Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Connection slows occasionally after pfSense receives public IP

    General pfSense Questions
    4
    19
    260
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • G
      Gobias last edited by

      Hi,

      I'm fairly new user to pfSense and I got 1 Gb symmetrical fiber installed just before christmas. Previously I had LTE connection with Huawei giving private IP range to my pfSense router. As I got my fiber connection I called ISP and they bridged it, after that the connection worked fine for 10 minutes, then UL speed dropped to 150 Mbit/s. This happened around the clock.

      grafana_speedtestplus_cli.jpg

      I tried different MTUs, but nothing worked out. I installed a fresh pfSense, configured NICs, but every time WAN received a public IP from Calix, connection started to drop out. Hardware is:

      HP ProDesk 400 G3 SFF i5-6500/8/120SSD
      NIC: Dell 0CWKPJ, Intel D42543 CPU

      Can anyone share some insight to what might be the problem here? I called my ISP to un-bridge Calix and now it works just fine. pfSense is DMZ'd now.

      JKnott 1 Reply Last reply Reply Quote 0
      • JKnott
        JKnott @Gobias last edited by

        @gobias

        I'd suggest talking to your ISP. Pfsense wouldn't cause something like that. I have a 500/20 Mb connection, which works fine. Other threads here have mentioned some ISPs have special requirements, such a VLAN, etc., that might affect this.

        Also, mention who your ISP is. There may be others here who have experience with them.

        1 Reply Last reply Reply Quote 0
        • G
          Gobias last edited by

          @jknott

          I have ticket in, they haven't responded yet. I live in Finland so I don't think my ISP is relevant here. I do know that my connection is GPON based fibre. But you might be on to something here with the VLANs, they offer IPTV service with separate box you can buy (Arris VIP4302 or Wi-Fi variant of that). I think those services work by sharing bandwidth to separate VLAN for the IPTV and since I was using only internet, could that mess up my connection?

          JKnott johnpoz 2 Replies Last reply Reply Quote 0
          • JKnott
            JKnott @Gobias last edited by

            @gobias

            I wouldn't know. You should still mention your ISP and equipment models. Otherwise we're just guessing. I also have IPTV and it does not require VLANs. It's on my main LAN and I connect to my TVs with Ethernet. The only VLAN is for my guest WiFi.

            BTW, my ISP has a "Community Forum", where customers can discuss various issues. Does yours? If so, that might be a place where you can get some help.

            G 1 Reply Last reply Reply Quote 0
            • G
              Gobias @JKnott last edited by Gobias

              @jknott

              ISP is KSVV and they supplied me with Calix 844G-2 fiber router. My ISP is really small and they don't have any forum to post on. I will call them next week to ask about possible settings when connecting to bridged fiber router.

              1 Reply Last reply Reply Quote 0
              • johnpoz
                johnpoz LAYER 8 Global Moderator @Gobias last edited by johnpoz

                @gobias said in Connection slows occasionally after pfSense receives public IP:

                I live in Finland so I don't think my ISP is relevant here

                You think you are the only one from Finland that uses pfsense, and comes to this forum? ;)

                It is quite possible that posting your ISP and your info on make and model could find someone else here with the same exact setup and isp, etc.

                edit: A quick search while did not find your isp or your model.. Found this guy saying he is from finland and something about his modem in bridge mode sharing IPs
                https://forum.netgate.com/post/884249

                G 1 Reply Last reply Reply Quote 0
                • virgiliomi
                  virgiliomi last edited by virgiliomi

                  https://ksvv.fi...

                  Install instructions for the 844G (Finnish): https://ksvv.fi/wp-content/uploads/2017/07/4969-Asiakaspaatelaite_Calix_844G_-_Asennus_ja_kayttoohje-6.pdf

                  Calix spec document (English): https://ksvv.fi/wp-content/uploads/2017/07/4207-Wlan_Paatelaite_844G_GigaCenter.pdf

                  No mention of VLANs that I could tell in the install instructions (I don't speak Finnish)... none of the screenshots of the router interface (which are in English) go anywhere near that kind of setting. The specs do mention that it does support VLANs, but I would imagine that if they were in use, there would be a specific port that would need to be used by an IPTV box.

                  Apparently Centurylink and Ting have used that gateway (ONT + router) here in the US... found some references to them while searching for the router.

                  1 Reply Last reply Reply Quote 0
                  • G
                    Gobias @johnpoz last edited by Gobias

                    @johnpoz said in Connection slows occasionally after pfSense receives public IP:

                    @gobias said in Connection slows occasionally after pfSense receives public IP:

                    I live in Finland so I don't think my ISP is relevant here

                    You think you are the only one from Finland that uses pfsense, and comes to this forum? ;)

                    It is quite possible that posting your ISP and your info on make and model could find someone else here with the same exact setup and isp, etc.

                    edit: A quick search while did not find your isp or your model.. Found this guy saying he is from finland and something about his modem in bridge mode sharing IPs
                    https://forum.netgate.com/post/884249

                    No, I didn't think I was alone here from Finland. :) I've been browsing this forum about a year and few days ago I found a thread that tells how international this forum is. :)

                    That link didn't help, my ISP shares only one public IP to one port of the fiber router.

                    @virgiliomi said in Connection slows occasionally after pfSense receives public IP:

                    https://ksvv.fi...

                    Install instructions for the 844G (Finnish): https://ksvv.fi/wp-content/uploads/2017/07/4969-Asiakaspaatelaite_Calix_844G_-_Asennus_ja_kayttoohje-6.pdf

                    Calix spec document (English): https://ksvv.fi/wp-content/uploads/2017/07/4207-Wlan_Paatelaite_844G_GigaCenter.pdf

                    No mention of VLANs that I could tell in the install instructions (I don't speak Finnish)... none of the screenshots of the router interface (which are in English) go anywhere near that kind of setting. The specs do mention that it does support VLANs, but I would imagine that if they were in use, there would be a specific port that would need to be used by an IPTV box.

                    Apparently Centurylink and Ting have used that gateway (ONT + router) here in the US... found some references to them while searching for the router.

                    Yeah, I've browsed those thoroughly and didn't found any useful settings to try. Bridging is something ISP doesn't advertise, I found out it from the installer who installed my fibre. That router is widely used around the globe, I've been googling it pretty much.

                    My connection works fine now, I'll call customer service next Monday to ask about possible settings to implement.

                    1 Reply Last reply Reply Quote 0
                    • johnpoz
                      johnpoz LAYER 8 Global Moderator last edited by

                      Yeah call to ISP might be prudent.. It could be something as silly as bandwidth being allocated to mac.. When they bridge their system is seeing the mac of pfsense vs their device.

                      And your purchased bandwidth package might not being applied?

                      Or maybe their device when not bridging filtering a lot of traffic that now pfsense is seeing being problematic? For example maybe the iptv that runs on some other vlan?

                      A sniff of what is going could be useful. When you are seeing the speed drop off..

                      G 1 Reply Last reply Reply Quote 0
                      • G
                        Gobias @johnpoz last edited by Gobias

                        @johnpoz

                        I have Realtek NIC on the motherboard, I tried to use it too for checking if it's something network card related. It wasn't, same slowness occured, but I noticed that Realtek got a different public IP than the Intel NIC card.

                        Right after my service connected the speed profile was wrong, I was stuck with 500/100 connection. But that sorted out by calling them and requesting new, ordered 1/1G profile.

                        Your guess is as good as mine about the VLANs, is there a way to see them? Using something like ntopng which I have installed atm?

                        After the call we are all wiser, I will update here when I have some info to share.

                        johnpoz 1 Reply Last reply Reply Quote 0
                        • johnpoz
                          johnpoz LAYER 8 Global Moderator @Gobias last edited by

                          You can do a simple sniff under diagnostic, packet capture.. Then you could load that into something like wireshark to get some insight to what could be going on.

                          G 1 Reply Last reply Reply Quote 0
                          • G
                            Gobias @johnpoz last edited by Gobias

                            @johnpoz said in Connection slows occasionally after pfSense receives public IP:

                            You can do a simple sniff under diagnostic, packet capture.. Then you could load that into something like wireshark to get some insight to what could be going on.

                            Just got answer from my ISP, VLANs and other configs have been set in their end. As my connection works now with pfSense DMZ'd, I'll leave this be then.

                            I inquired also about slower speeds during daytime, this is something they know and are due to fix it within a month, 30+ new customers in the area caused this. They told me that it is not something caused by the GPON network, so it be must slow trunk connection or slow switches/routers etc.

                            johnpoz 1 Reply Last reply Reply Quote 0
                            • johnpoz
                              johnpoz LAYER 8 Global Moderator @Gobias last edited by johnpoz

                              @gobias said in Connection slows occasionally after pfSense receives public IP:

                              I inquired also about slower speeds during daytime

                              Yeah this is common with any isp and oversubscription - or fast growth.. Where they are over subscribed for peak usage times..

                              And doesn't always have to happen with their network, could be a peer.. While their network might be able to handle 100 customers all at gig, all doing gig.. Maybe their peer connection is not able to handle this, say its only rated at 50gig..

                              So if all 100 customers are trying to do something that goes through that peer connection they run into a throttling problem.. But when 50 of the customers are no using it, they are sleeping for example.. Then the other 50 customers don't have a problem.

                              That is an over simplification of the problem for sure - but you get the idea..

                              Think of it this way have a 1gig internet connection. So while sure 1 PC downloading something might be able to get 1 gig.. What if you have 3 PCs trying to download something - they have to share that 1 gig pipe, and no single client will see 1 gig download. When that is happening.

                              Same sort of problem can happen in isp network.. Their networks are connected to the rest of the internet just like your connected to them..

                              Now do they increase their peer connections, or change out other hardware in their network to handle all the customers peak connection speeds at all times, or do they just tell you they are ;) That is the question...

                              edit:
                              Off peak hours I normally see 50mbps up.. which is what I pay for.. But during peak usage times, its normally more in the 40mbps range.. As long as I get within say 10 or 20% of what I am paying for.. I don't have a problem with that - this is normal.. But when I was seeing 10mbps.. All times of the day.. Yeah I complained.. Took them like 3 days to get it worked out..

                              example: Notice the timestamp when I see 54Mbps, but normal day time 11am and 1 something in the afternoon are lower.

                              earlymorning.png

                              G 1 Reply Last reply Reply Quote 0
                              • G
                                Gobias @johnpoz last edited by

                                @johnpoz said in Connection slows occasionally after pfSense receives public IP:

                                @gobias said in Connection slows occasionally after pfSense receives public IP:

                                I inquired also about slower speeds during daytime

                                Yeah this is common with any isp and oversubscription - or fast growth.. Where they are over subscribed for peak usage times..

                                And doesn't always have to happen with their network, could be a peer.. While their network might be able to handle 100 customers all at gig, all doing gig.. Maybe their peer connection is not able to handle this, say its only rated at 50gig..

                                So if all 100 customers are trying to do something that goes through that peer connection they run into a throttling problem.. But when 50 of the customers are no using it, they are sleeping for example.. Then the other 50 customers don't have a problem.

                                That is an over simplification of the problem for sure - but you get the idea..

                                Think of it this way have a 1gig internet connection. So while sure 1 PC downloading something might be able to get 1 gig.. What if you have 3 PCs trying to download something - they have to share that 1 gig pipe, and no single client will see 1 gig download. When that is happening.

                                Same sort of problem can happen in isp network.. Their networks are connected to the rest of the internet just like your connected to them..

                                Now do they increase their peer connections, or change out other hardware in their network to handle all the customers peak connection speeds at all times, or do they just tell you they are ;) That is the question...

                                edit:
                                Off peak hours I normally see 50mbps up.. which is what I pay for.. But during peak usage times, its normally more in the 40mbps range.. As long as I get within say 10 or 20% of what I am paying for.. I don't have a problem with that - this is normal.. But when I was seeing 10mbps.. All times of the day.. Yeah I complained.. Took them like 3 days to get it worked out..

                                example: Notice the timestamp when I see 54Mbps, but normal day time 11am and 1 something in the afternoon are lower.

                                earlymorning.png

                                Yeah, I get that traffic multiplies in the daytime, but this is something that's related to the price I pay for 1/1G connection. In Finland there are minimum speeds for every internet connection that ISPs have to publish to the customers. With LTE these speeds are set to pretty low, like my previous connection was LTE and speed range was 10–200 Mbit/s. Can you guess at which end of those speeds it worked in the daytime? Now with fiber broadband that minimum speed is set to 780 Mbit/s and if they can't provide it, should I be paying less for it? There are good consumer rights and laws in Finland, this is something I can elevate to get the price or service I need.

                                By the way, prices for my broadband are:

                                • Install 99€/124.50$ (500ft fiber pull to my house + 30ft inside it + fiber router)
                                • Monthly 59€/71.78$ for 1/1 gigabit symmetric connection
                                johnpoz 1 Reply Last reply Reply Quote 0
                                • johnpoz
                                  johnpoz LAYER 8 Global Moderator @Gobias last edited by

                                  @gobias said in Connection slows occasionally after pfSense receives public IP:

                                  Monthly 59€/71.78$ for 1/1 gigabit symmetric connection

                                  That is seems like a great price!!! I pay $60 a month for 500/50 I could bump to gig down for like 20 more.. But my up would be stay at 50... 500 down is more than enough for me - but what I want is more up ;)

                                  G 1 Reply Last reply Reply Quote 0
                                  • G
                                    Gobias @johnpoz last edited by

                                    @johnpoz said in Connection slows occasionally after pfSense receives public IP:

                                    @gobias said in Connection slows occasionally after pfSense receives public IP:

                                    Monthly 59€/71.78$ for 1/1 gigabit symmetric connection

                                    That is seems like a great price!!! I pay $60 a month for 500/50 I could bump to gig down for like 20 more.. But my up would be stay at 50... 500 down is more than enough for me - but what I want is more up ;)

                                    That is a a great price, especially considering that nearest city, with 140K people, is over 60 miles away. I would settle for 1000/500 connection too, but next one down is 500/100. What for do you need more upload bandwidth? 😁

                                    johnpoz 1 Reply Last reply Reply Quote 0
                                    • johnpoz
                                      johnpoz LAYER 8 Global Moderator @Gobias last edited by

                                      @gobias said in Connection slows occasionally after pfSense receives public IP:

                                      What for do you need more upload bandwidth?

                                      Friends and Family watching stuff off my plex server ;)

                                      G 1 Reply Last reply Reply Quote 1
                                      • G
                                        Gobias @johnpoz last edited by

                                        @johnpoz said in Connection slows occasionally after pfSense receives public IP:

                                        @gobias said in Connection slows occasionally after pfSense receives public IP:

                                        What for do you need more upload bandwidth?

                                        Friends and Family watching stuff off my plex server ;)

                                        My guess was right then, one of the only reasons to have an enormous upload bandwidth in personal use. 😁

                                        johnpoz 1 Reply Last reply Reply Quote 0
                                        • johnpoz
                                          johnpoz LAYER 8 Global Moderator @Gobias last edited by johnpoz

                                          If I wasn't serving up stuff to friends an family - 50 would be fine..

                                          And even then - it works..Would just be nicer to have more..

                                          1 Reply Last reply Reply Quote 0
                                          • First post
                                            Last post

                                          Products

                                          • Platform Overview
                                          • TNSR
                                          • pfSense
                                          • Appliances

                                          Services

                                          • Training
                                          • Professional Services

                                          Support

                                          • Subscription Plans
                                          • Contact Support
                                          • Product Lifecycle
                                          • Documentation

                                          News

                                          • Media Coverage
                                          • Press
                                          • Events

                                          Resources

                                          • Blog
                                          • FAQ
                                          • Find a Partner
                                          • Resource Library
                                          • Security Information

                                          Company

                                          • About Us
                                          • Careers
                                          • Partners
                                          • Contact Us
                                          • Legal
                                          Our Mission

                                          We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

                                          Subscribe to our Newsletter

                                          Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

                                          © 2021 Rubicon Communications, LLC | Privacy Policy