Seeing spikes in WAN monitor the past couple days, ideas?
-
I have a cable connection via Spectrum and originally put in a single codel q for up and down to help smooth latency when there was some stress on the network. It worked great for a little, but then realized with everyone working from home that during peak hours my limits were too high so I needed to drop the max during the day, so I created firewall schedules and adjusted my queue speed down during peak hours to smooth it. After I did that I've been getting these spikes. I have to assume it's related because my monitor was pretty smooth up until I made that change. Attached are screenshots of my config, let me know if I screwed something up.
https://imgur.com/a/kEAvqN4
I've tried restarting the router with no success. I also disabled the floating firewall rule to presumably stop traffic going through the codel queues. Even with that rule disabled I'm seeing the spikes about every 15 minutes. Are there any crons that run every 15? I didn't see anything crazy in the system logs.
I have the following packages running:
pfblockerng-devel
snort
openvpn
unbound in forwarder mode
ntopng
a-cups
bsnmpd
darkstat
dpinger
ntpd -
You are probably hitting this when the filter reloads every 15mins https://redmine.pfsense.org/issues/10414
Check Cron for what is running at those intervals. Probably Snort table expire or something in pfBlocker.
That will be fixed in 2.4.5p1.
Steve
-
It looks like it may coincide with the firewall rule sync. What I don't understand is I've been on 2.4.5 a while now and it just started on May 8. Also I'm seeing an upward tick in latency while I have an outbound transfer going right now, and it isn't using all my upload bandwidth (have ~10mbps till max). Is it possible it's 2 difference issues? Is there something with the Codel config I have that's exacerbating issues?
Update shots of cron and increase in latency with Codel
https://imgur.com/a/HmPBMF7 -
Unlikely anything to do with shaping. More likely it's trying to load a large enough table to hit it. pfBlocker could be pulling in a much larger table from somewhere. Something may have changed remotely.
Steve
-
@stephenw10
Ah gotcha. I'll stay tuned for the 2.4.5_1 release. Thanks!