Netgate SG-1000 microFirewall

Author Topic: *RANT* Why pfsense is popular  (Read 1353 times)

droberts9070 and 1 Guest are viewing this topic.

Offline edseitzinger

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: *RANT* Why pfsense is popular
« Reply #45 on: December 25, 2017, 11:37:55 am »
Quote
And sticking a managed switch in the front of pfsense box does NOT remove that variable, just highlights the fact pfsense may not be processing the switch properly.

A packet capture can quickly determine if those bits are set on your traffic.

From the few help sections I have read there are a couple of ways to do it in pfsense, is there a method you would prefer to see?

Offline Derelict

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 9606
  • Karma: +1090/-309
    • View Profile
Re: *RANT* Why pfsense is popular
« Reply #46 on: December 25, 2017, 12:22:12 pm »
Diagnostics > Packet Capture

WAN

Generate some traffic.

See if the proper priority is set.

If so, call google. If not, open a bug report.
Las Vegas, Nevada, USA
Use this diagram to describe your issue.
The pfSense Book is now available for just $24.70!
Do Not PM For Help! NO_WAN_EGRESSTM

Offline Harvy66

  • Hero Member
  • *****
  • Posts: 2288
  • Karma: +210/-12
    • View Profile
Re: *RANT* Why pfsense is popular
« Reply #47 on: December 25, 2017, 01:07:54 pm »
https://flyovercountry.org/2014/02/google-fiber-gigabit-speeds-your-router-part-1-vlans/

Looks like those guys have done most of your research for you.

pfSense can NOT set DSCP bits. It can only match on them. You will likely need to do that in a switch between your fiber and the WAN interface as outlined in that blog.

Your RANT against pfSense is misplaced.

ETA:

You might be able to get closer tagging VLAN 2 with VLAN Priority 3 set. https://forum.pfsense.org/index.php?topic=71806.msg619859#msg619859

I think what he's getting at is he's ranting about the situation and seeing if someone may have some ideas, not so much him being critical.

Offline edseitzinger

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: *RANT* Why pfsense is popular
« Reply #48 on: December 25, 2017, 01:22:11 pm »
https://flyovercountry.org/2014/02/google-fiber-gigabit-speeds-your-router-part-1-vlans/

Looks like those guys have done most of your research for you.

pfSense can NOT set DSCP bits. It can only match on them. You will likely need to do that in a switch between your fiber and the WAN interface as outlined in that blog.

Your RANT against pfSense is misplaced.

ETA:

You might be able to get closer tagging VLAN 2 with VLAN Priority 3 set. https://forum.pfsense.org/index.php?topic=71806.msg619859#msg619859

I think what he's getting at is he's ranting about the situation and seeing if someone may have some ideas, not so much him being critical.

Thank you Harvey for undestanding

Offline Harvy66

  • Hero Member
  • *****
  • Posts: 2288
  • Karma: +210/-12
    • View Profile
Re: *RANT* Why pfsense is popular
« Reply #49 on: December 25, 2017, 01:32:48 pm »
I suddenly remembered that WoW measures latency as an aggregate sliding window and the RTT is measured as the time it takes to get a response over TCP. This is a high level "ping". I've seen it report as high as 9,000ms latency, when I knew I had maybe 100ms, but high packet loss. Your latency spikes may not actually be delayed packets, but dropped packets and TCP taking time to resend.

Are you doing any traffic shaping? I ask because pfSense defaults to 50 packet queues when you enable shaping, and 50 may be too small and may cause lost packets under certain loads.

Offline pfSense4ME

  • Newbie
  • *
  • Posts: 8
  • Karma: +2/-2
    • View Profile
Re: *RANT* Why pfsense is popular
« Reply #50 on: December 25, 2017, 07:45:26 pm »
*deleted because of personal insults*
« Last Edit: December 26, 2017, 04:12:16 am by GruensFroeschli »

Offline jwt

  • Administrator
  • Sr. Member
  • *****
  • Posts: 367
  • Karma: +102/-32
    • View Profile
Re: *RANT* Why pfsense is popular
« Reply #51 on: December 26, 2017, 12:47:49 am »
Please back off the hostility and profanity.

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14842
  • Karma: +1377/-202
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: *RANT* Why pfsense is popular
« Reply #52 on: December 26, 2017, 04:05:18 am »
"Holy hell I simply used the same commands that where provided in the examples you all posted in the forum, nothing more nothing less."

I understand that - but you have to run them at the same time ;)  Open 2 ssh sessions to pfsense, and run the commands at the same time.. Then ping 8.8.8.8 from a client behind pfsense..

Are you using 8.8.8.8 as a monitor IP for one of your gateways?

If you provide the actual sniff we can see if any dscp is set.. But from the info linked to.. if your not setting dscp then your upload is limited to 10mbps.. Or in other terms watching paint dry.. So yeah if anything else is going on at the time your playing games.. Your upload pipe could get full and latency increase..

You need to set the dscp that your isp requires if you want to remove your isp device.. This has ZERO to do with pfsense.. And no p1 is not because they f'd up 2.4.2.. Such a statement really is not something that will help you get help with your problem..   Is sp1 because they f'd up windows 7? what about sp2 is that because they 'f''d up 7 and sp1 release?
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4984
  • Karma: +199/-43
  • Debugging...
    • View Profile
Re: *RANT* Why pfsense is popular
« Reply #53 on: December 26, 2017, 08:40:21 am »
I would let this guy figure it out himself (or not). 

Offline johnpoz

  • Hero Member
  • *****
  • Posts: 14842
  • Karma: +1377/-202
  • Not a pfSense employee, they cannot fire me...
    • View Profile
Re: *RANT* Why pfsense is popular
« Reply #54 on: December 26, 2017, 09:21:09 am »
That is one option.. More worried about the next guy coming across the forum and thinking there is something actually wrong, etc.  Google for shit and taking shit out of context and next thing you know FUD starts popping up that pfsense is adding 300ms latency, etc.

From that article linked to, which is a bit dated says that upload would be limited to 10mbps.. I would assume that would be easy to see in speedtest, which also something else he never posted just saying it was fine, etc.  If I had GF and the upload was not freaking close to gig I would be pretty disappointed ;)

Funny how somehow he is fine with it now at 78ms latency in the game... But how that can change whenever and think its pfsense fault if working fine now, and then doesn't etc.. If working now, and not working later then something is happening at that later time.. Like maybe his upload pipe getting full because no dscp settings and GF is throttling him, etc.
- An intelligent man is sometimes forced to be drunk to spend time with his fools.
- Please don't PM me for personal help
- if you want to say thanks applaud or https://www.freebsdfoundation.org/donate/
1x SG-2440 2.4.2-RELEASE-p1 (work)
1x SG-4860 2.4.2-RELEASE-p1 (home)

Offline kejianshi

  • Hero Member
  • *****
  • Posts: 4984
  • Karma: +199/-43
  • Debugging...
    • View Profile
Re: *RANT* Why pfsense is popular
« Reply #55 on: December 26, 2017, 09:38:42 am »
I can pretty much promise you this guy isn't here for help.  He is here to make a fuss and amuse himself.  Evey one who matters knows pfsense doesn't add latency like that. 

Offline edseitzinger

  • Jr. Member
  • **
  • Posts: 26
  • Karma: +0/-0
    • View Profile
Re: *RANT* Why pfsense is popular
« Reply #56 on: January 03, 2018, 02:09:02 pm »
@ kejianshi You are a special kind of stupid. Its morons like you that turn ppl off to new ideas you are nothing more than a troll in the truest sense of the word.

Sorry but I took time off for the holidays and got it resolved, though I have no idea how.

I decided to try and remove one of the 2 final variables. Since I could not try another software option due to GFiber requirements, I decided to get cable internet. Long story short, Once I configured the pfsense router for dual wan and had cable as my primary and GF as the failover, my latency was stable at 70-80 ms. I then switched the roles of primary and secondary wan and latency stayed stable at 70-80 ms. I just disconnected the the cable connection and rebooted the router and still has stable 70-80 ms latency. So whatever happened in setting up the dual WAN interfaces fixed the issue, going on 7 days straight.

My Setup:

A10-8750K
8gb DDR3 ram
60gb ssd
4 port GB intel nic ( 5GB ports total)
LGS 318P

dual port LAG between the router and switch
Dual WAN with failover (doubt I could saturate the GF connection to the point that pfsense would load balance anyway)


As a side note to anyone find this forum posting. I see nothing wrong with pfsense or Google Fiber, its was a strange combination between pfsense + GFiber +WOW that was the issue. Still not sure what fixed it, but it works just fine. Too my knowledge none of the ppl replying to this have GFiber and thus don't have all the information noe the setup to test anything. Cable networking and Fiber networking are different. With cable the modem you use its basically in bridge mode and all you have to do is connect a cheap consumer wireless router and off you go. You can't do that with Fiber you have to use the supplied network box of find a solution to replicate the require WAN protocols. Most of the replies were helpful, and you can see who the moron(s) were.


Offline KOM

  • Hero Member
  • *****
  • Posts: 5512
  • Karma: +681/-23
    • View Profile
Re: *RANT* Why pfsense is popular
« Reply #57 on: January 03, 2018, 02:41:51 pm »
You would probably get more eyes on your problem if you would have posted it in one of the many support forums instead of this General Discussion forum.  Just state your problem and people will try to help.  If you start off by negging pfSense to try and shame people into helping you in order to defend pfSense's honour, you're going to get some salty replies.

Offline ivor

  • Administrator
  • Hero Member
  • *****
  • Posts: 690
  • Karma: +143/-131
    • View Profile
    • Netgate
Re: *RANT* Why pfsense is popular
« Reply #58 on: January 03, 2018, 02:55:51 pm »
Thread locked, OP is welcome to look for help elsewhere.
Need help fast? Commercial support: https://www.netgate.com/support/