2013/8/13 Sandeep A.S <sani...@gmail.com> > Hi Michael, > > Please find the below details: > > I have pfsense box deployed for 3-4 customers, where with one particular > ISP , Airtel I face high latency and packet loss with pfsense > systems. More exactly with > either linux or windows systems I am getting 7ms and 0 % packet loss > to the gateway. > But with pfsense It goes between 80ms to 700ms and packet loss of > nearly 20-40%. > > I have tried with D-Link 520TX card and Intel Pro 1000mbps dual > port card. Both the > cards are giving similar issue. This is not only in one place but most > of the customers who > use Airtel Leased line or DSL line but not all the places. One more > information is that Airtel provides leased line or DSL over the > copper line in India. I am not facing this issue with other providers. > As it works fine with both Linux and windows systems I am not able to > ask them to make any changes at their side. > > So far I have made the following changes. > > 1. Tried with both Intel and D-link cards . Also tried with multiple > cables. > 2. Tried with all duplexing option. I had to come back to 100mbps UTP > full Duplex to work > to this level. > 3. From the command line tried with 1420 MTU. > 4. Tried disabling/enabling hardware checksum offload > 5. Tried disabling/enabling TCP segmentation offload > 6. Tried upgrading the pfsense from 2.0.2 to 2.1.rc1 snapshot. > > All these trials were failure. Please let me know whether I can try > any other options ? > > Thanks for the support. > Sandeep > > > Hi Sandeep,
if you write packet loss and the reported round-trip times i guess you used ping? if you use traceroute to figure that, keep in mind that traceroute uses a combination of icmp and udp packats and that the udp packets might get blocked. either by your firewall or by the gateway. i cannot say much to it, cause i do not know much about the ways how you tested. so i can only speak out few basic recommendations. test at first with the simplest setup that you can use. if you think the pfsense-OS would be the source you can test with a FreeBSD based live System like mfsbsd or one of the installation media that contains also this possibility. for testing the carp configuration keep in mind that you have to send out the packets from that interface and with that IP. http://www.freebsd.org/cgi/man.cgi?query=ping&apropos=0&sektion=8&manpath=FreeBSD+8.0-RELEASE&arch=default&format=html setup as first one system and test this without the second system. if the first system is working correctly, put the second in game and test again. further its good to keep an eye on the pflog0 for blocked traffic. so you can see if the packet loss is caused by the firewall itself. much more can't get saied, based on that small amount of informations we have from your answer. i have made not the best experiences with DLINK cards. with other words much VIA (also rhine) chipsets contain errors. VIA-Rhine is ugly, for my taste. OTOH the INTEL cards should do well. imself use whenever possible INTEL Nics. hth greetings m. = = = http://michael-schuh.net/ = = = Projektmanagement - IT-Consulting - Professional Services IT Rev. Michael Schuh<http://dudeism.com/ordcertificate?ordname=Michael+Schuh&orddate=05/20/2012> *Ordained Dudeist Priest <http://dudeism.com/>* Postfach 10 21 52 66021 Saarbrücken phone: 0681/8319664 @: m i c h a e l . s c h u h @ g m a i l . c o m = = = Ust-ID: DE251072318 = = =
_______________________________________________ List mailing list List@lists.pfsense.org http://lists.pfsense.org/mailman/listinfo/list
