"Sensible" values for gateway latency + packet loss, broadband connections

luckman212

I am having a heck of a time "fine tuning" the latency & packet loss values on a few pfSense boxes I've set up with simple multi-wan failover

info:
-two WAN connections, WAN and OPT
-WAN is "fast" (usually 10-50Mbit), OPT is slow (1.5Mbit)
-no load balancing – just always use WAN unless WAN is down, then try OPT (OPT has "disable gateway monitoring" on)

I have settled on the following values but it's more of a "hunch" than scientific.  I know I am supposed to base these numbers off of the averages from apinger/RRD graphs but for some reason when I do that it causes way too many "false positives" where brief periods of packet loss will cause the gateway to "flap" too often.

Latency thresholds       low: 80   high: 400
Packet loss thresholds   low:  4   high:  15
Down:                        5

specifically I am wondering

1. what occurs when the latency hits the "low water mark" and "high water mark" get hit.  I assume that the high water mark is the value it has to reach to get taken OFFLINE and then after being marked offline, it waits for the values to fall below the  low water mark before  switching BACK from being marked offline??

2. what does the "down" value represent?  how many seconds the gateway has to remain in that condition before the alarm is fired??  the wording on these descriptions is poor, at least for my small brain.

thanks guys for all the help

chia

I think the watermarks thresholds are the triggers for change the gateway (tier 0 to Tier 1 Gateway) gatwaygroup.

But what means 'fire the alarm' is not clear, hav'nt seen any alarm after disconnections.
(SNMP TRAP alarm? or eMail?)

Does anybody know what it means?

luckman212

but specifically what happens when latency crosses the low watermark?
and what happens when it crosses the high watermark?
Is this documented anywhere??

Nachtfalke

I am asking this myselfe always again when I read through this descriptions.

I found out that if it reaches the "low watermark" then there is a syslog entry like "ALARM - WAN1 has high latency" but if I remember correct it does not set the GW as down. So it is probably only an indicator and perhaps it then starts to send an email/growl alert.

I need to tune these setiings, too, because I get a false positive 2-3 times a week. I have got two ADSL lines 16/1

chia

Hi, it shows in system log:
"apinger: alarm canceled: GW_WAN(8.8.8.8) *** down ***"

Nachtfalke

@chia:

Hi, it shows in system log:
"apinger: alarm canceled: GW_WAN(8.8.8.8) *** down ***"

That's not what I mean. What you describe happens when the gateway was down - that means if the high watermark was reached.
What I said is what happens when only the low watermark is reached.

But like I said before I am really unsure how these features are working  ;)

luckman212

If I do not wish to receive alarms for high latency but DO want alarms for high watermark – is it OK to set both values to the same number?

Nachtfalke

@luckman212:

If I do not wish to receive alarms for high latency but DO want alarms for high watermark – is it OK to set both values to the same number?

Probably. Or just set it to 100 and 101 so that there is just a very small difference