Slow LAN Traffic
-
Hi Everybody,
I'm very new to pfsense so please bear with me. I'm pretty good with learning it all, I just don't know what information to give you guys to help with my problem. I'll try to give as much as possible.
I'm using version 1.2.3 hooked up to a Netgear gigabit switch. For the most part, everything runs fine. However, when I do file copies over the network, everything slows to a crawl. When I say everything, I mean all traffic seems to be quite adversely affected. Standard web surfing slows down significantly as well as any LAN traffic such as connection to our Exchange server or other file servers.
I tried lowering the MTU but that doesn't seem to have done anything spectacular.
Can somebody please attempt to help me? I guess we can first start by telling me what log information you would require.
thanks in advance.
88
-
Hmm, I should have provided my hardware:
AOpen DE2700 booting off a Kingston CF card
http://usa.aopen.com/products_detail.aspx?Auno=2927This device has 2x Realtek Gigabit LAN jacks.
-
Nothing to do with pfSense, the LAN to LAN traffic goes through the switch, not pfSense. I'd start by looking at the systems involved and the switch.
-
I would agree with you, except that WAN traffic also slows during the LAN to LAN copy operation.
As well, when I changed from my failing Netgear router (different problem) to this customized one, this problem cropped up. Nothing else was changed in my infrastructure other than the routing appliance. I never experienced this problem previously.
While I get that correlation doesn't always equal causation, but it's too coincidental to overlook.
-
Give us a network map. How many subnets are you using?
-
I have attached a drawing I have done of our network map. It's pretty basic, as you can see. The reason for the second switch connecting the two network segments is due to them being in a second, air-conditioned room. There is only a single subnet.
-
In a "maintenance window" time (so as to not excite too many users):
Can you reproduce the problem?
Can you reproduce the slow file transfer across the LAN problem with the pfSense box disconnected? (LAN to LAN traffic shouldn't be going through the pfSense box).
Outside a maintenance window time:
Is the pfSense box busy? (pfSense shell command # top -S -H will display system statistics including idle time and busy system processes.)
Does it change noticeably when a file transfer across the LAN is attempted? When web surfing is attempted? -
In a "maintenance window" time (so as to not excite too many users):
Can you reproduce the problem?
Yes, I start a file transfer from a file server (in this case a 700mb Linux image) and WAN traffic slows every time. It's extremely repeatable.
Can you reproduce the slow file transfer across the LAN problem with the pfSense box disconnected? (LAN to LAN traffic shouldn't be going through the pfSense box).
This will have to wait until I can come in at night..probably tomorrow night.
Outside a maintenance window time:
Is the pfSense box busy? (pfSense shell command # top -S -H will display system statistics including idle time and busy system processes.)
Does it change noticeably when a file transfer across the LAN is attempted? When web surfing is attempted?I haven't utilized the shell yet, but when I use the system status page (that shows CPU usage % and Memory usage %), the usage for CPU never goes above 5-6% and the memory usage holds true at 13% almost constantly.
-
I would agree with you, except that WAN traffic also slows during the LAN to LAN copy operation.
Which would still point to a problem with the switch - it's the only thing in common.
As well, when I changed from my failing Netgear router (different problem) to this customized one, this problem cropped up. Nothing else was changed in my infrastructure other than the routing appliance. I never experienced this problem previously.
While I get that correlation doesn't always equal causation, but it's too coincidental to overlook.
Honestly, it's basic networking. LAN to LAN traffic never goes through the firewall unless you've configured it to do so (and you'd know you'd done that since you'd be using one VLAN per device). You can prove this yourself by running a packet capture on the pfSense host then doing your LAN to LAN copy - you won't see that traffic on the pfSense host (the state table will tell you the same thing).
It could be that the presence of the pfSense host has shown up a problem with your existing hardware, but it isn't likely to be the source of the problem. Have you tried replacing or even just power cycling the switch?
-
Well s***. I feel like a heel.
I power cycled both switches and the problem seems to be solved.
I have a final follow-up question:
Can somebody please try to enlighten me as to what happens to a switch to cause that kind of problem? Is there something I should be looking for in future switch purchases where that might not occur?
thanks again to everybody who offered advice and help. I truly appreciate the efforts. I apologize for wasting your time.
88
-
Sometimes it takes other people to point out the obvious (been there myself many times).
It could have been almost anything, the trouble is that cheap unmanaged switches have no diagnostics, so it's impossible to tell what's gone wrong. Buying a managed switch (Mikrotik's RB250GS is one cheap 5 port option) gives you a better chance to diagnose that type of fault.