Trigger Level Settings



  • Under Gateway in Groups in pfsense 2.0 RC1, what do the different trigger levels do? Which is best to use for Multiwan configuration, member down, packet loss, high latency, or packet loss or high latency?

    Please help. Thanks.



  • It is dependet on the situation.

    If you are using a high latency connection over satellite, than it would make less sense to use "high latency".

    Independent which trigger level you use - if the line is down because of an unplugged cable or because of high latency because a network component is overloaded, the LoadBalancing/Failover will work.

    I am using "High Latency or Packetloss" but edited the packet loss limit because I have some very old components in connected to this line.
    The syslog will show you why the line went down. If it is packet loss or latency.



  • Thanks for the reply. With my cable modem connection, I use packet loss or high latency, does that make sense?

    How does "member down" work?



  • bump!


  • Netgate Administrator

    I would also like a brief explanation of the trigger function.
    I understand that setting it to 'member down' would remove the gateway from a group if/when the gateway is marked as down by the system. However it seems that gateways are marked as down only when they exceed the high mark threshold set in system -> routing -> gateways -> advanced.
    See: http://doc.pfsense.org/index.php/Gateway_Settings

    How is that different from setting packet loss or latency directly in the group settings? I guess you don't have to wait for the down time?  :-\

    What are the default values for the high and low thresholds?

    Steve

    Edit: The default values seem to be:
    Latency; warn at 200ms mark down at 500ms
    Packet loss; warn at 10% mark down at 20%

    https://github.com/bsdperimeter/pfsense/blob/master/etc/inc/gwlb.inc

    ## "Down" alarm definition.
    ## This alarm will be fired when target doesn't respond for 30 seconds.
    alarm down "down" {
    time 10s
    }
    

    So the down time is 10s but 'doesn't respond' implies 100% packet loss or 10s latency.   ???



  • You are right, if the packet loss or high latency is to hight, the gateway goes down and this in the same as if you could reach your gateway (member down) bute if you have a line which in general has high latency and packet loss - higher than the defaults - you could edit the low and high water marks.

    Perhaps - but I am not sure - "Member down" does not react on a latency higher than 200ms or a packet loss higher than 20% IF it is possible to reach the gateway but the "Packet loss or high latency" does react on this marks.

    PS: Thanks for telling us the high and low water marks. I think, this explaination is missing in the pfsense webGUI.


  • Netgate Administrator

    There is a contradiction here between the apinger code and the gateway wiki document.
    The code says:

    
    ## "Loss" alarm definition.
    ## This alarm will be fired when packet loss goes over 20%
    ## it will be canceled, when the loss drops below 10%
    alarm loss "loss" {
    percent_low {$a_settings['losslow']}
    percent_high {$a_settings['losshigh']}
    }
    

    but the documentation says:

    @Gateway:

    Using the Settings tab under System > Routing, you can control the thresholds for gateway warnings. You can defined two tiers of values, the low mark is for warnings, and the high mark is when a gateway will be marked down.

    Two different purposes for the high and low thresholds.  :-\

    Steve


Log in to reply