Routing using only one core on Download

Hello,
I have installed ipfire on my apu2c4 yesterday. I was using pfsense before, but recenlty upgraded my connection to 1 gigabit and wanted to be able to utilize it in full.
Unfortunately, I can’t go over 350-400Mbps on download. For upload it using all of 500Mbps. I also noticed, when I run a speed test, while it tests download, ipfire is using just one CPU core (at 100%). When it’s testing upload, the load is spread over 4 available cores.
Is there anything I have to setup more to have it working correctly?

Best regards,
Michal

At my synthetic tests (between 2 local networks) an apu2b4 has reached 921Mbit / 520Mbit at the same time. (bidirectional routing test)

https://wiki.ipfire.org/hardware/pcengines/apu2b4

Im not sure if you can optimize much. Maybee disabling sone features like “Generic Recieve Offload” may help. Often this features take load from server programs but they are a bad idea on routing machines.

The NIC will probably load-balance over multiple cores per connection.

That hardware isn’t powerful enough for a one Gigabit connection.

Yes, I read many reports ipfire can use full gigabit connection on apu2, hence I guess something is wrong with mine :wink:

What I find mostly strange is this while download test:
image

while during upload test, it’s using all cores below 50%.

Why doesn’t it use all the cores during download test?

Do you have a current BIOS installed?

Yes, updated yesterday to the latest version (after ipfire installation if that makes a difference).

apu4c4 user here, I have similar disappointing numbers.

  • IPFire to LAN: 940 Mbps - CPU slightly busy
  • IPFire to Internet: 230 Mbps - CPU at 100%
  • LAN to Internet: 115 Mbps - CPU at 100% - exactly half the bandwidth as previous test

It feels that everything going through the RED interface brings the CPU to its knees.

1 Like

same machine, similar numbers. If I connect my laptop directly to the gateway of the provider I have 800 mbit, the pcengines speedtest-cli drops to about 300 mbit upload and download. CPU 20%

Which connection type on red was used? (static, dhcp or ppp)

Red uses DHCP

Ah all the unitymedia/vodafone users here :rofl:. I don’t wonder about that values. With a A4-5050, which is actually the same CPU architecture, but with 1,4GHz, I’ve been at 80% with 120MBits (but Realtek NIC). I also upgraded WAN to 1GBits + hardware.

I have also used dhcp at my tests. (I have asked to rule out PPPoE encapsulation)
Im not sure what happens here. Simple routing (without IPS, QoS or Proxy) should not need so much CPU.

I see only about 20% of CPU (based on IPFire CPU graph) while using speedtest-cli, however I still have half of the bandwidth. I have a static connection.

20% out of 4 cores is roughly 100% of one core. As apparently routing is not able to leverage multiple cores, it still makes the CPU the bottleneck.

But I think this will be the case with single connections only. With multiple connections it’s using different cores. You may try download managers that are capable to establish multiple connections just as torrent (for testing purpose). But for sure that won’t solve the problem for regular usage.

I think you are right. I opened two terminals and started in parallel 2 consoles launching speedtest-cli, the speed remained the same for both and the CPU went to 50%

I wonder if there is a regression somewhere as this article from 2017 shows routing with IPFire on a APU2C0 at 1 Gbps with a single connection.

https://teklager.se/en/knowledge-base/apu2c0-ipfire-throughput-test-much-faster-pfsense/

Sure just turn off all firewall services and you will get your 1GBit. With my config I wouldn’t even get your up to 500Mbits. Got my point.

I tried this test on my test environment … all I get is 277 Mbits/sec :frowning:

server [10.0.0.26] ----- ipfire core 141 ----- client [172.16.0.10]

In my case dropping this rule is enough to get a 3x increase in routing throughput:
iptables -A FORWARD -p tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu