On Wed, May 13, 2009 at 10:58 AM, Scott Ullrich <sullr...@gmail.com> wrote: > On Wed, May 13, 2009 at 11:55 AM, Chris Buechler <c...@pfsense.org> wrote: >> Slowing down considerably when under full load is normal, slowing to >> the point that sites don't load anymore when you're just running a few >> Windows updates is definitely not. Sounds like there's something wrong >> with the T1, or the CPE it's plugged into, whatever has your CSU/DSU. > > Agree 100%. The fact that you can plug any firewall in and duplicate > the problem shows its not firewall related and most likely a circuit > issue. Call your ISP and tell them this.
Consider that the bandwidth chokepoint for this particular use is upstream of you anyway. Inbound traffic is choked BEFORE it crosses the wire - no changes in network infrastructure on your part can fix this. However, with that said, with the traffic shaper you can allow for your important sites to be put into a priority queue such that they always get priority - the only way to handle this is to throttle your connection even further so the smallest chokepoint is actually pfSense, not the link itself. At any rate, I'd suggest looking closer at how the bandwidth on the 3M circuit is allocated - is this a DS3 circuit with a 3M guarantee, or is this two T1s bonded? If the latter, how are they bonded and can you get SNMP stats off the interfaces? My gut tells me that it's bonded and what you are seeing is due to some form of CEF forcing a given route down one pipe only. --Bill --------------------------------------------------------------------- To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
