Strange internet slowness Alix pfsense router

dolomite792

I have internet from a local wisp who are attached to a fiber optic connection.  I believe its a motorola 5ghz wireless terminal on my roof with auto dhcp.  Here's a screenshot of the full interface page.

As far as rulesets probably something basic for a home connection, there's nothing specific but probably the best security practice for the home.  Let me know if there's any other places I could look to see as to why it would be slowing things down so much.

I plugged the wrt54gl in again and the speed was back to normal with enough bandwidth that we could all surf.  I didn't inherit this alix board at all its just a fresh stock installation which is why I find this so weird.  Thank you for all of your assistance so far as it is very much appreciated.

stephenw10

So the 3.5Mbps figure you gave earlier is that your normal speed or what it's reduced to? What is your WAN connection?  DSL? Cable?

Steve

dolomite792

My ISP is neither of those, its wireless equipment on my roof connected via ethernet which ultimately connects up to fiberoptic connection.  So yes I get roughly about 3.5 constantly and its burstable to higher speeds.  Could it be possible that its not playing nice with the motorola 5ghz equipment from the ISP?  I unchecked this option on the wan:

Block private networks
When set, this option blocks traffic from IP addresses that are reserved for private networks as per RFC 1918 (10/8, 172.16/12, 192.168/16) as well as loopback addresses (127/8).  You should generally leave this option turned on, unless your WAN network lies in such a private address space, too.

Since it uses these addresses I think this may have solved the issue.  I will continue testing further with multiple devices running and see if it has an effect.

stephenw10

You should also check the system logs for any alerts from the apinger service. Since your WAN is a wireless setup it may have a higher latency than apinger is tuned for by default. It may be seeing it as a bad connection.
What do the RRD graphs of your WAN quality look like? What's the average ping time?

Steve

dolomite792

I've been experiencing something strange when I reboot the wan will go up and down repeatedly until it decides to finally stick and give me a local address.

Here's the WAN graph and as you can see the speed is terrible:

The apinger is having trouble just like you said it would:

What should I do from here?  Where should I adjust the apinger latency?  Also how would I figure out the proper latency to set it to?

Your assistance has been awesome so far!

Thank you!

stephenw10

Ok, so apinger is seeing excessive delay as we thought it might.
In the webgui go to System: Routing: Gateways: edit the WAN gateway (the 'e' button). Click 'advanced'. Now you can enter new latency values. To get suitable values try looking at the RRD graphs for WAN quality, that should show your typical ping times. You can also try disabling apinger completely on that page as a test.

Steve

dolomite792

So which graph shows the ping?  I just cannot seem to make sense of which one that is. Disabling the apinger service still doesn't seem to have changed the crappy speed…..  It has stopped logging it in the system logs though.

dolomite792

Ok so I'm looking at the quality graph in the RRD graphs and its showing:

Delay
min: 7.62ms
avg: 55.83ms
max: 934.11ms

So then I'm looking in the advanced section of the gateway:

Latency thresholds      Low and high thresholds for latency in milliseconds. Default is 200/500.

I'm a little confused on what to do here as the default threshold looks to be within the parameters?

stephenw10

Hmm, well you clearly have a wide variation in latency and some very high values. It's not clear whether the connection is severed by apinger at those high peaks, the latency may have increased further for instance. You would probably just have to try some values and see how it goes adjusting them until you reach something you're happy with. I've never had to deal with a wireless WAN connection though, there are probably others here who could give you a better answer on that.

Not sure why the speed should be low. What speed do you expect to see?

Steve

dolomite792

Well it should at least be a decent and robust 3.5mb and now I'm looking at a fragile 0.85-1.5mb which really sucks.  Weird thing is that the connection improves right after you restart the ISP radio and then the PFsense board.  There's a small honeymoon period after the reboot before it degrades over time to a slower connection.  So in your opinion what should I put in for latency values?  70-500? or 20-500?

Its weird with a standard router it will work fine and I will get 3.5mb and the internet will flow normally.  The other day the wan connection was cycling on and off over and over as it was trying to resolve an address from the ISP radio.

stephenw10

With values like that I would choose, maybe, 500-1000.
It is still somewhat confusing to me what those values are but having read various docs and looked at the source as I understand it the first value will trigger a warning and the second value will mark the interface as down. Only after the value goes back below the first value will the interface be marked as back up. Thus with the default values the WAN interface will appear to go down if ping times go higher than 500ms for 10 seconds (the 'down' time).
Hmm I could have that wrong it's been a while since I read that code.  ::)

Try downloading something on the pfSense box directly to see if it's a problem with the WAN or LAN interface. 0.85Mbps is woefully low!  ???

fetch -o /dev/null test_file_URL

I use the test files at Thinkbroadband for this test but it completely depends where you are as to what you should use.

[2.1.3-RELEASE][root@pfsense.fire.box]/root(1):  fetch -o /dev/null http://download.thinkbroadband.com/10MB.zip
/dev/null                                     100% of   10 MB 2067 kBps

Steve

dolomite792

Strange as I cannot even get that darn thing to download, no matter what I do.  I cannot even download those files onto my own computer from any link that I try from thinkbroadband.com

So I went with another website with a californian server and its definetly slowness through the WAN interface

/dev/null                                      33% of  11 MB  32 kBps

It was averaging 32k to 45k all night and day.

Any other ideas for as to what we could do?  The Motorola Radio that the pfsense router is connected to is using a direct wan auto dhcp connection I suppose to avoid issues with certain customers.  I am just wondering what the heck it could be slowing things down so much, could there be DNS issues somewhere here?

stephenw10

A DNS issue would not slow down a download like that, it might introduce a delay before it started downloading.

My money is still on some problem between your Motorola device and the Alix NIC. Do you have a switch you could put in between them? That would change the link negatiation and flow control. It should show up any issues.

Hard to say otherwise.  :-\ Is there a forum for users of your wireless service?

Steve

dolomite792

I had to hook up my old router to post this as it the pfsense router would absolutely not give me access to the internet.  Check out the log as it could not get an ip address from the ISP radio it kept going up and down up and down.  The speed was pitiful.  The log says something in regards to not being able to bind to dhcp address and to make sure that its not already in use  and I suppose that was in regards to my laptop being on the wifi?  My isp is too small there are no forums for it, I would have to contact the upport people but they would probably tell me to not even bother with the advanced security feature of a pfsense router and to go back to using my old router and be done with it.  This really sucks.

May 18 12:08:02 php: rc.linkup: HOTPLUG: Configuring interface wan
May 18 12:08:03 php: rc.linkup: Shutting down Router Advertisment daemon cleanly
May 18 12:08:03 check_reload_status: Linkup starting vr1
May 18 12:08:03 kernel: vr1: link state changed to UP
May 18 12:08:03 php: rc.linkup: Clearing states to old gateway 10.XX.XX.1.
May 18 12:08:05 check_reload_status: Linkup starting vr1
May 18 12:08:05 kernel: vr1: link state changed to DOWN
May 18 12:08:05 php: rc.linkup: The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf vr1 > /tmp/vr1_output 2> /tmp/vr1_error_output' returned exit code '1', the output was ''
May 18 12:08:06 check_reload_status: updating dyndns wan
May 18 12:08:07 php: rc.newwanip: rc.newwanip: Informational is starting vr1.
May 18 12:08:07 php: rc.newwanip: rc.newwanip: on (IP address: 0.0.0.0) (interface: WAN[wan]) (real interface: vr1).
May 18 12:08:07 php: rc.newwanip: rc.newwanip: Failed to update wan IP, restarting…
May 18 12:08:07 check_reload_status: Configuring interface wan
May 18 12:08:08 kernel: vr1: link state changed to UP
May 18 12:08:08 check_reload_status: Linkup starting vr1
May 18 12:08:09 php: rc.linkup: DEVD Ethernet detached event for wan
May 18 12:08:09 php: rc.interfaces_wan_configure: The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf vr1 > /tmp/vr1_output 2> /tmp/vr1_error_output' returned exit code '15', the output was ''
May 18 12:08:11 php: rc.linkup: DEVD Ethernet attached event for wan
May 18 12:08:11 php: rc.linkup: HOTPLUG: Configuring interface wan
May 18 12:08:14 check_reload_status: Linkup starting vr1
May 18 12:08:14 kernel: vr1: link state changed to DOWN
May 18 12:08:14 php: rc.linkup: DEVD Ethernet detached event for wan
May 18 12:08:14 php: rc.linkup: Shutting down Router Advertisment daemon cleanly
May 18 12:08:16 check_reload_status: updating dyndns wan
May 18 12:08:16 check_reload_status: Linkup starting vr1
May 18 12:08:16 kernel: vr1: link state changed to UP
May 18 12:08:17 check_reload_status: Linkup starting vr1
May 18 12:08:17 kernel: vr1: link state changed to DOWN
May 18 12:08:17 php: rc.interfaces_wan_configure: The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf vr1 > /tmp/vr1_output 2> /tmp/vr1_error_output' returned exit code '1', the output was ''
May 18 12:08:18 php: rc.linkup: DEVD Ethernet attached event for wan
May 18 12:08:18 php: rc.linkup: HOTPLUG: Configuring interface wan
May 18 12:08:18 php: rc.linkup: Shutting down Router Advertisment daemon cleanly
May 18 12:08:19 php: rc.linkup: The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf vr1 > /tmp/vr1_output 2> /tmp/vr1_error_output' returned exit code '1', the output was ''
May 18 12:08:21 php: rc.linkup: DEVD Ethernet detached event for wan
May 18 12:08:21 php: rc.linkup: The command '/sbin/dhclient -c /var/etc/dhclient_wan.conf vr1 > /tmp/vr1_output 2> /tmp/vr1_error_output' returned exit code '15', the output was ''
May 18 12:08:22 check_reload_status: Linkup starting vr1
May 18 12:08:22 kernel: vr1: link state changed to UP
May 18 12:08:23 php: rc.linkup: DEVD Ethernet attached event for wan
May 18 12:08:23 php: rc.linkup: HOTPLUG: Configuring interface wan
May 18 12:08:24 kernel: vr1: link state changed to DOWN
May 18 12:08:24 check_reload_status: Linkup starting vr1
May 18 12:08:25 php: rc.linkup: DEVD Ethernet detached event for wan
May 18 12:08:26 php: rc.linkup: The command '/usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid vr0 ath0_wlan0' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.2.6 Copyright 2004-2014 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ Wrote 14 leases to leases file. Listening on BPF/ath0_wlan0/00:0e:9b:99:db:f4/192.168.0.0/24 Sending on BPF/ath0_wlan0/00:0e:9b:99:db:f4/192.168.0.0/24 Listening on BPF/vr0/00:0d:b9:19:66:94/192.168.1.0/24 Sending on BPF/vr0/00:0d:b9:19:66:94/192.168.1.0/24 Can't bind to dhcp address: Address already in use Please make sure there is no other dhcp server running and that there's no entry for dhcp or bootp in /etc/inetd.conf. Also make sure you are not running HP JetAdmin software, which includes a bootp server. If you did not get this software from ftp.isc.org, please get the latest from ftp.isc.org and install that before
May 18 12:08:27 check_reload_status: updating dyndns wan
May 18 12:08:27 check_reload_status: Linkup starting vr1
May 18 12:08:27 kernel: vr1: link state changed to UP
May 18 12:08:27 check_reload_status: updating dyndns wan
May 18 12:08:28 php: rc.linkup: Shutting down Router Advertisment daemon cleanly
May 18 12:08:28 php: rc.linkup: DEVD Ethernet attached event for wan
May 18 12:08:28 php: rc.linkup: HOTPLUG: Configuring interface wan

stephenw10

It's actually seeing the ethernet link go down. I strongly suggest adding a switch in between the wireless device and the pfSense WAN port.
What exactly is the Motorola equipment it's connected to?

Steve

dolomite792

What kind of switch should I use?  I have this simple one TP-LINK TL-SF1008D, would this suffice?  I'm thinking that you are meaning a managed switch?  I have my ddwrt wrt54gl that I could setup to be a switch.  So I'm looking for link negotiation and flow control.  So now I've been reading some things about negotiation and flow control, I should be able to find evidence of one device receiving too much information and causing a major pause in the traffic?  Even though they are both set to auto negotiate.  I believe this to be the issue as if I watch the main pfsense splash page the wan link will go up and down, up and down constantly trying to negotiate the connection.  Then when it does its slow as molasses.  I suppose if I tell my ISP to set the link speed manually on the radio to a certain speed and I also do the same on the pfsense box that might be interesting to see.  Although I'm kind of doubtful that anything would happen.

*** I just realized that the ethernet errors that you are seeing were probably caused when I unplugged the power to the Motorola unit to reboot it.***  I did that frequently or else it takes forever to negotiate a connection with the pfsense box.

There is a simple ethernet cable connected to the Motorola radio that comes down from the roof to my router.  So it is a direct connection.

Also I did a search on pfsense and link negotiation issues and this topic in these forums came up and do you think this is useful?

https://forum.pfsense.org/index.php?topic=8440.0

stephenw10

Yes you could try fixing the speed/duplex. It's possible the Motorola kit is using a fixed setting that causes auto negotiation to fail but I would expect to loads of errors in that case and the NIC to use its default settings (often 10Mb HD).
Yes put that switch in between the radio and the Alix. That way each device is negotiating with the switch. If you reset the radio pfSense will not see the ethernet link go down which introduces big delays as things reset.

Steve

dolomite792

Ok putting the switch in between the router and the motorola unit worked perfectly.  Thank you I will take this functionality and run with it for now.  Thanks again!

stephenw10

Ah, that's a good result then.  :)
So it could be some rare, but not unheard of, hardware incompatibility between the two NICs in which case there not much else to be done. It could be some negotiation problem that might be fixed by a firmware/driver update. It might be possible to work around it by setting both ends to 100M-FD manually. Something to consider in the future if the connection proves stable perhaps.

Steve

stephenw10

I think you've misunderstood that. His connection to the WISP is wireless, his WAN is a wireless link. The fibre connection exists only on the other end of that link. 100Mbps is probably capable of whatever wireless speeds he has.  ;)

Steve