*RANT* Why pfsense is popular
-
So what is the perceived issue there?
If you want your WAN port to respond to pings you have to enable a firewall rule on WAN passing ICMP source any dest WAN address.
All unsolicited inbound traffic is blocked by default. Even pings.
-
So what is the perceived issue there?
If you want your WAN port to respond to pings you have to enable a firewall rule on WAN passing ICMP source any dest WAN address.
All unsolicited inbound traffic is blocked by default. Even pings.
Ok I had forgotten about that…..
Why do the first couple pings/tracert bottom out and the last few complete as normal????
PING:
PING MYEXTIP (MYEXTIP) 56(84) bytes of data.--- MYEXTIP ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 2999ms23/12/2017 20:06:53 UTC
PING:
PING MYEXTIP (MYEXTIP) 56(84) bytes of data.--- MYEXTIP ping statistics ---
4 packets transmitted, 0 received, 100% packet loss, time 3000ms23/12/2017 20:06:53 UTC
TRACEROUTE:
traceroute to MYEXTIP (MYEXTIP), 15 hops max, 60 byte packets
1 24.105.30.2 (24.105.30.2) 1.277 ms 1.879 ms 1.896 ms
2 * * *
3 137.221.66.2 (137.221.66.2) 1.372 ms 1.432 ms 1.502 ms
4 137.221.68.66 (137.221.68.66) 1.236 ms 1.259 ms 1.288 ms
5 137.221.68.32 (137.221.68.32) 0.955 ms 0.974 ms 0.978 ms
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *23/12/2017 20:06:53 UTC
TRACEROUTE:
traceroute to MYEXTIP (MYEXTIP), 15 hops max, 60 byte packets
1 24.105.30.2 (24.105.30.2) 1.390 ms 1.501 ms 1.520 ms
2 * * *
3 137.221.66.2 (137.221.66.2) 1.234 ms 1.299 ms 1.365 ms
4 137.221.68.66 (137.221.68.66) 1.104 ms 1.200 ms 1.305 ms
5 137.221.68.32 (137.221.68.32) 1.022 ms 1.049 ms 1.058 ms
6 * * *
7 * * *
8 * * *
9 * * *
10 * * *
11 * * *
12 * * *
13 * * *
14 * * *
15 * * *23/12/2017 20:06:53 UTC
TRACEROUTE:
traceroute to MYEXTIP (MYEXTIP), 15 hops max, 60 byte packets
1 Blizzard (Blizzard) 0.535 ms 0.597 ms 0.706 ms
2 * * *
3 137.221.66.8 (137.221.66.8) 2.048 ms 2.163 ms 2.208 ms
4 137.221.69.70 (137.221.69.70) 1.980 ms 2.014 ms 2.036 ms
5 137.221.69.34 (137.221.69.34) 2.021 ms 2.028 ms 2.037 ms
6 * * *
7 * * *
8 * * *
9 192-119-18-202.mci.googlefiber.net (192.119.18.202) 31.584 ms 31.615 ms 31.620 ms
10 192-119-18-186.mci.googlefiber.net (192.119.18.186) 32.917 ms 32.072 ms 32.102 ms
11 ae7.ar02.mci102.googlefiber.net (192.119.17.69) 31.954 ms 31.887 ms 32.099 ms
12 23-255-225-17.mci.googlefiber.net (23.255.225.17) 32.098 ms 32.108 ms 32.009 ms
13 23-255-225-19.mci.googlefiber.net (23.255.225.19) 32.469 ms 32.482 ms 32.513 ms
14 MYEXTIP (MYEXTIP) 33.482 ms 33.679 ms 33.665 ms23/12/2017 20:06:59 UTC
PING:
PING MYEXTIP (MYEXTIP) 56(84) bytes of data.
64 bytes from MYEXTIP: icmp_seq=1 ttl=48 time=33.5 ms
64 bytes from MYEXTIP: icmp_seq=2 ttl=48 time=33.6 ms
64 bytes from MYEXTIP: icmp_seq=3 ttl=48 time=33.5 ms
64 bytes from MYEXTIP: icmp_seq=4 ttl=48 time=33.6 ms--- MYEXTIP ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3001ms
rtt min/avg/max/mdev = 33.537/33.593/33.660/0.049 ms23/12/2017 20:06:59 UTC
TRACEROUTE:
traceroute to MYEXTIP (MYEXTIP), 15 hops max, 60 byte packets
1 Blizzard (Blizzard) 0.746 ms 0.808 ms 0.930 ms
2 * * *
3 137.221.66.8 (137.221.66.8) 2.060 ms 2.141 ms 2.220 ms
4 137.221.69.70 (137.221.69.70) 1.963 ms 1.989 ms 2.014 ms
5 137.221.69.34 (137.221.69.34) 1.690 ms 2.297 ms 2.310 ms
6 * * *
7 * * *
8 * * *
9 192-119-18-202.mci.googlefiber.net (192.119.18.202) 31.505 ms 31.493 ms 31.482 ms
10 192-119-18-186.mci.googlefiber.net (192.119.18.186) 32.280 ms 31.942 ms 31.965 ms
11 ae7.ar02.mci102.googlefiber.net (192.119.17.69) 31.920 ms 31.906 ms 31.952 ms
12 23-255-225-17.mci.googlefiber.net (23.255.225.17) 31.980 ms 31.952 ms 32.224 ms
13 23-255-225-19.mci.googlefiber.net (23.255.225.19) 32.474 ms 32.494 ms 32.464 ms
14 MYEXTIP (MYEXTIP) 33.655 ms 33.520 ms 33.520 ms23/12/2017 20:07:01 UTC
PING:
PING MYEXTIP (MYEXTIP) 56(84) bytes of data.
64 bytes from MYEXTIP: icmp_seq=1 ttl=48 time=33.5 ms
64 bytes from MYEXTIP: icmp_seq=2 ttl=48 time=33.6 ms
64 bytes from MYEXTIP: icmp_seq=3 ttl=48 time=33.5 ms
64 bytes from MYEXTIP: icmp_seq=4 ttl=48 time=33.7 ms--- MYEXTIP ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2998ms
rtt min/avg/max/mdev = 33.519/33.611/33.713/0.081 ms23/12/2017 20:07:03 UTC
MTR:
Start: Sat Dec 23 20:06:53 2017
HOST: Blizzard Loss% Snt Last Avg Best Wrst StDev
1.|-- 24.105.30.2 0.0% 10 10.1 1.8 0.4 10.1 3.0
2.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
3.|-- 137.221.66.2 0.0% 10 1.2 1.3 1.1 1.4 0.0
4.|-- 137.221.68.66 0.0% 10 1.4 1.3 1.2 1.4 0.0
5.|-- 137.221.68.32 0.0% 10 1.0 4.9 0.9 29.9 9.4
6.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.023/12/2017 20:06:53 UTC
MTR:
Start: Sat Dec 23 20:06:53 2017
HOST: Blizzard Loss% Snt Last Avg Best Wrst StDev
1.|-- 24.105.30.2 0.0% 10 0.8 0.8 0.5 1.8 0.0
2.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
3.|-- 137.221.66.2 0.0% 10 1.1 1.3 1.1 1.4 0.0
4.|-- 137.221.68.66 0.0% 10 1.4 1.6 1.2 4.1 0.7
5.|-- 137.221.68.32 0.0% 10 1.0 1.4 0.9 5.4 1.3
6.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.023/12/2017 20:06:53 UTC
MTR:
Start: Sat Dec 23 20:06:59 2017
HOST: Blizzard Loss% Snt Last Avg Best Wrst StDev
1.|-- Blizzard 0.0% 10 0.5 0.6 0.4 0.8 0.0
2.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
3.|-- 137.221.66.8 0.0% 10 2.0 2.0 1.9 2.2 0.0
4.|-- 137.221.69.70 0.0% 10 2.0 1.9 1.9 2.1 0.0
5.|-- 137.221.69.34 0.0% 10 1.7 2.9 1.7 12.8 3.4
6.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
7.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
8.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
9.|-- 192-119-18-202.mci.googlefiber.net 0.0% 10 31.6 31.6 31.5 31.7 0.0
10.|-- 192-119-18-186.mci.googlefiber.net 0.0% 10 32.1 32.1 31.9 32.7 0.0
11.|-- ae7.ar02.mci102.googlefiber.net 0.0% 10 32.0 32.0 31.9 32.3 0.0
12.|-- 23-255-225-17.mci.googlefiber.net 0.0% 10 32.0 32.1 32.0 32.2 0.0
13.|-- 23-255-225-19.mci.googlefiber.net 0.0% 10 32.4 32.5 32.4 32.5 0.0
14.|-- MYEXTIP 0.0% 10 33.7 33.6 33.0 33.8 0.023/12/2017 20:06:58 UTC
MTR:
Start: Sat Dec 23 20:07:00 2017
HOST: Blizzard Loss% Snt Last Avg Best Wrst StDev
1.|-- Blizzard 0.0% 10 0.5 0.6 0.4 0.7 0.0
2.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
3.|-- 137.221.66.8 0.0% 10 2.1 2.1 2.0 2.2 0.0
4.|-- 137.221.69.70 0.0% 10 2.0 2.0 1.9 2.2 0.0
5.|-- 137.221.69.34 0.0% 10 1.9 1.8 1.7 2.0 0.0
6.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
7.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
8.|-- ??? 100.0 10 0.0 0.0 0.0 0.0 0.0
9.|-- 192-119-18-202.mci.googlefiber.net 0.0% 10 31.6 31.6 31.5 31.6 0.0
10.|-- 192-119-18-186.mci.googlefiber.net 0.0% 10 32.0 32.1 32.0 32.3 0.0
11.|-- ae7.ar02.mci102.googlefiber.net 0.0% 10 32.0 32.0 32.0 32.1 0.0
12.|-- 23-255-225-17.mci.googlefiber.net 0.0% 10 32.1 32.1 32.0 32.7 0.0
13.|-- 23-255-225-19.mci.googlefiber.net 0.0% 10 32.5 32.5 32.4 32.5 0.0
14.|-- MYEXTIP 0.0% 10 33.8 33.6 33.5 33.8 0.023/12/2017 20:07:00 UTC
-
Because not every device will respond to traceroute.
Probably more than you want to know about traceroute: https://en.wikipedia.org/wiki/Traceroute
(I still don't see any issues there.)
-
If you want pfsense to show up on a udp traceroute then you have to reject the UDP ports used…. But with Derelict here.. Sure doesn't look like any sort of problem.. 30 something ms looks way lower than that 300-1500 you were stating..
Where are you seeing these numbers... Post a screenshot of these numbers so user here that run wow can help you... I would be more than happy to fire up a trial to just test the latency numbers, etc.
If I knew exactly how your seeing these numbers so I could try and duplicate them so we have apples to apples.. While not on google fiber.. I wish I am using pfsense and have been for really since it came out.. There is nothing that would cause such latency to be added.. Pfsense can not tell packet from your game from packet to websites, or a video packet or a voip packet - they are all just packets that is allows or doesn't allow, etc. It sure doesn't say you know what - let me hold these for 300ms to piss of the game player..
Do a simple sniff on lan and wan at same time via tcpdump - check delay pfsense adds to the packets.. its going to be in the micro seconds..
Here did a simple ping to 8.8.8.8 from lan and sniff on lan and wan at same time.. You can see when my ping hit pfsense lan at 46.907733 and when it left wan at 46.907822 or 89 micro seconds later.. And then you see the answer come back to my host.. .923618 or 15.885 ms later which my ping shows that first ping was 16ms..
The return packet latency was only 0.000035 from the time it hit pfsense wan, to when it was sent out lan to client.. that is 35 micro seconds…
So let us see this sort of sniff with your game traffic going through pfsense and how much latency pfsense ads to this traffic..
-
I to was curious about forwarding latency. This is with NAT and HFSC+Codel
timeout 5 tcpdump -i igb0 -n host 23.255.225.19
timeout 5 tcpdump -i igb1 -n host 23.255.225.19igb1 12:13:22.078057 IP 192.168.1.2 > 23.255.225.19: ICMP echo request, id 33991, seq 1175, length 40
igb0 12:13:22.078071 IP 192.168.101.2 > 23.255.225.19: ICMP echo request, id 25512, seq 1175, length 40 <– 14usigb0 12:13:22.121213 IP 23.255.225.19 > 192.168.101.2: ICMP echo reply, id 25512, seq 1175, length 40
igb1 12:13:22.121226 IP 23.255.225.19 > 192.168.1.2: ICMP echo reply, id 33991, seq 1175, length 40 <-- 13usWhen pinging the LAN interface
HFSC enabled with shaping to 150Mb, my standard
12:38:49.415947 IP 192.168.1.2 > 192.168.1.1: ICMP echo request, id 27900, seq 18212, length 40
12:38:49.415956 IP 192.168.1.1 > 192.168.1.2: ICMP echo reply, id 27900, seq 18212, length 40 <-- 9us
12:38:49.415963 IP 192.168.1.2 > 192.168.1.1: ICMP echo request, id 27900, seq 18213, length 40
12:38:49.415972 IP 192.168.1.1 > 192.168.1.2: ICMP echo reply, id 27900, seq 18213, length 40 <-- 9us
12:38:49.416269 IP 192.168.1.2 > 192.168.1.1: ICMP echo request, id 27900, seq 18214, length 40
12:38:49.416280 IP 192.168.1.1 > 192.168.1.2: ICMP echo reply, id 27900, seq 18214, length 40 <-- 11us
12:38:49.416311 IP 192.168.1.2 > 192.168.1.1: ICMP echo request, id 27900, seq 18215, length 40
12:38:49.416320 IP 192.168.1.1 > 192.168.1.2: ICMP echo reply, id 27900, seq 18215, length 40 <-- 9us
12:38:49.416322 IP 192.168.1.2 > 192.168.1.1: ICMP echo request, id 27900, seq 18216, length 40
12:38:49.416332 IP 192.168.1.1 > 192.168.1.2: ICMP echo reply, id 27900, seq 18216, length 40 <-- 10us
12:38:49.416334 IP 192.168.1.2 > 192.168.1.1: ICMP echo request, id 27900, seq 18217, length 40
12:38:49.416343 IP 192.168.1.1 > 192.168.1.2: ICMP echo reply, id 27900, seq 18217, length 40 <-- 9us
12:38:49.416368 IP 192.168.1.2 > 192.168.1.1: ICMP echo request, id 27900, seq 18218, length 40No shaping enabled on LAN
12:46:40.253820 IP 192.168.1.2 > 192.168.1.1: ICMP echo request, id 27897, seq 34858, length 40
12:46:40.253827 IP 192.168.1.1 > 192.168.1.2: ICMP echo reply, id 27897, seq 34858, length 40 <-- 7us
12:46:40.253844 IP 192.168.1.2 > 192.168.1.1: ICMP echo request, id 27897, seq 34859, length 40
12:46:40.253851 IP 192.168.1.1 > 192.168.1.2: ICMP echo reply, id 27897, seq 34859, length 40 <-- 7us
12:46:40.253852 IP 192.168.1.2 > 192.168.1.1: ICMP echo request, id 27897, seq 34860, length 40
12:46:40.253859 IP 192.168.1.1 > 192.168.1.2: ICMP echo reply, id 27897, seq 34860, length 40 <-- 7us
12:46:40.254158 IP 192.168.1.2 > 192.168.1.1: ICMP echo request, id 27897, seq 34861, length 40
12:46:40.254165 IP 192.168.1.1 > 192.168.1.2: ICMP echo reply, id 27897, seq 34861, length 40 <-- 7us
12:46:40.254170 IP 192.168.1.2 > 192.168.1.1: ICMP echo request, id 27897, seq 34862, length 40
12:46:40.254177 IP 192.168.1.1 > 192.168.1.2: ICMP echo reply, id 27897, seq 34862, length 40 <-- 7us
12:46:40.254182 IP 192.168.1.2 > 192.168.1.1: ICMP echo request, id 27897, seq 34863, length 40
12:46:40.254189 IP 192.168.1.1 > 192.168.1.2: ICMP echo reply, id 27897, seq 34863, length 40 <-- 7usI should mention that my HP-1810-24G claims 2.3us forwarding latency, so this is within the range of my switch.
P.S. Before you criticize my version number: Uptime 220 Days 16 Hours 11 Minutes 52 Seconds
-
PEBCAK?
-
Just waiting to see OP show us these 300+ms delay Pfsense is adding to the packets as it sends them on..
-
If you want pfsense to show up on a udp traceroute then you have to reject the UDP ports used…. But with Derelict here.. Sure doesn't look like any sort of problem.. 30 something ms looks way lower than that 300-1500 you were stating..
Where are you seeing these numbers... Post a screenshot of these numbers so user here that run wow can help you... I would be more than happy to fire up a trial to just test the latency numbers, etc.
If I knew exactly how your seeing these numbers so I could try and duplicate them so we have apples to apples.. While not on google fiber.. I wish I am using pfsense and have been for really since it came out.. There is nothing that would cause such latency to be added.. Pfsense can not tell packet from your game from packet to websites, or a video packet or a voip packet - they are all just packets that is allows or doesn't allow, etc. It sure doesn't say you know what - let me hold these for 300ms to piss of the game player..
Do a simple sniff on lan and wan at same time via tcpdump - check delay pfsense adds to the packets.. its going to be in the micro seconds..
Here did a simple ping to 8.8.8.8 from lan and sniff on lan and wan at same time.. You can see when my ping hit pfsense lan at 46.907733 and when it left wan at 46.907822 or 89 micro seconds later.. And then you see the answer come back to my host.. .923618 or 15.885 ms later which my ping shows that first ping was 16ms..
The return packet latency was only 0.000035 from the time it hit pfsense wan, to when it was sent out lan to client.. that is 35 micro seconds…
So let us see this sort of sniff with your game traffic going through pfsense and how much latency pfsense ads to this traffic..
And this might be an issue with Gfiber that you might not see, but the Latency I see is in World Of Warcraft….. https://us.battle.net/account/download/ I know you can play for free up to like level 20 but there is an in game latency tracker (ie network status) and for the record currently I'm sitting at 78 ms and I am good with that, but It may change over night for no particular reason.
-
Pinging 8.8.8.8 with 32 bytes of data:
Reply from 8.8.8.8: bytes=32 time=13ms TTL=55
Reply from 8.8.8.8: bytes=32 time=13ms TTL=55
Reply from 8.8.8.8: bytes=32 time=12ms TTL=55
Reply from 8.8.8.8: bytes=32 time=13ms TTL=55Ping statistics for 8.8.8.8:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 12ms, Maximum = 13ms, Average = 12ms[2.4.2-RELEASE][root@AMDRouter.localdomain]/root: tcpdump -i igb1 -n host 8.8.8.8
16:22:38.256111 IP 192.168.1.121 > 8.8.8.8: ICMP echo request, id 1, seq 655, length 40
16:22:38.268953 IP 8.8.8.8 > 192.168.1.121: ICMP echo reply, id 1, seq 655, length 40
16:22:39.257887 IP 192.168.1.121 > 8.8.8.8: ICMP echo request, id 1, seq 656, length 40
16:22:39.270690 IP 8.8.8.8 > 192.168.1.121: ICMP echo reply, id 1, seq 656, length 40
16:22:40.259797 IP 192.168.1.121 > 8.8.8.8: ICMP echo request, id 1, seq 657, length 40
16:22:40.272697 IP 8.8.8.8 > 192.168.1.121: ICMP echo reply, id 1, seq 657, length 40
16:22:41.261709 IP 192.168.1.121 > 8.8.8.8: ICMP echo request, id 1, seq 658, length 40
16:22:41.274687 IP 8.8.8.8 > 192.168.1.121: ICMP echo reply, id 1, seq 658, length 40[2.4.2-RELEASE][root@AMDRouter.localdomain]/root: tcpdump -i igb0.2 -n host 8.8.8.8
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on igb0.2, link-type EN10MB (Ethernet), capture size 262144 bytes
16:25:37.069105 IP 136.56.55.36 > 8.8.8.8: ICMP echo request, id 54453, seq 668, length 64
16:25:37.069432 IP 136.56.55.36 > 8.8.8.8: ICMP echo request, id 15638, seq 600, length 64
16:25:37.081751 IP 8.8.8.8 > 136.56.55.36: ICMP echo reply, id 54453, seq 668, length 64
16:25:37.081807 IP 8.8.8.8 > 136.56.55.36: ICMP echo reply, id 15638, seq 600, length 64
16:25:38.070788 IP 136.56.55.36 > 8.8.8.8: ICMP echo request, id 54453, seq 669, length 64
16:25:38.070805 IP 136.56.55.36 > 8.8.8.8: ICMP echo request, id 15638, seq 601, length 64
16:25:38.083629 IP 8.8.8.8 > 136.56.55.36: ICMP echo reply, id 54453, seq 669, length 64
16:25:38.083710 IP 8.8.8.8 > 136.56.55.36: ICMP echo reply, id 15638, seq 601, length 64
16:25:39.079806 IP 136.56.55.36 > 8.8.8.8: ICMP echo request, id 15638, seq 602, length 64
16:25:39.087694 IP 136.56.55.36 > 8.8.8.8: ICMP echo request, id 54453, seq 670, length 64
16:25:39.092626 IP 8.8.8.8 > 136.56.55.36: ICMP echo reply, id 15638, seq 602, length 64
16:25:39.100392 IP 8.8.8.8 > 136.56.55.36: ICMP echo reply, id 54453, seq 670, length 64
16:25:40.094898 IP 136.56.55.36 > 8.8.8.8: ICMP echo request, id 15638, seq 603, length 64
16:25:40.103248 IP 136.56.55.36 > 8.8.8.8: ICMP echo request, id 54453, seq 671, length 64
16:25:40.107628 IP 8.8.8.8 > 136.56.55.36: ICMP echo reply, id 15638, seq 603, length 64
16:25:40.116073 IP 8.8.8.8 > 136.56.55.36: ICMP echo reply, id 54453, seq 671, length 64 -
And?
-
Now I did some more lloking and some people are putting an Ubiquiti Edge router off the fiber jack then using a switch behind that and here is a bit of code you have to update the POE version with to work with GFiber.
https://github.com/stevejenkins/UBNT-EdgeRouter-Example-Configs/blob/master/Google-Fiber/config.boot.poe
I did look through the code and while I can read it and it is logical in that it has rules being set up for the various ports, not sure I would be able to translate it into pfsense.
-
And?
And there in lies the the issue, I know all the network traffic looks normal, I get it. And currently in games and my latency is sitting at 78 ms which is right where is should be. This is the maddening part. Hence why this started out as a RANT, I needed to scream into the ether and figure why this was happening.
-
https://flyovercountry.org/2014/02/google-fiber-gigabit-speeds-your-router-part-1-vlans/
Looks like those guys have done most of your research for you.
pfSense can NOT set DSCP bits. It can only match on them. You will likely need to do that in a switch between your fiber and the WAN interface as outlined in that blog.
Your RANT against pfSense is misplaced.
ETA:
You might be able to get closer tagging VLAN 2 with VLAN Priority 3 set. https://forum.pfsense.org/index.php?topic=71806.msg619859#msg619859
-
https://flyovercountry.org/2014/02/google-fiber-gigabit-speeds-your-router-part-1-vlans/
Looks like those guys have done most of your research for you.
pfSense can NOT set DSCP bits. It can only match on them. You will likely need to do that in a switch between your fiber and the WAN interface as outlined in that blog.
Your RANT against pfSense is misplaced.
ETA:
You might be able to get closer tagging VLAN 2 with VLAN Priority 3 set. https://forum.pfsense.org/index.php?topic=71806.msg619859#msg619859
Which btw is exactly how I have it set up. I might be a pfsense newb, just not networking technology hardware know just a little bit what i'm talking about newb. Which is why I had explained before that my speed test were normal, sinse with out the VLAN 2 and the VLAN 802.1p bit set to 3, i would get exactly ZILCH.
RANT still firmly in place.
-
Must be you. And your RANT would be better directed at google fiber - you know, the entity you are actually PAYING - for demanding you use their device with zero documentation regarding using others.
Merry Christmas.
-
So are you saying you don't have the switch in front of pfsense like the article Derelict linked to setting the dscp?
-
Merry Christmas!
First, some of this is over my head… but...
Please don't forget - did OP ever provide the sniff of where pfSense injects the additional 300ms packets as requested by Johnpoz (post #27)? Why not?
Derelict IMHO is correct, you need to direct your RANT elsewhere and away form pfSense. You won't as you think it's a pfSense issue. It's not. What about the "other firewall/router x64 solutions", did you RANT at them like you have at pfSense? So far you've indicated the issues are with GFiber and/or the switch you currently have in place.
OP - I think it could have greatly help everyone trying to help you if you indicated your setting of DSCP bits in your original post rather than waiting until post #34. Why now vs the very beginning?
If you want to rant/bitch/complain/whatever, great, but do it with all facts presented vs presenting half facts (waiting until #34 to state DSCP setting).
If you want to flame me - do it, I don't care and won't care for the following reasons:
1. Until you honor Johnpoz's request for info requested in post 27 request. If you ever do.
2. You are now a moving target. The people trying to help you make request, maybe you provide info, maybe not. The when VERY convenient to you, you inform everyone this is how I have it set up - post #34. Where was that detail prior?
3. Did you get on ALL the other boards for the "other firewall/router x64 solutions" (post #1) indicating your RANT with them for the same reasons you gave about pfSense? Again, where was that ever mentioned?
4. Most of my questions are rhetorical as if you truly wanted to help yourself you would have provided info to get to a resolution rather than wait to cherry pick responses or provide (additional) info.
5. Accept the blame yourself as it falls squarely on your shoulders.Personally, I can't take you seriously until ALL the information requested of you IS provided by you. Now just to be sure, don't forget to add the part about - no need now as you have resolved the problem OR how you believe pfSense just doesn't measure up blah blah blah, as now it's convenient time to do so.
-
He seem to attempt to show the latency of pfsense pinging 8.8.8.8 but he did not run the sniffs at the same time, and it seems he has something else pinging 8.8.8.8 as well… But his sniffs the time nor the seq numbers clearly show they were not sniffed at the same time... So from those its not even possible to calc what latency is being added by pfsense for the routing and natting and evaluation of the firewall rules.
-
Must be you. And your RANT would be better directed at google fiber - you know, the entity you are actually PAYING - for demanding you use their device with zero documentation regarding using others.
Merry Christmas.
Never ever did I say I might not be them, I just hadn't gotten to calling local cable company and signing up for a month and remove that possible variable.
Merry Christmas
-
So are you saying you don't have the switch in front of pfsense like the article Derelict linked to setting the dscp?
No i do not have the managed switch sitting in front of the router like the articale from flyovercountry, I have the setup like the KingViper has in the pfsense forum post ( https://forum.pfsense.org/index.php?topic=71806.msg619859#msg619859 ) .
