DNS 8000+ms, troubleshooting help
-
@johnpoz Thanks for pointing that out.
-(Slow)I type google.com into browser on every connected machine, they timeout.
-(Slow)Ping google.com it says 8000ms.
-(Normal)Iperf between machines 960Mb/s
-(Normal)Download linux mint 900Mb/sHave I misidentified what the issue is as DNS and how may I narrow it down correctly to repair it.
-
Yeah that seems like just latency in general. Unless pings to something else returns normally.
What does the pfSense gateway monitoring show?
What do pings from pfSense itself show?
-
DNS with apps off:
DNS with apps on:
Ping apps off:
Ping with apps on:
Ping from a local box with apps on:
-
@johnpoz Default setup just added some DNS alternatives as you can see in above images.
-
@stephenw10 Shown in previous post.
Gateway monitor ? lmk what you wand to see so I may post it. -
It appears that the applications are putting the network underload. Try doing a packet capture on the lan interface to see what is happening on the network.
-
@s_serra CPU 3% mem 1-3%, bandwidth is wayyy below my 1Gb/s capability.
What specifically shall I check ? -
@srytryagn A loop may be occurring.
-
@s_serra You may be right about that and that (a Loop) would make sense. I have run a packet capture on the lan running the apps. I dont know how to diagnose the loop nor how to troubleshoot it or where to begin. Would you please kindly point me in the right direction.
-
Simple network topology FYI.
-
It depends on what the application is doing with the network. Can you tell me what type of application it is and what this application needs from the network? You can set the IP address in each application's packet capture to see what happens in each one.
-
@s_serra It is a blockchain application so RPC connection, in particular a node (p2p traffic hence the port forward) and a farmer which stores data to a local drive and must prove to the network that it is stored on the drive.
It requires 30333, 30433, 30533 TCP+UDP to be forwarded to the box.
The Node app and Farmer app speak each other on same machine on loopback.
I ran a 1000 data point packet capture on that machine running the apps, but have no clue how to diagnose a loop from what is infront of me.
Could you explain how & what you mean by set IP address in each applications packet capture, doing packcapture in pfsense only allows a machine IP not a specific application ?
-
Since both applications are running on the same machine, I assume they have the same local IP address running on different ports. Put the local IP address of the machine where the applications are in the packet capture to see what is happening. Do ports 30333, 30433, 30533 need to be exposed to the Internet?
-
@s_serra I did exactly that, ran packet capture of machine IP address where the apps are running.
Yes 30333, 30433, and 30533 are exposed to the internet, in pure nat point to app machine, with requisite outbound rules applied on wan/NAT.
-
Check if the applications receive the response from the other peer through packet capture. Have you analyzed the network traffic (Status -> Traffic Graph) on the wan interface and then on the lan?
-
- Traffic graph yes, hardly any bandwidth used peak 25Mb/s and can see peers.
- Packet capture just shows a bunch of:
| TIME | IP:PORT | > | IP:PORT |
From the above two diagnostics you asked me to look at I do not understand how to interpret if there is a loop or what the cause of my issue is.
Would you please let me know how to proceed, what to analyze/repair ?
-
Through | TEAM | IP:PORT | > | IP:PORT |
you can analyze whether packets are leaving and the response to that packet is being received from abroad.Check the ping response time on the wan gateway.
-
@srytryagn said in DNS 8000+ms, troubleshooting help:
in pure nat point to app machine
what do you mean pure nat? You mean they are using nat reflection to talk to each other?
-
@johnpoz NAT port forward has option for nat reflection set to pure nat.
nat reflection { pure nat, disable, default, pure nat + proxy}
-
@s_serra The report shows Time, IP:Port, arrow, and IP:Port, there is no information about when packets are being received from abroad.
