Recently I switched my internet provider from a cable modem type to a FTTB fiber to the building type with a GPON PPPoE connection via VLAN. The switchover with IPFire worked seamlessly thanks to the great documentation.
However, I am experiencing now a download speed limitation of about 150Mbit/s despite my contract is defining 200 MBit/s as guaranteed speed.
By this and many other similar threads about the PPPoE CPU performance requirements, I almost gave up to achieve the full download speed with my good old APU4D4 hardware and started to seek for a more performant hardware.
Disable QoS and enable intrusion detection only for red. My APU2C4 reaches nearly full 1000 mbit downstream. Also check if all Nics on apu and clients are set to GB full duplex.
Agreed, for cable I also had no problem. The issue occurs specifically when PPPoE is involved. Just do an internet search for ‘PPPoE single core performance’ and you will find many reports about this…
My specific question is related to the usage of a PPPoE VLAN connection in a GPON FTTB fiber network.
The above provided link is addressing such a scenario. My question if IPFire could benefit from that approach.
Unfortunately I can’t answer your question, as it is far beyond my ability even to research the issue. I can only offer one advise: If you distill down the article to the essential point formulated as a simple and direct question, it is possible that one of the the developers might tell you whether ppoe can run in kernel space and eventually how to set it up.
In alternative, you could open a bug report asking for this feature. In this case, you should not expect anyone will have the time to go to the link and parse through the article, and again you should clearly and concisely summarize your request, and offer the link as a reference.
EDIT: By the way, encumbering the kernel with an user-space plugin would mean trading speed for the security of your firewall, personally I would never do that.
I see you have a APU4D4 which is what I have. And you have much more CPU Usage than I ever see though I am using a DOCSIS 3 cable modem.
Since this is beyond my skill level I agree with @cfusco - please open a bug report. This will help make sure the Development team reviews this information.
Information to add a bug report in IPFire Bugzilla:
Login using your IPFire email address and the IPFire password.
Thanks for your feedback. I understand that the IPFire developers are very busy with other tasks and seen my proposal ‘just’ as a hint for a possible improvement. Anyway, I will rise a Bugzilla entry as you suggested., however as an improvement suggestion.
My motivation is not to throw away my APU4D4 which is doing an excellent job at a low power dissipation. Saving electrical energy and CO2 pollution is another motivation. Therefore, I am trying to minimize the required electrical power for my internet hardware.
Other firewall software, e.g. pfSense, OPNsense, OpenWrt, … have the same performance issue of pppoe connections.
Therefore, many people with pppoe based fiber internet connections seem to purchase more powerful hardware with a higher CPU frequency. Such unnecessarily more electronic waste and more CO2 pollution are created.
Today I’ve analyzed the ppp dial in messages of IPFire core 182 of my APU2D4 (anonymized) a bit more in detail:
Feb 5 07:01:11 IPFIRE pppd[2901]: Plugin pppoe.so loaded.
Feb 5 07:01:11 IPFIRE connectd[2902]: Connectd (start) started with PID 2902
Feb 5 07:01:11 IPFIRE kernel: PPP generic driver version 2.4.2
Feb 5 07:01:11 IPFIRE pppd[2901]: PPPoE plugin from pppd 2.5.0
Feb 5 07:01:11 IPFIRE pppd[2901]: pppd 2.5.0 started by root, uid 0
Feb 5 07:01:11 IPFIRE kernel: NET: Registered PF_PPPOX protocol family
Feb 5 07:01:11 IPFIRE pppd[2901]: Send PPPOE Discovery V1T1 PADI session 0x0 length 12
Feb 5 07:01:11 IPFIRE pppd[2901]: dst ff:ff:ff:ff:ff:ff src aa:aa:aa:aa:aa:aa
Feb 5 07:01:11 IPFIRE pppd[2901]: [service-name] [host-uniq 55 0b 00 00]
Feb 5 07:01:13 IPFIRE kernel: igb 0000:02:00.0 orange0: igb: orange0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
Feb 5 07:01:13 IPFIRE kernel: igb 0000:01:00.0 red0: igb: red0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX/TX
Feb 5 07:01:16 IPFIRE pppd[2901]: Send PPPOE Discovery V1T1 PADI session 0x0 length 12
Feb 5 07:01:16 IPFIRE pppd[2901]: dst ff:ff:ff:ff:ff:ff src aa:aa:aa:aa:aa:aa
Feb 5 07:01:16 IPFIRE pppd[2901]: [service-name] [host-uniq 55 0b 00 00]
Feb 5 07:01:16 IPFIRE pppd[2901]: Recv PPPOE Discovery V1T1 PADO session 0x0 length 46
Feb 5 07:01:16 IPFIRE pppd[2901]: dst aa:aa:aa:aa:aa:aa src bb:bb:bb:bb:bb:bb
Feb 5 07:01:16 IPFIRE pppd[2901]: [AC-name dsdf1-bng4] [host-uniq 55 0b 00 00] [service-name] [AC-cookie dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd]
Feb 5 07:01:16 IPFIRE pppd[2901]: Send PPPOE Discovery V1T1 PADR session 0x0 length 32
Feb 5 07:01:16 IPFIRE pppd[2901]: dst bb:bb:bb:bb:bb:bb src aa:aa:aa:aa:aa:aa
Feb 5 07:01:16 IPFIRE pppd[2901]: [service-name] [host-uniq 55 0b 00 00] [AC-cookie dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd]
Feb 5 07:01:16 IPFIRE pppd[2901]: Recv PPPOE Discovery V1T1 PADO session 0x0 length 46
Feb 5 07:01:16 IPFIRE pppd[2901]: dst aa:aa:aa:aa:aa:aa src cc:cc:cc:cc:cc:cc
Feb 5 07:01:16 IPFIRE pppd[2901]: [AC-name frnk1-bng4] [host-uniq 55 0b 00 00] [service-name] [AC-cookie dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd]
Feb 5 07:01:16 IPFIRE pppd[2901]: Recv PPPOE Discovery V1T1 PADS session 0x15c length 46
Feb 5 07:01:16 IPFIRE pppd[2901]: dst aa:aa:aa:aa:aa:aa src bb:bb:bb:bb:bb:bb
Feb 5 07:01:16 IPFIRE pppd[2901]: [service-name] [host-uniq 55 0b 00 00] [AC-name dsdf1-bng4] [AC-cookie dd dd dd dd dd dd dd dd dd dd dd dd dd dd dd]
Feb 5 07:01:16 IPFIRE pppd[2901]: PPP session is 348
Feb 5 07:01:16 IPFIRE pppd[2901]: Connected to XX:XX:XX:XX:XX:XX via interface red0.7
Feb 5 07:01:16 IPFIRE pppd[2901]: using channel 1
Feb 5 07:01:16 IPFIRE pppd[2901]: Using interface ppp0
Feb 5 07:01:16 IPFIRE pppd[2901]: Connect: ppp0 <--> red0.7
Feb 5 07:01:16 IPFIRE pppd[2901]: sent [LCP ConfReq id=0x1 <mru 1492> <magic 0x199ad417>]
Feb 5 07:01:16 IPFIRE pppd[2901]: rcvd [LCP ConfReq id=0xfe <mru 1492> <auth pap> <magic 0x300dc78e>]
Feb 5 07:01:16 IPFIRE pppd[2901]: sent [LCP ConfAck id=0xfe <mru 1492> <auth pap> <magic 0x300dc78e>]
Feb 5 07:01:16 IPFIRE pppd[2901]: rcvd [LCP ConfAck id=0x1 <mru 1492> <magic 0x199ad417>]
Feb 5 07:01:16 IPFIRE pppd[2901]: sent [LCP EchoReq id=0x0 magic=0x199ad417]
Feb 5 07:01:16 IPFIRE pppd[2901]: sent [PAP AuthReq id=0x1 user="SSSSSSSSSSSSSSS" password=<hidden>]
Feb 5 07:01:16 IPFIRE pppd[2901]: rcvd [LCP EchoRep id=0x0 magic=0x300dc78e]
Feb 5 07:01:16 IPFIRE pppd[2901]: rcvd [PAP AuthAck id=0x1 "OK"]
Feb 5 07:01:16 IPFIRE pppd[2901]: Remote message: OK
Feb 5 07:01:16 IPFIRE pppd[2901]: PAP authentication succeeded
Feb 5 07:01:16 IPFIRE pppd[2901]: peer from calling number XX:XX:XX:XX:XX:XX authorized
Feb 5 07:01:16 IPFIRE pppd[2901]: sent [IPCP ConfReq id=0x1 <addr 0.0.0.0> <ms-dns1 0.0.0.0> <ms-dns2 0.0.0.0>]
Feb 5 07:01:16 IPFIRE pppd[2901]: rcvd [IPCP ConfReq id=0xd6 <addr BBB.BBB.BBB.BBB>]
Feb 5 07:01:16 IPFIRE pppd[2901]: sent [IPCP ConfAck id=0xd6 <addr BBB.BBB.BBB.BBB>]
Feb 5 07:01:16 IPFIRE pppd[2901]: rcvd [IPCP ConfRej id=0x1 <ms-dns2 0.0.0.0>]
Feb 5 07:01:16 IPFIRE pppd[2901]: sent [IPCP ConfReq id=0x2 <addr 0.0.0.0> <ms-dns1 0.0.0.0>]
Feb 5 07:01:16 IPFIRE pppd[2901]: rcvd [IPCP ConfNak id=0x2 <addr ZZZ.ZZZ.ZZZ.ZZZ> <ms-dns1 AAA.AAA.AAA.AAA>]
Feb 5 07:01:16 IPFIRE pppd[2901]: sent [IPCP ConfReq id=0x3 <addr ZZZ.ZZZ.ZZZ.ZZZ> <ms-dns1 AAA.AAA.AAA.AAA>]
Feb 5 07:01:16 IPFIRE root: Could not find a bridged zone for ppp0
Feb 5 07:01:16 IPFIRE pppd[2901]: rcvd [IPCP ConfAck id=0x3 <addr YYY.YYY.YYY.YYY> <ms-dns1 YYY.YYY.YYY.YYY>]
Feb 5 07:01:16 IPFIRE pppd[2901]: local IP address YYY.YYY.YYY.YYY
Feb 5 07:01:16 IPFIRE pppd[2901]: remote IP address YYY.YY7.YYY.YYY
Feb 5 07:01:16 IPFIRE pppd[2901]: primary DNS address YYY.YYY.YYY.YYY
Feb 5 07:01:16 IPFIRE pppd[2901]: Script /etc/ppp/ip-up started (pid 2957)
Feb 5 07:01:21 IPFIRE vnstatd[2538]: Interface "ppp0" enabled.
Feb 5 07:01:21 IPFIRE connectd[2902]: System is online. Exiting.
Obviously, IPFire core 182 is already exactly using the same pppoe connection approach as in my mentioned link above… Therefore, my question could be answered by myself:: IPFire is already using the optimum way of establishing an pppoe connection Great job of the IPFire development team.
The only difference seems to be the used pppoe plugin: pppoe.so versus rp.pppoe.so. But I guess, using the kernel plugin is more secure.