What's new

pfSense box or Edgerouter lite?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

I have a question. Do you think I would gain better (lower) latency by forcing all the Ethernet interfaces to full duplex for the modem, pfsense, and router VLAN port. In the old days with 100 megabit it made a difference. Does it still make sense using GIG ports? I can test it but my network would be down while testing and it is a lot of trouble. Maybe someone already knows for sure?
 
I have a question. Do you think I would gain better (lower) latency by forcing all the Ethernet interfaces to full duplex for the modem, pfsense, and router VLAN port. In the old days with 100 megabit it made a difference. Does it still make sense using GIG ports? I can test it but my network would be down while testing and it is a lot of trouble. Maybe someone already knows for sure?

Are you saying that the interfaces are defaulting to half-duplex? I think GbE solves some of the auto vs manual confusion, since GbE forces the support of autonegotiation in the specification for GbE.

100Mbit already has sub-millisecond transmission latency for an MTU-sized packet (disregarding jumbo packets), so, at best, we are talking sub-millisecond improvements with GbE. Can you notice the latency improvement... ? I doubt it. Even latency sensitive services like VOIP are unconcerned with sub-millisecond latency.
 
No they are all set to auto showing 1000 full duplex. This is kind of what I thought. It is why I did not test it.

In the old days through put was better on 100 full duplex vs auto 100 full duplex.
 
There is no benefit these days to forcing 1000-FD vs auto negotiation.
In fact there is a ton of equipment that (properly according to IEEE spec) does not even have an option to force 1000mb/s. The only choices are 10 , 100 , HD , FD and Auto.

The ONLY time this can be a required thing is when messing around with fiber converters.
When going from SFP to Fiber to Copper you can have issues where the SFP is set to 1000FD. In this case and only in this case are you to try and force 1000FD.
 
Cloud200 is right. The IEEE spec specifies auto negotiation for 1000bT. If it's not working, something is most likely physically wrong, whether it's an interface or cable. You should never have to force 1000bT FD
 
No it is working. I just wondered if you forced full on both sides if it made a difference .

So far the biggest improvement with pfsense has been to offload the NICs to run from RAM.
I should also mention turning off IPv6 made a big difference but it may be my ISP.
 
Last edited:
Cloud200 is right. The IEEE spec specifies auto negotiation for 1000bT. If it's not working, something is most likely physically wrong, whether it's an interface or cable. You should never have to force 1000bT FD

I agree - however I've also seen first hand in data centers with slightly old gear where it needs to be forced... fortunately, much of those older switches and servers are getting rotated out of service (EOL..)
 
I have run pfsense 2.2.6 now for a while. It is solid without any down time. I do like the traffic CoDel shaping. I also like using NTP to feed time to my layer 3 switch. It is a little strange to setup with a layer 3 switch because you end up running all your local networks as routing statements in pfsense. Version 2.3 will be out in a couple of weeks and I want to try it to see if it is faster or better to me.

Untangle has new pricing for home owners to where you can run the full version not the crippled one. It is $50 per year or $200 for 5 years. So I am thinking about Untangle again. Having layer 7 protection in times like these may be a good thing. I would miss traffic shaping and NTP support. We will see.
 
The new pricing got me to try Untangle. It is really awesome. I have now moved from my Zyxel USG40 (with a $240 yearly cost) to the Untangle (with a $50 yearly cost), and the Untangle does more than the Zyxel. Untangle does have a QOS section as well as a Bandwidth control app. It does a good job of taking care of Buffer Bloat on the WAN side, as well as traffic shaping based on rules. If you have not seen it already there is a demo here:
http://demo.untangle.com/auth/login?url=/setup/welcome.do&realm=Administrator
There is a help button at the bottom of each screen that does a pretty good job of telling you what the options are for the screen. Now, NTP, I have not seen that in Untangle.
You can download and play with the full version for 14 days before you have to either use the free version or pay for the full version.
 
Are you running it in router mode or transparent bridge mode? I ran it in transparent bridge mode for years as it has a good email scanner for when I ran my own email server.
 
This may be self-evident at this point in the thread, but I find it often beneficial to delegate roles to separate boxes at varying levels across the L2 to L7 spectrum; ie. a UBNT or Mikrotik box for routing and L3, then whatever flavor of UTM running in drop-in mode for filtering, etc. That way, troubleshooting and/or swapping out doesn't have to bring down an entire topology, at least in most instances, and as long as proper out-of-band access is setup to each component. :)
 
Last edited:
This may be self-evident at this point in the thread, but I find it often beneficial to delegate roles to separate boxes at varying levels across the L2 to L7 spectrum; ie. a UBNT or Mikrotik box for routing and L3, then whatever flavor of UTM running in drop-in mode for filtering, etc. That way, troubleshooting and/or swapping out doesn't have to bring down an entire topology, at least in most instances, and as long as proper out-of-band access is setup to each component. :)

More devices create more failure points though.
 
I like breaking tasks up also. It is why I run a separate wireless system. I also worried about having a high level OS at the front door. Now days I think the OS systems are more sophisticated and less hackable. More effort is put into security these days so I feel better about using one at the front door now.

I have thought about running both pfsense and Untangle. I ran a router and Untangle for years. You probably pick up a little more latency having more devices plus as stated above there is more a chance of failure having more devices.
 
Last edited:
True true -- as I hinted at, all depends on the use-case. Just as much of an argument for simplicity in most cases, for sure.
 
Just read the thread, very informative- thanks all!

More because I like to tinker I am thinking of running pfsense and NAS4Free from the same box using VMs

The added bonus would be better router abilities over my current netgear 3700. Almost ashamed to admit I still have such old stuff :)
 

Similar threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top