In need of help to solve a bandwidth issue
-
So i have a 20mb link.. when i look at the Traffic Graph, i often see like the attached screenshot.. its saying that the WAN connection is downloading full at 20mbps.. and that my HOTSPOT which is all my clients, is only using a small amount.. 3-4 mbps..
As far as i see here, my bandwidth is all being used up but i dont see how?? All my clients are connected on the HOTSPOT interface.. On my pfsense box i just use captive portal MAC pass through and squid transparent proxy.
Can someone please help here? I am adding more clients everyday and am worried that the bandwidth is somehow getting eaten up.
-
There have been a number of threads on diagnosing bandwidth usage - I would suggest you start by working through those. What other interfaces do you have and what packages do you have?
-
I have the following packages installed:
bandwidthd.
Cron
darkstat
iperf
Lightsquid
OpenVPN Client Export Utility
phpSysInfo
RRD Summary
squid
widescreenInterfaces i just have WAN, LAN and an OPT1 which is just my office Wireless network.. which only 2 or 3 people use, very minimal usage on that.
Ive looked through a bunch of the threads and saw a few that mention maybe a networl switch or something causing problems, but i dont have that at all.. very simple setup here. The LAN interface is plugged to Ruckus equipment on the roof which serves my WiSP clients.
-
Are you doing any type of traffic shaping QoS?
-
No, nothing at all.
Just using Captive portal Mac pass through.. and squid as a transparent proxy
-
pfTop via SSH
Type the following commands to get ip's with highest throughput utilization… do not type the commas
7, R (Capital R), s, 1
Another option is install the pflowd package and downloading ManageEngines netflow monitor on a PC or Server on the lan. Point the pfflowd to the PC with manageengine. I used to use it alot!!!!
You get 2 free devices to monitor. Free phone support for setup too!
-
Thanks for that .. i am using both these options now.. great
Just quickly, that RATE in pftop.. is that in bytes or kilobyes? So for example 348015 is what?
-
I think it is in BYTES per sec.
-
If your Squid is set to cache, it is possible that clients have initiated and cancelled downloads which results in Squid still persistently downloading the content for caching purposes though the clients no longer require it.
-
Ah.. interesting… I do indeed have squid setup as a transparent proxy.. I will keep an eye on this.
Whilst on the subject of Squid.. Having the swap.state log rotate daily, doesnt affect the actual cache or clients getting content from cache right? I need all the help i can to conserve bandwidth
-
pfTop via SSH
Type the following commands to get ip's with highest throughput utilization… do not type the commas
7, R (Capital R), s, 1
Another option is install the pflowd package and downloading ManageEngines netflow monitor on a PC or Server on the lan. Point the pfflowd to the PC with manageengine. I used to use it alot!!!!
You get 2 free devices to monitor. Free phone support for setup too!
Where do you get pflowd for pfsense from?
Is nether in the pkg list or the freebsd repo.
TIA!
-
found it.
Thanks!
-
What can i use to see what is actually happening as far as squid possibly downloading or something? I am having this issue more often now.. its becoming a problem to my clients.. for an unknown reason for times throughout the day, for hours at a time my WAN usage is right up at my 20mb limit.. Take a look at attachment, i am in need of assistance for sure..
-
Wow! Well if it were my installation I would go back to the basics and remove everything and slowly re-build over time. Try to eliminate potential causes of the issue.
Also, get a capture of that traffic so you can find out exactly what that is. If I had to guess without much insight to what is going on I would not eliminate p2p traffic. -
Thanks for that.. starting again and rebuilding from scratch is hard as i really rely on the build up squid cache that is on there (50gb or so)
Wouldn't ptp traffic show up on my LAN interface (where all my clients are) as well as the LAN? WHen th WAN is like you see in that screenshot, the LAN (clients) is never above say 3-4mb usage..
-
True. I forgot that about your post. Let me run this by some of my colleagues at work and see if I can give you a better hint.
-
In a pfSense console session run pftop to get dynamic display of current firewall states (connections). Type h too get a display of the options. The R option should sort connections on rate and that should give you some clues about who is using the bandwidth.
-
True. I forgot that about your post. Let me run this by some of my colleagues at work and see if I can give you a better hint.
Thanks for this.. looking forward to what you come up with..
-
In a pfSense console session run pftop to get dynamic display of current firewall states (connections). Type h too get a display of the options. The R option should sort connections on rate and that should give you some clues about who is using the bandwidth.
I have done this, at a time when the WAN says 20mb usage, and below is what i see, i can't understand it well enough to see if it actually gives me an answer or not (i see alot of INBOUND traffic with port 127.0.0.1:3128 (squid Proxy Port).. is that my problem? and what uses that port?)
Getting confused with what In and Out refer to here..
-
Squid uses 3128 by default.