Connection slows occasionally after pfSense receives public IP
-
Hi,
I'm fairly new user to pfSense and I got 1 Gb symmetrical fiber installed just before christmas. Previously I had LTE connection with Huawei giving private IP range to my pfSense router. As I got my fiber connection I called ISP and they bridged it, after that the connection worked fine for 10 minutes, then UL speed dropped to 150 Mbit/s. This happened around the clock.
I tried different MTUs, but nothing worked out. I installed a fresh pfSense, configured NICs, but every time WAN received a public IP from Calix, connection started to drop out. Hardware is:
HP ProDesk 400 G3 SFF i5-6500/8/120SSD
NIC: Dell 0CWKPJ, Intel D42543 CPUCan anyone share some insight to what might be the problem here? I called my ISP to un-bridge Calix and now it works just fine. pfSense is DMZ'd now.
-
I'd suggest talking to your ISP. Pfsense wouldn't cause something like that. I have a 500/20 Mb connection, which works fine. Other threads here have mentioned some ISPs have special requirements, such a VLAN, etc., that might affect this.
Also, mention who your ISP is. There may be others here who have experience with them.
-
I have ticket in, they haven't responded yet. I live in Finland so I don't think my ISP is relevant here. I do know that my connection is GPON based fibre. But you might be on to something here with the VLANs, they offer IPTV service with separate box you can buy (Arris VIP4302 or Wi-Fi variant of that). I think those services work by sharing bandwidth to separate VLAN for the IPTV and since I was using only internet, could that mess up my connection?
-
I wouldn't know. You should still mention your ISP and equipment models. Otherwise we're just guessing. I also have IPTV and it does not require VLANs. It's on my main LAN and I connect to my TVs with Ethernet. The only VLAN is for my guest WiFi.
BTW, my ISP has a "Community Forum", where customers can discuss various issues. Does yours? If so, that might be a place where you can get some help.
-
ISP is KSVV and they supplied me with Calix 844G-2 fiber router. My ISP is really small and they don't have any forum to post on. I will call them next week to ask about possible settings when connecting to bridged fiber router.
-
@gobias said in Connection slows occasionally after pfSense receives public IP:
I live in Finland so I don't think my ISP is relevant here
You think you are the only one from Finland that uses pfsense, and comes to this forum? ;)
It is quite possible that posting your ISP and your info on make and model could find someone else here with the same exact setup and isp, etc.
edit: A quick search while did not find your isp or your model.. Found this guy saying he is from finland and something about his modem in bridge mode sharing IPs
https://forum.netgate.com/post/884249 -
https://ksvv.fi...
Install instructions for the 844G (Finnish): https://ksvv.fi/wp-content/uploads/2017/07/4969-Asiakaspaatelaite_Calix_844G_-_Asennus_ja_kayttoohje-6.pdf
Calix spec document (English): https://ksvv.fi/wp-content/uploads/2017/07/4207-Wlan_Paatelaite_844G_GigaCenter.pdf
No mention of VLANs that I could tell in the install instructions (I don't speak Finnish)... none of the screenshots of the router interface (which are in English) go anywhere near that kind of setting. The specs do mention that it does support VLANs, but I would imagine that if they were in use, there would be a specific port that would need to be used by an IPTV box.
Apparently Centurylink and Ting have used that gateway (ONT + router) here in the US... found some references to them while searching for the router.
-
@johnpoz said in Connection slows occasionally after pfSense receives public IP:
@gobias said in Connection slows occasionally after pfSense receives public IP:
I live in Finland so I don't think my ISP is relevant here
You think you are the only one from Finland that uses pfsense, and comes to this forum? ;)
It is quite possible that posting your ISP and your info on make and model could find someone else here with the same exact setup and isp, etc.
edit: A quick search while did not find your isp or your model.. Found this guy saying he is from finland and something about his modem in bridge mode sharing IPs
https://forum.netgate.com/post/884249No, I didn't think I was alone here from Finland. :) I've been browsing this forum about a year and few days ago I found a thread that tells how international this forum is. :)
That link didn't help, my ISP shares only one public IP to one port of the fiber router.
@virgiliomi said in Connection slows occasionally after pfSense receives public IP:
https://ksvv.fi...
Install instructions for the 844G (Finnish): https://ksvv.fi/wp-content/uploads/2017/07/4969-Asiakaspaatelaite_Calix_844G_-_Asennus_ja_kayttoohje-6.pdf
Calix spec document (English): https://ksvv.fi/wp-content/uploads/2017/07/4207-Wlan_Paatelaite_844G_GigaCenter.pdf
No mention of VLANs that I could tell in the install instructions (I don't speak Finnish)... none of the screenshots of the router interface (which are in English) go anywhere near that kind of setting. The specs do mention that it does support VLANs, but I would imagine that if they were in use, there would be a specific port that would need to be used by an IPTV box.
Apparently Centurylink and Ting have used that gateway (ONT + router) here in the US... found some references to them while searching for the router.
Yeah, I've browsed those thoroughly and didn't found any useful settings to try. Bridging is something ISP doesn't advertise, I found out it from the installer who installed my fibre. That router is widely used around the globe, I've been googling it pretty much.
My connection works fine now, I'll call customer service next Monday to ask about possible settings to implement.
-
Yeah call to ISP might be prudent.. It could be something as silly as bandwidth being allocated to mac.. When they bridge their system is seeing the mac of pfsense vs their device.
And your purchased bandwidth package might not being applied?
Or maybe their device when not bridging filtering a lot of traffic that now pfsense is seeing being problematic? For example maybe the iptv that runs on some other vlan?
A sniff of what is going could be useful. When you are seeing the speed drop off..
-
I have Realtek NIC on the motherboard, I tried to use it too for checking if it's something network card related. It wasn't, same slowness occured, but I noticed that Realtek got a different public IP than the Intel NIC card.
Right after my service connected the speed profile was wrong, I was stuck with 500/100 connection. But that sorted out by calling them and requesting new, ordered 1/1G profile.
Your guess is as good as mine about the VLANs, is there a way to see them? Using something like ntopng which I have installed atm?
After the call we are all wiser, I will update here when I have some info to share.
-
You can do a simple sniff under diagnostic, packet capture.. Then you could load that into something like wireshark to get some insight to what could be going on.
-
@johnpoz said in Connection slows occasionally after pfSense receives public IP:
You can do a simple sniff under diagnostic, packet capture.. Then you could load that into something like wireshark to get some insight to what could be going on.
Just got answer from my ISP, VLANs and other configs have been set in their end. As my connection works now with pfSense DMZ'd, I'll leave this be then.
I inquired also about slower speeds during daytime, this is something they know and are due to fix it within a month, 30+ new customers in the area caused this. They told me that it is not something caused by the GPON network, so it be must slow trunk connection or slow switches/routers etc.
-
@gobias said in Connection slows occasionally after pfSense receives public IP:
I inquired also about slower speeds during daytime
Yeah this is common with any isp and oversubscription - or fast growth.. Where they are over subscribed for peak usage times..
And doesn't always have to happen with their network, could be a peer.. While their network might be able to handle 100 customers all at gig, all doing gig.. Maybe their peer connection is not able to handle this, say its only rated at 50gig..
So if all 100 customers are trying to do something that goes through that peer connection they run into a throttling problem.. But when 50 of the customers are no using it, they are sleeping for example.. Then the other 50 customers don't have a problem.
That is an over simplification of the problem for sure - but you get the idea..
Think of it this way have a 1gig internet connection. So while sure 1 PC downloading something might be able to get 1 gig.. What if you have 3 PCs trying to download something - they have to share that 1 gig pipe, and no single client will see 1 gig download. When that is happening.
Same sort of problem can happen in isp network.. Their networks are connected to the rest of the internet just like your connected to them..
Now do they increase their peer connections, or change out other hardware in their network to handle all the customers peak connection speeds at all times, or do they just tell you they are ;) That is the question...
edit:
Off peak hours I normally see 50mbps up.. which is what I pay for.. But during peak usage times, its normally more in the 40mbps range.. As long as I get within say 10 or 20% of what I am paying for.. I don't have a problem with that - this is normal.. But when I was seeing 10mbps.. All times of the day.. Yeah I complained.. Took them like 3 days to get it worked out..example: Notice the timestamp when I see 54Mbps, but normal day time 11am and 1 something in the afternoon are lower.
-
@johnpoz said in Connection slows occasionally after pfSense receives public IP:
@gobias said in Connection slows occasionally after pfSense receives public IP:
I inquired also about slower speeds during daytime
Yeah this is common with any isp and oversubscription - or fast growth.. Where they are over subscribed for peak usage times..
And doesn't always have to happen with their network, could be a peer.. While their network might be able to handle 100 customers all at gig, all doing gig.. Maybe their peer connection is not able to handle this, say its only rated at 50gig..
So if all 100 customers are trying to do something that goes through that peer connection they run into a throttling problem.. But when 50 of the customers are no using it, they are sleeping for example.. Then the other 50 customers don't have a problem.
That is an over simplification of the problem for sure - but you get the idea..
Think of it this way have a 1gig internet connection. So while sure 1 PC downloading something might be able to get 1 gig.. What if you have 3 PCs trying to download something - they have to share that 1 gig pipe, and no single client will see 1 gig download. When that is happening.
Same sort of problem can happen in isp network.. Their networks are connected to the rest of the internet just like your connected to them..
Now do they increase their peer connections, or change out other hardware in their network to handle all the customers peak connection speeds at all times, or do they just tell you they are ;) That is the question...
edit:
Off peak hours I normally see 50mbps up.. which is what I pay for.. But during peak usage times, its normally more in the 40mbps range.. As long as I get within say 10 or 20% of what I am paying for.. I don't have a problem with that - this is normal.. But when I was seeing 10mbps.. All times of the day.. Yeah I complained.. Took them like 3 days to get it worked out..example: Notice the timestamp when I see 54Mbps, but normal day time 11am and 1 something in the afternoon are lower.
Yeah, I get that traffic multiplies in the daytime, but this is something that's related to the price I pay for 1/1G connection. In Finland there are minimum speeds for every internet connection that ISPs have to publish to the customers. With LTE these speeds are set to pretty low, like my previous connection was LTE and speed range was 10–200 Mbit/s. Can you guess at which end of those speeds it worked in the daytime? Now with fiber broadband that minimum speed is set to 780 Mbit/s and if they can't provide it, should I be paying less for it? There are good consumer rights and laws in Finland, this is something I can elevate to get the price or service I need.
By the way, prices for my broadband are:
- Install 99€/124.50$ (500ft fiber pull to my house + 30ft inside it + fiber router)
- Monthly 59€/71.78$ for 1/1 gigabit symmetric connection
-
@gobias said in Connection slows occasionally after pfSense receives public IP:
Monthly 59€/71.78$ for 1/1 gigabit symmetric connection
That is seems like a great price!!! I pay $60 a month for 500/50 I could bump to gig down for like 20 more.. But my up would be stay at 50... 500 down is more than enough for me - but what I want is more up ;)
-
@johnpoz said in Connection slows occasionally after pfSense receives public IP:
@gobias said in Connection slows occasionally after pfSense receives public IP:
Monthly 59€/71.78$ for 1/1 gigabit symmetric connection
That is seems like a great price!!! I pay $60 a month for 500/50 I could bump to gig down for like 20 more.. But my up would be stay at 50... 500 down is more than enough for me - but what I want is more up ;)
That is a a great price, especially considering that nearest city, with 140K people, is over 60 miles away. I would settle for 1000/500 connection too, but next one down is 500/100. What for do you need more upload bandwidth?
-
@gobias said in Connection slows occasionally after pfSense receives public IP:
What for do you need more upload bandwidth?
Friends and Family watching stuff off my plex server ;)
-
@johnpoz said in Connection slows occasionally after pfSense receives public IP:
@gobias said in Connection slows occasionally after pfSense receives public IP:
What for do you need more upload bandwidth?
Friends and Family watching stuff off my plex server ;)
My guess was right then, one of the only reasons to have an enormous upload bandwidth in personal use.
-
If I wasn't serving up stuff to friends an family - 50 would be fine..
And even then - it works..Would just be nicer to have more..