High ping to firewall - fluke?



  • I just recently had some latency spikes in game, decided to try a trace route, and I noticed something out of place

    1    2 ms    4 ms    1 ms  pfsense.localdomain [192.168.1.1]

    I've never seen this before. Always sub 1ms.

    last pid: 78967;  load averages:  0.12,  0.21,  0.30  up 11+08:04:17    19:14:37
    137 processes: 5 running, 102 sleeping, 30 waiting

    Mem: 13M Active, 164M Inact, 304M Wired, 976K Cache, 1521M Buf, 7347M Free
    Swap:

    PID USERNAME PRI NICE  SIZE    RES STATE  C  TIME    WCPU COMMAND
      11 root    155 ki31    0K    64K CPU3    3 252.0H  98.19% [idle{idle: cpu3}]
      11 root    155 ki31    0K    64K RUN    2 251.8H  97.75% [idle{idle: cpu2}]
      11 root    155 ki31    0K    64K CPU0    0 242.9H  95.75% [idle{idle: cpu0}]
      11 root    155 ki31    0K    64K CPU1    1 251.9H  94.68% [idle{idle: cpu1}]
    76715 root      34    0  219M 33660K piperd  0  0:01  6.79% php-fpm: pool lighty (php-fpm)
      0 root    -92    0    0K  288K -      3  4:58  1.27% [kernel{igb0 que}]
      12 root    -92    -    0K  480K WAIT    2 524:30  0.88% [intr{irq271: igb1:que}]
      12 root    -92    -    0K  480K WAIT    2 430:33  0.68% [intr{irq266: igb0:que}]
      12 root    -92    -    0K  480K WAIT    1 425:25  0.59% [intr{irq265: igb0:que}]
      15 root    -16    -    0K    16K -      1 312:10  0.59% [rand_harvestq]
      12 root    -92    -    0K  480K WAIT    1 521:55  0.39% [intr{irq270: igb1:que}]
      12 root    -92    -    0K  480K WAIT    3 528:28  0.29% [intr{irq272: igb1:que}]
      12 root    -92    -    0K  480K WAIT    0 551:23  0.20% [intr{irq269: igb1:que}]
      12 root    -92    -    0K  480K WAIT    0 419:23  0.10% [intr{irq264: igb0:que}]
      12 root    -60    -    0K  480K WAIT    0 428:10  0.00% [intr{swi4: clock}]
      12 root    -92    -    0K  480K WAIT    3 418:55  0.00% [intr{irq267: igb0:que}]
        5 root    -16    -    0K    16K pftm    1  50:35  0.00% [pf purge]
    28360 root      20    0 87660K 36300K kqread  3  34:09  0.00% /usr/local/sbin/lighttpd -f /var/etc/light

    I plan on rebooting my PC first. I would jump on the wife's comp to see if her's is seeing this also, but she's watching Netflix.

    I don't see any loss, only multi-millisecond lag spikes, which does not explain perceivable in-game latency. In game latency has been fairly regular because of DDOS attacks against the game servers as of recent, so that may be unrelated. Quality graph does not show anything out of the ordinary, average ping is about 1ms-1.1ms.

    I guess what I'm getting after is I think it's my computer, but I find it interesting that I've never noticed rand_harvestq or kernel{igb0 que} before. Kind of a coincidence. Neither PFSense nor my computer have given my trouble before, although I do have a new desktop that is 2 week old with an Intel i210 and Win8.1



  • If you are using 2.2 you should find a few "random harvesting" vars that you can disable/enable.



  • I got one ping running against my wife's computer and one against PFSense and a traffic meter in the background. Most of the times I saw ping spikes against PFSense, I also saw bandwidth spikes. I'll need to revisit my traffic shaper settings as my LAN interface is shaped.

    Wife's comp
    Packets: sent=5282, rcvd=5282, error=0, lost=0 (0.0% loss) in 2640.501038 sec
    RTTs in ms: min/avg/max/dev: 0.172 / 0.422 / 5.792 / 0.340
    Bandwidth in kbytes/sec: sent=0.120, rcvd=0.120

    PFSense
    Packets: sent=5283, rcvd=5283, error=0, lost=0 (0.0% loss) in 2641.001313 sec
    RTTs in ms: min/avg/max/dev: 0.132 / 0.508 / 141.300 / 2.549
    Bandwidth in kbytes/sec: sent=0.120, rcvd=0.120

    Time for bed. Started a ping against my admin VLAN interface, which is not shaped.



  • Yep , figured it out

    first off, here's my admin interface, not that it really matters.

    Packets: sent=67113, rcvd=67113, error=0, lost=0 (0.0% loss) in 33556.000901 sec
    RTTs in ms: min/avg/max/dev: 0.119 / 0.389 / 15.909 / 0.320
    Bandwidth in kbytes/sec: sent=0.120, rcvd=0.120

    In order to shape download traffic correctly, I had to traffic shape LAN egress. While I allow link local traffic to PFSense on LAN, it doesn't have much bandwidth set. Pings that did not make it out my WAN kept getting set to qLink instead of qICMP because of my catch all LAN to LAN. Traffic that actually creates a state on the WAN interface properly gets the desired queue.


Log in to reply