What's new

Can my pfsense Qotom 3215U handle 1Gbps?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Isaac C

New Around Here
I have been using my Qotom 3125U with pfsense since 2016 for my 100Mbps/50Mbps connection with QoS and it works really well. My ISP will be upgrading my connection in December to 800Mbps/200Mbps and I need to know if my pfsense is gonna need faster hardware to do QoS.

I came across the Microtik RB760iGS which some of my mates use in a different part of the city who have already received the upgrade and they say it works really well, but they dont use QoS and my research tells me it can only handle 1Gbps without QoS.
 
First question...why do you think you will still need QoS? Are you really pegging out 200Mbps upload? Unlikely you are pegging out 800Mbps download. I found QoS useful when I had a 100/20 cable connection since I could easily consume the 20Mbps upstream. Once I moved to a 300/50 plan, not really useful anymore. Now on a 1Gbps/1Gbps connection, QoS just makes things slower for now reason. I can't easily peg out my connection with deliberately trying. Adding QoS in just artificially throttles everything back for no reason.
 
First question...why do you think you will still need QoS? Are you really pegging out 200Mbps upload? Unlikely you are pegging out 800Mbps download. I found QoS useful when I had a 100/20 cable connection since I could easily consume the 20Mbps upstream. Once I moved to a 300/50 plan, not really useful anymore. Now on a 1Gbps/1Gbps connection, QoS just makes things slower for now reason. I can't easily peg out my connection with deliberately trying. Adding QoS in just artificially throttles everything back for no reason.
A long time ago, a pentium 3 was the prerequisite to handle a 100Mb/s comfortably with pfsense, i remember ARM CPUs being compared to pentium 3s (not IPCs but typical performance). The answer to the OP's question simply depends on what NIC they're using. If its intel and not realtek then the answer is yes and QoS does help on a 1Gb/s connection, few things though
- we have easy access to hardware with more than 1Gb/s (bonding, 2.5Gb, 5Gb, 10Gb) easily, 10Gb/s 2nd hand cards are cheap and new ones are getting cheaper
- Even if all clients cant exceed the 1Gb/s WAN, there is something called bufferbloat and latency sensitive. A good QoS will treat different traffic as they need to be treated, multiple queues with latency sensitive ones always sent first. This means that even at 50% load your latency will be good. To be clear about this, 1Gb/s is the rate in 1 second, but what about 30 times a second or 60 times a second that games typically use? a line loaded at 50% will introduce lag to VOIP and gaming if there is no system to detect that these packets should be sent ahead of other things during processing as you do have to process (NAT and firewall). To give you an example, i halved mob lag on minecraft by applying QoS, bandwidth was barely used.

QoS doesnt artifically throttle, its meant to manage traffic. If your QoS setup is holding you back you got yourself the wrong setup/router. For gaming, divide your 1Gb/s by 60 and you'll then know how little bandwidth/time there is for your game packets.
 
A long time ago, a pentium 3 was the prerequisite to handle a 100Mb/s comfortably with pfsense, i remember ARM CPUs being compared to pentium 3s (not IPCs but typical performance). The answer to the OP's question simply depends on what NIC they're using. If its intel and not realtek then the answer is yes and QoS does help on a 1Gb/s connection, few things though
- we have easy access to hardware with more than 1Gb/s (bonding, 2.5Gb, 5Gb, 10Gb) easily, 10Gb/s 2nd hand cards are cheap and new ones are getting cheaper
- Even if all clients cant exceed the 1Gb/s WAN, there is something called bufferbloat and latency sensitive. A good QoS will treat different traffic as they need to be treated, multiple queues with latency sensitive ones always sent first. This means that even at 50% load your latency will be good. To be clear about this, 1Gb/s is the rate in 1 second, but what about 30 times a second or 60 times a second that games typically use? a line loaded at 50% will introduce lag to VOIP and gaming if there is no system to detect that these packets should be sent ahead of other things during processing as you do have to process (NAT and firewall). To give you an example, i halved mob lag on minecraft by applying QoS, bandwidth was barely used.

QoS doesnt artifically throttle, its meant to manage traffic. If your QoS setup is holding you back you got yourself the wrong setup/router. For gaming, divide your 1Gb/s by 60 and you'll then know how little bandwidth/time there is for your game packets.
Thank you very much for your insightful answer, you pretty much hit the nail on the head. I use QoS because of Gaming, VoIP and P2P traffic. I'm glad I had the foresight to spend the extra when I bought the Qotom in 2016 so that it had Intel I211-AT NICs.
 
I have been using my Qotom 3125U with pfsense since 2016 for my 100Mbps/50Mbps connection with QoS and it works really well. My ISP will be upgrading my connection in December to 800Mbps/200Mbps and I need to know if my pfsense is gonna need faster hardware to do QoS.

You're probably fine with the 3125U...

Once you get the WAN bandwidth upgraded - go back thru and redo your QoS shapers in pfSense.

There's a few tweaks to pfSense that do help here - powerd is one, enabling the intel license is another - search the forums here for the tweaks on pfSense.
 
I
You're probably fine with the 3125U...

Once you get the WAN bandwidth upgraded - go back thru and redo your QoS shapers in pfSense.

There's a few tweaks to pfSense that do help here - powerd is one, enabling the intel license is another - search the forums here for the tweaks on pfSense.
Indeed I shall do that. As for PowerD, I had already turned that on and set Hiadaptive, I actually just upgraded to 2.4.4 after having read the last post by "System Error Message". I have also enabled the Intel License as per the note in dmesg.boot :) Now I'm just waiting for the speed upgrade to rollout in my neighborhood.
 
Appears I need to do more learning up on how QoS plays into performance even when circuits are not near capacity. I get into QoS arguments with our network team all the time. :) I am a firewall guy, not a network guy, so we quite often have different viewpoints and reasons for decisions.
 
I

Indeed I shall do that. As for PowerD, I had already turned that on and set Hiadaptive, I actually just upgraded to 2.4.4 after having read the last post by "System Error Message". I have also enabled the Intel License as per the note in dmesg.boot :) Now I'm just waiting for the speed upgrade to rollout in my neighborhood.

Consider rolling back thru many of the settings - if one has been a pfSense user over the last couple of years, cleaning up things can help improve performance...

With 2.4.4 - might be useful to start over - cleans things up absolutely - and one has the chance to do ZFS on the boot drive which can help overall with stability...
 
Consider rolling back thru many of the settings - if one has been a pfSense user over the last couple of years, cleaning up things can help improve performance...

With 2.4.4 - might be useful to start over - cleans things up absolutely - and one has the chance to do ZFS on the boot drive which can help overall with stability...
That is actually what I did, I too felt there was so much in my old system that had become redundant and since it was a jump in versions I didn't want to carry all of that over. So I started brand new, created all my rules etc from scratch. :). Was alot of work, and still needs tweaking, but I am glad I did it. I did not however use ZFS, thanks for pointing me in this direction, will begin my research into it vs my current UFS setup and decide if I should switch.
 
I did not however use ZFS, thanks for pointing me in this direction, will begin my research into it vs my current UFS setup and decide if I should switch.

The ZFS is really a band-aid for single disk systems - UFS can get corrupted if it hits a rude shutdown - e.g. loss of power - there's no journal with ufs, where there is with zfs, so recovery can be easier...

Can't convert on the fly from UFS to ZFS, that choice has to be done at install time... one can always back up the config (check the menu), so doing a reinstall, and a restore gets things back up and running...
 
The ZFS is really a band-aid for single disk systems - UFS can get corrupted if it hits a rude shutdown - e.g. loss of power - there's no journal with ufs, where there is with zfs, so recovery can be easier...

Can't convert on the fly from UFS to ZFS, that choice has to be done at install time... one can always back up the config (check the menu), so doing a reinstall, and a restore gets things back up and running...
That is actually something I need, I dont run my pfsense box off a UPS
 
UFS can get corrupted if it hits a rude shutdown - e.g. loss of power - there's no journal with ufs,
I don't know about pfsense but with Solaris' UFS the "logging" mount option performs a similar role to a journal. Way back when, "nologging" was the default mount option, but that changed to "logging" around Solaris 9 or 10 IIRC. Saved my butt on a few occasions. It also provided a significant performance improvement when doing bulk write operations.
 
That is actually something I need, I dont run my pfsense box off a UPS

I would recommend a UPS - I have my router, primary switch, modem, and one AP running on an APC 1080 SmartUPS - it's been useful more than a few times...
 
I don't know about pfsense but with Solaris' UFS the "logging" mount option performs a similar role to a journal. Way back when, "nologging" was the default mount option, but that changed to "logging" around Solaris 9 or 10 IIRC. Saved my butt on a few occasions. It also provided a significant performance improvement when doing bulk write operations.

UFS Logging was first in Solaris 8, IIRC... and agree, it can be helpful when fixing up things..

FreeBSD, unfortunately, doesn't have that option :|
 
Appears I need to do more learning up on how QoS plays into performance even when circuits are not near capacity. I get into QoS arguments with our network team all the time. :) I am a firewall guy, not a network guy, so we quite often have different viewpoints and reasons for decisions.

QoS means different things to different people - I view it as application flow management and traffic shaping...

pfSense has fairly powerful options, and some can get one into trouble if not understanding the overall impact within how pfSense manages the queues...

That being said - for 90 percent of the folks out there - the Multiple Lan/Wan Traffic Shaper Wizard will get one into a good place - put in your uplink/downlink speeds, select the HFSC option, click thru the rest, and save... then go back and enable ECN for LAN and WAN, enable CODEL for the WAN, and done...

Do this, and you'll have decent performance, and bufferbloat will be minimized...

If one wants to stickshift the QoS shapers - 2.4.4 does bring in fq_codel, which some folks like...
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top