Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    PFSense Packetloss and slow connection

    General pfSense Questions
    4
    8
    1338
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • V
      viniciusbalbino last edited by

      I have here this scenario:
      PFSense 2.3.1-RELEASE-p5
      Virtualized in: VMWare VSphere Hypervisor ESXi
      16 cores processor
      4GB ram

      This virtual Server running inside a Dell Cluster Server, with 4 servers, where each server have 2 processors Xeon Octa Core and about 100GB of memory (some servers have much memory, and others any less) in each server, run's about 25 virtual servers;

      Running Services:
      10x IPSec Tunnel (VPN to other units SiteToSite VPN);
      1x OpenVPN ClientToSite VPN with no more than 20 connections simultaneously;
      2 WAN's With Load Balance and Fail Over;
      10 LAN's;
      In all my LAN's I have squid active with SquidGuard applying acces (content filter) policies;
      In all my LAN's I have Captive Portal Active, in 8 of my 10 LAN's Captive Portal work in transparent mode (all machines of the network are pré configured in captive portal, to do not as authentication - I use this to control bandwidth of all hosts, because with squid active limiters in firewall don't work good; in 2 LAN's captive portal ask authentication in each new connection to network, the authentication work: pfSense - NAP Server - AD Database);
      In all my 10 LAN's I have about 2000 host connected to my network simultaneously;
      Squid generate access log's for all active LAN's;
      For all my LAN's I have about 20 - 30 firewall rules that control access.
      For all LAN's I have DHCP Active, some of the LAN's mask is /21;

      with this scenario, I have much packet loss, but it's not in all time of the day, only in some moments, and this moments don't have a rule of logic.

      Someone have this problem too, or can help-me with the solution? I tought to buy this pfSense hardware: https://store.pfsense.org/XG-1540/
      Is this the best hardware to solution my problem?
      I live in Brazil, and here, this hardware is much expensive, I have one other way, buy one dell server, with 16GB ram, 2 processors xeon Octa Core through the half of a pfSense hardware, and install on it pfSense System, and this server will be dedicated to run pfSense.
      What is the best way?

      1 Reply Last reply Reply Quote 0
      • V
        viniciusbalbino last edited by

        nothing? :( my network is too slow

        1 Reply Last reply Reply Quote 0
        • H
          heper last edited by

          When reading your summary it is clear to me that changing hardware will not change anything.

          Your setup is broken. Fix your overcomplicated situation (start from scratch)

          Using captiveportal to limit bandwidth for squid on 8 interfaces for 2k users = recipe for disaster

          1 Reply Last reply Reply Quote 0
          • V
            viniciusbalbino last edited by

            @heper:

            When reading your summary it is clear to me that changing hardware will not change anything.

            Your setup is broken. Fix your overcomplicated situation (start from scratch)

            Using captiveportal to limit bandwidth for squid on 8 interfaces for 2k users = recipe for disaster

            So, do you have other way to limit bandwidth for network connected hosts with squid active in transparent mode? (I have to use transparent mode, because in your network, most users are students, and we can't configure their machines to work with authenticated proxy (mainly because if we make this, their machines are not work in other networks). their machines not work inside our domain controller (AD).

            1 Reply Last reply Reply Quote 0
            • W
              W4RH34D last edited by

              I'd use traffic shaping to control the big stuff.

              I'd use captive portal for one off's.

              Did you really check your cables?

              1 Reply Last reply Reply Quote 0
              • V
                viniciusbalbino last edited by

                @W4RH34D:

                I'd use traffic shaping to control the big stuff.

                I'd use captive portal for one off's.

                here I don`t use traffic shaping, do you have a good tutorial to configure it?

                1 Reply Last reply Reply Quote 0
                • W
                  W4RH34D last edited by

                  Sorry for late reply, didn't know there was one.

                  No I don't have a tutorial but it is pretty simple.

                  I'd recommend getting the book, though.

                  Add a captive portal to the interface you're using.
                  Add your devices that do not need to be bounce checked in the mac section.
                  Any device not on the whitelist on the interface will be resent to the captive portal page if you want but you also have the ability there to limit the bandwidth.

                  Did you really check your cables?

                  1 Reply Last reply Reply Quote 0
                  • KOM
                    KOM last edited by

                    No I don't have a tutorial but it is pretty simple.

                    :o  IMO traffic shaping is one of the hardest concepts to understand, especially if your use case is outside what the wizard supports.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post