• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

How to discover what is slowing down the network?

Scheduled Pinned Locked Moved Firewalling
2 Posts 2 Posters 4.1k Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • F
    fluca1978
    last edited by Aug 3, 2011, 2:22 PM

    Hi,
    I'm experiencing a few problems on my network, especially with the traffic that is going out thru a pfsense 1.2.3 with multi-homed load balancer. What happens is that on a few days the network traffic goes very slow, and I cannot figure out what machine(s) and/or what protocols are doing this. Or better, I can see who, which and what is passing thru the pfsense, since I've got extensions like bandwithd, but what I'm seeing is a generic http traffic while I suspect it must be a p2p or something else that is collapsing the network. The LAN is working fine, the pfsense box does not report memory and or state limitations, and both are always under the half threshold. IPSEC traffic is done by another device (asymmetric routing), and my WANs are 3x4Mb/s (symmetric). The strange thing is that on some days the network is going slow, while on other days, with the same amount of traffic as reported by bandwithd, the network works well. This could lead to a problem of the ADSL providers, but I'm not sure, because other factories with the same providers and in the same local facilities are not experiencing problems (ok, this is not a proof that the lines are ok). I've enabled traffic shaping, using the wizard and giving max priority to http and low priority to p2p, but the problem still exists (and the queues never report a borrowed packet, if this means).
    I say that I suspect this is due to p2p because I know some clients use it and when they are turned off the network works well, but this is not a proof since I've got more than 150 clients and I don't know exactly of how many p2p programs are running.
    Is there any tool/tecnhique I can use to discover what is blocking the network and how to fix it?

    Any suggestion will be appreciated.

    1 Reply Last reply Reply Quote 0
    • J
      johnpoz LAYER 8 Global Moderator
      last edited by Aug 3, 2011, 8:25 PM

      Well you could capture the traffic at your pfsense box (under diag) and load that up into say wireshark to see what is going on exactly.

      Or you could turn on netflows, be it pfflowd or install softflowd, and send that to flow collector - prtg or ntop can do this for example.  You could then see who your top talkers are and what specifically the traffic is and where its going vs the generic stuff you get with bandwidthd

      You could also just run for example pftop or iftop to see who your talk talkers are in real time, or install the darkstat package - not sure if runs on 2.0, have not used it since my 1.2.3 days.

      You can even install ntop right on your pfsense box, but sending the flows to a different machine would work just as well.

      An intelligent man is sometimes forced to be drunk to spend time with his fools
      If you get confused: Listen to the Music Play
      Please don't Chat/PM me for help, unless mod related
      SG-4860 24.11 | Lab VMs 2.8, 24.11

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received