High latency

  • Hi all,

    setup is as follow:

    network > pfsense > isp router

    I have a device in my network that causes high latency for 5-20 min, couple of times a day.

    What i figured out in this time slots:
    If i connect a client to the network behind pfsense i get high latency on pings up to 2kms.
    If i connect a client to the transfer network between pfsense and isp router, i get the same result.
    If i disconnect the lan from pfsense i get normal result from ping in transfer network.
    If i disconnect the pfsense from isp router i also get normal result from ping in transfer network.
    I dont see a consumer slowing down my network in traffic graphs.
    I dont see a event that could cause the issue in system log.

    I did alot if unplug testing on the switch behind the pfsense and also replaced the switch itself with no success.

    How you guys would start to identify the Client could cause this issue?
    Any suggestions what logs could contain useful information's?



    2.4.4-RELEASE-p3 (amd64)
    built on Wed May 15 18:53:44 EDT 2019
    FreeBSD 11.2-RELEASE-p10

  • LAYER 8

    packet capture / wireshark when you see the problem

  • Thanks,

    i did some pcaps while last outage and could not find anything that looks like causing the issue.
    I just see alot of high latency pings.
    What would you guys search for in the pcap or in the logs?


  • So i was able to indentify the issue.
    As soon as i browse german news sites, the adds from this sites going to load super slow and my latency explode.
    This does not happen direct behind the isp router, i can avoid the issue adding blocking lists (for adds) to my dns.

    Is this some behaviour caused by the squidpackage, i used in the past but not today?
    Which logs should contain the information for such a issue?

    I cant see any stat going up like CPU etc. while this.
    Also i wonder how this effects only wan interface traffic but not traffic between lan and dmz, same as the fact that even other protocols like icmp are effected by this issue.


  • First the good news :
    We all use the same pfSense version == the same code. On my system I can't resume the latency .... it's to small.

    What does change, is the hardware.
    You didn't mention anything so I presume it has enough power under the hood.

    What always changes : your settings / rules / whatever.

    @TeamZeroFar said in High latency:

    browse german news sites

    pfSense doesn't know the difference between American, German, Dutch, French or any other country.
    Could it be IPv4 and/or IPv6 related ?
    MTU related ?
    Or, why not, the pipe to Germany from your ISP is overloaded ?

    @TeamZeroFar said in High latency:

    Which logs should contain the information for such a issue?

    Actually just one : check DNS resolving first. Crank up the log details on the Resolver page (the advanced settings page).
    Internet packets are not logged - there are just to many of them.

    Packet capturing on the WAN interface will show you that when an outgoing TCP web connections gets an answer 10 minutes later : that's not pfSense fault.

  • Hi,

    thanks for response.

    About the Hardware: its a dualcore Intel cpu
    The utilization does not change while latency issue.

    I pointed the "german" news site oute cause they user other cdn for adds then the american (i guess).
    Since i can avoid the issue by blocking the addvertisment it hints that way.
    dnslogs look clean.
    Also dnsresolution works fine so far.

    About the ISP topic:
    I can immediately solve the latency by unplug the pfsense from isp router and verify by connect my pc to it.
    Else it takes about 20 min to recover, also pfsense does work normal if i unplug the lan.
    So it looks the root cause sits on the client pc after opening this kind of sites.
    I cant reproduce this behaviour on the isp router when connecting my pc direct.

    About the fault topic:
    I do not blame my pfsense for that, but i would like to understand the issue going on and be able to debug such a network problem on my firewall.

Log in to reply