Performance-Problems to several Websites
-
Your existing router must be doing MSS clamping, set that to 1492 on WAN and I suspect that will fix it. If it weren't, you'd be able to ping through at 1473 with DF.
-
@cmb:
If it weren't, you'd be able to ping through at 1473 with DF.
huh, +28 to 1473 would be 1501 would it not? Thats not right?? 1472 would mean your maxmtu is 1500??
I can not even ping pfsense on lan with -l 1473 -f, so how would it go out past pfsense with a 1501 mtu and DF set?
-
I have tried several MTU sizes. Problem still exist. The same in combination with a lot of different MSS.
It seems that I have problems to surf to any contet, who is hosted on akamai.
e.g. ford.com: The browser is loading and loading and loading and nothing happens
If I connect my PC to an LANCOM-Router, this page opens after seconds..Pings with a big paktsize go through….
Ping wird ausgeführt für www.web.de [217.72.200.132] mit 5000 Bytes Daten:
Antwort von 217.72.200.132: Bytes=5000 Zeit=14ms TTL=57
Antwort von 217.72.200.132: Bytes=5000 Zeit=13ms TTL=57
Antwort von 217.72.200.132: Bytes=5000 Zeit=13ms TTL=57Speedtesters shows perfect performance.
Dirk
-
The MTU-Problems solved:
Check "IP-do-not-fragment compatibility"…the issue to surf to several websites (e.g. ford.com) still exist.
I have all packages uninstalled except NRPE...Other Routers/Firewalls (LANCOM, IPFire) doesn't cause this problem.
On fresh bare metal installation (Pentium 4 with 3c905-TX) I have the same issue.suggestions are welcome
-
update…
on my test environment (Pentium 4 with 2 x 3c905-tx) -fresh installation -No packages- - I have checked/unchecked serveral boxes in the menu "Advanced".
Finally I installed 2.1-BETA0.
No improvement.need help...
-
Now I have this problems
with www.spiegel.dePacket Capture
Interface: DMZ (192.168.1.x)12:31:50.653400 00:0c:29:bb:ff:9c > 00:0c:29:c9:bd:e3, ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 15617, offset 0, flags [DF], proto TCP (6), length 48) 192.168.1.112.1662 > 195.71.11.67.80: Flags [s], cksum 0x041b (correct), seq 1276027028, win 64240, options [mss 1460,nop,nop,sackOK], length 0 12:31:53.614686 00:0c:29:bb:ff:9c > 00:0c:29:c9:bd:e3, ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 15648, offset 0, flags [DF], proto TCP (6), length 48) 192.168.1.112.1662 > 195.71.11.67.80: Flags [s], cksum 0x041b (correct), seq 1276027028, win 64240, options [mss 1460,nop,nop,sackOK], length 0 12:31:59.630321 00:0c:29:bb:ff:9c > 00:0c:29:c9:bd:e3, ethertype IPv4 (0x0800), length 62: (tos 0x0, ttl 128, id 15704, offset 0, flags [DF], proto TCP (6), length 48) 192.168.1.112.1662 > 195.71.11.67.80: Flags [s], cksum 0x041b (correct), seq 1276027028, win 64240, options [mss 1460,nop,nop,sackOK], length 0 [/s][/s][/s] -
Without some more capture parameters (what filters were specified?, is this an edited version of the capture? etc) it is not possible to give an accurate interpretation of the capture.
Is this traffic blocked by firewall rule? (By default, all traffic on NON-LAN interfaces is blocked.)
Does a packet capture on the WAN interface show this traffic leaving pfSense? Does it get a response?
-
After your post suddenly www.spiegel.de works.
Now I have the same problem.
I have installed a new Workstation in our DMZ (no restrictions from DMZ (192.168.1.0) to external (.)
this is the output from wieshark of this machine with pfsense and LANCOM as default gateway.other domains are accessible.
Can you instruct me, how I capture and filter the WAN-Nic, because we have on this a high load.
Thanks….
[spiegel via LANCOM.txt](/public/imported_attachments/1/spiegel via LANCOM.txt)
[spiegel via pfsense.txt](/public/imported_attachments/1/spiegel via pfsense.txt) -
… you see in the report -pfsense-
after waiting approx 30Seconds, the Internet Explorer open BING to query "www.spiegel.de"... -
you have checked your problematic sites also externally ?
http://www.speedguide.net/analyzer.php
My "Share your Results":
« SpeedGuide.net TCP Analyzer Results » Tested on: 2013.02.27 13:10 IP address: 5.145.xxx.xx Client OS/browser: Linux (Firefox 17.0) TCP options string: 020405b40402080a5b0ce8630000000001030307 MSS: 1460 MTU: 1500 TCP Window: 5888 (NOT multiple of MSS) RWIN Scaling: 7 bits (2^7=128) Unscaled RWIN : 46 Recommended RWINs: 64240, 128480, 256960, 513920, 1027840 BDP limit (200ms): 236kbps (29KBytes/s) BDP limit (500ms): 94kbps (12KBytes/s) MTU Discovery: ON TTL: 53 Timestamps: ON SACKs: ON IP ToS: 00000000 (0)and```
« SpeedGuide.net TCP Analyzer Results »
Tested on: 2013.02.27 13:12
IP address: 91.102.xx.xxx
Client OS/browser: Windows 7 (Firefox 19.0)TCP options string: 020405b40103030201010402
MSS: 1460
MTU: 1500
TCP Window: 65700 (multiple of MSS)
RWIN Scaling: 2 bits (2^2=4)
Unscaled RWIN : 16425
Recommended RWINs: 64240, 128480, 256960, 513920, 1027840
BDP limit (200ms): 2628kbps (329KBytes/s)
BDP limit (500ms): 1051kbps (131KBytes/s)
MTU Discovery: ON
TTL: 117
Timestamps: OFF
SACKs: ON
IP ToS: 00000000 (0)Bests Reiner -
Hi Reiner,
thanks for your reply.
Allmost all websites are accessible, just a few site (spiegel.de) are sometimes not (for a few days).
OK I send you the requested reports… -
Hi this was only an idea because years ago it was often a problem for ADSL users especially from Yahoo and AOL which had only ~1448 and ~1412 bytes MTU instead of "normal" 1492 so many sides weren't working..
-
Now suddenly spiegel.de works again.
strange. ???
