Lan out speed double Wan in speed per Traffic Graph
-
Running 2.1.3-64. Any idea why Lan out speed is double Wan in speed per the Traffic Graph? Nothing over 200m on 1G adapters but Wan>Lan throughput is reduced. Oddly the switch port on the other end of the router LAN segment doesn't report this doubling. But I suspect it has something to do with the slowdown in router throughput. Normally get 100mbps, only getting 40's. If I bypass router directly to modem I get 100mbps.
Any ideas appreciated…
-
That is odd that it doesn't appear on switch port. When you say LAN out speed, we're talking about lan-out-pass traffic, right? Because lan-out-block traffic might well not show up on the connected switch. If so, could it be errors maybe? I'd look at Menu; Status; Interfaces first, check that the duplexity is correct and that errors and collisions aren't incrementing and then try a reboot of the router and switch to see if the issue clears up.
(Also, the graph I visualized in my head didn't have correspoding lan-in-pass traffic. If it does, what you describe is normal as you're simply seeing the router doing it's job as a gateway of mulitple internal subnets.)
-
It's definitely Lan out. Interface reports both Lan1 out packets and Lan1 out packets (pass) are equal currently at 21330918 packets. Out packets (block) is currently 104 bytes. No errors and no collisions. I'm stumped on this one. All I can think of trying is restoring the base packages leaving out any extras like OpenVpn, Unbound and Cron. Just use the forwarder and see if I get full speed through. If this doesn't work I'll try going to a backup config, either followed by reboot of course. I'm just trying to narrow down where to focus at this point. Nothing making sense yet.
-
So, I'm thinking in terms of eliminating the obvious, then we'll be left with actual…
Fact: Rebooting the router and switch did not correct the problem, and the duplexity matches at both ends, and neither the router or switch are not incrementing error counts.
Hypothesis: The problem isn't transient and doesn't appear to be hardware failure. (It still could be of course, but in my experience ethernet hardware issues generally cause errors on the interfaces.)Fact: The router has two interfaces (LAN and WAN) of which the combined *-in-pass traffic equals less than half the output on the LAN interface (according to the graphs).
Hypothesis: The router is generating lan-out-pass traffic. (or the router graphs are pooched.) (BTW, this should also lead to an unbalanced throughput graph at Menu; Status; RRD Graphs; System; Graphs: Throughput. You should see out-pass as about twice the height of in-pass. If that isn't the case, that's a significant clue. Could you check that?)Fact: The LAN switch traffic stats do not match the lan-out-pass router graphs.
Hypothesis: The generated traffic is not recognized by the switch as "traffic" OR is not on the wire, i.e. never leaves the router interface. (or the router graphs are pooched.)It's quite unusual that the switch isn't seeing the traffic. That very much leads me to suspect that the traffic exists only in the router and isn't making it to the wire. So, the next step I would take would be to confirm that the traffic is actually on wire and if so, what the traffic is composed of. You could try some of the inspection utilities like pfTop, trafshow, iftop, ntop and so on, but from your description you'll probably have to go straight to Packet Capture/tcpdump.
-
Duplex matched both ends of Lan segment. No incrementing errors on either end. Zero data showing in RRD graphs:throughput. Just learned it isn't working. Processor and other graphs are working fine. I'll save a TCP dump and inspect with Wireshark to see if anything is apparent. Short on time, I'll get back on here this evening to look deeper.
-
Zero data showing in RRD graphs:throughput. Just learned it isn't working.
Hmm. It actually sounds like the graphs might be the culprit. Before doing packet analysis, I would try resetting the graph data to see if that clears up the issue. Menu; Status; RRD Graphs; Settings; Reset RRD Data (Note this erases the historical data.)
-
Reset graphs, no change. So took more drastic measures. Restored from full backup ver 2.1.3 to 2.1.2. Still no improvement in throughput but RDD throughput graphs work now. Equal Pass in/out. Virtually no block in or out. Not sure which adapter(s) the RDD graph represents. Still showing Lan1 out 2x throughput to Wan1 in.
Starting to look more like hardware. Throughput problems began on 5/15/14 and I'm fully restored well before this date. Not sure what to look for with Wireshark in this case.
-
More and more interesting. The fact that the throughput graph is balanced indicates that the traffic is probably not being generated by the router. Here are some simple steps to take to isolate the mystery traffic. (You might need a console for these.)
From the console, run "systat -ifstat" (This should match with your WAN/LAN Traffic Graphs BTW. If not, another important discrepancy.)
1. Unplug the WAN interface from the router. Does the mystery traffic persist, or stop?
If it stops, the mystery traffic is definitely related to WAN traffic despite what the graphs appear to indicate. I would try step 3 below with the WAN plugged in to see if a client is also involved.2. If it continues, then leaving the WAN unplugged, unplug the router LAN interface. Does the mystery traffic persist, or stop?
If it continued even with the LAN interface unplugged, try running tcpdump from the console to see what it shows.3. If it stops, plug the router LAN interface back in and unplug everything else from the LAN switch except the router. This keeps keeps the interface up, but traffic should be zero. Does the mystery traffic persist, or stop?
Again, if it persists, try running tcpdump from the console to see what it shows. There should be virtually no traffic as only the only devices involved are the router and the switch.
If it stops, try plugging in the other connections one by one to see which device is "triggering" the mystery traffic. -
I would have this down as a glitch in the LAN graph and not much else. It's happened before and was fixed but I can't find anything on redmine now. Doesn't explain the actual reduced throughput though.
https://forum.pfsense.org/index.php?topic=77744.0
https://forum.pfsense.org/index.php?topic=75607.msg412605#msg412605Steve
-
I would have this down as a glitch in the LAN graph and not much else. It's happened before and was fixed but I can't find anything on redmine now. Doesn't explain the actual reduced throughput though.
https://forum.pfsense.org/index.php?topic=77744.0
https://forum.pfsense.org/index.php?topic=75607.msg412605#msg412605Steve
Like what he said, I current have the issue of the Traffic Graph many times being incorrect. The shape of the graph is correct, but many times is 2x or 1/2 the correct value, even though it shows the correct value right next to the graph. So some times it shows 20mb when it's really 10mb, and other times it shows 5mb when it's really 10mb. For me at least, it's not consistent. RRD seems to be correct.
-
Despite warnings not to use RealTek adapters with PfSense I had one vacant on the MB. So I switched LAN1 from EM0 to RL0 and the 2x graph problem went away. What does that say about Intel adapters? Not sure we solved this but a work-around is in place. The Intel is the 2-port commercial model and the other port does not exhibit bad behavior. Perhaps they share few components between ports on the adapter board.
-
It's almost certainly nothing to do with the NIC hardware or driver. For instance if you had started out using the Realtek NIC and switched to the Intel I imagine the problem would also have gone away. It will be some bug in the code that sends the data to rrdtool.
Steve
-
Boy did I miss the adapter names, IGB1 and RE0. I switched back to Intel IGB1 and the 2x problem resumes. Sure it's not the NIC hardware or driver?
-
Nope, not sure. ;)
There are many people using Intel NICs without issue though. Try something basic. Go tot eh Status: Interfaces: page and note the values for in/out packets(data) for WAN and LAN. Pass some LAN-WAN traffic. Now check the values again, they should have incremented by the same amount.Steve
-
I know this is an old topic but were you able to fix this?
I'm noticing the same behavior on my box (2.1.5 i386) today… WAN is correct, LAN is double.
running systat -ifstat, I see the LAN traffic is double also.. All Intel NICs
Checked vnstat and same deal... looks like its been like this for a while and I've just haven't noticed. Normally I only look at the WAN interface. RRD graphs look correct tho
-
Isn't this a bug in FreeBSD?
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=182828
-
Interesting… Would this apply to em# interfaces also? If its a bug with FreeBSD then I guess I'll have to wait until I move to 2.2.
-
Found the pfSense bug reports. They are for VLANs but I believe the issue is related
https://redmine.pfsense.org/issues/3314
https://redmine.pfsense.org/issues/3264 -
Hi Folks,
FYI bug is back and reported as https://redmine.pfsense.org/issues/10812
Cheers
