Bandwidth saturation and pfsense
-
When can we determine the case of bandwidth saturation in pfsense?
In two posts I asked for help in determining two single problems, here I would like help with them together.
We have a FWA with 20/4Mb and an ADSL 10/1Mb.
In pfSense there is balancing and failover activated. Forcing a line to be blocked, for example by removing the network cable, everything seems to work.
In reality it never worked and often the entire Internet access was blocked.We therefore simply unplugged the ADSL secondary line cable, thus we are working only with FWA, but once again it often happens that the Internet line goes down.
We found that the average latency is 80ms with frequent peaks at 200ms and occasional peaks up to 2000ms.With the last block, we unplugged the FWA cable and connected the ADSL one.
Internet traffic started, but after a few hours it froze again. The problem is now reported for excessive Internet upload traffic.
The provider reports 800MB per hour. From my verification, I find 400/500MB.Now, I have to find who is generating traffic because they are not authorized to do so (there is a post of mine for this problem).
But I wonder:- Can this traffic be justified for blocking the ADSL Internet line? And the FWA?
- Could it be that pfSense is blocking the Internet because of this traffic?
In other words, where does the bandwidth saturation problem arise? In pfsense or at the ISP?
Because I have two lines of different characteristics, different speeds, two problems that would seem different (latency and excessive traffic), but the result is the same. Internet blocked, random.I would like to understand if the problem is mine and where to intervene to solve it, or if instead the two ISPs are making fun of me with "pre-packaged" answers.
In this context, should I specifically handle failover?
I limited myself to indicating the IP address of two DNS and defining a higher priority on FWA for balancing.Thanks in advance
-
@darkcorner why would they be reporting it as MBytes in an hour? A 4Mbits per upload could send way more than 800MBytes in an hour and not actually be saturated..
Have them show you their traffic graph..
In you other thread did you look at your graph - does it hit 4Mbps upload and sit there for a while, or does it exceed 4mbps at times?
You could send over 800MB in an hour at less than 2Mbps.. So reporting what you have total sent in Bytes in an hour doesn't show your saturating anything. You need to see the traffic graph, because maybe you are going over your 4Mbps at times and that is causing you problems, or maybe your not.. They should be able to provide you the graph - especially if they are saying your saturating your link.
-
@darkcorner Yeah, your lines are assymmetric, so if you are doing upload you can saturate the outbound pipe easily, and that will cause wildly jumping latencies for pings/requests to the Internet.
I agree, you need to look at the traffic monitor and see if you saturate the 4mbps at times.
You could use NtopNG to identify who is doing that - it’s a “live” monitoring tool, so it will report near realtime how much bandwidth each session/client is using and in what direction.
You will need to diagnosticate/monitor the issue while it is happening. -
As they said it is a particularly anomalous situation and I cannot find a logical thread to problems that seem of different nature, but which have the same conclusion: the block, very often, but randomly of the Internet line.
There are two IPS. There are two technologies: FWA and ADSL. Just as the speeds are different. To be precise, there are three technologies because the ADSL router automatically manages the connectivity switch on a mobile line in case of problems on the ADSL.
However, I can't failover from pfSense automatically and if I connect only the FWA it can crash and the cause seems to be the high latency; if instead I connect the ADSL, the the cause seems to be excessive traffic.The first ISP tells me that latency is normal for an FWA. The second just tells me that they have a total traffic of 800MB per hour. They can't tell me if it's 800MB divided by 60 minutes or if it's a peak of 800MB. The fact remains that for this reason they block me from the Internet.
The company is very angry about the situation and blames either the firewall (pfSense) or badly scheduled backups because in fact there is no reason for users to generate that traffic as the work is mainly on NAS and onsite servers.
The company invites me to fix it immediately, blocking backups or deleting pfSense.
However, I would like to understand if it is actually an "internal" problem and not instead of unstable lines. I also have the doubt that there are two ISPs, but that the second has attested its line at the central of the first and therefore if there is a problem on one the problem is reflected on the other. -
In normal you (we all) maybe talking about 3 different things
if it goes about or around saturated ports or line and yes
for sure also about some more things can be coming by site or on top of all.The provider reports 800MB per hour. From my
verification, I find 400/500MB.They will count all, that means also the overheat of this
traffic, it means more the "entire" traffic will be able to
"see" and counting on their site.-
Ports are to small footprint (10/100/1000 MBit/s)
-
CPU is to small and/or powerful
-
to much big files and or other traffic together
-
not enough diskspace and/or RAM available
-
art and wise how the backup is organized
-
ISP is cutting the line at night once a time (Germany)
-
Internetline is to low and you needs more throughput
-
VPN is runnning out of disk space and/or RAM (buffering)
-
the entire hardware is to slow and "slim" for all that jobs
-
other or to many packets were installed on pfSense and
at one point it is complete satureated (entire firewall)
If you are in Germany, and all isps are cutting once at night
the internetline, (consumer only, not business) and then due to the circumstance of failover the 10/1 line is perhaps
alone working, it might be that this will be than saturated
by the hole workload of the backup. -
-
@darkcorner said in Bandwidth saturation and pfsense:
occasional peaks up to 2000ms
This will trigger failover.
In System/Routing edit the gateway and click Display Advanced to show the settings for latency. "Default is 200/500" ms. See:
https://docs.netgate.com/pfsense/en/latest/routing/gateway-configure.html#advanced-gateway-settingsA couple years ago we had a client where latency would occasionally spike high and trigger failover, and at the time pfSense had a bug where it wouldn't "fail back." After a long while we finally tracked it to a Mac, but have no other info than guessing it was maybe doing a backup (the person said they didn't know). We put a limiter on that Mac so it wouldn't flood the connection.
You could try setting up traffic shaping to see if that helps.
-
800MB in one hour is not that much by modern standards. A single Mac running icloud backup will burn through that easily.
At 1Mbps on your ADSL WAN it's not possible to upload 800MB in one hour. So that must include upload and download.
I would find out what their actual cut-off limit is and add your own limiter to prevent hitting it. Though in my opinion if you're paying for 10/1Mbps you should be able to use it.
Steve
