Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Seeing spikes in WAN monitor the past couple days, ideas?

    Scheduled Pinned Locked Moved General pfSense Questions
    5 Posts 2 Posters 510 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • R
      realityman_
      last edited by

      I have a cable connection via Spectrum and originally put in a single codel q for up and down to help smooth latency when there was some stress on the network. It worked great for a little, but then realized with everyone working from home that during peak hours my limits were too high so I needed to drop the max during the day, so I created firewall schedules and adjusted my queue speed down during peak hours to smooth it. After I did that I've been getting these spikes. I have to assume it's related because my monitor was pretty smooth up until I made that change. Attached are screenshots of my config, let me know if I screwed something up.

      https://imgur.com/a/kEAvqN4

      I've tried restarting the router with no success. I also disabled the floating firewall rule to presumably stop traffic going through the codel queues. Even with that rule disabled I'm seeing the spikes about every 15 minutes. Are there any crons that run every 15? I didn't see anything crazy in the system logs.

      I have the following packages running:

      pfblockerng-devel
      snort
      openvpn
      unbound in forwarder mode
      ntopng
      a-cups
      bsnmpd
      darkstat
      dpinger
      ntpd

      1 Reply Last reply Reply Quote 0
      • stephenw10S
        stephenw10 Netgate Administrator
        last edited by

        You are probably hitting this when the filter reloads every 15mins https://redmine.pfsense.org/issues/10414

        Check Cron for what is running at those intervals. Probably Snort table expire or something in pfBlocker.

        That will be fixed in 2.4.5p1.

        Steve

        R 1 Reply Last reply Reply Quote 0
        • R
          realityman_ @stephenw10
          last edited by realityman_

          @stephenw10

          It looks like it may coincide with the firewall rule sync. What I don't understand is I've been on 2.4.5 a while now and it just started on May 8. Also I'm seeing an upward tick in latency while I have an outbound transfer going right now, and it isn't using all my upload bandwidth (have ~10mbps till max). Is it possible it's 2 difference issues? Is there something with the Codel config I have that's exacerbating issues?

          Update shots of cron and increase in latency with Codel
          https://imgur.com/a/HmPBMF7

          1 Reply Last reply Reply Quote 0
          • stephenw10S
            stephenw10 Netgate Administrator
            last edited by

            Unlikely anything to do with shaping. More likely it's trying to load a large enough table to hit it. pfBlocker could be pulling in a much larger table from somewhere. Something may have changed remotely.

            Steve

            R 1 Reply Last reply Reply Quote 0
            • R
              realityman_ @stephenw10
              last edited by

              @stephenw10
              Ah gotcha. I'll stay tuned for the 2.4.5_1 release. Thanks!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.