Intra VLAN performance issues when WAN has issues

Started by cyrus104, November 13, 2020, 03:12:10 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 13, 2020, 03:12:10 PM
I'll start by saying that my internet has high latency of around 150ms or more and that the ISP will randomly have slow downs and high packet loss. I have been able to verify this shouldn't be my opnsense setup by using the router provided by the ISP to test with.

My OPNsense hardware is running on an AMD Epyc 3000, 32gb ram, nvme drive, 1GBe interface to ISP ONT, and a 10GBe network to my 10GBe switch. I know it's overkill but the small machine was meant for something else that I never got around to doing.

My OPNsense configuration, has 3-4 VLANs for management, users, guests, iot like things and the OPNsense does the routing.

Normally this setup works pretty well without issues but when my ISP drops packets or it's connection, all of my intraVLAN traffic suffers. I was using Plex from one VLAN to another (waiting on another interface card for Plex server to avoid this) and it wouldn't play because of how much buffer it had to do. I did a couple of tests like manually down the WAN interface and unplug the WAN interface, both of these "fixed" the internal network issues and Plex streamed across the router without an issue. I have the same issue with SMB shares dropping connections if I am trying to transfer a file.

I wanted to see if anyone had some thoughts or ideas to help me troubleshoot.

Thanks
November 26, 2020, 03:46:02 AM #1
Any thoughts on this?
November 26, 2020, 11:03:06 PM #2
I'm sorry I have nothing solid to contribute, but it sounds like an issue with how the gateways between VLANs are set up. Personally, I never wrapped my head around the gateway config in opnsence, so I'm hoping seeing responses to this thread can shed some light on how the gateways work.
ProtectLi FW6 | Intel i3-7100U CPU @ 2.40GHz (4 cores) | 8GB RAM | 120GB SSD
Prod Release Train.
November 30, 2020, 02:46:52 PM #3
Yeah, I'm a little confused by this as well.

I'm having a really difficult time right now and might look at doing a double router solution to avoid the internal VLANs from being disrupted. I got a few tips from the pfsense forums but none of them were the exact problem I'm having.

I have a very poor WAN connection and it keeps dropping / super high packet drop or latency spikes and during the time the WAN is coming back up I loose all intraVLAN traffic. The main 2 rules I have are for the VLANs to talk, I used aliases with the internal address of each VLAN, gateway is * (I think is default). The second rule is an inverse of anything in the above alias which routes it out to the WAN gateway.
March 22, 2021, 07:21:17 PM #4 Last Edit: March 22, 2021, 07:59:51 PM by errored out
I am also running into this issue.  However, I am using OpenVPN and the connections on this FW are clients, not Servers. 

Looks like there is are existing threads on this, but last post was from 2020. 
https://forum.opnsense.org/index.php?topic=20045.0 

Additional information, but no responses.
https://forum.opnsense.org/index.php?topic=21533
https://forum.opnsense.org/index.php?topic=15818.0
Print
Go Up Pages1
User actions