Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    How to discover what is slowing down the network?

    Scheduled Pinned Locked Moved Firewalling
    2 Posts 2 Posters 4.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • F
      fluca1978
      last edited by

      Hi,
      I'm experiencing a few problems on my network, especially with the traffic that is going out thru a pfsense 1.2.3 with multi-homed load balancer. What happens is that on a few days the network traffic goes very slow, and I cannot figure out what machine(s) and/or what protocols are doing this. Or better, I can see who, which and what is passing thru the pfsense, since I've got extensions like bandwithd, but what I'm seeing is a generic http traffic while I suspect it must be a p2p or something else that is collapsing the network. The LAN is working fine, the pfsense box does not report memory and or state limitations, and both are always under the half threshold. IPSEC traffic is done by another device (asymmetric routing), and my WANs are 3x4Mb/s (symmetric). The strange thing is that on some days the network is going slow, while on other days, with the same amount of traffic as reported by bandwithd, the network works well. This could lead to a problem of the ADSL providers, but I'm not sure, because other factories with the same providers and in the same local facilities are not experiencing problems (ok, this is not a proof that the lines are ok). I've enabled traffic shaping, using the wizard and giving max priority to http and low priority to p2p, but the problem still exists (and the queues never report a borrowed packet, if this means).
      I say that I suspect this is due to p2p because I know some clients use it and when they are turned off the network works well, but this is not a proof since I've got more than 150 clients and I don't know exactly of how many p2p programs are running.
      Is there any tool/tecnhique I can use to discover what is blocking the network and how to fix it?

      Any suggestion will be appreciated.

      1 Reply Last reply Reply Quote 0
      • johnpozJ
        johnpoz LAYER 8 Global Moderator
        last edited by

        Well you could capture the traffic at your pfsense box (under diag) and load that up into say wireshark to see what is going on exactly.

        Or you could turn on netflows, be it pfflowd or install softflowd, and send that to flow collector - prtg or ntop can do this for example.  You could then see who your top talkers are and what specifically the traffic is and where its going vs the generic stuff you get with bandwidthd

        You could also just run for example pftop or iftop to see who your talk talkers are in real time, or install the darkstat package - not sure if runs on 2.0, have not used it since my 1.2.3 days.

        You can even install ntop right on your pfsense box, but sending the flows to a different machine would work just as well.

        An intelligent man is sometimes forced to be drunk to spend time with his fools
        If you get confused: Listen to the Music Play
        Please don't Chat/PM me for help, unless mod related
        SG-4860 24.11 | Lab VMs 2.8, 24.11

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.