Crazy Graphs?

burdandrei

Hi, i got SG-8860 1U pfSense Security Gateway Appliance running a standart office network, and everything is cool but it shows 20G througput and millions of packets.
on the graphs trouble started when i enabled vlans. I had Flat network, and changed it to vlans separated.
there are no bridges configured, and to the LAN port i got Ubiquity TOUGHTSwitch connected, that is not showing so high packet rate

vlans.png_thumb

lanpacketsmonth.png_thumb

lanweekpackets.png_thumb

lanweek.png_thumb

weekthroughput.png_thumb
![Screenshot from 2015-09-22 16:51:45.png](/public/imported_attachments/1/Screenshot from 2015-09-22 16:51:45.png)
![Screenshot from 2015-09-22 16:51:45.png_thumb](/public/imported_attachments/1/Screenshot from 2015-09-22 16:51:45.png_thumb)

Harvy66

You could possibly have a network loop. Your firewall has an Intel i350, which has a build in switch where if the destination MAC address from one port is to another MAC of the same network card, it will switch in the network card itself, so the packet doesn't need to go through the GBE interface, and it switches at full PCIe rates, which is VERY fast.

burdandrei

that what i tried to find,
but correct me if i wrong, this should be loop in the firewall itself, right?

cmb

Even a loop within itself shouldn't exceed 1 Gbps in pf's counters. Check the output of 'pfctl -vvsr' to see the counters.

Probably best to open a support case with us, you won't get an incident docked for any software issues which that seems to be. Please attach the status_output.tgz from status.php, so we can see the relevant back end data.

Harvy66

@cmb:

Even a loop within itself shouldn't exceed 1 Gbps in pf's counters. Check the output of 'pfctl -vvsr' to see the counters.

Probably best to open a support case with us, you won't get an incident docked for any software issues which that seems to be. Please attach the status_output.tgz from status.php, so we can see the relevant back end data.

Why wouldn't it exceed 1Gbps?

burdandrei

Thanks @cmd, will do.
i restarted the firewall, and looks like it stopped. I got status tgz before and after, will open the ticket when i'll have more info

cmb

@Harvy66:

Why wouldn't it exceed 1Gbps?

With the nature of how those counters work, it isn't possible to exceed the link speed of the interface if you're getting sane values.

@burdandrei:

Thanks @cmd, will do.
i restarted the firewall, and looks like it stopped. I got status tgz before and after, will open the ticket when i'll have more info

Thanks, curious to see that.

Harvy66

@cmb:

@Harvy66:

Why wouldn't it exceed 1Gbps?

With the nature of how those counters work, it isn't possible to exceed the link speed of the interface if you're getting sane values.

@burdandrei:

Thanks @cmd, will do.
i restarted the firewall, and looks like it stopped. I got status tgz before and after, will open the ticket when i'll have more info

Thanks, curious to see that.

So even if the actual link speed is faster than the reported link speed? It's not a common situation, but this is one of them.