OPNsense Forum

Archive => 17.1 Legacy Series => Topic started by: sidney_v on July 27, 2017, 11:34:59 am

Title: Latency between OPNsense and its gateway
Post by: sidney_v on July 27, 2017, 11:34:59 am

Hello,

I've 9 OPNsense in production and one of them has an issue with its gateway.

This firewall was well working behind another Zyxell firewall (not conventionnal) so I connected it directly to the router with a public IP (I removed the Zyxell and plug its cable into the OPnsense).

When downloading a large file, there is latency / RTT of 600ms

Some tests have been done :
- Update the latest packets for 17.1.9
- Change Speed and duplex from Default to other option matching with router parameters
- Same download directly from console : same problem of latency (so LAN interface is not guilty)
- Same download from another OPNsense : latency is only 100ms

So I think the problem is between router and firewall which have been both rebooted.

I noticed that in the "Interface > [LAN] or [WAN] > Overview" menu there is collisions and Interrupts for both cards

LAN

Code: [Select]

Collisions 2880
Interrupts
irq device         total rate
irq256 igb0:que 0 8
irq257 igb0:que 1 5
irq258 igb0:que 2 4
irq259 igb0:que 3 5
irq260 igb0:link 4 0
WAN

Code: [Select]

Collisions 2313
Interrupts
irq device        total rate
irq261 igb1:que 0 13
irq262 igb1:que 1 6
irq263 igb1:que 2 3
irq264 igb1:que 3 4
irq265 igb1:link 4 0
And another command :

Code: [Select]

root@opnsense:~ # netstat -i
Name    Mtu Network       Address              Ipkts Ierrs Idrop    Opkts Oerrs  Coll
igb0   1500 <Link#1>      00:0d:b9:42:53:dc  1086340     0     0  1399872     0  2878
igb0      - fe80::%igb0/6 fe80::20d:b9ff:fe        0     -     -        2     -     -
igb0      - 10.143.32.0/2 opnsense              3142     -     -    24090     -     -
igb0      - 10.143.35.254 10.143.35.254            0     -     -        0     -     -
igb1   1500 <Link#2>      00:0d:b9:42:53:dd  1935039     0     0  1555826     0  2313
igb1      - fe80::%igb1/6 fe80::20d:b9ff:fe        0     -     -        0     -     -
igb1      - 95.170.8.128/ 130-8-170-95.reve   209464     -     -     8998     -     -
igb2*  1500 <Link#3>      00:0d:b9:42:53:de        0     0     0        0     0     0
enc0*  1536 <Link#4>      enc0                     0     0     0        0     0     0
lo0   16384 <Link#5>      lo0                  39739     0     0    39739     0     0
lo0       - localhost     localhost            31401     -     -    31401     -     -
lo0       - fe80::%lo0/64 fe80::1%lo0              0     -     -        0     -     -
lo0       - your-net      localhost           219127     -     -     8338     -     -
pflog 33160 <Link#6>      pflog0                   0     0     0   308625     0     0
pfsyn  1500 <Link#7>      pfsync0                  0     0     0        0     0     0
ovpnc  1500 <Link#8>      00:bd:c2:29:f7:02   318539     0     0   309332     0     0
ovpnc     - fe80::%ovpnc2 fe80::2bd:c2ff:fe        0     -     -        1     -     -
ovpnc     - 10.143.252.0/ 10.143.252.32         4672     -     -     4523     -     -
Do you have any ideas or suggestions ?

Thanks in advance  :)

Title: Re: Latency between OPNsense and its gateway
Post by: sidney_v on July 31, 2017, 05:00:49 pm

Well,

It seems that our router (LookAccess LA-110) has an incompatibilty with other network cards (speed and duplex not the same on each side).

Unfortunalty, our Deciso appliance seems te be concerned.

I'm trying to change the router and in the same time, implementing traffic shaping in order to limit to 3Mbps a 4Mbps bandwidth save our life (300ms).

Regards