Pfsense overload when downloading big files

stephenw10

Well you could run it against Unbound if you're seeing DNS errors but you shouldn't need to.
Check the resolver log to see if Unbound us actually stopping.

The 'Watchdog timeout' error I was referring to is commonly thrown by the re driver if/when the Realtek NIC stops responding. It would be shown in the system log or at the console.

Steve

samyboyz

@stephenw10 i set it up in unbound..but wondering, if NIC is stopping to work, would i not lose VPN connectivity or Teamviewer connection to pc behind pfsense?

chpalmer

@stephenw10 said in Pfsense overload when downloading big files:

F for BufferBloat

Ive never seen better than a D on bufferbloat on a cable connection.. My Verizon powered Cradlepoint gets better grades and generally sucks for general browsing from a hill top site 300 feet from the Verizon tower.. I do not put allot of worry on DSLR bufferboat numbers.. unless other things are suffering.

Have you figured out if your modem is a Puma powered model?

Gertjan

@chpalmer said in Pfsense overload when downloading big files:

I do not put allot of worry on DSLR bufferboat numbers.. unless other things are suffering.

This big thread "Playing with fq_codel in 2.4" in the traffic shaper forum deals with bad scores.
It's not a question of seeing A's or B's or F' on a screen : its an overall more fluid connection that you can actually 'feel' by a daily usage. I applied the suggestions on all my ADSL type WAN connections and it is really worth it.

@samyboyz :
You're using a cable connection.
If it's possible : hook up your network / pfSense to another type of WAN network and see if the issue is gone. If it is, you'll know in what direction to look.

Do you have 'dpinger' messages in the main system log ?
Btw : hardware : with that kind of speeds, the type or brand of a NIC is less an issue.

samyboyz

@chpalmer said in Pfsense overload when downloading big files:

@stephenw10 said in Pfsense overload when downloading big files:

F for BufferBloat

Ive never seen better than a D on bufferbloat on a cable connection.. My Verizon powered Cradlepoint gets better grades and generally sucks for general browsing from a hill top site 300 feet from the Verizon tower.. I do not put allot of worry on DSLR bufferboat numbers.. unless other things are suffering.

Have you figured out if your modem is a Puma powered model?

It's Motorola SURFboard SB6120, i don't see it on the list of badmodems..

samyboyz

@Gertjan said in Pfsense overload when downloading big files:

@chpalmer said in Pfsense overload when downloading big files:

I do not put allot of worry on DSLR bufferboat numbers.. unless other things are suffering.

This big thread "Playing with fq_codel in 2.4" in the traffic shaper forum deals with bad scores.
It's not a question of seeing A's or B's or F' on a screen : its an overall more fluid connection that you can actually 'feel' by a daily usage. I applied the suggestions on all my ADSL type WAN connections and it is really worth it.

@samyboyz :
You're using a cable connection.
If it's possible : hook up your network / pfSense to another type of WAN network and see if the issue is gone. If it is, you'll know in what direction to look.

Do you have 'dpinger' messages in the main system log ?
Btw : hardware : with that kind of speeds, the type or brand of a NIC is less an issue.

Unfortunately i don't have access to another WAN other than my mobile phone..i noticed the issue started like about a year ago after an update that was deemed buggy, i've done a fresh install and updated after that but haven't been able to shake the issue.

Is it time to swap hardware to more recent? What do you guys recommend in small form factor preferably..

Thanks!
Samy

stephenw10

@stephenw10 said in Pfsense overload when downloading big files:

What connectivity do you lose? Can you still hit the webgui from the LAN? Can you ping the LAN IP?
Is the console still responsive?
When you do reboot do you see a crash report? Anything in the system logs from when it happened?

These questions still^.

If it still responds anywhere to anything then try to determine what has actually failed.

Steve

samyboyz

@stephenw10 I can connect to pfsense after DNS stops responding, most of the time i have to hit sign-in twice, i get the red page when i do that (like it forces the login or something). I have to reboot, most of the time rebooting once does not help, i have to reboot a few times, sometimes shut down the computer manually and reboot until internet kicks in.

As per the logs, i do not understand them all that well, not sure if i can post them here and you would be kind enough to have a look?

It's like i don't lose LAN connectivity, I can even connect via IPSEC vpn to other site but i can no longer surf, like DNS drops..i can even use my OOMa IP phone.

Issue happens almost all the time i do a feature update on a computer or download 1GB+ files, not so much if i stream ..

chpalmer

@samyboyz said in Pfsense overload when downloading big files:

@chpalmer said in Pfsense overload when downloading big files:

@stephenw10 said in Pfsense overload when downloading big files:

F for BufferBloat

Ive never seen better than a D on bufferbloat on a cable connection.. My Verizon powered Cradlepoint gets better grades and generally sucks for general browsing from a hill top site 300 feet from the Verizon tower.. I do not put allot of worry on DSLR bufferboat numbers.. unless other things are suffering.

Have you figured out if your modem is a Puma powered model?

It's Motorola SURFboard SB6120, i don't see it on the list of badmodems..

Its a Puma 5 model which does have some of the security issues.. though not the UDP traffic issue I was looking for. But it also will not bond all the possible channels that most cable companies have available today.. What models does your cable company rent out? Do you own that modem? Get them to replace it if you do not. Then go back to diagnosing if you need to.

stephenw10

@samyboyz said in Pfsense overload when downloading big files:

I can even connect via IPSEC vpn to other site but i can no longer surf, like DNS drops..i

Does DNS actually drop? Can you resolve IPs from a client behind pfSense? Can you resolve from pfSense itself?

What is the actual 'red page' you see? That usually indicates you user has been logged out or you are hitting the DNS rebind check.

If rebooting once does not correct this then it looks like something outside pfSense. Does your ISP redirect you to notifications?

Steve

samyboyz

@stephenw10

I just had the same issue again, i'm gonna try to replace the onboard nic, problem is i only have 1 PCIe port on this computer and it is taken by the second NIC, i was thinking of buying the following dual port NIC and was wondering if anyone can tell me if it's a good idea..

Thanks,

https://www.amazon.ca/Intel-1000-Dual-Server-Adapter/dp/B000BMZHX2/ref=sr_1_10?dchild=1&keywords=intel+pci+low+profile+nic&qid=1607576756&refinements=p_89%3AIntel&rnid=7590290011&s=electronics&sr=1-10

stephenw10

I would expect that to work fine. I've never tested that particular card personally.

However if you were seeing this condition persist across a reboot it's hard to imagine it's not something external. Does it persists across a complete power cycle?

Steve

samyboyz

Hi Guys,

Just to update on this old thread...for those having the same issue.
I got an Intel Dual NIC card from ebay and just installed it, so far so good, i guess the realtek card was the culprit after all.

Say my amazon photos would start synching or i would update a computer's feature release (large file), internet would go down, i would have to run setup wizard after which it would come back up every time.

Thank s for all your help,