pfSense 2.6.0 High latency and packet loss.
-
I bought a Huns micro Firewall appliance:
https://www.amazon.nl/Firewall-Appliance-Mikrotik-OPNsense-HUNSN/dp/B09PHHMJJB- Quad core 2.0 ghz
- Dual channel 16 gb ram
- 128GB ssd
- 4x i255 B3 network ports
-Dual stack ipv4 & ipv6
- Cable Internet.
Clean install of pfSense
Only a lan any to any rule is set.Wen i watch streaming video or audio it is constantly disturbed (stutter).
Same with surfing or watching youtube video's everything either doensn't load or loads very slow (stuttering).dpinger (ipv4) shows high ping peaks.
ipv6 pinger less high peaks.I contacted my ISP they measured my cable modem and the connection for 7 days and didn't see anything wrong.
Before this new micro system i used a HP T730 with pfSense 2.6.0 also a lot of problems.
With 2.5.2 no problems.I didn't check this new micro system with 2.5.2 yet but that is probably what i am going to try next to downgrade to 2.5.2.
I checked all the cables i am using with my network cable tester and are good.
I am not using wireless to test things.I can't think of anything else anymore then there is something not right with pfSense 2.6.0
I have problems with it on my HP T730 and no i bought this new micro firewall appliance and again the same problems with the WAN connection.I found a story about bufferbloat.
I set that up like it is described in de pfSense doc but with this also no luck.
Ping times are still high.It is driving me crazy
Last 7 months nothing but problems with pfSense.
I am using pfSense since m0n0wall stopped never had this much problems.
-
In a other forum.netgate.com post i read somebody advised to install the system patches package. I did that and loaded all the patches. Rebooted pfSense.
No change. -
@gerard64 Does Diagnostics/System Activity show high CPU usage for any processes?
-
This post is deleted! -
@steveits While i run bufferbloat test CPU usage on dashboard is ~ 20%
in Diagnostics/System Activity i see CPU's 100%
-
Mmm, those latency spikes are up to 30s! Which is so high it cannot be real.
What is your WAN connection there? How is it physically connected?
What is the WAN gateway monitoring? The labels on the gateway graphs are unclear.
Steve
-
@stephenw10 from my Cable modem I have a cat7 cable to my 2x rj45 wall sockets. From the wall sockets I run 2x cat7 cables to the patchpanel in my computer room. From the patchpanel I have another cat7 cable to the igc0 port of the micro firewall appliance system,
I tested all cables with my network cable tester and all cables are oke.
With the HP T730 the problems were because of the Broadcom nics not working with pfSense 2.6.0 so i bought this new system with intel i225 nics and i still have WAN problems.
I don't know what you mean with:
"What is the WAN gateway monitoring? The labels on the gateway graphs are unclear."I have a constant pinger running on the ISP gateway ipv4 (dpinger) & ipv6 and I have a pinger running on 9.9.9.9 (quad9 dns server)
All give high ping times.
-
I meant what IP are you using for gateway monitoring but I assume now you are using the default, the actual gateway IP, and you have added 9.9.9.9 as an additional gateway to get monitoring data?
Have you tested the pfSense WAN connected directly to the cable modem?
Have you tested a laptop directly on the cable modem to be sure it's clean at that point?
Steve
-
@gerard64 Who is your ISP and what model cable modem are you using? Cable companies have been known to move to the next DOCSIS version without telling their base.. especially the ones that do not rent equipment from them.
-
@stephenw10 Yes i am using the default for ipv4 and ipv6 and added quad9 thats right.
I have not yet tested the pfSense directly to the WAN yet. I was planning to do that this afternoon to go thru my backyard with a 20 meter long network cable i have.I did test with a laptop directly connected to the modem and connection is then bad too but the ISP Ziggo tells me there is nothing wrong with the modem or connection.
This laptop directly to the modem test is a bit longer ago and in the mean time i got a new modem so will test that again also today and let you know.
@chpalmer My isp is Ziggo (The Netherlands) with 350mbps down and 35 mbps up.
The modem is a so called connectbox https://www.ziggo.nl/klantenservice/apparaten/wifi-modems/connect-boxI belief this is a DOCSIS 3.0 few weeks ago i had a very old UBEE with only ipv4. With the new Connectbox i have dual stack ipv4 and ipv6 and both work besides the high ping and stuttering.
Before i got this new modem i got a letter from my isp telling me that my modem is going to be swapped to a new more modern moden and they did and from then on i could do dual stack wich is pretty nice well besides the problems i also had with the old ubee modem.
Ubee modem was a modem only not a router.
This new Connectbox is a router switched to bridge mode. -
@gerard64 said in pfSense 2.6.0 High latency and packet loss.:
This laptop directly to the modem test is a bit longer ago and in the mean time i got a new modem so will test that again also today and let you know.
Ah, definitely confirm that first then. We have seen modems that introduce bad latency before. Though never this bad....
-
@gerard64 You'd need to check the exact model number, but it looks like the Ziggo modem may be a Puma 6 modem which are subject to enormous ping spikes:
https://pypi.org/project/compal/ -
-
-
@gerard64 Yeah from everything I can tell, that's a Puma 6 modem:
-
Yup 600ms is still very high. That's above the default 500ms that pfSense uses for gateway monitoring to indicate the gateway is down.
If you're seeing that with a laptop on the modem directly pfSense isn't going to be able to improve that much. FQ-Codel can only do so much.
However you should either set the gateway monitoring latency value to something much higher or disable monitoring for now. That will prevent pfSense restarting services repeatedly which is probably what was causing the extreme latency you saw earlier.Steve
-
@TheNarc Interesting. I am going to communicate that with my provider maybe they have a fix or i can get a other modem. I still have to read all the links in your reply but wanted to thank you first for this information. Thank you!
@stephenw10 Very helpful information. I wasn't aware of pfSense used the gateway latency to restart surten services wen it is above 500ms. That explains a lot. And nice new information about the behavior of pfSense i didn't know. Thank you!
-
-
@stephenw10 This is very helpful for me. Why didn't i think of this
Thank you again! -
I contacted my ISP and we talked about the know modem latency problems. They are sending me a other (Ubee) modem to test. So fingers crossed this Ubee modem works better
