Random disconnects

Artifice

Re: circuit bouncing and DNS

Hello,

I have been having some issues with the following error

send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 1 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 1.1.1.1 bind_addr 73.x.x.x identifier "WAN_DHCP " 

I have also tried all of the mentioned solutions I can find on the old thread and am currently looking for a solution to implement. I am no network guru, but do have some experience so I would say enough to be dangerous lol! I am currently running a PFsense SG-2100 and started to experience issues within the last 3-4 months prior to this I had no issues. I thought maybe the firewall was bad so I turn an old HP DL380 G6 with 24 cores and 114gigs of ram into my pf box. I know super freaking overkill, but my thought was maybe something within the SG-2100 was being borked. I run Quad 9 dns and cloudflare dns as backup, but currently have my PF as the DNS go to and don't resolve any DNS to the outside world. I also have a weird issues that I am seeing my event take place a day ahead of the current day... so for example today is 12-2-2021 and events are showing as 12-3-2021? What am i missing here lol! Any help at all would be greatly appreciated and I can provide any logs needed to further troubleshoot thanks!

Gertjan

@artifice said in Random disconnects:

1.1.1.1

is a very known DNS resolver.
Didn't know that it also replies on pings. Why would it do that ? 1.1.1.1 is very busy doing DNS for a big part of the planet, and when it gets overloaded, which protocol will get dropped first ? ;)

Between your pfSense WAN port, and the "1.1.1.1" are a few (or a lot) of routers. If even one of these is maxing out, pings get dropped first. The result : dpinger start to show messages a you have shown.

So, yeah, 1.1.1.1 is a very known IP, but not at all the best IP to uses for the 'gateway accessible' test. An IP that is a border router of your ISP would be far better, as it is physically (in hops) closer to you.

As ping is a low priority protocol, when you bandwidth goes to 100 % in either direction, ping answers won't come back. You'll be seeing the same message again.
Yo could create a limiter/queue that privileges ICMP that goes out and comes in on the WAN.

When there is no traffic on your WAN (disconnect all LAN devices) and ping still has issues coming through, then you should focus on your ISP. Theyt give you probably what they have available. Which could be less then you need. There is not much what you can do about that.

Investigate also the notion 'buffer bloat.

stephenw10

@artifice said in Random disconnects:

I have been having some issues with the following error

That is not an error. That shows dpinger starting and the values it's using. That typically indicates the WAN disconnected and reconnected but could be something else. We need to see a more complete set of logs surrounding the incident really.

Steve