My old setup was:
VSDL modem -> pfsense on mini J1900 Celeron (2 GHz) -> CISCO SG300 10MPP switch -> Rukus R310 wifi -> Laptop
Currnet setup
Fiber model -> pfsense on mini J1900 Celeron (2 GHz) -> CISCO SG300 10MPP switch -> Rukus R310 wifi -> Laptop
Today i got my 1GBit fiber installed (big deal for those like me living in rural areas) only to discover that my current network setup is not allowing me to benefit from it.
I was on VSDL copper wire before and was probably in the region of 50-60 MBit/s with my above current setup. Even when removing the wifi bottle and linking with Cat5 UTP wire directly to switch, I’m not getting major improvements.
When I got the fiber installed this morning I was disappointed when I saw only marginal gain running at 80 MBit/s (c. +30 MBit). So I decided to connect the laptop via LAN cable directly to modem. I got a starkling 900MBit/s. So, along my network I have bottlenecks.
THe first one I tested was my little pfsense machine. I installed the speedtext-cli command and was surprised to find that it was giving my around 300 MBit/s. So a lot better than my laptop on its usual wifi connection but still only 33% of what I get directly off the modem.
So my first question is how can it be that my little mini J1900 Celeron (2 GHz) with 4 GB RAM cannot handle this bandwith? Do I need an upgrade for my pfsense machine? I noticed that the peak CPU demand as speedtest-cli was running was in the 60% region, far from a saturated CPU and RAM only occupied for about 30%. If it is my little pfsense machine, how far do I have to go with finding the right little machine that can handle 1 GBit/s.
The next question is if I’m getting 300 MBit/s on the WAN connection of the pfSense machine, how is it that I only see a small percentage of this on my laptop? i.e. a drop from 300 MBit/s to 80 MBit/s? I guess I would have to test the switch to start and then move to the wifi access points …
You must log in or register to comment.
how can it be that my little mini J1900 Celeron (2 GHz) with 4 GB RAM cannot handle this bandwith?
Because it’s ancient, and when it was new it was bottom-of-the-barrel.
I probably didn’t realise how CPU intensive the work of 1Gbit connection must be …
Something to look for besides bandwidth is actual packet routing throughput. It’s possible you enabled a feature (ex. Deep packet inspection) that is limiting how many packets can be routed per second given the speed of your hardware.
For what it’s worth, since it sounds like you will be hardware shopping soon: I am using a 2.4GHz Intel Atom C2758 running pfSense and get 2Gb/s down and around 1.5Gb/s up through it. I am using an add-on Intel-based PCIe network adapter, so I’m not sure if that is helping with the CPU load. But it works well.
Acronyms, initialisms, abbreviations, contractions, and other phrases which expand to something larger, that I’ve seen in this thread:
Fewer Letters More Letters AP WiFi Access Point NAT Network Address Translation PCIe Peripheral Component Interconnect Express PoE Power over Ethernet VPN Virtual Private Network
5 acronyms in this thread; the most compressed thread commented on today has 11 acronyms.
[Thread #861 for this sub, first seen 9th Jul 2024, 21:35] [FAQ] [Full list] [Contact] [Source code]
Might be pfsense? My little J1900 box running Ubuntu Server gets 920Mbps.
What can the network cards support?
So my first question is how can it be that my little mini J1900 Celeron (2 GHz) with 4 GB RAM cannot handle this bandwith?
- check ethtool for link speed:
sudo ethtool enp2s0 | egrep 'Speed|Duplex'Your device name may be different fromenp2s0. useip linkto see all devices. if it’s not
Speed: 1000Mb/s Duplex: Fullthen that’s probably a bad sign.
- that is a 10 year old celeron processor. celeron were the budget (a.k.a. cheapest, slowest) class processor at the time. it’s quite likely that it cannot keep up.
- If you still think it’s not CPU directly, use iotop to see if you have I/O bottleneck.
- check ethtool for link speed:
That Pentum is a budget CPU from just over 10 years ago. It has PCIe 2.0. Maybe the “gigabit” ethernet is connected to the CPU by a single 500Mbit PCIe lane.
Have you checked all the ethernet links are actually connected at 1G and not 100M?
The question is what you do with your pfsense. IDS/IPS are quite CPU hungry and Celerons are not really fast CPU’s.
peak CPU demand as speedtest-cli was running was in the 60% region, far from a saturated CPU and RAM only occupied for about 30%
It doesn’t look like he’s bound by CPU.
And he is currently at 1/3 of the potential speed and 3*60% = 180% CPU load for 1Gbits. So I wouldn’t even bother troubleshooting further when you already know the hardware will be an issue sooner or later.
