I have seen many servers with huge resources on CPU, SSD and so on, but with a desktop netcard, and it goes without saying that performance is significantly reduced.The MoCA test, which consists of a 30-point assessment on one side of an A4 page, takes about 10 minutes to complete.Ī person can do the test on paper or online via an app. Therefore, it is always important to have some 'fast' HW that is supported by OS. It all takes time and more resources and it affects speed. Also, keep in mind that PFSense is a stateful inspection firewall, which popularly said uses resources to write and read state tables. VLAN tagging is always slower than non-tagging, due to the VLAN tagging process itself. L2 vs 元 - routing is always a bit slower than switching as routing is an intelligent decision. VLANs don't physically separate the traffic unless you put them on their own ports.īe sure all links have negotiated to full duplex, as well. USGs aren't particularly strong routers.Īlso, since you are using one port for pfsense, you're running a "router on a stick," so traffic had to traverse the same link twice, cutting your theoretical maximum bandwidth quite a bit. You may be able to tune things to get closer to wire speed, but, ultimately, the hardware dedicated to it is going to dictate what its maximum capabilities are, and that's always going to be a bit less than purely switched traffic. What could be the reason for pfSense cause this impact on inter VLAN communication?Ĭommunication between hosts on the same VLAN doesn't touch pfsense and, thus, can proceed at wire rate on the switch.īetween VLANs, the traffic first has to go to the USG, which is routing, be subjected to whatever rules and other configuration you have on both it and pfsense, and then be forwarded to the next vlan.Īny time a router is involved, there is necessarily going to be at least slightly lower performance than simply shouting on the local segment. Now the result was quite closer to the first test 0.00-10.00 sec 493 MBytes 414 Mbits/sec receiverģ) Third test was to remove the pfSense, connecting the USG directly to the main switch, no changes on desktop VLAN as the test 2. 0.00-10.00 sec 1.06 GBytes 906 Mbits/sec receiverĢ) Then I changed the desktop to another vlan (2) (ip 10.200.2.241) and this was the result With my desktop on this network (ip 10.200.0.20) this was the results.Iperf server runs on main network (ip 10.200.0.10). I am trying to undersand why the iperf3 test is slower if I run it from different vlans and if I remove the pfsense it runs ok. PfBlockerNG and Snort are running on pfSense nothing else is configured with exception of a management interface, so I can access the pfsense box. All vlan settings are defined under the Unifi devices, no vlan configuration on pfSense. I have pfsense running on transparent mode here (wan-lan bridge) and its located between the LAN port of my router (Unifi USG) and the main switch on my network. r/pfblockerng /r/sysadmin /r/networking /r/homelab /r/homenetworking This is a community subreddit so lets try and keep the discourse polite. This subreddit is primarily for the community to help each other out, if you have something you want the maintainers of the project to see we recommend posting in the appropriate category on our Netgate forum. If you are looking to sell or buy used hardware, please try /r/hardwareswap. If you are looking for help with basic networking concepts, please try /r/homelab or for more advanced, /r/networking.ĭo not post items for sale in this subreddit. Use a search engine like Google to search across the domain: We have a great community that helps support each other, but we also provide 24x7 commercial support.īefore asking for help please do the following: You can install the software yourself on your own hardware. You can buy official pfSense appliances directly from Netgate or a Netgate Partner. The pfSense project is a free, open source tailored version of FreeBSD for use as a firewall and router with an easy-to-use web interface.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |