5Gb Internet Where is the bottleneck?

Just looking for some assistance here in identifying where the bottleneck is. I think some performance can be gained by using a faster single core clock processor. Currently using a i3-7100T

I recently upgraded to a 5Gbps internet connection from my ISP. I’ve tried running multiple speed tests from different websites concurrently, among several other random tests but I have yet been able to get more than ~2.5Gbps.

I am using pfSense and I am running Suricata. When I hit it pretty hard I see fairly high CPU utilization.

Top doesn’t really seem to help much here:

I can see a pretty hard limit around 2-3 Gbps but it does spike up and down to 4 or 5 for some small quantums.

Is it me or is it my ISP throttling me when I egress their network to the internet?

Are you able to hit 5gbps if you disable suricata?

That’s what is weird. I don’t seem to be noticing a statistically significant difference with it off?

Ookla says web browsers top off at 3Gbps, can you try the speedttest desktop app and see whether it makes any difference?

To get a 10 Gbps Speedtest result, you need a connection that fast and devices that are capable of handling those speeds. 
We tested between two Mac Minis with 9000 byte jumbo frames.

Web browsers max out around 3 Gbps, 
so we used our our desktop app.

I can get 4.9gbps using Opera GX on the speedtest website. So some may top out lower, but definitely not all of them. Ive never actually heard of a web browser being a bottleneck on throughput. That seems really weird to me. I figured once a connection was established that the Windows network stack (or NIC if it bypasses the stack) would be in charge and the browser would just display the data

Browser testing has limits. This is especially noticeable on less efficient cpus, usually the process is very CPU intensive, which can limit the result.
But equally important is the server on which the test is performed.

I would first see what wget/curl and aria2(uGet) show in 16 tcp sessions to saturate the bandwidth. Some ISPs are quite stubborn about single sessions.

It’s best to check some fast server with speed test file loose example:

https://speed.hetzner.de/10GB.bin
https://proof.ovh.net/files/10Gb.dat
http://speedtest.tele2.net/1000GB.zip
http://se-speedt01.fre.nis.telia.net/webdl/1GB.bin

To eliminate your local problems, make a loop on wan and share some file with http and see what you get… if fw doesn’t limit you.

  1. use Linux, not in a VM with a great 10Gbe nic
  2. use the official ookla command line tools (not the ones any linux distrio includes)

(i found windows has some really wonky issues with +5gbe speeds, even if you use linux vms on top of windows)

I agree with Tim’s points in general. You want to have multiple streams coming from your home network, even if it originates from one machine.

One way to test whether you’re getting full speed to “the internet” is to create an AWS EC2 instance you know to have 5-10Gb NIC and run iperf3. This way you are using a real network performance tool and you control both sides of the connection. This will also be a good test because a lot of services you use are hosted on AWS.

From there you can start narrowing down what on your side is the limiting factor. I’ve heard that the linux networking stack isn’t great past 5-6Gbps, so check your CPU usage and how many cores are saturated. The name of the game here is to verify the traffic source has the oomph to produce sufficient traffic.

If you really can’t get the full speeds you may need to try borrowing a router of some kind with a known ability to push 5Gbps at 1500 bytes/packet or whatever max transmit unit your ISP allows. To go even further without dedicated hardware and to turn this into a project, there may be ways to use XDP or DPDK to put your NIC outside the control of the linux kernel and use a poll-mode driver to service more packets. (I haven’t done this myself)