I have a similar situation and I solved it with limiters. I'm also a fan of
limiters to ensure fair sharing of uplink bandwidth by internal users. I
haven't tried changing system tunables though, so that solution may be better.
Nothing is sent through the limiter until you create a rule that catches the
traffic and routes it through the limiter, so you're not going to accidentally
slow everything down just by creating a rule.
The behavior you're speaking of sounds like your machine is getting maxed out
by interrupts or some internal bandwidth. Setting up a limiter sounds like a
better solution than pushing the hardware to the point of unrefined behavior.
ED.
> On 2017, Oct 4, at 4:08 AM, Christoph Haas <em...@christoph-haas.de> wrote:
>
> Dear list,
>
> I have become a huge fan of pfSense and managed to replace our old
> routers at work by two nifty Netgate SG-4860 gateways. They work nearly
> perfectly. I just have a few seperate internal VLANs (e.g. for
> administration, monitoring and backup) that give me a headache. Every
> day at the same time(s) there are spikes in traffic (I can see in the
> dashboard) between two VLANs. Traffic goes up to pretty much 800 Mbps
> for 1-2 minutes.
>
> During that time our monitoring system goes wild. High latencies and
> even ping losses. CPU load of the router is shown at around 50%. Once
> the traffic goes below 800 Mbps all is instantly fine again.
>
> I tried to simplify the firewall rules (e.g. let through all the
> traffic) but that did not help. Is there anything I can do? Any hidden
> switches? Anything to find and fix the situation? Traffic shaping for
> ICMP? Unicorn dust?
>
> Thanks in advance for your hints.
>
> …Christoph
> _______________________________________________
> pfSense mailing list
> https://lists.pfsense.org/mailman/listinfo/list
> Support the project with Gold! https://pfsense.org/gold
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
