IPFire download speed is only 25% of actual speed

Getting Started with IPFire
1

Just did a fresh install of IPFire 2.29 (x86_64) - Core-Update 187. It is up and running with a new fixed wireless ISP.

  1. The technician connected his device to the new wall mounted ethernet port (with cat6 cable) and displayed download speeds over 400 MB as per their specs. Good.

  2. He then provisioned and connected their TP-Link Deco X50 router to that new wall mounted ethernet port (with cat6 cable). We connected a linux desktop to one of the two Gigabit LAN ports (with cat6 cable) and ran speedtest-cli and also got download speeds over 400 MB. Still good.

  3. Then we disconnected the TP-Link Deco X50 router from the wall mounted ethernet port and powered it off. Connected IPFire’s RED port (with cat6 cable) to the new wall mounted ethernet port. Ran speedtest-cli on the IPFire console and got download speeds just over 110 MB! There was nothing connected to the GREEN port on IPFire.

  4. Then we connected the technician’s device to the GREEN port on IPFire. He also got download speeds just over 110 MB.

  5. Then we swapped technician’s device with our linux desktop on the GREEN port on IPFire. Ran speedtest-cli on the linux desktop and again got download speeds just over 110 MB.

So our IPFire is getting about 25% of the possible download speed.
Why?
Please help.

Details on the RED port of IPFire:

ethtool  red0
Settings for red0:
        Supported ports: [ TP    MII ]
        Supported link modes:   10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Half 1000baseT/Full
        Supported pause frame use: Symmetric Receive-only
        Supports auto-negotiation: Yes
        Supported FEC modes: Not reported
        Advertised link modes:  10baseT/Half 10baseT/Full
                                100baseT/Half 100baseT/Full
                                1000baseT/Half 1000baseT/Full
        Advertised pause frame use: Symmetric Receive-only
        Advertised auto-negotiation: Yes
        Advertised FEC modes: Not reported
        Link partner advertised link modes:  10baseT/Half 10baseT/Full
                                             100baseT/Half 100baseT/Full
                                             1000baseT/Full
        Link partner advertised pause frame use: Symmetric
        Link partner advertised auto-negotiation: Yes
        Link partner advertised FEC modes: Not reported
        Speed: 1000Mb/s
        Duplex: Full
        Auto-negotiation: on
        master-slave cfg: preferred slave
        master-slave status: slave
        Port: Twisted Pair
        PHYAD: 0
        Transceiver: external
        MDI-X: Unknown
        Supports Wake-on: pumbg
        Wake-on: d
        Link detected: yes



ip a
1: ...
2: ... 
3: red0: <BROADCAST,UP,LOWER_UP> mtu 1500 qdisc cake state UP group default qlen 1000
    link/ether ... brd ff:ff:ff:ff:ff:ff
    inet ... brd ... scope global dynamic noprefixroute red0
       valid_lft 4915sec preferred_lft 4015sec
2

Is QoS enabled in IPFire?

3

No.

On the QoS page

https://192.168.x.1:444/cgi-bin/qos.cgi

It says, Quality of Service “STOPPED”

We have never started it.

1 Like
4

The machine used for IPFire appears to be not fast enough.
What is the IPFire computer cpu and network interfaces used?

1 Like
5

run ifconfig to check if RX errors/dropped, TX errors/dropped counters?

6

CPU and RAM for this installation?

1 Like
7

lscpu

Architecture:             x86_64
  CPU op-mode(s):         32-bit, 64-bit
  Address sizes:          36 bits physical, 48 bits virtual
  Byte Order:             Little Endian
CPU(s):                   2
  On-line CPU(s) list:    0,1
Vendor ID:                GenuineIntel
  BIOS Vendor ID:         Intel
  Model name:             Intel(R) Core(TM)2 Duo CPU     E4400  @ 2.00GHz
    BIOS Model name:      Intel(R) Core(TM)2 Duo CPU     E4400  @ 2.00GHz   CPU @ 2.0GHz
    BIOS CPU family:      1
    CPU family:           6
    Model:                15
    Thread(s) per core:   1
    Core(s) per socket:   2
    Socket(s):            1
    Stepping:             13
    CPU(s) scaling MHz:   83%
    CPU max MHz:          2000.0000
    CPU min MHz:          1200.0000
    BogoMIPS:             3989.61
    Flags:                fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ht tm pbe syscall nx lm cons
                          tant_tsc arch_perfmon pebs bts rep_good nopl cpuid aperfmperf pni dtes64 monitor ds_cpl est tm2 ssse3 cx16 xtpr pdcm lahf_lm pti dtherm
Caches (sum of all):      
  L1d:                    64 KiB (2 instances)
  L1i:                    64 KiB (2 instances)
  L2:                     2 MiB (1 instance)
Vulnerabilities:          
  Gather data sampling:   Not affected
  Itlb multihit:          KVM: Mitigation: VMX unsupported
  L1tf:                   Mitigation; PTE Inversion
  Mds:                    Vulnerable: Clear CPU buffers attempted, no microcode; SMT disabled
  Meltdown:               Mitigation; PTI
  Mmio stale data:        Unknown: No mitigations
  Reg file data sampling: Not affected
  Retbleed:               Not affected
  Spec rstack overflow:   Not affected
  Spec store bypass:      Vulnerable
  Spectre v1:             Mitigation; usercopy/swapgs barriers and __user pointer sanitization
  Spectre v2:             Mitigation; Retpolines; STIBP disabled; RSB filling; PBRSB-eIBRS Not affected; BHI Not affected
  Srbds:                  Not affected
  Tsx async abort:        Not affected

lspci -vvv

02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8169 PCI Gigabit Ethernet Controller (rev 10)
	Subsystem: Realtek Semiconductor Co., Ltd. RTL8169/8110 Family PCI Gigabit Ethernet NIC
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
	Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 64 (8000ns min, 16000ns max), Cache Line Size: 32 bytes
	Interrupt: pin A routed to IRQ 21
	Region 0: I/O ports at de00 [size=256]
	Region 1: Memory at fddff000 (32-bit, non-prefetchable) [size=256]
	Expansion ROM at fdd00000 [virtual] [disabled] [size=128K]
	Capabilities: [dc] Power Management version 2
		Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=375mA PME(D0-,D1+,D2+,D3hot+,D3cold+)
		Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
	Kernel driver in use: r8169
	Kernel modules: r8169

02:01.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8169 PCI Gigabit Ethernet Controller (rev 10)
	Subsystem: Realtek Semiconductor Co., Ltd. RTL8169/8110 Family PCI Gigabit Ethernet NIC
	Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV+ VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx-
	Status: Cap+ 66MHz+ UDF- FastB2B+ ParErr- DEVSEL=medium >TAbort- <TAbort- <MAbort- >SERR- <PERR- INTx-
	Latency: 64 (8000ns min, 16000ns max), Cache Line Size: 32 bytes
	Interrupt: pin A routed to IRQ 16
	Region 0: I/O ports at dc00 [size=256]
	Region 1: Memory at fddfe000 (32-bit, non-prefetchable) [size=256]
	Expansion ROM at fdd20000 [virtual] [disabled] [size=128K]
	Capabilities: [dc] Power Management version 2
		Flags: PMEClk- DSI- D1+ D2+ AuxCurrent=375mA PME(D0-,D1+,D2+,D3hot+,D3cold+)
		Status: D0 NoSoftRst- PME-Enable- DSel=0 DScale=0 PME-
	Kernel driver in use: r8169
	Kernel modules: r8169

Both the network interface cards are new. Just unboxed them a few days ago.

The 10/100 onboard NIC is disabled in the BIOS. So it is not visible/assigned in IPFire.

8

ifconfig

green0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.9.1  netmask 255.255.255.0  broadcast 0.0.0.0
        ether **:**:**:**:**:**  txqueuelen 1000  (Ethernet)
        RX packets 2537193  bytes 1057871052 (1008.8 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 2484344  bytes 2118639304 (1.9 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 8279  bytes 651359 (636.0 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 8279  bytes 651359 (636.0 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

red0: flags=67<UP,BROADCAST,RUNNING>  mtu 1500
        inet x.y.z.n  netmask 255.255.252.0  broadcast *.*.*.255
        ether **:**:**:**:**:**  txqueuelen 1000  (Ethernet)
        RX packets 4148349  bytes 3993382548 (3.7 GiB)
        RX errors 0  dropped 39564  overruns 0  frame 0
        TX packets 3254141  bytes 2096535945 (1.9 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

This is a fixed wireless (ISP) connection. I assume that is the “dropped 39564” on red0.

9

CPU is detailed above.

2 GB RAM

free -m

               total        used        free      shared  buff/cache   available
Mem:            1967         192        1506          30         335        1774
Swap:            490           0         490
10

For 400mbps, IMVHO your hardware is “short” in every spec.

Short on computational power
https://www.cpubenchmark.net/compare/935vs2473vs4227vs2541/Intel-Core2-Duo-E4400-vs-AMD-GX-412HC-vs-Intel-Celeron-N4500-vs-Intel-Celeron-N3050
(GX-412HC is used in PCengines boards known as APU2. 1/10 of power consumption, more cache and 1.5x the computational power).

On ram, DDR2 is really not enough for more than 150mbps switching, and 2gb can become not enough adding services.

On network cards. PCI Gigabit ethernet works with more powerful NIC chips than nice but not fast RTL8169.

Deco X50, as network capabilities and power efficiency simply crush your 2008 CPU desktop computer.

100/110mpbs IMO is on par with your current configuration and… running this hardware for IPFire is using electrical energy in not efficient way.

Consider to replace your computer.
https://www.cpubenchmark.net/compare/935vs2496vs3574/Intel-Core2-Duo-E4400-vs-AMD-RX-427BB-vs-AMD-Ryzen-Embedded-V1756B
At this link you’ll find your current CPU compared with an HP t730 thin client’s CPU (2015) and HP t740 thin client’s CPU (2019).
Latter is far more costly, both will use half the watts of your desktop, while delivering the transport capabilities you need. It’s a bit messier shove a 4 port PCIe network adapter in t730…

94795934_115679033452380_514048057084477440_o-4264599223
94795934_115679033452380_514048057084477440_o-42645992231920Ă—1440 385 KB

but doable.

1 Like
11

Hi,

just to quickly pitch in with a particular hardware recommendation: The IPFire Mini Appliance supports 1 GBit/sec. throughput, even for IPsec (protocol-inherent overhead excluded), and is properly tested, with commercial support available. Plus, purchasing one will do the IPFire project some good… :slight_smile:

(Full disclosure: I am not related to or affiliated with Lightning Wire Labs, the company offering IPFire appliances and professional support, in any way.)

Thanks, and best regards,
Peter MĂĽller

1 Like