latency on all WAN Connections
-
Hi Team.
I am facing latency issue from last couple of days on my WAN Interfaces . I have 4 WAN links and 1 is my internal interface for routing purpose. In every 5 to 10 mints my ping is broken and all the interfaces shows the latency warning and offline error for 10 to 15 secs. I read couple of blogs but not found any solution. Can some one guide me how can I resolve this issue.
I am attaching the snapshot of my Gateway Status here. If you need any further information let me I will provide.
I test all my ISP links individually by plugin cable directly and it working fine.Thanks in advance.
-
What pfSense version are you running?
If you watch Diag > System Activity do you have something using all avaialble CPU when the latency spikes?
Did anything change when this started?
Steve
-
@rahim, do you have any open ports on your wan?
-
Hi @stephenw10 Thank you so much.
I am using 2.5.2-RELEASE (amd64). I am not changing any thing from last week but facing this issue from last 2 Days. The CPU utilization is gone to 60% when this latency comes.CPU Type Intel(R) Xeon(R) CPU X5650 @ 2.67GHz
4 CPUs: 4 package(s) x 1 core(s)
AES-NI CPU Crypto: Yes (inactive)
QAT Crypto: NoRAM: 16 GB
CPU Cores: 4I created Pfsense on Virtual Machine based on Esxi 6.0 Dell Power Edge 710. If works fine from last 2 year I never face this issue during this whole period.
-
Hi @silence Thank you so much.
Yes I have some 5 to 6 ports on my 2 WAN interfaces for my on-preme Kaspersky Antivirus server.
Source : any
Destination: Port 14000 & 13000 toSource: single host alias
Destination: 3389.These port are open from last 2 year. In last couple of weeks I just install PfBlocker Dev package in my firewall and its work fine just facing this issue from last 2 to 3 days.
-
@rahim, you can start by increasing the security on your wan (changing the origin of any) to trusted source ...
and then use pfblocker to detect any unauthorized port scan attempts in the last 3 weeks.
-
@rahim, Anyway I would like to see an internal ping log go through your pfsense without problem, can you perform these tests? Simultaneously with this ping 8.8.8.8 to confirm that it is not a Broken NIC.
-
@rahim said in latency on all WAN Connections:
Yes I have some 5 to 6 ports on my 2 WAN interfaces for my on-preme Kaspersky Antivirus server.
Those are port forwards to the internal server?
@rahim said in latency on all WAN Connections:
The CPU utilization is gone to 60% when this latency comes.
What is using that CPU? What jumps to the top of the list in System Activity?
Steve
-
@silence its not possible for me to changing the origin of any to trusted one because Antivirus Server talks to its endpoint agents which are installed on our users laptops and their IP are dynamic. For the RDP port I only allow my trusted IPs but for other ports its not possible for me.
Can you please guide me how can I detect any unauthorized port scan using pfblocker.I just restart my pfsense server after my office hours now the ping is look fine. But I am not sure is this the solution. Because currently their is no user in our office and no bandwidth load at this time. @Silence can you guide me is it possible that due that when users connect to it in morning this cause appears again ?
-
@stephenw10 Yes those are port forwards to the internal servers. Currently I restart my Pfsense server and every thing looks like fine but if this appears again I morning I will check the activity logs and send you the snapshot of it. Meanwhile if you have any idea what casuse this let me know I will try to fix it if this not fix than I will let you know.
Thank you so much @Silence & @stephenw10
-
@Silence , @stephenw10 Facing this issue again. Can you guys please help me out to resolve this issue.
-
I assume you were not seeing the same 60% total CPU usage when that shot was taken?
The only thing of any significance there is ntop-ng. You might try disabling that as a test.
Steve
-
@stephenw10 Yes after restarting I am not seeing 60% of CPU utilization. OK thanks I will stop the ntopng and than check if this work than I will find any way around for this.