Traffic rate for "lagg0" higher than set maximum 1000 Mbit

josepho

Hi,

I have a pfsense with 2 laggs for the WAN and LAN. Each has two 1Gb NICs. The logs keep complaining about exceeding the bandwidth capacity of lagg0. The log indicates its exceeding 1Gb. However, shouldn't the lagg have a combined throughout of 2000 Mbit?

Traffic rate for "lagg0" higher than set maximum 1000 Mbit (20s->2673868800, r1768530531 t3018653003, 64bit:1), syncing.

stephenw10

Something may have inherited the link speed incorrectly. Something may have been set to 1G, traffic shaping for example.

What packages do you have installed?

Steve

josepho

Hi @stephenw10 , see below.

The real question is, is it really exceeding, or is it a misleading message i can ignore?

stephenw10

If it's an LACP lagg it can carry more than 1G when passing multiple connections.

I would look at ntopng.

What does the actual log entry look like? What process is it shown against?

josepho

@stephenw10 , the process is vnstatd

What should i look for in ntop?

josepho

Hmm, this is interesting. I have two pfsenses in an HA deployment. Based on ntop, the highest talker on the LAN side are the two pfsense. Does this make sense? I guess i should disable pfsync Synchronize Peer IP?

stephenw10

You need pfSync enabled between the nodes if you want to have smooth failovers. That's what syncs states between the firewalls.

What does ntopng show the interface speed as? You can configure the interface speed there.

pfpv

@stephenw10 said in Traffic rate for "lagg0" higher than set maximum 1000 Mbit:

Something may have inherited the link speed incorrectly. Something may have been set to 1G, traffic shaping for example.

While looking for something else I found that I also have similar messages in my syslog. Looking further I found this recommendation for the vnStat package:

"Every NIC is added on install. So if a NIC is added (or removed) on the firewall, remove the package and install again. If the firewall has data for a NIC vnStat will report the data even if the NIC has been removed.
A reinstall of the package will not change this as the firewall has data pertaining to the non existent data and thus other packages such as vnstat2 will report the data it has or has found."

Link: https://docs.netgate.com/pfsense/en/latest/packages/traffic-totals.html

Indeed I changed my hardware and restored the configuration from the old one. Some NICs changed from 1Gb to 10Gb.

However, after removing and installing the package I see this in the log:

Monitoring (10): tun_wg0 (1000 Mbit) pppoe1 (1000 Mbit) pfsync0 (1000 Mbit) pflog0 (1000 Mbit) ix1 (10000 Mbit) ix0 (10000 Mbit) igb1 (10 Mbit) igb0 (10 Mbit) enc0 (1000 Mbit) em0 (1000 Mbit)

And it's incorrect. My pppoe1 sits on ix0 and my fiber speed is 3/3Gbps, so higher than 1000Mbit vnStat thinks. Also igb0 and igb1 are 1000Mbit, not 10Mbit (they are not assigned yet, though).

I suppose the log messages we see are no more than a minor nuisance but is there a way to assign correct interface speeds for vnStat or disable these messages?

stephenw10

Hmm, I'm not aware of any way to change that. There is a conf file in /user/local/etc but it's auto generated so anything did there would be over-written.

pfpv

@stephenw10, can these messages be safely ignored?

stephenw10

Yes, I've never seen that cause a problem.