Download at full speed then got packet loss
-
Did the FQ-CoDel Limiters make any difference at all?
We can't see the full config there but I assume you have it set as shown for, example, here?:
https://youtu.be/o8nL81DzTlU?t=379Your firewall rules are incorrect. The out rule should cover both and needs to be set as Quick otherwise it will be passed by a later rule.
Steve
-
Yes, the limiters make a difference. Bufferbloat goes from F to A.
The problem remains the same. As soon as I download something and use the line, the ping goes up.
-
Ok those rules and queues look correct.
Do you actually see a reduction in available bandwidth when they are applied?
The key is to have them set slightly below the available speed to that all the queuing is done in pfSense where it can control what is passed and when. You might try setting the values lower to be sure.
Steve
-
The Vigor outputs the following values, in my thread above you can see my limits. I would say the limiter works?
But look at these spikes on cmd:
And this is what my ping looks like when there is only little traffic on the line:
-
Bad network card / drivers like Realtek?
-Rico
-
Hi Rico,
unfortunately you are right. However, I followed the following recommendation regarding the drivers.
https://forums.serverbuilds.net/t/guide-resolve-realtek-nic-stability-issues-on-freebsd-pfsense-2-4-4-2-4-5-2-5-0-opnsense-use-2-5gb-realtek/3555
My hardware is the following:
ZBOX PRO CI329 nano
https://www.zotac.com/product/mini_pcs/zbox-pro-ci329-nano -
When it comes to PPPoE, the problems get even worse with Realtek.
Can you put your WAN in DHCP or Static mode (run double NAT) for testing?-Rico
-
@rico
Unfortunately, I can't change that. It would be extremely difficult. Is there another option or do I have to buy new hardware? -
What are you pinging in that example?
Do you see the same variation to all external IPs?Steve
-
For my opinion you've bought the wrong device to run pfSense. That ZBOX is ~250 bucks as barebone with 2 Realtek NICs...makes my heart bleeding.
300/50(40) Mbps looks like Telekom Germany, refund that box if possible (14 day window) and get some serious pfSense gear.
-Rico
-
@stephenw10
I ping on www.google.de.
It doesn't matter what I ping. -
Yes it is a telecom line.
It is really difficult to get good hardware for the PFsense in Germany that is energy efficient.What kind of hardware would you suggest?
-
Mmm, the Celeron N4100 is not that fast. It's possible you're hitting something there though you are seeing the full bandwidth. I would expect it to pass 300Mbops without issues though. Maybe it's stuck at the lowest speed.
Try running at the CLI
top -aSHwhilst testing. See if one core at loaded 100%.Steve
-
-
Nope. All 4 cores are at least 73% idle. That's only 224Mbps though.
I'm still not sure you're actually limiting that traffic though.
What does the speed test result show when you disable the Limiters? vs with the Limiters?
Steve
-
-
Hmm, well that looks OK. Maybe more than FQ_Codel can deal with then.
I don't actually see any packet loss there though, are you still seeing that?
-
There are always packet losses at full speed downloads. Worse is that the ping rises from 5ms to 50. Then you get problems with Voip
-
Mmm, the latency is unavoidable to a certain extent though I would not expect packet loss.
You can try setting a lower limit for all other traffic and passing VoIP traffic outside the Limiters to reserve bandwidth for it.
Steve
-
@stephenw10 said in Download at full speed then got packet loss:
Celeron N4100
More for my own education than anything, why is the general theme that the HW pfSense is running on is the problem and not the ISP with what looks to be a full link?
While Realtek NICs are not the best, the speed is only 25% of what the NIC should be able to do, so it is not stressed. I would not expect a unstressed NIC causing a problem.
I run on an i3 540 with 4 port Intel 1Gb NIC and even with a speed test running @ 980Mbps and file copies crossing the other NICs I see no change in pings and a CPU getting close to 30%. The CPU in the problem system is generations newer and should be faster per cycle than mine.
o||||o
7100-1u
