Multilan Multiwan Config getting slow after a while
-
Hi,
i have setup a multiwan and multilan config.
there are 2 local nets 192.168.0.0/24 and 192.168.100.0/24 which are seperated. And i have setup a multiwan with vdsl and kabel which has failover but prefers vdsl for the .100 net and kabel for the .0 net.
After a while the connection of both nets gets slow and some webpages or video streams are not working correctls any more. A reboot of the pfsense fixes the problem.
It runs on on a JETWAY JBC390F541AA-19-B.Can someone help me to get an idea where the problem is and how to debug it?
Thanks.
Alex -
i have setup a multiwan and multilan config.
Only multi-WAN is here interesting for us.
And what other services you are running, or plain what packets are installed
on that pfSense firewall? Something like Squid as a caching proxy, or Clam AV Scanning,
or Snort / Suricata perhaps? And when yes what interface they are watching (LAN or WAN ports).there are 2 local nets 192.168.0.0/24 and 192.168.100.0/24 which are seperated.
How they are separated? With VLANs or each on another eth port?
And i have setup a multiwan with vdsl and kabel which has failover but prefers vdsl for the .100 net and kabel for the .0 net.
??? What does this meaning for us?
In normal there are many ways to go with here in that case. You may set up load balancing
and fail over so both is given to you and available to your network.After a while the connection of both nets gets slow and some webpages or video streams are not working correctly any more. A reboot of the pfsense fixes the problem.
Two things could be happen here, the RAM is full or the mbuf size is to small and the second
thing could be that the first internet line is failing and the second one is not used or the ISP
is throttling down after a limit is reached one or both internet lines.It runs on on a JETWAY JBC390F541AA-19-B.
If I am right informed for each RJ45 ports will be created queues and then it is filling the
to small mbuf size to fast and all is narrowing down the entire throughput then at last.- high up the mbuf size
- set the amount of queues to a smaller number
- perhaps activate the PowerD (high adaptive) option
- eventually it could be also nice to activate the TRIM support (but not really related to that problem here)
Can someone help me to get an idea where the problem is and how to debug it?
What is the config of the WAN interfaces and what kind of load balancing is used here in that case?
I would suggest here to go by policy based routing and a fail over rule that will be nice matching
and then perhaps on top choosing the right ratio for that two internet lines. How fast they are
each of them I mean?High up the mbuf size:
Choose your NIC and the installed driver for that and follow the instructions
for your 211AT or 210i NICs it should be the igb(4) driver and set the mbuf
size to 1000000 and click save. You might be trying out also other numbers!
Please don´t forget if you have only a small amount of RAM you cold ending
up in a booting loop! I would install for that 8 GB of RAM and then trying to
high up the amount step by step. 250000, 500000 and 1000000 you will be
able to see the usage on the dashboard! Please don´t forget also the amount
of 10 NICs. Could also be interesting to thatA proper Multi-WAN config: (load balancing & fail over)
Please read carefully this at first:- Multi-WAN Groups
and please watch out that topic - Policy based routing & fail over rule
If wished and/or needed:
Enable TRIM support in pfSense -
Only multi-WAN is here interesting for us.
And what other services you are running, or plain what packets are installed
on that pfSense firewall? Something like Squid as a caching proxy, or Clam AV Scanning,
or Snort / Suricata perhaps? And when yes what interface they are watching (LAN or WAN ports).There was snort running, on the wan ports. It allso slowed down the connection.
there are 2 local nets 192.168.0.0/24 and 192.168.100.0/24 which are seperated.
How they are separated? With VLANs or each on another eth port?
Each net has its own eth Port and is running on 2 vlans on a swith.
They are seperated in snort with 2 Floating firewall rules. If i disable this rules they act lice a local net.And i have setup a multiwan with vdsl and kabel which has failover but prefers vdsl for the .100 net and kabel for the .0 net.
??? What does this meaning for us?
In normal there are many ways to go with here in that case. You may set up load balancing
and fail over so both is given to you and available to your network.i attachted some pictures you can se what i mean.
After a while the connection of both nets gets slow and some webpages or video streams are not working correctly any more. A reboot of the pfsense fixes the problem.
Two things could be happen here, the RAM is full or the mbuf size is to small and the second
thing could be that the first internet line is failing and the second one is not used or the ISP
is throttling down after a limit is reached one or both internet lines.There should be no throteling on the ISP Lines. they have full speed and no problems if i directly connet without the pfsense box.
It runs on on a JETWAY JBC390F541AA-19-B.
If I am right informed for each RJ45 ports will be created queues and then it is filling the
to small mbuf size to fast and all is narrowing down the entire throughput then at last.- high up the mbuf size
- set the amount of queues to a smaller number
- perhaps activate the PowerD (high adaptive) option
- eventually it could be also nice to activate the TRIM support (but not really related to that problem here)
I rised the mbuf size to 1000000 lets see if it helps.
What is the config of the WAN interfaces and what kind of load balancing is used here in that case?
I would suggest here to go by policy based routing and a fail over rule that will be nice matching
and then perhaps on top choosing the right ratio for that two internet lines. How fast they are
each of them I mean?I Attatched some pics, hope they will help to see how i did the setup.
High up the mbuf size:
Choose your NIC and the installed driver for that and follow the instructions
for your 211AT or 210i NICs it should be the igb(4) driver and set the mbuf
size to 1000000 and click save. You might be trying out also other numbers!
Please don´t forget if you have only a small amount of RAM you cold ending
up in a booting loop! I would install for that 8 GB of RAM and then trying to
high up the amount step by step. 250000, 500000 and 1000000 you will be
able to see the usage on the dashboard! Please don´t forget also the amount
of 10 NICs. Could also be interesting to thatA proper Multi-WAN config: (load balancing & fail over)
Please read carefully this at first:- Multi-WAN Groups
and please watch out that topic - Policy based routing & fail over rule
If wished and/or needed:
Enable TRIM support in pfSensethanks for the links, i will doublecheck everything
Thanks for your help.
Best regards,
Alex
