QNAP pfSense dropout
-
@stephenw10 I found this https://www.telstra.com.au/content/dam/tcom/small-business/support/pdf/nbn-byo-%20router-guide.pdf - Looks like requires traffic shaping and requires. MTU 1500 or lower . Probably go for MTU 1492 and MSS 1452 and shape the traffic to my tier.
-
Hmm, well I guess that could do it if they cut you off when you overrun your tier bandwidth.
-
@stephenw10, I swapped the LAN and WAN ports, and it worked for about 7 hours. During that time, I believed the issue was resolved, but unfortunately, it locked up again with packet failures. I'll give it another try, but one would expect the shaping to be handled on their end. It's worth testing, though. Thanks for engaging.
-
Mmm, it's been a while but I have seen providers that police bandwidth by just cutting connections. I don't recall seeing that for anything end user facing though.
-
@stephenw10 Here’s a professional rewrite:
Subject: MTU Configuration Issue with ISP-Supplied Router
Hello @stephenw10,
I configured the MTU to 1492 (with MSS at 1452) on my ISP-supplied router. This setting was based on recommendations for my connection type.
However, after sitting idle for some time, the router locked up overnight. The attached screenshot provides additional details.
Could you advise on any potential causes for the issue or whether further adjustments are recommended to stabilize the setup?
Thank you for your insights.
-
By 'locked up' I assume you mean just stopped passing traffic because it looks like you were still able to login to it?
-
@stephenw10 The issue is with the WAN—packet loss and loss of internet—but I can still access the system via LAN. Rebooting sometimes resolves it, but only for hours or minutes.
I suspect it’s a settings issue. I’ve had similar issues with this ISP when running pfSense on an old PC. However, the ISP-supplied router runs without issues for months, so the service itself seems fine.
I’m considering a Netgate appliance to remove uncertainties, but I believe the problem lies with the QNAP VM. I’ve experienced the same issue with OPNSense and SOPHOS Home on the VM: internet loss while LAN stays functional.
Swapping the LAN/WAN ports yields the same result, so it doesn’t seem to be a port-specific problem.
-
Hmm, well those tests seem to imply the VM setup is an issue I agree. However if it does the same thing using pfSense baremetal on an old PC that implies it isn't. So hard to say at this stage.
Probably need a new baremetal test to confirm if you can.
-
@stephenw10 some digging - Upstream Traffic: Set DSCP to 0. - how do I get to this setting. Somewhere in the firewall ?
To use a non-Telstra-provided Gateway, the device must:
• Support WAN on an Ethernet port. If not, please consider purchasing a business gateway from us.
• Support xDSL port for VDSL with Vectoring (FTTN & FTTB deployments only).
• Use Ethernet full duplex with auto-negotiation on so that the gateway signals to UNI-D (nbn network
termination device port) that it’s full duplex capable, avoiding duplex mismatch (excluding FTTN &
FTTB deployments).
• Operate as a gateway with a single MAC address assigned to the port.
• Not configured as a bridge or hub.
• Support NAT.
• Use DHCPv4 to ‘request’ the IP address (this is essential to create the IP session on our service
edge. The DHCP response will contain DNS information, as well as the allocated static address). The
network will return both IPv4 and IPv6 assigned address information.
• Be configured to transmit all upstream data untagged.
• Not use 802.1p priority or VLAN tagging as this will be ignored (subject to change).
TELSTRA CORPORATION LIMITED (ABN 33 051 775 556) | PRINTED 24/10/2016 BYO GATEWAY GUIDE WITH TELSTRA BUSINESS BROADBAND ON THE NBN
PAGE 2/4
• Be configured to mark all upstream traffic to ‘DSCP 0’ (zero).
• Ensure the L2 maximum frame size (also known as Maximum Transfer Unit - MTU) of no larger than
1500 octets.
• Shape upstream traffic to the Speed Level of the service purchased (e.g. shape upstream to 5Mbps
on a Speed Level 2 service i.e. 25Mbps downstream, 5 Mbps upstream).
https://www.telstra.com.au/content/dam/tcom/business-enterprise/support/pdf/byo-gateway-guide-telstra-business-broadband-on-nbn.pdf -
pfSense can match on DSCP but does not set it:
https://docs.netgate.com/pfsense/en/latest/firewall/configure.html#diffserv-code-point@ppal said in QNAP pfSense dropout:
Shape upstream traffic to the Speed Level of the service purchased (e.g. shape upstream to 5Mbps
on a Speed Level 2 service i.e. 25Mbps downstream, 5 Mbps upstream).This looks like a more likely potential problem if they enforce that by blocking traffic when it's not shaped.
