Good thought, but I did check my MTU - it appears to be solid at 1500 all the way to several test sites.
LAN to DMZ gets 55-60Mbps (Would expect ~100Mbps) DMZ to DMZ is wire speed (100Mbps) DMZ to Internet is 45-60Mbps The DMZ is a basically the switch connecting the router and firewall. Everything off WAN interface is running 100MBps FDX, connected to the 1G Intel card which appears to be happily running at 100Mbps. WAN ----- em5: Adapter hardware address = 0xc4ffe948 em5: CTRL = 0x8140248 RCTL = 0x8002 em5: Packet buffer = Tx=20k Rx=12k em5: Flow control watermarks high = 10240 low = 8740 em5: tx_int_delay = 66, tx_abs_int_delay = 66 em5: rx_int_delay = 0, rx_abs_int_delay = 66 em5: fifo workaround = 0, fifo_reset_count = 0 em5: hw tdh = 174, hw tdt = 174 em5: Num Tx descriptors avail = 256 em5: Tx Descriptors not avail1 = 0 em5: Tx Descriptors not avail2 = 0 em5: Std mbuf failed = 0 em5: Std mbuf cluster failed = 0 em5: Driver dropped packets = 0 em5: Driver tx dma failure in encap = 0 em5: Excessive collisions = 0 em5: Sequence errors = 0 em5: Defer count = 0 em5: Missed Packets = 0 em5: Receive No Buffers = 0 em5: Receive Length Errors = 0 em5: Receive errors = 0 em5: Crc errors = 0 em5: Alignment errors = 0 em5: Carrier extension errors = 0 em5: RX overruns = 0 em5: watchdog timeouts = 0 em5: XON Rcvd = 0 em5: XON Xmtd = 0 em5: XOFF Rcvd = 0 em5: XOFF Xmtd = 0 em5: Good Packets Rcvd = 3240309 em5: Good Packets Xmtd = 5577784 LAN ----- em4: Adapter hardware address = 0xc4ffa148 em4: CTRL = 0x8140248 RCTL = 0x801a em4: Packet buffer = Tx=20k Rx=12k em4: Flow control watermarks high = 10240 low = 8740 em4: tx_int_delay = 66, tx_abs_int_delay = 66 em4: rx_int_delay = 0, rx_abs_int_delay = 66 em4: fifo workaround = 0, fifo_reset_count = 0 em4: hw tdh = 158, hw tdt = 158 em4: Num Tx descriptors avail = 256 em4: Tx Descriptors not avail1 = 0 em4: Tx Descriptors not avail2 = 0 em4: Std mbuf failed = 0 em4: Std mbuf cluster failed = 0 em4: Driver dropped packets = 0 em4: Driver tx dma failure in encap = 0 em4: Excessive collisions = 0 em4: Sequence errors = 0 em4: Defer count = 0 em4: Missed Packets = 0 em4: Receive No Buffers = 0 em4: Receive Length Errors = 0 em4: Receive errors = 0 em4: Crc errors = 0 em4: Alignment errors = 0 em4: Carrier extension errors = 0 em4: RX overruns = 0 em4: watchdog timeouts = 0 em4: XON Rcvd = 0 em4: XON Xmtd = 0 em4: XOFF Rcvd = 0 em4: XOFF Xmtd = 0 em4: Good Packets Rcvd = 4071915 em4: Good Packets Xmtd = 3425928 Ted Crow Information Technology Manager Tuttle Services, Inc. -----Original Message----- From: Bill Marquette [mailto:[EMAIL PROTECTED] Sent: Thursday, July 31, 2008 10:00 AM To: [email protected] Subject: Re: [pfSense Support] pfSense 1.2-RELEASE: Performance Issue? Here's a suggestion somewhat out of left field. What about MTU? Any chance the provider changed it on you? A machine right on the edge would handle fragmentation somewhat more gracefully than a firewall that might decide to drop certain inappropriately fragmented frames. This would also cause potential slowdown in general. One thing I didn't see (although I'm likely just missing it), is what your transfer speeds between DMZ and LAN are. Also, any chance for a test, you can remove the router? And again test LAN to DMZ and LAN to Internet. Based on your equipment specs I'm highly skeptical of this being a hardware capacity issue (a number of us have outperformed your numbers on _much_ lower end hardware - consider that a Soekris 4801 @266Mhz can easily hit 16Mbit of "normal" traffic, and iperf tests can get it upwards of 35Mbit). It might however be a hardware issue. Also, there are some sysctl's available for troubleshooting the Intel driver. Substitute '0' for whichever interface you are trying to debug sysctl -w dev.em.0.debug=1 sysctl -w dev.em.0.stats=1 The Intel driver will reset these sysctl to their default value on it's own, it's a one time use type thing. The results will be available in dmesg and look like: << SNIP >> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
