I225-v throughput issue with OPNsense

Hardware Hub Networking
1

I’ve got a 4-port firewall device from Amazon - https://www.amazon.co.uk/gp/product/B09J4TVFBY/ref=ppx_yo_dt_b_search_asin_title?ie=UTF8&psc=1 - which uses intel I225-V 2.5GbE NICs. I’ve had it in place as my router for nearly a year without any bother. However, I’m now seeing speeds on each interface topping out at 500mbps at best, usually more like 450.

I’ve reinstalled opnsense, changed the interfaces around, changed cables and devices and performed download and iperf tests and I get the same thing. My broadband is 900 down and I’m sure when I first installed this that is what I got. The main reason I even checked the speed was because I noticed general weird behaviour - slow loads and lagging, drop outs. My old Asus router works fine as does the minisforum UN100D I’ve now installed instead (which is overkill).

I’m fully aware of the general bugginess of the i225-V chips and trying setting speeds manually on the interfaces, tunable settings on opnsense but nothing seems to help. I think my next step will be to install a different OS but in the meantime, anyone had similar issues or know what else I can try in opnsense?

2

Are you doing any port bridging in OPNSense? If so, that can hurt performance. Its much better to use each port as a dedicated interface and connect a switch if needed.

Other that, take a look at these settings and make sure you Disable/Enable the various hardware acceleration features as needed. My understanding is that when using OPNSense as a firewall, its best to turn off most of the hardware acceleration features (counter intuitive, but we live in a world were the CPU has a lot more power than cheap ethernet chips.)
I can’t post links, so Google search “opnsense hardware acceleration” and look for the article titled Settings - OPNsense documentation

3

You mentioned changing devices. Did that include the switch(es)? I experienced a similar problem a year or so ago, and it turned out that two of my ethernet switches had been damaged by a nearby lightning strike. If they had failed outright, it would have been a lot easier to debug. As it was, I was getting 300meg instead of 1gig.

1 Like