On 2017-05-19 08:24 AM, WebDawg wrote: Thanks for your quick answer.
I mean. Your net connection is dripping packets...is your gateway going down?
My external Nagios system saw nothing up to now (it always sees my gateway as up from the outside). But it only checks once every minute and the packet losses that I experience last about 15 seconds. 1/4 chance of seeing it when pooling every minute.
Your ISP should do something...your WAN connection is going down...unless you have a bad VM config.
The firewall has been up for 187 days and we've been using this VM since 2012. However, there is more and more traffic going through the VM as time goes by. This problem happened about 6 times in the past year, but 3 of them were in the past 2 weeks.
pfSense does do SOMETHING when a gateway goes down...do you have failover internet setup? When pfSense marks a connection as down and then back up, some of the things your are describing, I think, are supposed to happen.
Only one WAN.
You can adjust latency settings in the advanced settings of the gateway. You can adjust loss settings too. Some ISP QoS configs I think are known to drop ICMP in favor of higher priority things. In that case it is usually better to do your own QoS.
That is interesting. I'll look into that.
For some reason every T1 I have ever used had latent ICMP when loaded. I tried so many different QoS configs but I could only get it so good.
In our case it's an ethernet link provided on a gigabit GPON. 50 mbps. But I can see that the problem occurs when traffic is at 50 mbps (backups replication) so I lowered the maximum bandwidth for the replication to 43 mbps.
If the IPS's equipement ignores your QoS (and I think that's what they do), if they decide to drop some ICMP messages, what will your own QoS do?
_______________________________________________ pfSense mailing list https://lists.pfsense.org/mailman/listinfo/list Support the project with Gold! https://pfsense.org/gold
