Christoph, if you are using CARP/HA for your two routers, see
https://redmine.pfsense.org/issues/4310 "Limiters + HA results in hangs on
secondary."
Alternatively if the overnight traffic is due to an rsync, rsync can
limit its own bandwidth also.
--
Steve Yates
ITS, Inc.
-----Original Message-----
From: List [mailto:list-boun...@lists.pfsense.org] On Behalf Of ED Fochler
Sent: Wednesday, October 4, 2017 2:05 PM
To: pfSense Support and Discussion Mailing List <list@lists.pfsense.org>
Subject: Re: [pfSense] High-latency when traffic reaches 80% wirespeed
I have a similar situation and I solved it with limiters. I'm also a fan of
limiters to ensure fair sharing of uplink bandwidth by internal users. I
haven't tried changing system tunables though, so that solution may be better.
Nothing is sent through the limiter until you create a rule that catches the
traffic and routes it through the limiter, so you're not going to accidentally
slow everything down just by creating a rule.
The behavior you're speaking of sounds like your machine is getting maxed out
by interrupts or some internal bandwidth. Setting up a limiter sounds like a
better solution than pushing the hardware to the point of unrefined behavior.
ED.
> On 2017, Oct 4, at 4:08 AM, Christoph Haas <em...@christoph-haas.de> wrote:
>
> Dear list,
>
> I have become a huge fan of pfSense and managed to replace our old
> routers at work by two nifty Netgate SG-4860 gateways. They work nearly
> perfectly. I just have a few seperate internal VLANs (e.g. for
> administration, monitoring and backup) that give me a headache. Every
> day at the same time(s) there are spikes in traffic (I can see in the
> dashboard) between two VLANs. Traffic goes up to pretty much 800 Mbps
> for 1-2 minutes.
>
> During that time our monitoring system goes wild. High latencies and
> even ping losses. CPU load of the router is shown at around 50%. Once
> the traffic goes below 800 Mbps all is instantly fine again.
>
> I tried to simplify the firewall rules (e.g. let through all the
> traffic) but that did not help. Is there anything I can do? Any hidden
> switches? Anything to find and fix the situation? Traffic shaping for
> ICMP? Unicorn dust?
>
> Thanks in advance for your hints.
>
> …Christoph
>
_______________________________________________
pfSense mailing list
https://lists.pfsense.org/mailman/listinfo/list
Support the project with Gold! https://pfsense.org/gold
