DNS 8000+ms, troubleshooting help

srytryagn

@s_serra You may be right about that and that (a Loop) would make sense. I have run a packet capture on the lan running the apps. I dont know how to diagnose the loop nor how to troubleshoot it or where to begin. Would you please kindly point me in the right direction.

srytryagn

Simple network topology FYI.

s_serra

@srytryagn

It depends on what the application is doing with the network. Can you tell me what type of application it is and what this application needs from the network? You can set the IP address in each application's packet capture to see what happens in each one.

srytryagn

@s_serra It is a blockchain application so RPC connection, in particular a node (p2p traffic hence the port forward) and a farmer which stores data to a local drive and must prove to the network that it is stored on the drive.

It requires 30333, 30433, 30533 TCP+UDP to be forwarded to the box.

The Node app and Farmer app speak each other on same machine on loopback.

I ran a 1000 data point packet capture on that machine running the apps, but have no clue how to diagnose a loop from what is infront of me.

Could you explain how & what you mean by set IP address in each applications packet capture, doing packcapture in pfsense only allows a machine IP not a specific application ?

s_serra

@srytryagn

Since both applications are running on the same machine, I assume they have the same local IP address running on different ports. Put the local IP address of the machine where the applications are in the packet capture to see what is happening. Do ports 30333, 30433, 30533 need to be exposed to the Internet?

srytryagn

@s_serra I did exactly that, ran packet capture of machine IP address where the apps are running.

Yes 30333, 30433, and 30533 are exposed to the internet, in pure nat point to app machine, with requisite outbound rules applied on wan/NAT.

s_serra

@srytryagn

Check if the applications receive the response from the other peer through packet capture. Have you analyzed the network traffic (Status -> Traffic Graph) on the wan interface and then on the lan?

srytryagn

@s_serra

1. Traffic graph yes, hardly any bandwidth used peak 25Mb/s and can see peers.
2. Packet capture just shows a bunch of:
   | TIME | IP:PORT | > | IP:PORT |

From the above two diagnostics you asked me to look at I do not understand how to interpret if there is a loop or what the cause of my issue is.

Would you please let me know how to proceed, what to analyze/repair ?

s_serra

@srytryagn

Through | TEAM | IP:PORT | > | IP:PORT |
you can analyze whether packets are leaving and the response to that packet is being received from abroad.

Check the ping response time on the wan gateway.

johnpoz

@srytryagn said in DNS 8000+ms, troubleshooting help:

in pure nat point to app machine

what do you mean pure nat? You mean they are using nat reflection to talk to each other?

srytryagn

@johnpoz NAT port forward has option for nat reflection set to pure nat.

nat reflection { pure nat, disable, default, pure nat + proxy}

srytryagn

@s_serra The report shows Time, IP:Port, arrow, and IP:Port, there is no information about when packets are being received from abroad.

s_serra

@srytryagn

This depends on how the application will work over the network. For example an ICMP packet (a ping) a common use is to send a request and receive a response. Now you have to analyze whether your blockchain is supposed to be receiving data from abroad or not.

srytryagn

@s_serra I appreciate your trying to help me but I absolutely do not understand.

johnpoz

@srytryagn said in DNS 8000+ms, troubleshooting help:

option for nat reflection set to pure nat.

But are you actually using nat reflection.. There is zero point to setting up nat reflection unless your actually using it.. Do these devices talk to each other, via your public IP and have to be reflected back in.. If they send a lot of traffic that is going to be horrible setup.

Your latency while using the apps points to some sort of network issue, buffer bloat sort of thing.. In your drawing you show another network.. When you turn on your devices or miners or whatever they are - does a machine on network 2 have issues with ping times to say 8.8.8.8.. or just from these devices on network 1 per your drawing.

BTW - I take it you mean switch not hub.. Hubs haven't even really been a thing in what 20 some years..

johnpoz

@srytryagn said in DNS 8000+ms, troubleshooting help:

added some DNS alternatives

That is not the default setup then.. Unless you setup dns forwarding in dns, stuff you add in there would only be used by pfsense itself.. if your local dns was down, etc. Its pretty pointless.. You either want to forward or you don't if your wanting to just resolve, having anything other for dns is pointless and doesn't get you really anything.. If your not forwarding your clients are not going to resolve if dns is down or broken on unbound.. Having other dns that pfsense could use would only allow pfsense to check for updates, etc. since that is really the only use it has for dns.. Or if you wanted to resolve some IP in your firewall logs.

srytryagn

@johnpoz
-For Pure nat, I suppose if AppA and AppB talk on Loopback, on a single machine, there is no need for reflection. Shall I disable reflection in my NAT port forward setting?

-Un-managed switch I mean, called it a hub incorrectly.

-Yes, both Network 1 and Network 2 experience that sever latency/non-web browsing when Both AppA and AppB are on. AppA causes no issues.

{ off topic, but as an aside from this purely network based thread, it is not a miner it is a consensus node (AppA) and a proof of space time node (AppB) hold data and prove you did to the network }

srytryagn

@johnpoz Could that be the source of my issues? if it is then BIG thx in advance. How shall I configure DNS in pfSense to test if it solves my issue?

johnpoz

@srytryagn said in DNS 8000+ms, troubleshooting help:

How shall I configure DNS in pfSense

Nothing - it works out of the box resolving.. There is nothing really to do with dns on pfsense. It resolves, it caches.. There are some tweaks you could do if like serve zero, set a min ttl, setup qname min, sort of things. But really out of the box is really all you should have to do.. I tweak mine a bit, but then again I have been working with dns since there has been dns.. Your typical users shouldn't have to touch anything and it should work.

but your latency is more than dns, but once something is cached - makes no matter if stuff takes a while because your line is saturated..

As you saw in your google test, you still got good response time, 0 from unbound.. And even talking to 1.1.1.1 was only 18ms..

You need to figure out what is causing say the query to 67.69.235.1 to be 266 ms vs 7 ms.. That points to your network being bogged down.. I am curious where your at that you get 2 ms and 4 ms from 1.1.1.1 and 8.8.8.8 to be honest.. Those are insane low..

I would have to assume your on some sort of fiber connection? Ping time of 2 or 3 ms to google is pretty freaking good.. So either your bogging down your actual internet, or pfsense is working hard and not showing it in the cpu?

I would like to see a sniff on your lan for when you try these tests to see what is actually happening.. Maybe your network is just flooded with something??

stephenw10

Yeah this 'feels' like there must be a massive amount of traffic on the LAN for some reason. Do you see the load on pfSense increase significantly?