Slow download speed
-
Hi
I have 3 systems unable to update, because dl speed is about 1MBit/s.Tried speedtest, various dl files from across world, all ok.
Just netgate 208.123.73.209 has slow dl speed to my location.What can I do?
-
K KOM referenced this topic
-
They don't even try to update?
Some MTU issue in the route?
-
-
Try a packet capture while running
pkg update. Do you see errors or retransmissions?It pretty much has to be something in the route. The servers there are running fine AFAIK.
-
@stephenw10
Yeah a lot of out of order and retransmissions...
-
Yup could be something dropping packets in the route.
But I would try setting MSS on the WAN to something that will definitely pass like 1300. If that fixes the link it confirms an MTU or PathMTU issue.
-
@stephenw10
Tried with 1300 and 1200 MTU and MSS same result.I wrote to my isp if they can do something about it...
-
Try just running a ping to 208.123.73.209 and see what the loss rate is.
You could also try running MTR against it:
My traceroute [v0.95] steve-NUC9i9QNX (172.21.16.8) -> 208.123.73.209 (208.123.73.209) 2025-08-13T19:50:29+0100 Keys: Help Display mode Restart statistics Order of fields quit Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. fw1.stevew.lan 0.0% 26 0.3 0.4 0.3 0.5 0.1 2. 172.16.13.252 0.0% 26 4.7 4.6 4.4 5.0 0.1 3. (waiting for reply) 4. 128.hiper04.sheff.dial.plus.net.uk 0.0% 26 5.5 5.5 5.2 7.2 0.4 5. 62.6.204.236 0.0% 26 5.4 5.8 5.2 6.9 0.4 6. core5-hu0-0-0-15.faraday.ukcore.bt.net 0.0% 26 5.6 6.5 5.4 25.7 3.9 7. 166-49-209-132.gia.bt.net 0.0% 26 5.6 6.2 5.4 21.0 3.0 8. ixp1-xe-5-0-0-2.us-ash.gia.bt.net 0.0% 26 88.4 88.9 87.6 105.7 3.5 9. int-14-0-5-2.pr2.dca10.netops.charter.com 0.0% 26 89.3 98.0 88.7 126.7 8.5 10. lag-10.asbnva1611w-bcr00.netops.charter.com 0.0% 26 124.2 123.1 122.4 125.9 0.8 11. lag-400.atlngamq46w-bcr00.netops.charter.com 23.1% 26 112.4 113.3 112.3 115.8 0.8 12. lag-12.hstqtx0209w-bcr00.netops.charter.com 0.0% 26 112.6 113.1 112.0 114.1 0.6 13. lag-1-10.rcr01hstqtx02.netops.charter.com 0.0% 26 111.8 112.0 111.6 113.4 0.4 14. lag-9.mcr02hstqtx02.netops.charter.com 0.0% 26 122.7 122.7 122.3 124.3 0.4 15. lag-102.mcr02snavtxuu.netops.charter.com 0.0% 26 135.2 135.1 134.7 135.9 0.3 16. lag-101.mcr02snantxvy.netops.charter.com 0.0% 26 135.1 135.1 134.8 135.4 0.2 17. lag-102.mcr02ausdtxir.netops.charter.com 0.0% 26 125.0 125.1 124.8 125.7 0.2 18. syn-076-058-033-033.biz.spectrum.com 0.0% 26 135.3 134.2 133.8 135.3 0.3 19. syn-024-073-241-243.biz.spectrum.com 0.0% 26 135.0 135.9 133.8 147.5 3.9 20. syn-097-105-026-206.biz.spectrum.com 0.0% 25 125.5 125.5 125.2 126.0 0.2 21. net66-219-34-194.static-customer.corenap.com 0.0% 25 125.1 125.1 124.9 126.0 0.2 22. fw1-zcolo.netgate.com 0.0% 25 128.5 128.6 128.4 129.1 0.1 23. 208.123.73.209 0.0% 25 125.8 125.6 125.4 125.9 0.1 -
No loss
208.123.73.209 ping statistics ---
23 packets transmitted, 23 received, 0% packet loss, time 22029ms
rtt min/avg/max/mdev = 140.357/147.701/152.623/5.680 ms -
Mtr, HE is really bad...
My traceroute [v0.94] as.rasca.local (10.10.0.82) -> 208.123.73.209 2025-08-13T21:27:40+0200 Keys: Help Display mode Restart statistics Order of fields quit Packets Pings Host Loss% Snt Last Avg Best Wrst StDev 1. _gateway 0.0% 7 0.3 0.3 0.2 0.4 0.15 2. 77-38-56-1.dynamic.telemach.net 0.0% 7 2.3 4.4 1.9 13.3 4.24 3. 185-66-148-89.static.telemach.net 0.0% 7 2.2 3.4 1.9 11.3 3.5 4. 100ge0-36.core1.lju1.he.net 0.0% 7 14.5 8.7 7.3 14.5 2.68 5. 0.4-66.core2.vie1.he.net 28.6% 7 10.0 7.8 7.1 10.0 1.2 6. 100ge0-63.core2.par2.he.net 71.4% 7 26.2 26.2 26.2 26.2 0.0 7. port-channel11.core2.nyc4.he.net 66.7% 7 96.8 96.8 96.7 96.7 0.08 8. port-channel11.core1.ash1.he.net 66.7% 7 101.6 101.7 101.6 101.9 0.2 9. port-channel1.core3.ash1.he.net 50.0% 7 102.8 102.9 102.8 102.9 0.1 10. twc-7843-bb-as7843.e0-33.switch1.ash1.he.net 0.0% 7 104.4 101.8 100.9 104.4 1.2 11. lag-310.asbnva1611w-bcr00.netops.charter.com 0.0% 7 128.8 129.5 128.8 130.7 0.8 12. lag-407.atlngamq46w-bcr00.netops.charter.com 42.9% 7 134.8 132.9 128.4 140.2 5.78. 13. lag-405.hstqtx0209w-bcr00.netops.charter.com 0.0% 7 127.5 127.8 127.5 128.1 6.9 14. lag-1-10.rcr01hstqtx02.netops.charter.com 0.0% 7 126.6 126.6 126.4 126.6 0.17 15. lag-9.mcr02hstqtx02.netops.charter.com 0.0% 7 128.8 128.8 128.6 129.0 0.21 16. lag-102.mcr02snavtxuu.netops.charter.com 0.0% 6 141.1 141.2 141.1 141.3 0.1 17. lag-101.mcr02snantxvy.netops.charter.com 0.0% 6 140.1 140.5 139.5 144.7 2.16 18. 1ag-102.mcr02ausdtxir.netops.charter.com 0.0% 6 140.2 140.2 139.6 142.6 1.27 19. syn-076-058-033-033.biz.spectrum.com 0.0% 6 141.4 140.9 140.6 141.0 0.24 20 syn-024-073-241-243.biz.spectrum.com 0.0% 6 142.0 141.1 140.5 142.0 0.64 21. syn-097-105-026-206.biz.spectrum.com 0.0% 6 156.9 152.3 151.2 156.9 2.36 22. 2t66-219-34-194.static-customer.corenap.com 0.0% 6 151.5 143.0 141.0 151.5 4.2 23. fw1-zcolo.netgate.com 0.0% 6 152.5 147.3 141.3 153.1 6.1 24. 208.123.73.209 0.0% 6 169.9 149.5 140.2 169.9 11.7Edit: Fixed up that MTR output.
-
That MTR output is actually OK. It's normal to see some hops in the route the don't respond to pings or drop packets. The important thing is that there is no loss at thge last few hops. If there was general packet loss in the route everything beyond a bad router would see at least that same level of loss.
That packet capture sure looks like it's just missing traffic though.
-
What can I do?
-
You could try pinging with large packets to determine any MTU restriction in the path. Setting MSS to 1200 should have eliminated that unless it's very restricted.
In the screenshot of the pcap we can see large packets arriving from the pkg servers but none going the other way.
Though the fact that pfSense is continually sending duplicate ACKs seems to imply that it's not seeing the incoming packets from the server even though they are reaching the NIC.
I assume you are not seeing traffic blocked in the firewall log? Do you have custom block rules that might block that without logging?
Do you have more than one WAN? Is it possible traffic is using both?
Something else could be dropping traffic on the WAN like traffic shaping or Snort.
-
@stephenw10
No, one wan.2 locations, same ISP....
Happens same on both locations even if I try to use installer for new install so no snort or whatever..
-
@maverick_slo Are you running WAN IPv4 only or with dualstack (IPv6), too?
I've seen quite a few installs from us with dual stack where especially v6 was slow as hell. Disabling v6 (setting v6 gateway to none to force it to run via v4) was way faster. As sad as that is...
Just an idea.
-
@JeGr nop
No ipv6 at all..Also no firewall rules that would block anything...
-
Are you able to upload that pcap (or one like it) so we can look at it? That looks so catastrophic it should show something where it first fails.
-
@stephenw10
Hi.
Upliaded to your and mine NextcloudHope u see something..
-
Hmm, unfortunately that doesn't include the initial part of the connection where it first fails. Are you able to get a pcap including that? If you just run
pkg updatefor example.Was is that running on? The MAC addresses for pfSense and it's gateway are unusual.
-
@stephenw10
Uploaded: telemach_netgate_PKG_UPDATE.pcapBut it`s just 9KB...
