Is there a bug log for the snapshots?
-
I'm currently using 2.1-BETA0 (amd64)
built on Sun Oct 7 22:17:19 EDT 2012and my users on my network are seeing a lot of issues where they are constantly having to refresh webpages to get them to fully load. However at night when I try to duplicate the problem the internet works fine for me.
The setup is a WAN WAN round robin with 1 LAN using a cable and dsl connection.
I'm thinking about switching out both adapters cause one of them was causing a kernel: dc0: TX underrun – increasing TX threshold error.
and rebuilding the box with the 2.0.2 build just in case there is some kind of beta issue. Anybody heard of anything similar? I have the WAN's setup in a tier 1 group using trigger level packet loss AND high latency. Cable has a weight of 5 and DSL has a weight of 1. The DSL is mainly meant to be there for the exchange server portion of our internet needs and the cable internet is meant to be for everything else.
-
It does sound like it could be a load balancing problem. Perhaps something that only shows up when you have many connections during high usage. Some websites just don't play nicely with load balancing, I have a list that get routed via a single WAN by a policy based route to avaoid some problems.
If you intend to use the WANs separately anyway, or don't mind doing that, you could just put in a policy based rule to make sure all web traffic goes via your cable connection for example.However as you say you are on an old snapshot, it's possible this has been solved already if it was in fact a bug. If it was it should be in redmine:
http://redmine.pfsense.org/projects/pfsense/issues?set_filter=1&tracker_id=1Steve
-
It does sound like it could be a load balancing problem. Perhaps something that only shows up when you have many connections during high usage. Some websites just don't play nicely with load balancing, I have a list that get routed via a single WAN by a policy based route to avaoid some problems.
If you intend to use the WANs separately anyway, or don't mind doing that, you could just put in a policy based rule to make sure all web traffic goes via your cable connection for example.However as you say you are on an old snapshot, it's possible this has been solved already if it was in fact a bug. If it was it should be in redmine:
http://redmine.pfsense.org/projects/pfsense/issues?set_filter=1&tracker_id=1Steve
Can you show me this policy your talking about?
Only websites I'm familiar with that don't play well with load balancing are SSL related and require some sort of VPN connection. Dealerships have this issue in particular. I use a firewall rule to forward all 443 traffic going out thru 1 specific connection for that.
I've currently put 2.0.2 on there and I've noticed that the interface hangs horribly if you somehow get stuck in a php script. I'm having to reboot the box to get the interface to start working again :/
-
Policy based routing is simply the term used for routing particular traffic based on certain conditions. So your rule that sends all traffic with destination port 443 via a single WAN is a 'policy based route'.
There are definitely fewer and fewer sites that have a problem with traffic coming from multiple source addresses but I do still occasionally find one. Any large modern website will be served from many places so it could be that one of those is not playing nicely and hence websites are not completely loading. That's pretty speculative though. ;)Another common reason for websites partially loading or seeming unreliable is if you have an MTU issue.
I've currently put 2.0.2 on there and I've noticed that the interface hangs horribly if you somehow get stuck in a php script. I'm having to reboot the box to get the interface to start working again :/
If you manage to some how lock up php then yes that can happen. It shouldn't be possible though by just using it. It can be done if you run a command via the gui 'execute shell command' page that doesn't ever finish. However it isn't usually necessary to reboot the box. If you can still SSH in you can try either restarting the webgui or by issuing a 'killall php' and then restarting the webgui.
Steve
-
Policy based routing is simply the term used for routing particular traffic based on certain conditions. So your rule that sends all traffic with destination port 443 via a single WAN is a 'policy based route'.
There are definitely fewer and fewer sites that have a problem with traffic coming from multiple source addresses but I do still occasionally find one. Any large modern website will be served from many places so it could be that one of those is not playing nicely and hence websites are not completely loading. That's pretty speculative though. ;)Another common reason for websites partially loading or seeming unreliable is if you have an MTU issue.
I've currently put 2.0.2 on there and I've noticed that the interface hangs horribly if you somehow get stuck in a php script. I'm having to reboot the box to get the interface to start working again :/
If you manage to some how lock up php then yes that can happen. It shouldn't be possible though by just using it. It can be done if you run a command via the gui 'execute shell command' page that doesn't ever finish. However it isn't usually necessary to reboot the box. If you can still SSH in you can try either restarting the webgui or by issuing a 'killall php' and then restarting the webgui.
Steve
If I policy all internet traffic port 80 and 443 to go thru 1 gateway, that kind of negates the point of having a round robin connection. :/ I completely replaced the entire box with all new hardware and a new version of pfsense (newest beta) and the people on the network are still complaining of slowness. I remoted in and went to several websites and it was blazing fast to me. One thing I noticed is that the emblem on the tabs will show it's busy trying to get more page content and that seemed to take a while for some odd reason so I'm thinking that is the slowness they are trying to describe to me. How can I fix that?
-
If I policy all internet traffic port 80 and 443 to go thru 1 gateway, that kind of negates the point of having a round robin connection. :/
Yes. However you said:
@elementalwindx:The DSL is mainly meant to be there for the exchange server portion of our internet needs and the cable internet is meant to be for everything else.
So I suggested that could achieve that without load balancing.
Have you enabled 'sticky connections'? That can work around websites that don't play nicely.
If you did policy route all web traffic via a single WAN that would at least confirm whether or not the load balancing is causing the problem. From your description it could simply be that the site(s) have some slow loading adverts. :-\ I don't know what you could do about that, I guess you could block the ads.
Are you in fact blocking anything like that? If not setup to serve some alternative some browsers will wait for a long time trying to load blocked content.Steve