Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3
Affiliate link
 
 
 

Affiliate link: NordVPN allows you to securely access the Internet, encrypt your connection and keep your browsing history private.
ripdog
535 posts

Ultimate Geek

Subscriber

  #2149435 22-Dec-2018 20:32
Send private message

I use pfsense on a i3-4010U CPU @ 1.70GHz, and I get 950mbps down easily over PPPoE, including services like DNS adblocking. @sbiddle, I think you seriously overestimate the hardware you need to get gigabit throughput.


sbiddle
30853 posts

Uber Geek

Retired Mod
Trusted
Biddle Corp
Lifetime subscriber

  #2149436 22-Dec-2018 20:35
Send private message

attewell: 

So what kind of PC do I need. What is better then pfSense?

 

That's not really a question that has an answer.

 

What are your reasons for using pfSense? 

 

 


gorringS
71 posts

Master Geek


  #2149503 22-Dec-2018 22:38
Send private message

try swapping to pcie lan controller. Intel tends to be best and set up with jumbo framing and you find it  get over 900meg.bit down and over 500 on up

 

https://www.speedtest.net/result/d/1dd3b161-f381-403e-a57d-c34bdf6eb3bd.png




shrub
654 posts

Ultimate Geek

ID Verified

  #2149509 22-Dec-2018 23:24
Send private message

CPU has very little to do with pfsense. Its all on the NIC's. If you are using an onboard nic with a realtek chip and a single nic on pci bus. The cpu will be doing a lot more work and is really necessary.

 

I have gigabit with orcon getting 945/540. My pfsense is rocking an old Athlon x2 255 2 core. I have got a good intel 4 port pci-e x4. The CPU hits 5-7% when its loaded with linux distros' pulling 110mb/s on qbitorrent.

 

 


freakalad

231 posts

Master Geek


  #2165325 22-Jan-2019 12:51
Send private message

sparkz25:

 

after some testing and alot of homework  afew of us took the plunge on these little pc's

 

https://www.aliexpress.com/item/Free-Shipping-4-Gigabit-LAN-ports-Mini-PC-Celeron-3215U-Core-i3-Core-i5-WIFI-using/32829499825.html?spm=a2g0s.9042311.0.0.63fc4c4dK9thux

 

We chose the I5-5200u model because it also has AES which helps with the VPN

 

...

 

 

Looks like a great little box, capable of doing the trick. Like the fact that it's fanless, which is a big plus for my needs (trying to reduce the hum in my home-lab & moving parts)

 

Might use it for some other projects too :)

 

Can you confirm that you're getting gigabit on your WAN? (not apparent on the screencap)

 

 

 

Tangenting the search from here, promising Reddit post hints @ fitlet2 @ https://fit-iot.com/web/

 

 

 

An aside btw: does anyone know how/where to (intl.) look up SBC's ala. PriceSpy? I'd like find boards based on spec/requirement, such as NIC's, CEC, ARM vs. x86, etc





FLOSS'er, aspiring Maker


muppet
2318 posts

Uber Geek

Trusted

  #2165329 22-Jan-2019 12:58
Send private message

freakalad:

 

Looks like a great little box, capable of doing the trick. Like the fact that it's fanless, which is a big plus for my needs (trying to reduce the hum in my home-lab & moving parts)

 

Might use it for some other projects too :)

 

Can you confirm that you're getting gigabit on your WAN? (not apparent on the screencap)

 

 

 

An aside btw: does anyone know how/where to (intl.) look up SBC's ala. PriceSpy? I'd like find boards based on spec/requirement, such as NIC's, CEC, ARM vs. x86, etc

 

 

I bought one of these, I installed Proxmox on mine and run pfSense as a virtual machine.

 

It works great, I don't have Gig Fibre though so can't tell you if this setup allows me a full 1G - I would doubt it though with PPPoE overheads.


hio77
'That VDSL Cat'
12970 posts

Uber Geek

ID Verified
Trusted
Voyager
Subscriber

  #2165331 22-Jan-2019 13:09
Send private message

shrub:

 

CPU has very little to do with pfsense. Its all on the NIC's. If you are using an onboard nic with a realtek chip and a single nic on pci bus. The cpu will be doing a lot more work and is really necessary.

 

I have gigabit with orcon getting 945/540. My pfsense is rocking an old Athlon x2 255 2 core. I have got a good intel 4 port pci-e x4. The CPU hits 5-7% when its loaded with linux distros' pulling 110mb/s on qbitorrent.

 

 

 

 

Remember, orcon use DHCP.

 

 

 

the issue discussed here is PPPoE related.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 




freakalad

231 posts

Master Geek


  #2165341 22-Jan-2019 13:23
Send private message

muppet:

 

I bought one of these, I installed Proxmox on mine and run pfSense as a virtual machine.

 

 

that's MADNESS!





FLOSS'er, aspiring Maker


freakalad

231 posts

Master Geek


  #2165353 22-Jan-2019 13:33
Send private message

Thinking of a different tack, going back to the days where I was able to 'slave' my DSL modem to my old IPcop box.

 

Can I set my ISP modem/router to do some sort of bridging pass-through? Let the "modem" maintain the connection, since it seems to be doing a pretty good job of it, and have my pfSense/opnSense box do what it does best.  
Essentially I want my ISP device to act as an interface; just want the modem as "dumb" modem.

 

I've had a bit of a tutu, but results are not worth the effort.

 

Presently fell back to just have my firewall hooked up as a DHCP client to the ISP modem, speedtest-cli on the firewall returning only 423.74/275.35





FLOSS'er, aspiring Maker


hio77
'That VDSL Cat'
12970 posts

Uber Geek

ID Verified
Trusted
Voyager
Subscriber

  #2165359 22-Jan-2019 13:38
Send private message

freakalad:

 

speedtest-cli on the firewall returning only 423.74/275.35

 

 

last i checked, speedtest-cli was single threaded.. pretty poor test method for gbit honestly.





#include <std_disclaimer>

 

Any comments made are personal opinion and do not reflect directly on the position my current or past employers may have.

 

 


freakalad

231 posts

Master Geek


  #2166803 24-Jan-2019 11:26
Send private message

Update:

 

Due to indicators pointing to PPPoE queue/threading as the culprit, and comments elsewhere by sbiddle indicating that Orcon uses IPoE, I seriously considered changing ISP, but turns out that Slingshot & Orcon are effectively the same company.  

 

I managed to have a pretty great exchange with a tame in-house network tech, and it turns out that I could simply connect via IPoE (VLAN-10 tagged DHCP). Was such a simple solution, it never even occurred to me!

 

The situation has improved, maybe by 10%, but the issue seems to not be purely software-related.

 

Ran some iperf tests from various points (all sans ISP router) - on pfSense/opnSense on PCengines SBC's (nearly identical setups on 2 boxes), from my laptop behind said systems, and then directly from my laptop to the ONT.

 

 

 

Linux via pfSense/opnSense:

 

[code]{

 

# iperf -P 10 -t 20 -c akl.iperf.linetest.nz
------------------------------------------------------------
Client connecting to akl.iperf.linetest.nz, TCP port 5001
TCP window size: 85.0 KByte (default)
------------------------------------------------------------
[ 3] local [redacted] port 52802 connected with 60.234.3.9 port 5001
write failed: Connection reset by peer
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-15.2 sec 886 MBytes 489 Mbits/sec

 

}[/code]

 

 

 

From pfSense/opnSense:

 

[code]{

 

# iperf -P 10 -t 20 -w 85K -c akl.iperf.linetest.nz
------------------------------------------------------------
Client connecting to akl.iperf.linetest.nz, TCP port 5001
TCP window size: 85.5 KByte (WARNING: requested 85.0 KByte)
------------------------------------------------------------
[ 3] local [redacted] port 39788 connected with 60.234.3.9 port 5001
write failed: Broken pipe
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-19.9 sec 884 MBytes 373 Mbits/sec

 

}[/code]

 

 

 

Linux to ONT: (Linux laptop has significantly better spec than PCengines SBC)

 

[code]{

 

# iperf -P 10 -t 20 -c akl.iperf.linetest.nz
------------------------------------------------------------
Client connecting to akl.iperf.linetest.nz, TCP port 5001
TCP window size: 85.0 KByte (default)
------------------------------------------------------------
[ 3] local [redacted] port 55304 connected with 60.234.3.9 port 5001
write failed: Connection reset by peer
[ ID] Interval Transfer Bandwidth
[ 3] 0.0-17.1 sec 886 MBytes 434 Mbits/sec

 

}[/code]

 

 

 

This last test, for a no-frills IPoE (DHCP VLAN[10]) connection directly to the ONT from my desktop, comes somewhere close to theoretical attainable, somewhat on-par with the ISP-provided router.

 

The conclusion I'm coming to is that, contrary (or in addition to?) to the initial information out there - that it's down to the additional overhead caused by the singlethreaded queueing implementation of PPPoE on POSIX - it could have more to do with the hardware not being up to the task, despite it being a relatively "simple" IPoE/DHCP connection.

 

Seems I may have little choice in the matter but to acquire a new gateway box :/

 

 





FLOSS'er, aspiring Maker


muppet
2318 posts

Uber Geek

Trusted

  #2166924 24-Jan-2019 12:59
Send private message

freakalad:

 

muppet:

 

I bought one of these, I installed Proxmox on mine and run pfSense as a virtual machine.

 

 

that's MADNESS!

 

 

Why have all that hardware sitting there to forward the odd packet?

 

I want as few boxes in my network as possible to power/take up space/generate heat, but want the ability to run VM's etc to play with stuff.  This little box does it very well.

 

One day I'll upgrade us to Gig for a month, just to see what pfSense + vtnet is capable of using PPPoE.

 

 

 

As for your problem:

 

 

 

1) You're always doing iperf to the same device?

 

2) What does Wireshark show you when running a test?  Do you see any TCP retransmits?  Can you run a UDP test and see at what speed things start to drop out?

 

3) Your 3rd test you posted looks very poor as well - I don't quite understand your post where you said it's near the maximum - it's not.


freakalad

231 posts

Master Geek


  #2176286 11-Feb-2019 12:06
Send private message

sparkz25:

 

after some testing and a lot of homework a few of us took the plunge on these little pc's

 

...

 

Click to see full size

 

 

I took the plunge & got one of these ones too; higher end of the spec for a bit of future-proofing.

 

Must say they're pretty sweet, especially for the price, so thanks for the suggestion.

 

 

 

I've been messing around with settings - both pfSense & opnSense - but the gains have been marginal.

 

Can you please share the tweaks you made to your Tunables? I've implemented some of those suggested via the NIC optimizations page ref'd earlier, in various combinations, for both IPoE & PPPoE  connections, but still only getting ~600mpbs at best, which is still only 60% of attainable using the ISP's device.





FLOSS'er, aspiring Maker


vulcannz
436 posts

Ultimate Geek
Inactive user


  #2177240 12-Feb-2019 17:34
Send private message

gorringS:

 

try swapping to pcie lan controller. Intel tends to be best and set up with jumbo framing

 

 

You do know jumbo frame frames are for internal (LAN not internet) traffic right?


sparkz25
751 posts

Ultimate Geek
Inactive user


  #2177273 12-Feb-2019 18:08
Send private message

freakalad:

 

sparkz25:

 

after some testing and a lot of homework a few of us took the plunge on these little pc's

 

...

 

Click to see full size

 

 

I took the plunge & got one of these ones too; higher end of the spec for a bit of future-proofing.

 

Must say they're pretty sweet, especially for the price, so thanks for the suggestion.

 

 

 

I've been messing around with settings - both pfSense & opnSense - but the gains have been marginal.

 

Can you please share the tweaks you made to your Tunables? I've implemented some of those suggested via the NIC optimizations page ref'd earlier, in various combinations, for both IPoE & PPPoE  connections, but still only getting ~600mpbs at best, which is still only 60% of attainable using the ISP's device.

 

 

 

 

Have a tinker with the MTU, ours is set to 1508 for optimization.

 

what speed tests are you running, speed test app for windows? fast.com or speed test website?

 

Im getting an average of  700Mbps at the moment on all the apps/sites.

 

The thing thats letting us down at the moment is the PPPoE limitations with the nics on the these boxes, we are looking at implementing a BNG to allow us to ditch our suppliers PPPoE

 

Appart from hitting the full gig the new supplier is brilliant, the peering is awesome and pages just load so much quicker, our MSP no longer needs a VPN to Australia to function properly.

 

 


1 | 2 | 3
View this topic in a long page with up to 500 replies per page Create new topic





News and reviews »

D-Link G415 4G Smart Router Review
Posted 27-Jun-2022 17:24


New Zealand Video Game Sales Reaches $540 Million
Posted 26-Jun-2022 14:49


Github Copilot Generally Available to All Developers
Posted 26-Jun-2022 14:37


Logitech G Introduces the New Astro A10 Headset
Posted 26-Jun-2022 14:20


Fitbit introduces Sleep Profiles
Posted 26-Jun-2022 14:11


Synology Introduces FlashStation FS3410
Posted 26-Jun-2022 14:04


Intel Arc A380 Graphics First Available in China
Posted 15-Jun-2022 17:08


JBL Introduces PartyBox Encore Essential Speaker
Posted 15-Jun-2022 17:05


New TVNZ+ streaming brand launches
Posted 13-Jun-2022 08:35


Chromecast With Google TV Review
Posted 10-Jun-2022 17:10


Xbox Gaming on Your Samsung Smart TV No Console Required
Posted 10-Jun-2022 00:01


Xbox Cloud Gaming Now Available in New Zealand
Posted 10-Jun-2022 00:01


HP Envy Inspire 7900e Review
Posted 9-Jun-2022 20:31


Philips Hue Starter Kit Review
Posted 4-Jun-2022 11:10


Sony Expands Its Wireless Speaker X-series Range
Posted 4-Jun-2022 10:25









Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.