Kitz ADSL Broadband Information
adsl spacer  
Support this site
Home Broadband ISPs Tech Routers Wiki Forum
 
     
   Compare ISP   Rate your ISP
   Glossary   Glossary
 
Please login or register.

Login with username, password and session length
Advanced search  

News:

Pages: 1 2 [3] 4 5 ... 14

Author Topic: High packet loss on Virgin  (Read 10507 times)

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 3832
Re: High packet loss on Virgin
« Reply #30 on: April 18, 2020, 03:16:53 PM »

Thanks John, the one above is for pfSense/SH3 Modem mode, Zyxel/SH3 Modem mode has a different IP so had to set up a new monitor. I did remember I had to enable ICMP on the Zyxel but it took a bit of Googling to find out how to - as shown by the width of the red line below.

Early hours, but things are certainly looking better, which means it looks like it is something to do with pfSense.


Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

PhilipD

  • Reg Member
  • ***
  • Posts: 591
Re: High packet loss on Virgin
« Reply #31 on: April 18, 2020, 04:08:02 PM »

Hi

This is my chart on pfSense but not using VM. So it isn't an issue as such with pfSense, and so pfSense shouldn't be adding any 'colour' to the chart.

Regards

Phil
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 3832
Re: High packet loss on Virgin
« Reply #32 on: April 19, 2020, 11:33:40 AM »

So after 24 hours on the Zyxel VMG8234-B10A and SH3 in modem mode we have the following



This is Friday using pfSense and SH3



This is the previous Sunday with the SH3 in router mode




Last night I watched 2 hours of Netflix (7 - 9pm), the same on the other two charts, strange how last night had no extra latency at that time, also odd why I've constantly got so much yellow on all three setups.

Given the above I've come to the conclusion it's something to do with pfSense, and the minor adjustments I made after Easter did improve things a little.

Still at least they all look better than this one from late January, every day looks pretty much like below right through until just after Easter when I made changes as documented earlier in the thread.



I'm going to switch back to pfSense and do some more fiddling.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6333
Re: High packet loss on Virgin
« Reply #33 on: April 19, 2020, 11:56:08 AM »

Do you have periods of high activity on your network? pfsense has had reports where it handles high network loads badly, but if your connection's mostly idle its a head scratcher, and I am very curious if you find the problem, on what it is.

Possible places to look.

Set powerD to hiadaptive or maximum.

disable hardware TCP segment offload and large receive offload.  If it uses a realtek nic also disable checksum offload.
« Last Edit: April 19, 2020, 12:04:18 PM by Chrysalis »
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

j0hn

  • Kitizen
  • ****
  • Posts: 3155
Re: High packet loss on Virgin
« Reply #34 on: April 19, 2020, 12:01:23 PM »

Quote
also odd why I've constantly got so much yellow on all three setups.

I've never seen the Virgin hub do anything else to be honest.

At least you know the yellow peaks are down to Pfsense.
Logged
BT FTTP 160/30 - BQM - speed test

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 3832
Re: High packet loss on Virgin
« Reply #35 on: April 19, 2020, 12:25:19 PM »

Thanks John, perhaps the yellow low level latency is just a VM thing.

Back on pfSense now.

I've always run pfSense with the whole world pretty much blocked, everywhere except the UK is blocked, unless I'm out of the country then I allow the country I'm visiting as well.

Now pfBlockerNG states:

 "It's also not recommended to block the 'world', instead consider rules to 'Permit' traffic from selected Countries only. Also consider protecting just the specific open WAN ports and it's just as important to protect the outbound LAN traffic."

The above makes total sense, but I could never work out how to just permit the UK rather than block everything else, so have always blocked the world and temporarily allowed any countries I'm visiting, which is not often these days.

I've been using the above approach ever since I've been using pfSense, so I doubt its that causing the issue, and the system certainly doesn't seem stressed with CPU usage around 2-5%
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6333
Re: High packet loss on Virgin
« Reply #36 on: April 19, 2020, 01:27:28 PM »

Ronski if you operate the firewall on a default deny basis (which you really should be doing on your WAN, and is also the default configuration), then you simply create allow rules based on the UK geoip.  The rest is then blocked by the default deny rule.
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 3832
Re: High packet loss on Virgin
« Reply #37 on: April 19, 2020, 01:53:48 PM »

As far as I know the firewall is on a default deny basis, but I do have open ports for access to my server, VPN and a small website.

The logic says I should have a rule that says if the IP is outside the UK IP addresses then drop the packets, but I don't know how do this, and googling just turns up to many results. This is one reason why I like Draytek routers, much easier to find and clearer examples that I can understand.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6333
Re: High packet loss on Virgin
« Reply #38 on: April 19, 2020, 02:00:08 PM »

So basically have the default deny.

In pfblockerng for the geoip list, save it as an alias (alias native).

On the allow rules, for VPN and web server make an allow rule, with the alias as the allowed source. (modify existing rule if you want just adding the alias)

To use the alias, select single host or alias as address type, start typing it out and you should be able to click on it as it will popup.

Here is an example from the destination box, but works same way in source box.
« Last Edit: April 19, 2020, 02:06:54 PM by Chrysalis »
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 3832
Re: High packet loss on Virgin
« Reply #39 on: April 19, 2020, 03:30:24 PM »

Thanks Chrysalis.

So I changed GeoIP to List Action - Alias Native for all the country groups and save it.
A Cron update will be needed to update it.

Then I need to modify the rule as per attached.

But, a couple of questions.

1. In GeoIP I should select just the countries I want to ALLOW
2. In the rule how to I allow multiple countries which are in different groups say UK and America as there only seems the option to enter one alias list?

Thanks for your help - I just don't dabble often enough to get to know my way around.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Chrysalis

  • Content Team
  • Addicted Kitizen
  • *
  • Posts: 6333
Re: High packet loss on Virgin
« Reply #40 on: April 19, 2020, 03:40:46 PM »

only bother making lists for the countries you need also, will reduce load on your unit.

so yes only the countries you want to allow in geoip.

if you want to allow multiple regions, I dont think you can use multiple alias per rule in the gui, so would need multiple allow rules.
Logged
AAISP - Billion 8800NL bridge & PFSense BOX running PFSense 2.4 - ECI Cab - LINE STATISTICS CLICK HERE

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 3832
Re: High packet loss on Virgin
« Reply #41 on: April 19, 2020, 05:30:41 PM »

Thanks Chrysalis, I've made those changes and most of the world appears to be blocked.

But when I select France in my VPN, which gives me an IP address of 84.17.42.21 I can still connect to my website, do the GeoIP lists need updating or is that automatic? There is two other options under France in the VPN and both those are blocked.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

d2d4j

  • Kitizen
  • ****
  • Posts: 1027
Re: High packet loss on Virgin
« Reply #42 on: April 19, 2020, 05:35:59 PM »

Hi ronski

Sorry that ip shows as own in France but used in uk - datacom I think

Many thanks

John
Logged

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 3832
Re: High packet loss on Virgin
« Reply #43 on: April 19, 2020, 05:42:26 PM »

Do you have periods of high activity on your network? pfsense has had reports where it handles high network loads badly, but if your connection's mostly idle its a head scratcher, and I am very curious if you find the problem, on what it is.

Possible places to look.

Set powerD to hiadaptive or maximum.

disable hardware TCP segment offload and large receive offload.  If it uses a realtek nic also disable checksum offload.

I missed this reply earlier.

Powerd was set to adaptive, now changed to hiadaptive
Hardware TCP segment offload and large receive offload are already disabled
They are Intel Nic's

Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D

Ronski

  • Helpful
  • Kitizen
  • *
  • Posts: 3832
Re: High packet loss on Virgin
« Reply #44 on: April 19, 2020, 05:43:54 PM »

Hi ronski

Sorry that ip shows as own in France but used in uk - datacom I think

Many thanks

John

Thanks John, main purpose is to limit who can try and hack my open ports, so has long as most are blocked I'm happy.
Logged
Formerly restrained by ECI and ali,  now surfing along at 390/36  ;D
Pages: 1 2 [3] 4 5 ... 14
 

anything