SG-2440 Upload Speed Limited After a Few Minuites
-
I just did another test which showed an interesting result.
I had the SG-1100 plugged in with my usual pfSense config (static IP and all as above), but this time I only connected one device on the LAN side. Everything else was not connected. At 58 past the hour, the upload remained.
This is now looking more like I have some kind of device on my LAN that triggers something in pfSense to limit upload speed. Seems strange...
Any tips on finding this device other than unhooking things each hour?
-
@steve1515 said in SG-2440 Upload Speed Limited After a Few Minuites:
Any tips on finding this device other than unhooking things each hour?
Bisecting search.
- Unhook half of your devices & test
- Then unhook half the devices in the error half & test
- etc
-
Wanted to share an updated on this...
I've continued troubleshooting and I think I've narrowed down the cause although, I'm not sure of the fix. It seems to be caused by a raspberry pi that I use to upload an audio stream. It's a continuous police/fire scanner that ranges anywhere from 25 kbps to 500kbps. If I unplug the box and reboot pfSense, my upload stays at 20mbps.
In trying to prove that it wasn't pfSense, I added an alias IP to the WAN port in the 10.1.10.x network and setup outbound NAT for that network range to use that IP. This was so I could connect a laptop to the "Comcast NAT LAN" (See my image in the posts above.) and run an iperf speed test to a host on my pfSense LAN (by connecting to my WAN's static IP). Doing this shows 600-900 mpbs depending on direction of data flow. This had me thinking that it wasn't the pfSense that was limiting the speed.
Next, I had Comcast take a look and see what they saw... The issue is they don't see anything on their end. The biggest reason, is because when my pfSense LAN is limited to 10mbps upload, you can always plug a laptop in to the 10.1.10.x network on the modem and get 20mbps upload. This, to them, proves it's not Comcast.
I'm not really sure now what the fix would be or if there's anything I can do. Would a continuous upload stream audio stream break pfSense in some way at :58 past every hour? I'm still leaning towards this being a Comcast issue, but I don't really have a way to prove it.
-
Audio stream data like that can be unusual. For example it's not uncommon to see a lot of VoIP traffic swamp a firewall when the total bandwidth doesn't appear to be that high. That's because that sort of traffic is often very small packets and you end up hitting the PPS limits of the firewall at relatively low total bandwidth. Check the traffic graphs for PPS throughput.
Steve
-
@stephenw10 Where would I check on PPS throughput? Under Status->Traffic Graphs is only shows bandwidth in bits/sec.
-
Here:
-
Does this look unusual? In the picture, I'm hovering over :58 past to show more detail at that time.
-
No that's nothing, you'd need to see many thousands of PPS for it to be an issue.
Must be something the Pi is doing then. Check it's logs. Try setting a logging rule to pass only it;s traffic and see what connections it's opening at that time.
Stevce
-
I just did a new test and have an interesting result...
(Note: This is on 22.01)I put the Pi which is uploading on the Comcast 10.1.10.x network and rebooted the pfSense box to get my upload on the LAN (192.168.1.x) backup to 20mpbs.
I figured since the Pi was no longer behind the pfSense that the speed wouldn't drop... what actually happened was my LAN speed dropped as usual to 10mpbs and doing an iPerf test to an outside server showed that the Pi still had an upload of 20mbps.
This is kind of a strange result to me. I'm not really sure what to make of it.
I also did a pcap with an inline sniffer last night on the Pi and saw nothing unusual at :58 past the hour when the speed dropped.
-
So possibly the previous result when removing the Pi seemed to remove the issue was just coincidence?
-
@stephenw10 I suppose. I did it multiple times to verify it did not happen with the Pi disconnected. I'll need to go back and try to eliminate devices again.
The only thing that I can count on is when I have a device disconnected and the upload drops, then it's not the disconnected device.
It's pretty disruptive to try it out, but I might just put the Pi as the single device on with my static IP and see what happens. That would at least eliminate pfSense.
I'm leaning toward this being a Comcast issue, but have no good way to show that if a tech were to come here.
-
Mmm, I agree it's a tricky issue to prove. I can't recall ever seeing that before either.
-
Another interesting test I did today...
I plugged only the Pi and a laptop into the pfSense LAN. I rebooted the pfSense to get back to 20Mbps and waited till :58 past the hour.
The laptop is the same one that is normally not plugged into the network that I was using for tests before which never caused the issue by itself.
So, now we have a test with only those 2 devices plugged into the LAN port. At :58, the upload speed dropped to 10Mbps again. This to me, proves it's the Pi causing the issue.
The really weird thing is that in the last test, it still caused the issue to the pfSense LAN when the Pi was connected to the Comcast 10.x network.
It's almost as if the Pi uploading on either the 10.x or my static IP (pfSense) will cause the static IP to drop to 10Mbps upload. This is very strange and I'm not sure why this would happen.
I'm heavily leaning toward this being a Comcast issue, but still have not good way to prove it.
-
Yeah, it sure looks like something objecting to whatever the Pi is doing.
If it is Comcast it seems like they should know they're doing it. But....
