Re: [pfSense] High-latency when traffic reaches 80% wirespeed

2017-10-05 Thread Ivo Tonev
run "top -SH" to find the top cpu consuming tasks On Thu, Oct 5, 2017 at 8:44 AM, Christoph Haas wrote: > Am Mittwoch, den 04.10.2017, 15:05 -0400 schrieb ED Fochler: > > I have a similar situation and I solved it with limiters. I'm also a > fan of limiters to ensure

Re: [pfSense] High-latency when traffic reaches 80% wirespeed

2017-10-05 Thread Christoph Haas
Am Mittwoch, den 04.10.2017, 15:05 -0400 schrieb ED Fochler: > I have a similar situation and I solved it with limiters.  I'm also a fan of > limiters to ensure fair sharing of uplink bandwidth by internal users.  I > haven't tried changing system tunables though, so that solution may be better.

Re: [pfSense] High-latency when traffic reaches 80% wirespeed

2017-10-05 Thread Christoph Haas
Am Mittwoch, den 04.10.2017, 19:13 + schrieb Steve Yates: > Christoph, if you are using CARP/HA for your two routers, see > https://redmine.pfsense.org/issues/4310 "Limiters + HA results in hangs on > secondary." Not yet but I'll look out to that. Thanks. > Alternatively if the overnight

Re: [pfSense] High-latency when traffic reaches 80% wirespeed

2017-10-04 Thread ED Fochler
I have a similar situation and I solved it with limiters. I'm also a fan of limiters to ensure fair sharing of uplink bandwidth by internal users. I haven't tried changing system tunables though, so that solution may be better. Nothing is sent through the limiter until you create a rule that

Re: [pfSense] High-latency when traffic reaches 80% wirespeed

2017-10-04 Thread Ivo Tonev
You can try rise some "System tunables" net.inet.tcp.recvspace 524288 net.inet.tcp.sendspace 524288 net.raw.recvspace 524288 net.inet.raw.recvspace 524288 net.raw.sendspace 524288 net.inet.raw.maxdgram 524288 net.link.ifqmaxlen 2048 net.inet.tcp.recvbuf_inc 65536 net.inet.udp.recvspace 524288

[pfSense] High-latency when traffic reaches 80% wirespeed

2017-10-04 Thread Christoph Haas
Dear list, I have become a huge fan of pfSense and managed to replace our old routers at work by two nifty Netgate SG-4860 gateways. They work nearly perfectly. I just have a few seperate internal VLANs (e.g. for administration, monitoring and backup) that give me a headache. Every day at the