Pfsense super slow all of a sudden



  • have been enjoying pfsense for about 3 months problem free.

    Today however the internet became very unstable, it would often not load webpages at all, bandwidth tests returned 10kb/s speeds
    msn messenger and stuff would still work, and you could load webpages usually if you were prepared to wait 5 mins, often they would just time out. resetting the firewall brought the speeds back to perfect for about 2 mins then back down to slow.
    does this with 1 or 15 computers connected.
    LAN speeds are normal (movie transfers over lan were going about 12~15mb/second which i never get faster then so thats normal), problem seems isolated to the WAN.

    until i can resolve this issue i have switched back to a crappy DLINK router :( …internet's running fine on the DLINK so the problem is related to the Pfsense box.

    [edit]
    i also tried removing all additional installed packages, and restored default settings to no avail
    [/edit]

    suggestions, comments, feedback, help! all apreciated thanks!
    Kyle



  • Please check the States, cpu, ram usage.  Squid?



  • i'll check thoes things for you, is there something specific i should look for… idid check CPU and ram, CPU was between 0~10% (10% sometimes when transfering movies on the lan and stuff at perfectly normal speeds)
    memory was at 24%



  • Any errors on the Status -> Interfaces page? Anything relevant in the system log?



  • Are you using squid/proxy?



  • not using squid/proxy, and i went back to default settings to try to troubleshoot the problem … so assume the setup is completely default with no extra packages installed, and nothing enabled or setup that isnt on by default



  • Please report back on States, CPU, RAM, and SWAP when it is slow (Status -> System).
    Any additional packages installed?
    Possible duplex setting/error? 
    Did you check the logs stated by cmb?



  • System information
    Name         firewall.local
    Version 1.2-RELEASE      built on Thu Apr 10 21:39:42 EDT 2008
    Platform pfSense
    Uptime         16:43
    State table size   1385/10000
    MBUF Usage 2/390
    CPU usage   0%
    Memory usage  16%
    SWAP usage 0%
    Disk usage   1%

    logs do not show anything that i would consider out of the ordinary
    the interface page shows no errors, no collision
    media: 100baseTX <full-duplex>on both interfaces,  both up and running with the right settings

    LAN speeds are still perfect, webGUI loads instantly…. webpages still brutally slow, downloads (torrents and P2P..etc) still not even close to possible. still running on a cruddy DLINK router until i can get this problem fixed, internet speeds are perfect on the dlink router, or are perfect when directly connected to the cable modem.</full-duplex>



  • What type of WAN connection is it? 
    What NICs are you using in the pfsense box? 
    Have you tried forcing the WAN to 10mb? 
    Are connected devices receiving the same IP info (dns, etc) as when they are plugged into the Dlink? 
    Is that a snapshot after 1.2 (I thought 1.2 was released in February)?



  • Wan connection is cable (eastlink, in Nova scotia…. their connection is usually pretty good, and runs very fast without the PfSense box)
    whats weird is checking the status now that im using this dlink router, i have a completly different WAN IP, after messing around for a bit i found that i got a different IP based on what was connected to my cable modem, the PfSense always got the same, the Dlink always got the same and my laptop always got the same ip but all completly different. which i found weird seeing as its supposed to be static...

    do you think that might be related to the problem and spoofing my mac in PfSense might do some good?

    I'm not sure what version of PfSense this is, i just had the files for 1.2 on my computer and installed it, i have a lot of random shit tho so i cant really say when i dloaded it or if its a snapshot or something.... if the original 1.2 was built in February should i revert back to it?



  • If it is static are you not entering it into your router as a static, or are you just pulling your static (not recommended)?



  • it just gets it DHCP.
    my isp just told me that my IP would never change was assigned staticly …. but they don't seem to know what they are talking about, atleast i never talk to the people who know anything more then i do

    i talked to my ISP today, they ran tests from their end on my cable modem and said they found a problem but they wouldnt really give me specifics they assume i don't know anything.... they are sending me a new modem, i doubt that is really the problem but hey why not if they want to give me a new one ill take it

    in the meantime im going to rebuild my pfsence box (hardware and software) and hope that might resolve the issue



  • Your DLink router is getting an different IP Address than your pfSense. Clear your pfSense WAN IP then find your DLink WAN mac address and spoof it on your pfSense WAN. If this works there is a problem on your ISP's side.

    Other thing I would try is to replace the WAN network interface card.



  • thanks i was going to spoof the address when i get home, ive got a new gigabit card so ill put that to my lan side and switch the lan NIC to my WAN.

    if that doesnt help at all i'll rebuild, and if that doesn't help ive got another computer that i can use… its a little nicer then id like to use as a firewall/router (AM2, 2.6GHZ, 2gigs of ram).... would be overkill for my uses but if it works.
    ill update when i get that done and see how it turns out, i appreciate all the help.



  • i guess i should never have doubted PfSense…. after a few more days of running on my off the shelf router the internet speeds on it hit the floor too, i called my isp again and they couldn't help me said it must be a modem problem or a cable problem or whatever so they sent a tech out to deal with it... i wasn't home when he got here and one of my roomates who doesnt know whats what was here. the tech was only here for 5 mins and said the speeds we are receiving are typical of the service we pay for (15mb)... now its just a normal 15mb cable connection, so we all know my isp is throttling the fuck out of it anyway, but ive spoken with a few other people on the same isp who have had similar problems of after periods of heavy traffic their connections seem to be throttled back to sub dial-up speeds and just stay that way and they have trouble getting the isp to do anything about it ...

    when i got home and was told their tech guy said connection speeds were normal i ran a bandwidth test again, now i used the test provided by my isp and run from their servers, i dont really trust their results and they always appear to be much much faster then any test (even to a server thats very close by ).

    Heres their results:
    Speed Test #51982387 by dslreports.com
    Run: 2008-06-03 18:42:09 EST
    Download: 103 (Kbps)
    Upload: 243 (Kbps)
    In kilobytes per second: 12.6 down 29.7 up
    Tested by server: 31 java
    User: 2 @ dslreports.com
    User's DNS: eastlink.ca
    Compared to the average of 138 tests from eastlink.ca:

    • download is 98% worse, upload is 74% worse

    pretty sure im getting my moneys worth... thanks for all the help everyone from PfSense and from the forums, i guess this isn't really a  problem here anymore since i know where the fault lies



  • @kage:

    have been enjoying pfsense for about 3 months problem free.

    Today however the internet became very unstable, it would often not load webpages at all, ….

    ....

    Just to say that I have noticed the same problem On SOME OF MY INsTALATIONS !!!!



  • Hi! I'm experiencing the same problems, too. To clarify things, the whole story.
    I have been using pfSense for approx. a year. Until July I ran it on VMWare, without any problems at all. Then I decided to build a dedicated system for pfSense.

    At first, it had two crappy Realtek 8139 cards, and it worked somehow, but later I bought two used i82559-based cards (fxp driver). They seemed to work fine, but at some point I started to have problems with my ISP connection (after some time it would be lost, so I had to unplug the cable and plug it back). So I bought another NIC, i82544-based GbE PCI card (em driver), and set it up as LAN, while replacing WAN with the second fxp card.

    Then the new trouble appeared. The download speed is being limited to about 1 Mbps, while upload speed is unrestricted (I have 8.5 megabit symmetric ethernet connection to my ISP). At first, I thought that traffic shaper was configured. And indeed, so was the case. I tried to disable it, but it didn't help. I tried to reinstall pfSense from scratch, but the problem persisted. Then I connected my old Linksys WRT54GL, and download speed became normal. Then I tried to boot pfSense from Live CD, and download speed returned to be about 1 Mbps! So it makes me think that there's a problem with the NIC or its driver, but at the very beginning that card worked fine…

    Can anybody help me find out what the problem is? Or at least, what shall I do next?

    P.S. Sorry for my English...



  • Don't use fxp (intel cards) on versions that use FreeBSD 7 (1.2.1 and higher). There is an issue with the driver when there is an Adaptec SCSI (or perhaps other Adaptec stuff) card in the machine. there is a low level conflict with naming. Hopefully this will be fixed soon. I don't know if this is the case in your system, but well worth looking into.



  • I have same problem,

    I was try to reinstall new version but is working well for 1 or 2 day and after that the speed become too slow. This is really trouble to me any body can give me a help?

    I was check the system but not find any problem

    This is system information

    System information
    Name load.local
    Version 1.2.3-RC2
    built on Wed Aug 12 08:34:03 EDT 2009
    Platform pfSense
    Uptime 2 days, 14:49
    State table size 6390/50000
    Show states
    MBUF Usage 1286 /3465
    CPU usage          3%
    Memory usage 7%
    SWAP usage 0% 
    Disk usage         0%



  • i have same issue, very very slow.



  • @cpliu903:

    i have same issue, very very slow.

    You haven't given us any information to work with. A place to begin would be to complete the sentence "I did … and I saw ... but I expected to see ... " For example, "I pinged my ISP's router from a LAN client and the response time was over 5 seconds but I expected it to be much quicker than that because my ISP link is a 100Mbps fibre link and nothing else was using it at the time."

    I understand its difficult to know what information is significant but after reading the pfSense forums for at least a couple of years I would say its far more common for people reporting problems to provide too little information than for people reporting problems to provide too much information.

    There are many things that could cause the perception of slowness. Giving some information about what you were doing and why you thought it was slow is highly likely to hasten resolution of your problem by helping indicate which area or areas should be investigated.



  • A shot in the dark:  Try editing your /boot/loader.conf file and commenting out the nmbclusters as follows```
    #kern.ipc.nmbclusters="0"



  • Any solution to solved this trouble?
    My problem is the same. Now I try new version 2 Beta 1 but is work well for a few day after that the load balancing working so terrible.
    We have a network around 400 clients, 20 VLANs for them, 5 internet connection and load balancing by Pfsense. I only use load balancing outbound for http service but now i must disable load balancing service.
    In early morning the speed is load very good but late when all staff starting to work at that time the number of connection increase and pfsense starting unstable after few day find solution now i must cancel to use pfsense for load balancing.
    Any idea can held us find good solution in this case?
    Thanks very much.!!!



  • Yeah eastlink.ca seem to come up all the time online for server problems, etc! I think you guys infrastructure is on a faultline…lol



  • @trunglam:

    Any solution to solved this trouble?

    I'm locking this thread because it's been getting hijacked for 2 years, and the initial problem was determined to be an ISP issue (which is almost always the cause of such problems).

    If you have a performance problem, start a new thread and post details (not just "it's slow").


Log in to reply