Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4 | 5 | 6


199 posts

Master Geek
+1 received by user: 14


  Reply # 2196745 12-Mar-2019 20:03
Send private message quote this post

2Degrees & Enable ask me to use iperf to do tests between PCs.

 

I have e-mail screenshot to them for one of the test but the other not quite sure what that is I will post them here if anyone else can help please explain.

 

This test was done from my main PC (next to ONT & router) to other end of the house through 3 switches.

 

 

 

 

This first part of the test I haven't done or rather not sure how to do, maybe someone can help me out here.

 




199 posts

Master Geek
+1 received by user: 14


  Reply # 2196750 12-Mar-2019 20:17
Send private message quote this post

Another test done from my pfSense router to the PCs at other end of the house using iperf.

 

Only shows one result, so I have test a few times, all results are the same as below.

 

 

 

 

 


 
 
 
 


440 posts

Ultimate Geek
+1 received by user: 150


  Reply # 2196787 12-Mar-2019 21:18
Send private message quote this post

Testing it on pfsense to directly connected local subnet is unlikely to show anything different as the connection is not going to be stateful (i.e. running across NAT and firewall rules).

 

If you really wanted to go hard you'd plug a PC into the WAN configured as the pfsenses gateway (non-PPPoE of course) and run the iperf test across the pfsense box. The only problem here is that it wouldn't test the PPPoE dialer component.

 

Now if you're following my advice so far I'd also recommend dropping your WAN MTU to 1420 and disable fragmentation support. High MTU's are overrated and I always wonder why people are so obsessed with having a 1500 byte MTU. Technically it should not impact local speedtests but then we are talking the internet.


defiant
811 posts

Ultimate Geek
+1 received by user: 417

Lifetime subscriber

  Reply # 2196797 12-Mar-2019 21:37
Send private message quote this post

I suspect you need to be given a destination IP address to test from the device directly connected to UNI port of the ONT

 

You could try that 103.x.x.x address in their screenshot to see if it works




199 posts

Master Geek
+1 received by user: 14


  Reply # 2196798 12-Mar-2019 21:38
Send private message quote this post

vulcannz:

 

Testing it on pfsense to directly connected local subnet is unlikely to show anything different as the connection is not going to be stateful (i.e. running across NAT and firewall rules).

 

If you really wanted to go hard you'd plug a PC into the WAN configured as the pfsenses gateway (non-PPPoE of course) and run the iperf test across the pfsense box. The only problem here is that it wouldn't test the PPPoE dialer component.

 

Now if you're following my advice so far I'd also recommend dropping your WAN MTU to 1420 and disable fragmentation support. High MTU's are overrated and I always wonder why people are so obsessed with having a 1500 byte MTU. Technically it should not impact local speedtests but then we are talking the internet.

 

 

 

 

At this point I would give anything a go tbh, I have dropped WAN MTU to 1420 it does nothing, speeds coming back the same.

 

What's the fragmentation support? Anything from here is the one you talking about?

 

 

 

 

 




199 posts

Master Geek
+1 received by user: 14


  Reply # 2196805 12-Mar-2019 21:44
Send private message quote this post

dfnt:

 

I suspect you need to be given a destination IP address to test from the device directly connected to UNI port of the ONT

 

You could try that 103.x.x.x address in their screenshot to see if it works

 

 

 

 

Done

 

 

 


440 posts

Ultimate Geek
+1 received by user: 150


  Reply # 2196817 12-Mar-2019 22:11
One person supports this post
Send private message quote this post

Don't worry about the Do Not Frag option, it's only on some devices.

 

The iperf result is interesting, because iperf is UDP it's like an 'unloaded' test (no statefulness etc). Can you run a CPU core monitoring graph on your pfsense when you run the iperf? And maybe do the same with a TCP iperf test.


Mr Snotty
8433 posts

Uber Geek
+1 received by user: 4358

Moderator
Trusted
Lifetime subscriber

  Reply # 2196818 12-Mar-2019 22:12
One person supports this post
Send private message quote this post

2degrees supports full 1500 MTU on the PPPoE interface. Not sure on the PFSense box, however, with EdgeOS I'd configure it as the following:

 

1508 MTU - Ethernet (to ONT) + VLAN.
1500 MTU - PPPoE Dialer.

 

That does show quite a bit more than what you were getting out of a Speedtest however which is a good sign.





440 posts

Ultimate Geek
+1 received by user: 150


  Reply # 2196820 12-Mar-2019 22:13
One person supports this post
Send private message quote this post

michaelmurfy:

 

2degrees supports full 1500 MTU on the PPPoE interface. Not sure on the PFSense box, however, with EdgeOS I'd configure it as the following:

 

1508 MTU - Ethernet (to ONT) + VLAN.
1500 MTU - PPPoE Dialer.

 

That does show quite a bit more than what you were getting out of a Speedtest however which is a good sign.

 

 


Yeah but full 1500 MTU assumes that PMTU actually works, and as we know it doesn't. 


27582 posts

Uber Geek
+1 received by user: 7047

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 2196821 12-Mar-2019 22:13
Send private message quote this post

What does a TCP test show?




199 posts

Master Geek
+1 received by user: 14


  Reply # 2196829 12-Mar-2019 22:29
Send private message quote this post

vulcannz:

 

Don't worry about the Do Not Frag option, it's only on some devices.

 

The iperf result is interesting, because iperf is UDP it's like an 'unloaded' test (no statefulness etc). Can you run a CPU core monitoring graph on your pfsense when you run the iperf? And maybe do the same with a TCP iperf test.

 

 

 

 

This is about average I have seem from about 10 tests.

 


Mr Snotty
8433 posts

Uber Geek
+1 received by user: 4358

Moderator
Trusted
Lifetime subscriber

  Reply # 2196834 12-Mar-2019 22:40
One person supports this post
Send private message quote this post

@D1NZ OK, that is one overkill router. I now apologise what I made you do earlier on in the thread however was a good test to take SNORT etc out of the loop.

 

You can get a CPU graph somewhere in the interface (been a while since I used PFSense). Have that running and hammer your connection to ensure it isn't spiking too high.







199 posts

Master Geek
+1 received by user: 14


  Reply # 2196838 12-Mar-2019 22:42
Send private message quote this post

michaelmurfy:

 

@D1NZ OK, that is one overkill router. I now apologise what I made you do earlier on in the thread however was a good test to take SNORT etc out of the loop.

 

You can get a CPU graph somewhere in the interface (been a while since I used PFSense). Have that running and hammer your connection to ensure it isn't spiking too high.

 

 

 

 

All tests it's actully done with Snort and pfBlockerNG all running 😁




199 posts

Master Geek
+1 received by user: 14


  Reply # 2196841 12-Mar-2019 22:56
Send private message quote this post

I notice iperf can actully open few mutli connections.

 

Problem seems gone away.

 




199 posts

Master Geek
+1 received by user: 14


  Reply # 2196843 12-Mar-2019 23:00
Send private message quote this post

michaelmurfy:

 

@D1NZ OK, that is one overkill router. I now apologise what I made you do earlier on in the thread however was a good test to take SNORT etc out of the loop.

 

You can get a CPU graph somewhere in the interface (been a while since I used PFSense). Have that running and hammer your connection to ensure it isn't spiking too high.

 

 

doesn't really show much and I have been try to hammer it with iperf with 20 connections

 


1 | 2 | 3 | 4 | 5 | 6
View this topic in a long page with up to 500 replies per page Create new topic


Donate via Givealittle


Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

Amazon introduces new Kindle with adjustable front light
Posted 21-Mar-2019 20:14


A call from the companies providing internet access for the great majority of New Zealanders, to the companies with the greatest influence over social media content
Posted 19-Mar-2019 15:21


Two e-scooter companies selected for Wellington trial
Posted 15-Mar-2019 17:33


GeForce GTX 1660 available now
Posted 15-Mar-2019 08:47


Artificial Intelligence to double the rate of innovation in New Zealand by 2021
Posted 13-Mar-2019 14:47


LG demonstrates smart home concepts at LG InnoFest
Posted 13-Mar-2019 14:45


New Zealanders buying more expensive smartphones
Posted 11-Mar-2019 09:52


2degrees Offers Amazon Prime Video to Broadband Customers
Posted 8-Mar-2019 14:10


D-Link ANZ launches D-Fend AC2600 Wi-Fi Router Protected by McAfee
Posted 7-Mar-2019 11:09


Slingshot commissions celebrities to design new modems
Posted 5-Mar-2019 08:58


Symantec Annual Threat Report reveals more ambitious, destructive and stealthy attacks
Posted 28-Feb-2019 10:14


FUJIFILM launches high performing X-T30
Posted 28-Feb-2019 09:40


Netflix is killing content piracy says research
Posted 28-Feb-2019 09:33


Trend Micro finds shifting threats require kiwis to rethink security priorities
Posted 28-Feb-2019 09:27


Mainfreight uses Spark IoT Asset Tracking service
Posted 28-Feb-2019 09:25



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.