Assimetric Bandwidth usage WAN - LAN



  • Hi!

    I'm dealing with a kind of problem that is new to me.

    We order a 20Mbps link with our local ISP and WAN traffic graph does show that they are delivering.

    As you can see here:

    But, when I go to LAN graph, is not symmetric  with WAN, which leads me to a problem to not know who are using our bandwidth.

    Then I even went to SSH and I tried to see via iftop with this command:

    iftop -m 20m -p -i re1
    

    re1 is our LAN interface

    But not a sign of this kind of traffic…
    Any other options to find out ?

    Thanks


  • Rebel Alliance Developer Netgate

    That would indicate it's the firewall itself using the bandwidth in some way. I'd look at packages you have installed. If you have squid, that is likely the culprit.



  • Will NAT also cause this? I have the same issue that happens when I turn on NAT


  • Rebel Alliance Developer Netgate

    No.



  • @Aburger:

    Will NAT also cause this? I have the same issue that happens when I turn on NAT

    YES, we do use Squid…. how to monitor traffic by IP ? inside Squid ?



  • @jimp:

    No.

    My Squid is doing the same thing, he uses 90mb/s and the lan is using 20 mb/s.
    If I turn squid off… the consume goes down... and normalizes... if I turn it on... goes up again.

    Any tips of what to do?



  • @jimp:

    That would indicate it's the firewall itself using the bandwidth in some way. I'd look at packages you have installed. If you have squid, that is likely the culprit.

    But…. even using Squid, it should show traffic, from firewall (where squid is installed, going out thru the LAN interface) to the cliente.

    Squid is caching content, but, traffic will also be send to the client host? no ?

    This is really weird, unless the firewall itself is using, to make an update or something like that, it should show on traffic LAN interface graph.


  • Rebel Alliance Developer Netgate

    Squid can sometimes pull data back into its cache to revalidate and such without delivering that to clients. The specifics have fallen out of my brain but it's not unusual. Especially if you have squid caching things like windows updates or other large files.



  • Even if I turn off the squid cache?


  • Rebel Alliance Developer Netgate

    That would be a question for the proxy board.



  • With my squid turned off, just the traffic graph, continue showing this strange thing.;



  • You'll need to packet capture on WAN and see what that traffic is. Squid is a good guess where you're running it, but it could be any number of things, including traffic you're not soliciting (like a DoS of some sort).