Re: [pfSense] What might be throttling my wireless?

[Ryan Coleman]

> On May 15, 2016, at 7:19 PM, Moshe Katz  wrote:
> 
> When I had problems with throughput through Unifi Access Points with
> pfSense, I replaced every network component, including the pfSense box and
> the access points. In the end, my problem turned out to be an issue in how
> some of the VLANs were handled by the (defective) switch.

Possible but unlikely. This switch was in my apartment working fine but not 
processing VLANs over SSIDs.


> Can you test to see what happens if you hook up a computer directly in the
> place of one of the access points and see how the speed is there?

I was previously on one of the ports working at 500mbps through the internet 
but I didn’t try that today before I left.

> Also, have you tried doing iperf from Wi-Fi clients to each of your pfSense
> machines (real and virtual) as opposed to doing an online speed test?

That I didn’t. Because I was using mobile platforms to test. I was hoping to 
get another laptop but was not able.

That said - the mobile devices are not the issue; they will process 3x that 
speed easily and have in my experience.

The switch, for those who may want to know, is a Cisco Small Business SG300-28P


> On May 15, 2016 5:09 PM, "Ryan Coleman"  wrote:
> 
>> I have a bit of an odd setup, but it is working thus far.
>> 
>> I have fiber -> GbE service from USInternet in Minneapolis
>> 
>> That goes into my 28-port GbE managed switch.
>> 
>> That is VLAN'd for safety and feeds my SuperMicro ESXi box (not the
>> FiberVLAN) and my SuperMicro 1U firewall (FiberVLAN) which then feeds back
>> into the switch for servicing the ESXi and LAN.
>> 
>> I get speed tests from Windows 7 through the default/global VLAN of
>> 600x300 (below rated but not the worry right now) from my management PC -
>> this is my benchmark test location.
>> 
>> I have a pfSense VM running that is routing through the real pfSense
>> server and is getting the rated speed through the firewall on the VLAN.
>> When I isolate a PC VM to the VLAN601/602 networks it gets speeds similar
>> to that of the Management PC (different computer).
>> 
>> For radios I have just installed Ubiquiti UniFi AC LITEs (just installed).
>> They are the ones giving between 30mbps and 60mbps rated performance. This
>> is well below 50% of their link speed (1000mbps), and about 10% of the
>> confirmed throughput speed from both the isolated VM.
>> 
>> Items of note:
>>• They are linked to the switch at 1000mbps
>>• There is no listed throttling on them
>>• TrendNET 653APs I had before (100mbps links) were similarly
>> underperforming HOWEVER I attributed that to 300mbps wireless over 100mbps
>> wired connections.
>> 
>> I'm a little lost on where I might have a hangup. I have to go the
>> double-firewall route for sanity purposes.
>> 
>> If I was having issues solely in the second firewall then I might have an
>> idea as to what is going on but instead I'm flabbergasted. I'd like to tell
>> the customer that it's OK to start pushing customers over to the new
>> network but without this piece working at the speed I am attempting to
>> provide it's proving difficult.
>> 
>> Thoughts?
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] What might be throttling my wireless?

[Ryan Coleman]

> On May 15, 2016, at 7:32 PM, WebDawg  wrote:
> 
> So much information and I still do not think we know enough!
> 
> Do you have a UniFi controller installed somewhere?   Are the units
> upgraded fully?  Are you using VLAN networks on the unifi devices to
> do more then one network.

Controlled from the second Windows VM mentioned.

Yes, 2 VLANs, no more.


> You could start by not doing the internet speed test first.  I would
> go from unifi to closest server first...something on the same unifi
> network (like the mangement server) and do an iperf test as suggested
> to that.

I’ll look into it the next time I’m at the shop.

> I would then move closer and closer to the outside of your internal
> network and test all connection points utilizing iperf the entire time.

In all honesty it could be RFI or signal collision. There is a fair amount (but 
not too much, IME) noise in the air for the tests. The difference on that 
being, of course, the AC Apple Airport Extreme they have on cable right now 
pushes 400mbps easily on its own but I’m not plugging it into my network to 
play with (yet).





> 
> 
> On Sun, May 15, 2016 at 3:08 PM, Ryan Coleman  wrote:
>> I have a bit of an odd setup, but it is working thus far.
>> 
>> I have fiber -> GbE service from USInternet in Minneapolis
>> 
>> That goes into my 28-port GbE managed switch.
>> 
>> That is VLAN'd for safety and feeds my SuperMicro ESXi box (not the 
>> FiberVLAN) and my SuperMicro 1U firewall (FiberVLAN) which then feeds back 
>> into the switch for servicing the ESXi and LAN.
>> 
>> I get speed tests from Windows 7 through the default/global VLAN of 600x300 
>> (below rated but not the worry right now) from my management PC - this is my 
>> benchmark test location.
>> 
>> I have a pfSense VM running that is routing through the real pfSense server 
>> and is getting the rated speed through the firewall on the VLAN. When I 
>> isolate a PC VM to the VLAN601/602 networks it gets speeds similar to that 
>> of the Management PC (different computer).
>> 
>> For radios I have just installed Ubiquiti UniFi AC LITEs (just installed). 
>> They are the ones giving between 30mbps and 60mbps rated performance. This 
>> is well below 50% of their link speed (1000mbps), and about 10% of the 
>> confirmed throughput speed from both the isolated VM.
>> 
>> Items of note:
>>   • They are linked to the switch at 1000mbps
>>   • There is no listed throttling on them
>>   • TrendNET 653APs I had before (100mbps links) were similarly 
>> underperforming HOWEVER I attributed that to 300mbps wireless over 100mbps 
>> wired connections.
>> 
>> I'm a little lost on where I might have a hangup. I have to go the 
>> double-firewall route for sanity purposes.
>> 
>> If I was having issues solely in the second firewall then I might have an 
>> idea as to what is going on but instead I'm flabbergasted. I'd like to tell 
>> the customer that it's OK to start pushing customers over to the new network 
>> but without this piece working at the speed I am attempting to provide it's 
>> proving difficult.
>> 
>> Thoughts?
>> ___
>> pfSense mailing list
>> https://lists.pfsense.org/mailman/listinfo/list
>> Support the project with Gold! https://pfsense.org/gold
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold

___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] What might be throttling my wireless?

[WebDawg]

So much information and I still do not think we know enough!

Do you have a UniFi controller installed somewhere?   Are the units
upgraded fully?  Are you using VLAN networks on the unifi devices to
do more then one network.

You could start by not doing the internet speed test first.  I would
go from unifi to closest server first...something on the same unifi
network (like the mangement server) and do an iperf test as suggested
to that.

I would then move closer and closer to the outside of your internal
network and test all connection points utilizing iperf the entire time.



On Sun, May 15, 2016 at 3:08 PM, Ryan Coleman  wrote:
> I have a bit of an odd setup, but it is working thus far.
>
> I have fiber -> GbE service from USInternet in Minneapolis
>
> That goes into my 28-port GbE managed switch.
>
> That is VLAN'd for safety and feeds my SuperMicro ESXi box (not the 
> FiberVLAN) and my SuperMicro 1U firewall (FiberVLAN) which then feeds back 
> into the switch for servicing the ESXi and LAN.
>
> I get speed tests from Windows 7 through the default/global VLAN of 600x300 
> (below rated but not the worry right now) from my management PC - this is my 
> benchmark test location.
>
> I have a pfSense VM running that is routing through the real pfSense server 
> and is getting the rated speed through the firewall on the VLAN. When I 
> isolate a PC VM to the VLAN601/602 networks it gets speeds similar to that of 
> the Management PC (different computer).
>
> For radios I have just installed Ubiquiti UniFi AC LITEs (just installed). 
> They are the ones giving between 30mbps and 60mbps rated performance. This is 
> well below 50% of their link speed (1000mbps), and about 10% of the confirmed 
> throughput speed from both the isolated VM.
>
> Items of note:
> • They are linked to the switch at 1000mbps
> • There is no listed throttling on them
> • TrendNET 653APs I had before (100mbps links) were similarly 
> underperforming HOWEVER I attributed that to 300mbps wireless over 100mbps 
> wired connections.
>
> I'm a little lost on where I might have a hangup. I have to go the 
> double-firewall route for sanity purposes.
>
> If I was having issues solely in the second firewall then I might have an 
> idea as to what is going on but instead I'm flabbergasted. I'd like to tell 
> the customer that it's OK to start pushing customers over to the new network 
> but without this piece working at the speed I am attempting to provide it's 
> proving difficult.
>
> Thoughts?
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

Re: [pfSense] What might be throttling my wireless?

[Moshe Katz]

When I had problems with throughput through Unifi Access Points with
pfSense, I replaced every network component, including the pfSense box and
the access points. In the end, my problem turned out to be an issue in how
some of the VLANs were handled by the (defective) switch.

Can you test to see what happens if you hook up a computer directly in the
place of one of the access points and see how the speed is there?

Also, have you tried doing iperf from Wi-Fi clients to each of your pfSense
machines (real and virtual) as opposed to doing an online speed test?
On May 15, 2016 5:09 PM, "Ryan Coleman"  wrote:

> I have a bit of an odd setup, but it is working thus far.
>
> I have fiber -> GbE service from USInternet in Minneapolis
>
> That goes into my 28-port GbE managed switch.
>
> That is VLAN'd for safety and feeds my SuperMicro ESXi box (not the
> FiberVLAN) and my SuperMicro 1U firewall (FiberVLAN) which then feeds back
> into the switch for servicing the ESXi and LAN.
>
> I get speed tests from Windows 7 through the default/global VLAN of
> 600x300 (below rated but not the worry right now) from my management PC -
> this is my benchmark test location.
>
> I have a pfSense VM running that is routing through the real pfSense
> server and is getting the rated speed through the firewall on the VLAN.
> When I isolate a PC VM to the VLAN601/602 networks it gets speeds similar
> to that of the Management PC (different computer).
>
> For radios I have just installed Ubiquiti UniFi AC LITEs (just installed).
> They are the ones giving between 30mbps and 60mbps rated performance. This
> is well below 50% of their link speed (1000mbps), and about 10% of the
> confirmed throughput speed from both the isolated VM.
>
> Items of note:
> • They are linked to the switch at 1000mbps
> • There is no listed throttling on them
> • TrendNET 653APs I had before (100mbps links) were similarly
> underperforming HOWEVER I attributed that to 300mbps wireless over 100mbps
> wired connections.
>
> I'm a little lost on where I might have a hangup. I have to go the
> double-firewall route for sanity purposes.
>
> If I was having issues solely in the second firewall then I might have an
> idea as to what is going on but instead I'm flabbergasted. I'd like to tell
> the customer that it's OK to start pushing customers over to the new
> network but without this piece working at the speed I am attempting to
> provide it's proving difficult.
>
> Thoughts?
> ___
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold

[pfSense] What might be throttling my wireless?

[Ryan Coleman]

I have a bit of an odd setup, but it is working thus far.

I have fiber -> GbE service from USInternet in Minneapolis

That goes into my 28-port GbE managed switch.

That is VLAN'd for safety and feeds my SuperMicro ESXi box (not the FiberVLAN) 
and my SuperMicro 1U firewall (FiberVLAN) which then feeds back into the switch 
for servicing the ESXi and LAN.

I get speed tests from Windows 7 through the default/global VLAN of 600x300 
(below rated but not the worry right now) from my management PC - this is my 
benchmark test location.

I have a pfSense VM running that is routing through the real pfSense server and 
is getting the rated speed through the firewall on the VLAN. When I isolate a 
PC VM to the VLAN601/602 networks it gets speeds similar to that of the 
Management PC (different computer).

For radios I have just installed Ubiquiti UniFi AC LITEs (just installed). They 
are the ones giving between 30mbps and 60mbps rated performance. This is well 
below 50% of their link speed (1000mbps), and about 10% of the confirmed 
throughput speed from both the isolated VM.

Items of note:
• They are linked to the switch at 1000mbps
• There is no listed throttling on them
• TrendNET 653APs I had before (100mbps links) were similarly 
underperforming HOWEVER I attributed that to 300mbps wireless over 100mbps 
wired connections.

I'm a little lost on where I might have a hangup. I have to go the 
double-firewall route for sanity purposes.

If I was having issues solely in the second firewall then I might have an idea 
as to what is going on but instead I'm flabbergasted. I'd like to tell the 
customer that it's OK to start pushing customers over to the new network but 
without this piece working at the speed I am attempting to provide it's proving 
difficult.

Thoughts?
___
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold