Ping floods show packet loss



  • In trying to troubleshoot local network issues, I routinely use the ping -f command to quickly determine where there may be an issue with a host or switch. I’ve noticed that in every pfsense box I’ve deployed (and I’ve done a few dozen, 32 and 64 bit, various cpus, various nics, simple to complex configs), i always see packet loss of under 10% (usually 4-6%). If I do the same with a centos box, I get no loss.

    Why does pfsense show a loss, when there really is none?

    Could there be some command line switch to use?

    Bob



  • If you are scanning a local network, same subnet, you usually wouldn't see traffic going through pfSense. Your switch would keep all of that traffic local.

    Are you 100% sure you're going through pfSense?



  • @tim-mcmanus

    I’m just trying to ping local machines on the lan network for the most part. I’m not saying that the local lan traffic is going thru pfsense, just internet traffic. However, if there is packet loss (either to the Internet or elsewhere), the flood ping is a great way to quickly find it and make sure you don’t have a flaky nic or switch.

    Bob



  • @nleaudio said in Ping floods show packet loss:

    @tim-mcmanus

    I’m just trying to ping local machines on the lan network for the most part. I’m not saying that the local lan traffic is going thru pfsense, just internet traffic. However, if there is packet loss (either to the Internet or elsewhere), the flood ping is a great way to quickly find it and make sure you don’t have a flaky nic or switch.

    Bob

    The only risk you have is creating a situation where you consume all of the resources on the pfSense box by creating the flood. You could unintentionally create a situation where you DOS yourself or a device.

    If you do not use a ping flood, do you see packets dropping in the pfSense interface? I will usually pick a monitoring address other than Level3 or Google to use as a monitor IP. That's why I use to determine packet loss rather than doing something like a ping flood.



  • @tim-mcmanus
    Thanks for the reply. I just use the flood ping as a tool to see quickly if there is a packet loss issue. I routinely do this with Linux boxes, and I’ve never had an issue. My question here is why does pfsense behave differently than the Linux boxes, and show packet loss when there really isn’t any?

    For example, try this:

    1. Pfsense box with LAN on 192.168.1.1
    2. Centos (or pick your favorite distro) with a pingable port on 192.168.1.100

    When you ping -f 192.168.1.1 from the Linux box, you’ll see no lost packets.

    When you ping -f 192.168.1.100 from pfsense’s shell, you’ll see some loss.

    You can even see this with a cable directly connecting the two, linked up at 1000base.

    Bob



  • Tims-iMac-Pro:~ timmcmanus$ sudo ping -f 10.0.0.1
    Password:
    PING 10.0.0.1 (10.0.0.1): 56 data bytes
    .^C
    --- 10.0.0.1 ping statistics ---
    209306 packets transmitted, 209305 packets received, 0.0% packet loss
    round-trip min/avg/max/stddev = 0.059/0.162/1.693/0.274 ms
    Tims-iMac-Pro:~ timmcmanus$ 
    

    I am pinging a Netgate SG-2440 from an iMac Pro. The ping consumes about 4.2Mbit up and 4.2Mbit down. I wasn't logged into the router interface at all during the test.

    No packet loss.

    What hardware are you using? The NIC manufacturers?



  • @tim-mcmanus
    No, I’m saying that I can get the same results you just posted when I use a different machine. It’s when I shell into pfsense and do a ping flood from that where it shows the packet loss.

    For hardware, again I have all different kinds of hardware, from older p4s to core 2 duo 3ghz to dell Xeon servers. I typically always use intel nics, but they can be server ones, workstation ones, etc. I seem to see the same results no matter what hardware I use.

    Bob



  • How are you getting ping to do a flood on pfSense? When I add the "-f" argument to ping in the pfSense shell I get an error.



  • Works fine here. Ping -f (address)

    Bob