Really weird behavior in 2.4.5-p1. Gateways go down becuase of a simple speedtest

techtester-m

When using speedtest.com or other speed testing apps/services, the latency of all the gateways is skyrocketing! It goes up slightly when downloading and goes off the roof when uploading....weird weird issue. Check screenshot below.

Btw I've never noticed such behavior before and I'm sure I would have if it happened.

At first I thought that virtualizing pfSense causes that (even with hardware checksum disabled) so I switched back to a bare metal installation but the problem didn't go away.

Any idea? Please....help :)

stephenw10

That's not unusual when the connection is congested. You're probably hitting some bad buffer bloat somewhere.
You may be able to improve that with some traffic shaping in pfSense. Or you can just accept that's how your WANs behave and tune the monitoring parameters accordingly.

Steve

techtester-m

@stephenw10 said in Really weird behavior in 2.4.5-p1. Gateways go down becuase of a simple speedtest:

congested

Hi! Long time no speak man haha...So you're saying it happens due to congested connection on the ISP side and has nothing do to with the setup (virtualization or bare metal)? Meaning that in an ideal perfect world or just good day this shouldn't happen?

2. would traffic shaping balance between all the connections in the network (no QoS)?

3. Perhaps it would sound funny but could it be that the ISP is limiting full bandwidth connections due to covid-19 or something else of that sort?

4. What would happen if people tried to upload something to Google Drive, YouTube or just watch Netflix in 4k lol ? Though it does go up specifically on full upload which probablt a limitation or congestion from the ISP side as you said.

stephenw10

You probably have two things happening there, congestion on your actual WAN connection and congestion or limiting on the VPNs over that.

What the 'normal' latency on the WAN? 140ms looks high. Try testing directly on WAN and see what sort of latency you see. A simple test at fast.com will show you the loaded vs unloaded latency (if you enable that in the test settings).
A test at dslreports will give you a bufferbloat 'score' you can use to see if shaping improves anything.

Many people see good results just adding codelq limiters on WAN:
https://forum.netgate.com/topic/112527/playing-with-fq_codel-in-2-4/815

Steve

techtester-m

@stephenw10 said in Really weird behavior in 2.4.5-p1. Gateways go down becuase of a simple speedtest:

What the 'normal' latency on the WAN? 140ms looks high

Without speedtesting while idle it would be RTT 5-6+- sometimes less, RTTsd 0.xxx usually.

@stephenw10 said in Really weird behavior in 2.4.5-p1. Gateways go down becuase of a simple speedtest:

Try testing directly on WAN and see what sort of latency you see

I already did with a clean factory defaults settings but now I also did what you said about fast.com settings and this is the result on the WAN (Same for the VPNs):

@stephenw10 said in Really weird behavior in 2.4.5-p1. Gateways go down becuase of a simple speedtest:

A test at dslreports will give you a bufferbloat 'score' you can use to see if shaping improves anything.
Many people see good results just adding codelq limiters on WAN:
https://forum.netgate.com/topic/112527/playing-with-fq_codel-in-2-4/815

I'll try both. Edit: Even when on WAN and disabling all relevant extensions on Firefox and Chrome this is the message I get from https://www.dslreports.com/speedtest:

Napsterbater

@techtester-m said in Really weird behavior in 2.4.5-p1. Gateways go down becuase of a simple speedtest:

I'll try both. Edit: Even when on WAN and disabling all relevant extensions on Firefox and Chrome this is the message I get from https://www.dslreports.com/speedtest:

DSLr's speedtest is pretty much dead, and has been for a quite awhile.

stephenw10

Yeah, I have to hit 'use http' to allow it to run from here now. Works fine on some machines though. Odd.

Anyway, 600ms loaded latency is pretty bad! I assume that was during the upload part of the test? That's usually the worst direction by a long if your connection is asymmetric.
What speeds do you see?

Try codelq. With that result it will probably work well for you.

Steve

techtester-m

@stephenw10 said in Really weird behavior in 2.4.5-p1. Gateways go down becuase of a simple speedtest:

I assume that was during the upload part of the test?

Yes.

@stephenw10 said in Really weird behavior in 2.4.5-p1. Gateways go down becuase of a simple speedtest:

What speeds do you see?

An embarrassing 5+- Mbps (500KB/s Download is 80-90MB/s) but fiber is coming to my area in a few months - one year at max.

@stephenw10 said in Really weird behavior in 2.4.5-p1. Gateways go down becuase of a simple speedtest:

Try codelq. With that result it will probably work well for you.

What percentage of improvement do people see on average when using this? Btw I don't need much upload I just don't want it to kill the gateways if someone over the network uploads something. I'll talk to my ISP anyway.

Edit:
This is the result from fast.com when I connect a PC directly to the ISP's modem (PPPoE bridge mode):

Perhaps there's something happening somewhere in the network? I'll check cables, switches etc...not that there's much here but just to be sure.

Gertjan

Just checked my connection using fast.com ... it was a chock.

The bigger picture explained my case :

The test was defaulting to my IPv6. My IPv6 is a ipv6.he.net collect server in Paris, which tunnels IPv6 over IPv4. Like a VPN.

A IPv4 test shows far better results.

The "codelq" anti bufferbloat rules, as mentioned by @stephenw10 did close to miracles for my classic IPv4 ADSL setup. I'm using these rules for years now.

techtester-m

@Gertjan said in Really weird behavior in 2.4.5-p1. Gateways go down becuase of a simple speedtest:

The "codelq" anti bufferbloat rules

I'll try, but I'm doing an elimination test anyway. Building rules from scratch to see when exactly it chocks. This is the result with the most basic setup of pfsense:

Latency on the gateways (in pfSense webgui) is still getting high no matter what and marked with yellow color by pfs...

Gertjan

These are my rules :

They are doubled, as I have 2 interfaces, one for IPv4 (WAN) and one for IPv6 (HENETV6).

The first rules gives a special treatment to ICMP (ping), so that they are handled with priority.

Even under full load, my IPv4 ICMP latency doesn't change a milliseond.

See the "Playing with fq_codel in 2.4" mega therad (1000 posts) in the Traffic Shaping sub forum how to make these rules.

techtester-m

@Gertjan Thank you. I'll try soon (I hope) and report back :)

techtester-m

@Gertjan In the meanwhile, while investigating a little and doing elimination test this is one of the results I got from Fast.com. Better than the ISP even suppose to give lol...I only wish it stayed like this haha. Perhaps because I enabled Load Balancing...

stephenw10

You can just tune the latency values for the monitoring on those VPN gateways. Thety are always going to be higher than normal anyway. That will prevent them being marked down when they are not.

Steve

techtester-m

@stephenw10 Yeah...that I know of course but was just curious about the issue :)

Reporting back fellas - I connected a PC directly to the ISP's equipment and it turns out it's on their side. Apparently what you said about asymmetric DSL connections, PPPoE etc. This is the upload "loaded" result when connected directly to the ISP's equipment:

I think we can say DSL technology and some ISPs are just sh*tty, but it served humanity well haha...Anyway, nothing is wrong on my side so all that's left for me to do is to use the rules/traffic shaping you mentioned in order to overcome this. Another day maybe. I'll be back lol

As usual, thank you guys.

stephenw10

Yeah with 5Mbps upload you can saturate the connection pretty easily. However it's also much easier to shape upload than down since we can control exactly what leaves the interface.

I would expect to see good results from fq-codel here.

Steve