Flooded log
-
Hmm, curious. Are you using one rule to both apply the limiters and route traffic to the ISP2 WAN?
-
@stephenw10
well actually yes...
the vm actually just act as redirector and shaper for different vlans to different ISP's gateway.
Been doing that and it just works.. until lately..
Do I miss something ? -
Nope I would expect that work fine. It seems suspicious that something just changed seemingly without any changes made to the pfSense config. Like something else is limiting it.
-
This post is deleted! -
@stephenw10
That's the hair pulling prob.Let's call this pfsense box : shaper ( vm ).
It has 3 interfaces, 1 to LAN ( L3 Switch ), 1 interface to ISP1, and 1 other to ISP2
Turned off NAT on shaper, so it's just doing routing and traffic shaping only.
Gateway of ISP1 is actually another pfsense doing NAT ( a vm )
Gateway of ISP2 is the debian box ( another VM )I suspected there's something wrong on the gateway side.
I have debian box act as gateway on top of pfsense.But when I tried removing the limiter to ISP2 , vlan client got full bandwidth.
- Limit Off : vlan pc - iperf3 - gateway = Full b/w.
- Limit On : vlan pc - iperf3 - gateway = inconsistent b/w. ( this is done with no other client online ).
But ONLY on this particular gateway to ISP2.
I've been re-installing pfsense like 5 times in vm already, lol..
-
Hmm, you're testing using iperf3 to the gateway directly? Though that should still work.
-
@stephenw10
Okay .. there's just something with 2.71 that I just do not know about.I got good backup of 2.6 vm image.. started it up...
All is well.. surprisingly well.. no flooded msgs in the log like above.
I do not know how it got there the first time.
Started the slave vm.. performed well also, Limiter works great with both ISP's Gateway.Installed a fresh 2.71..
Then Restore the FULL backup config from 2.6.0...Everything went well.. EXCEPT the Limiter again !
I even copy all /boot/loader.conf from 2.6 vm..
The limiter on 2.7.1 just doesn't work as well as 2.6.0 one...here's the loader.conf content :
kern.cam.boot_delay=10000
kern.ipc.nmbclusters="1000000"
kern.ipc.nmbjumbop="524288"
kern.ipc.nmbjumbo9="524288"
autoboot_delay="3"
hw.hn.vf_transparent="0"
hw.hn.use_if_start="1"
net.link.ifqmaxlen="128"
hw.vtnet.csum_disable="1"I guess I will stick to 2.6.0 for now then...
-
Do you have WAN1 set as the system default gateway?
If you set that to WAN2 does it affect the Limiter behaviour?
That's about the only thing I can imagine that's different between the two WANs. And we did see issues with that in 2.5.X.
-
@stephenw10 I will try that again tomorrow and let you know..
-
@stephenw10
Tried upgrading again from 2.60, still no go.
The weird thing was even when i use ISP1's gateway, as "Default gateway IPv4" in Settings-Routing,
then I try traceroute with source address any, it somehow still uses ISP2's gateway.
The speed from lan degraded like previous attempts. ( upgrading the same vm, then just tried it again right away ).
Went back to backup image of 2.6 now.. ( We even gonna have 3rd ISP coming in, so i really need stability right now, which 2.6.0 can still deliver ). -
@nicknuke said in Flooded log:
The weird thing was even when i use ISP1's gateway, as "Default gateway IPv4" in Settings-Routing,
then I try traceroute with source address any, it somehow still uses ISP2's gateway.Hmm, did you note if it set the WAN1 gateway as the default route correctly?
-
@stephenw10
yes of course :D that why i noticed how weird it was. Also found some other posts here having the same prob with limiter, getting half than assigned bandwidth. -
Is it exactly half? Same value every time?
That feels like something looping twice through the same Limiter. But I'm not sure how that would happening with something on the LAN side.
-
@stephenw10
no, its top speed is half the assigned limit. -
So.... it's not exactly half? Or not consistent? (or both!)
-
@stephenw10
Yes Both. -
So to be clear it is in fact always exactly half the configured speed?
-
@stephenw10
okay, it is half of the configured limit at best...
I set 4 Mb download, it only do 1.75-1.8 at best..
at worst.. it's 0 point something..Took backup of 2.6 -> upgrade to 2.71 = Not OK.
Fresh install 2.71 -> re-create all rules and limiters = Not OK.I'm sure now I have to stay at 2.6
-
Ok just reviewing the thread I'm unsure if you tested setting the default gateway to ISP2. Does that make the Limiter on ISP behave correctly? Does it break the Limiter to ISP1?
That behaviour is very similar to issues we saw on earlier versions when we moved Limiters from ipfw to pf.
-
@stephenw10
Yes what actually bothers me is that it always a problem to ISP2..
This ISP2, the gateway ( NATing ) is debian box, that got me thinking that there might be a problem with the debian gateway box..
But then again, if i remove the limiter to this ISP2 , it's full bandwidth, vlan to debian box, or vlan to internet.
And, no matter what default i set it to, always to this ISP2 that has problem with limiter.
