"Member Down" problem
-
Could be.
But I didn't necessarily see it that way.
I think traffic shaping on the ISP side done badly is just as bad.
BTW - I have same problem as yours with one of these running in texas on Time Warner Cable.
No shaping on pfsense. Definitely the ISP. Just crap latency. Terrible network.
Thats the one that I gave up on, turned of gateway monitor and things were then much improved.Yeah but I wouldn't want to disable gateway monitoring altogether as failover won't work if you do that. Increasing the thresholds should fix this problem, no brainer.
-
Sounds good - Then they can mark all the apinger threads as "solved" (-;
-
Sounds good - Then they can mark all the apinger threads as "solved" (-;
What do you mean all apinger threads solved? Why would they do that?
-
@cmb, what value should I set for the packet loss threshold? Would 20/30 be a good try?
-
The packet loss threshold really depends on the typical link performance. For example, I have some links where if the link is being used heavily, a lot of the monitor pings get lost for whatever reason, but actually the link is passing traffic at full speed. (I probably should put some traffic shaping on that and give the ICMP some high priority and see if I can improve that behaviour…). So for those I even put 40%/50% so that the link is only declared down if it really gets bad.
For links in less remote places than me, but with this kind of symptoms when saturated with traffic, I guess that 20%/30% will be OK.
You really need to run a few downloads in parallel on clients and observe "normal" numbers, then set higher. -
Gotcha, thanks!
-
I think my gateways don't like being pinged all the time. You would think my gateway would allow as much traffic as I feel like sending of any type I chose up to my bandwidth limit, but I have seen on two seperate boxes now where if I'm pinging the gateway every second, my pings eventually get blocked and the gateway reads as down all the time.
I've seen it separately on one IPV4 and one IPV6 gateway on two totally separate boxes. I know this has nothing at all to do with pfsense and is just a case of the ISP being stupid, but in both cases pinging only every 10 seconds seems to result in me not getting blocked or having my pings dropped.
Separately, I also raised the thresholds as you described.
I have one IP I tried for gateway monitoring that drops allows 2 pings, drops the third, allows two more, drops the third… Consistently.
I'm not using that for gateway monitor, of course, but it took me a while to discover it and the behavior seems nonsense to me because, after all, why should pings from a legitimate source get thrown into bit heaven for no apparent reason?All this silliness from those ISPs effects pfsense stability, but its not pfsense fault.
-
Interesting. But in my case, the monitor IP's I'm using are DNS servers, opendns' and google's so I don't think pinging them every second would do the same behavior you're seeing, right?
-
Not sure - Its been plenty of time since my post and slowing down my pings seems to have made a lot of difference on my gateways at least.
-
@cmb:
Down == above the defined thresholds you have on the gateway for what should be considered down.
Chris if you get a chance, I started a new thread related to this but not sure you saw it. Hoping for a little color on those apinger settings :)