dpinger gateway packetloss issues
-
We have just recently moved to pfsense from an edgerouter, and we keep getting these strange packetloss issues in the gateway monitoring. We have a cable connection - I have set the default packet size to 2 in the advanced gateway monitoring options since I understand there is a bug in cable modems that can cause this, but that did not seem to help.
I can ping the gateway IP from my machine, and the internet continues to work over IPv4 just fine while this gateway is red. When I was running pfsense on server hardware to test it out, this did not happen, it seems to be new with the SG-3100 we have. What could be causing this? I don't think its something upstream since the internet is still working fine. If I recycle the WAN interface, the status will go green for a while (hours to days) then turn red again.
-
If you look at the state table and filter for the gateway IP do you see the packet counts increasing still on the ICMP state?
If you packet capture for it on the WAN do you see the pings actually being sent?Have you tried setting an alternative monitoring target like 8.8.8.8?
It could be the gateway simply blocking that traffic after a while.If you restart dpinger does it start showing as Online again?
Steve
-
I just restarted everything and swapped out the cable running to the 3100 from the modem after making this post, and it has been fine since.
If/when it happens again i will try those things.
Thanks!
-
This just happened again overnight.
If I filter on the state table, the packet count on the left is going up, but not on the right, so I am sending but not receiving.
I have not tried an alternative monitoring target yet. Restarting dpinger has no effect - still offline.
A packet capture shows a bunch of echo requests, and no replies to the gateway.
I will set monitoring to 8.8.8.8 and see what happens.
Interesting, until i recycled the interface, a traceroute to 8.8.8.8 showed a timeout line, and after it did not. However, it didn't shown any additional hops inside the ISP network. The only hops were my firewall and then 8.8.8.8, which seems strange. Also certain websites did not work until i recycled the interface.
-
Hmm, that sounds lie a possible routing issue. If something at your ISP is being triggered by the monitoring then changing the target should prevent that.
Steve
-
So it just happened again - the monitoring address (8.8.8.8) stayed up, but some sites stopped working until I cycled the interface, and the traceroute had a timeout until i cycled the interface.
What is the next step to troubleshoot something like this? I have a pretty straightforward config. Is this a pfsense issue or an issue uptream?
This is what I get when I traceroute to 8.8.8.8 - seems unusual, but I never really checked before.
-
That's almost certainly because you are using FQ-CoDel outbound Limiters and have not added the required bypass rules for tracetoute and ping.
Steve
-
@stephenw10 That was it. I did a factory reset on the box on Friday,afternoon and set it up again without those limiters,and it been fine ever since. Its still pretty new so nothing really was lost. I assume that would also explain why it was only ever the v4 gateway that was dropping as well - I had a floating rule in place to allow icmpv6 through the firewall.
-
Yes, that could be if the limiters never caught that traffic.
Glad you were able to resolve it.
Steve
