VLANs? I didn’t realize VLANs could introduce that much of a penalty on throughput.
Realistically, the 800 Mbps I’m getting is more than I need, but seeing a bottleneck there is frustrating. I’m thinking of jumping up to the SG-5100, but I would hate to buy it and see that it also can’t do full line speed over VLANs.
Appreciate any insights.