Delay on ping to firewall
-
Hi, I have a new, Netgate SG-4860, generally it's working well but there is a latency issue. the symptoms are that, if you enter a url when browsing or using youtube, sometimes it will time out, the browser's error message will appear and then the url will resolve and all is well. You can see evidence of this in the ping test to the firewall (192.168.4.1) below. The first one says unreachable, then suddenly I have a series of responses. The second group shows continuous responses around 3ms then up to 100, 200 or 300 plus.
Does anyone have any thoughts as to why this is happening?
Thank you
temple@DaddylaptopKubuntu:~$ ping 192.168.4.1 PING 192.168.4.1 (192.168.4.1) 56(84) bytes of data. From 192.168.4.8 icmp_seq=1 Destination Host Unreachable From 192.168.4.8 icmp_seq=2 Destination Host Unreachable From 192.168.4.8 icmp_seq=3 Destination Host Unreachable 64 bytes from 192.168.4.1: icmp_seq=4 ttl=64 time=379 ms 64 bytes from 192.168.4.1: icmp_seq=5 ttl=64 time=2.20 ms 64 bytes from 192.168.4.1: icmp_seq=6 ttl=64 time=2.31 ms 64 bytes from 192.168.4.1: icmp_seq=7 ttl=64 time=2.82 ms 64 bytes from 192.168.4.1: icmp_seq=8 ttl=64 time=5.52 ms 64 bytes from 192.168.4.1: icmp_seq=9 ttl=64 time=2.81 ms ^C --- 192.168.4.1 ping statistics --- 9 packets transmitted, 6 received, +3 errors, 33% packet loss, time 8022ms rtt min/avg/max/mdev = 2.205/65.905/379.746/140.358 ms, pipe 3 temple@DaddylaptopKubuntu:~$ ping 192.168.4.1 PING 192.168.4.1 (192.168.4.1) 56(84) bytes of data. 64 bytes from 192.168.4.1: icmp_seq=1 ttl=64 time=2.64 ms 64 bytes from 192.168.4.1: icmp_seq=2 ttl=64 time=2.85 ms 64 bytes from 192.168.4.1: icmp_seq=3 ttl=64 time=127 ms 64 bytes from 192.168.4.1: icmp_seq=4 ttl=64 time=2.20 ms 64 bytes from 192.168.4.1: icmp_seq=5 ttl=64 time=2.73 ms 64 bytes from 192.168.4.1: icmp_seq=6 ttl=64 time=2.66 ms 64 bytes from 192.168.4.1: icmp_seq=7 ttl=64 time=2.75 ms 64 bytes from 192.168.4.1: icmp_seq=8 ttl=64 time=336 ms 64 bytes from 192.168.4.1: icmp_seq=9 ttl=64 time=2.72 ms 64 bytes from 192.168.4.1: icmp_seq=10 ttl=64 time=3.56 ms 64 bytes from 192.168.4.1: icmp_seq=11 ttl=64 time=5.23 ms 64 bytes from 192.168.4.1: icmp_seq=12 ttl=64 time=2.55 ms 64 bytes from 192.168.4.1: icmp_seq=13 ttl=64 time=149 ms 64 bytes from 192.168.4.1: icmp_seq=14 ttl=64 time=2.72 ms 64 bytes from 192.168.4.1: icmp_seq=15 ttl=64 time=2.63 ms 64 bytes from 192.168.4.1: icmp_seq=16 ttl=64 time=6.75 ms 64 bytes from 192.168.4.1: icmp_seq=17 ttl=64 time=2.72 ms 64 bytes from 192.168.4.1: icmp_seq=18 ttl=64 time=230 ms 64 bytes from 192.168.4.1: icmp_seq=19 ttl=64 time=2.68 ms 64 bytes from 192.168.4.1: icmp_seq=20 ttl=64 time=5.37 ms 64 bytes from 192.168.4.1: icmp_seq=21 ttl=64 time=8.51 ms 64 bytes from 192.168.4.1: icmp_seq=22 ttl=64 time=5.89 ms 64 bytes from 192.168.4.1: icmp_seq=23 ttl=64 time=257 ms 64 bytes from 192.168.4.1: icmp_seq=24 ttl=64 time=100 ms 64 bytes from 192.168.4.1: icmp_seq=25 ttl=64 time=2.67 ms 64 bytes from 192.168.4.1: icmp_seq=26 ttl=64 time=2.61 ms 64 bytes from 192.168.4.1: icmp_seq=27 ttl=64 time=4.92 ms 64 bytes from 192.168.4.1: icmp_seq=28 ttl=64 time=350 ms 64 bytes from 192.168.4.1: icmp_seq=29 ttl=64 time=2.82 ms 64 bytes from 192.168.4.1: icmp_seq=30 ttl=64 time=2.02 ms 64 bytes from 192.168.4.1: icmp_seq=31 ttl=64 time=2.67 ms 64 bytes from 192.168.4.1: icmp_seq=32 ttl=64 time=2.69 ms ^C --- 192.168.4.1 ping statistics --- 32 packets transmitted, 32 received, 0% packet loss, time 31052ms rtt min/avg/max/mdev = 2.026/51.268/350.439/100.099 ms temple@DaddylaptopKubuntu:~$ -
Are you using Squid? What's your system activity look like during these?
-
thank you Harvy66 - afaik I'm not using squid and I don't know what it is. I'm using OpenDNS 208.67.222.222 and 208.67.220.220 - but the ping isn't going as far as the DNS anyway.
-
well, I've found out what Squid is and it's installed on the firewall now … let's see if there's an improvement
-
He wasn't telling you to install it he was asking if you had it because it might be a contributing factor.
What is 192.168.4.8?
Packet capture ICMP on the 192.168.4.1 interface and see if the delay is there or somewhere else.
-
Thanks Mr. Derelict - that was shutting the gate after the herd of cattle had bolted :)
The Squd thingy seems to be working fine … I've deliberately taken a step backwards and I'm using a single AP now. I'll close this thread now and I'm going to ask some more questions in the wireless forum.
