High ping to firewall - fluke?
-
I just recently had some latency spikes in game, decided to try a trace route, and I noticed something out of place
1 2 ms 4 ms 1 ms pfsense.localdomain [192.168.1.1]
I've never seen this before. Always sub 1ms.
last pid: 78967; load averages: 0.12, 0.21, 0.30 up 11+08:04:17 19:14:37
137 processes: 5 running, 102 sleeping, 30 waitingMem: 13M Active, 164M Inact, 304M Wired, 976K Cache, 1521M Buf, 7347M Free
Swap:PID USERNAME PRI NICE SIZE RES STATE C TIME WCPU COMMAND
11 root 155 ki31 0K 64K CPU3 3 252.0H 98.19% [idle{idle: cpu3}]
11 root 155 ki31 0K 64K RUN 2 251.8H 97.75% [idle{idle: cpu2}]
11 root 155 ki31 0K 64K CPU0 0 242.9H 95.75% [idle{idle: cpu0}]
11 root 155 ki31 0K 64K CPU1 1 251.9H 94.68% [idle{idle: cpu1}]
76715 root 34 0 219M 33660K piperd 0 0:01 6.79% php-fpm: pool lighty (php-fpm)
0 root -92 0 0K 288K - 3 4:58 1.27% [kernel{igb0 que}]
12 root -92 - 0K 480K WAIT 2 524:30 0.88% [intr{irq271: igb1:que}]
12 root -92 - 0K 480K WAIT 2 430:33 0.68% [intr{irq266: igb0:que}]
12 root -92 - 0K 480K WAIT 1 425:25 0.59% [intr{irq265: igb0:que}]
15 root -16 - 0K 16K - 1 312:10 0.59% [rand_harvestq]
12 root -92 - 0K 480K WAIT 1 521:55 0.39% [intr{irq270: igb1:que}]
12 root -92 - 0K 480K WAIT 3 528:28 0.29% [intr{irq272: igb1:que}]
12 root -92 - 0K 480K WAIT 0 551:23 0.20% [intr{irq269: igb1:que}]
12 root -92 - 0K 480K WAIT 0 419:23 0.10% [intr{irq264: igb0:que}]
12 root -60 - 0K 480K WAIT 0 428:10 0.00% [intr{swi4: clock}]
12 root -92 - 0K 480K WAIT 3 418:55 0.00% [intr{irq267: igb0:que}]
5 root -16 - 0K 16K pftm 1 50:35 0.00% [pf purge]
28360 root 20 0 87660K 36300K kqread 3 34:09 0.00% /usr/local/sbin/lighttpd -f /var/etc/lightI plan on rebooting my PC first. I would jump on the wife's comp to see if her's is seeing this also, but she's watching Netflix.
I don't see any loss, only multi-millisecond lag spikes, which does not explain perceivable in-game latency. In game latency has been fairly regular because of DDOS attacks against the game servers as of recent, so that may be unrelated. Quality graph does not show anything out of the ordinary, average ping is about 1ms-1.1ms.
I guess what I'm getting after is I think it's my computer, but I find it interesting that I've never noticed rand_harvestq or kernel{igb0 que} before. Kind of a coincidence. Neither PFSense nor my computer have given my trouble before, although I do have a new desktop that is 2 week old with an Intel i210 and Win8.1
-
If you are using 2.2 you should find a few "random harvesting" vars that you can disable/enable.
-
I got one ping running against my wife's computer and one against PFSense and a traffic meter in the background. Most of the times I saw ping spikes against PFSense, I also saw bandwidth spikes. I'll need to revisit my traffic shaper settings as my LAN interface is shaped.
Wife's comp
Packets: sent=5282, rcvd=5282, error=0, lost=0 (0.0% loss) in 2640.501038 sec
RTTs in ms: min/avg/max/dev: 0.172 / 0.422 / 5.792 / 0.340
Bandwidth in kbytes/sec: sent=0.120, rcvd=0.120PFSense
Packets: sent=5283, rcvd=5283, error=0, lost=0 (0.0% loss) in 2641.001313 sec
RTTs in ms: min/avg/max/dev: 0.132 / 0.508 / 141.300 / 2.549
Bandwidth in kbytes/sec: sent=0.120, rcvd=0.120Time for bed. Started a ping against my admin VLAN interface, which is not shaped.
-
Yep , figured it out
first off, here's my admin interface, not that it really matters.
Packets: sent=67113, rcvd=67113, error=0, lost=0 (0.0% loss) in 33556.000901 sec
RTTs in ms: min/avg/max/dev: 0.119 / 0.389 / 15.909 / 0.320
Bandwidth in kbytes/sec: sent=0.120, rcvd=0.120In order to shape download traffic correctly, I had to traffic shape LAN egress. While I allow link local traffic to PFSense on LAN, it doesn't have much bandwidth set. Pings that did not make it out my WAN kept getting set to qLink instead of qICMP because of my catch all LAN to LAN. Traffic that actually creates a state on the WAN interface properly gets the desired queue.