CP per use bandwidth breaks downloads

eri-- · Jul 28, 2011, 9:26 PM

At the speeds you show there surely it will give your issues :)

anotherUser · Jul 29, 2011, 12:15 AM

I wouldn't think that speed limiting alone would cause it. These speeds are actually a little faster than an MS Threat Management Gateway install I have at another site and these issues are not happening there.

It's a real shame as this is for site wide public WiFi so I obviously can't allow unlimited internet speed. I would expect it to be used mostly for general browsing but if someone wanted to wait five minutes to watch a 20 second movie that would be fine.

I went to the google speed test page (http://www.youtube.com/my_speed#) and it showed that it was downloading as I would expect at 100 kbps, then after around one minute of download time it simply stopped downloading. The same behaviour is exhibited in IE and Firefox using the latest flash player. Vimeo also does the same thing.

Downloading a large file in IE also fails. It will run at 15 kB/s as expected then falls over at around the 2 minute mark with less than 2MB downloaded. The download manager in Firefox seems to keep the download going.

Edit: Firefox also fails

eri-- · Jul 29, 2011, 7:13 AM

Can you get a packet dump on this interface to see what is the issue?

anotherUser · Aug 2, 2011, 2:53 AM

Ok, here are the captures from the end of the conversation when a youtube video died. (both .pcap files renamed to .txt)

I am trying to remember network protocols and services 101! Do I need another capture client-LAN in order to get enough info? Does this give anyone any clues?

WAN.txt
Client.txt

Metu69salemi · Aug 2, 2011, 5:24 AM

Firewall is between networks so it has allready enough information in usual cases

anotherUser · Aug 2, 2011, 7:36 AM

If I do a capture on the WAN interface when NOT using the speed limiter, there are no TCP Zero Window packets, just the occasional ACK error and TCP window update packet. When using the speed limiter there are quite a few Zero Window packets and when the videos fail the connection is in this state, often seemingly waiting on a keep alive packet.

Once again, my knowledge is not very good with this level of protocol examination, so much of that is just speculation…

Updated to the latest snaps today.

eri-- · Aug 2, 2011, 8:04 AM

It seems that pcaps are not good.
Can you do again.

Btw do you have any kind of proxy installed? Squid?

Also i need the capture on the LAN side as well.

anotherUser · Aug 2, 2011, 9:48 AM

Thank you for looking. I am not sure what happened with the pcaps failing. This time the pcaps are in a .zip file, renamed to txt.

Yes - I am using squid with squid guard in transparent mode.

EDIT - That upload seems to have failed as well. I have added to megaupload - http://www.megaupload.com/?d=JIMAZBM0

captures.txt

anotherUser · Aug 3, 2011, 5:23 AM

Update:

This error is not related to captive portal speed limiting. Today,thinking the rl0 driver may be causing problems, I created a new install on new hardware, this time using AMD64. I tested at every step and found that the limiter works fine until squid is installed, and then the errors occur. If the client IP bypasses squid it will still work, so it is the squid package that is causing the issue.

Packet captures reveal that when a client is using squid the WAN link starts to get TCP Zero Window problems. I will start a new thread in the Packages forum with these findings.

New thread: http://forum.pfsense.org/index.php/topic,39554.0.html

Mogli · Aug 4, 2011, 7:45 PM

Having the same problems on pfSense 2.0 RC3 (using the pfSense-2.0-RC3-1g-i386-20110621-1821-nanobsd.img.gz Image).

Per-user-bandwith restriction set to 200kbit/s.
Captive portal is loading, I login using username and password, it authenticates me (listed on status page), redirect times out. No site is loading.

restriction is turned off:
Redirect works like a charm.

I'm not using squid, so I don't think it's the problem here.