Just relatively recently I've started noticing poor performance when watching Netflix on my TV. The movie would start playing, and then all of the sudden I'd get an error message that the "content requested can't be played at this time, try again later", restarting the movie works fine, but same message appears after some time. The quality of the videos seem to be also suffering, although it would play in 1080p, you could see video encoding artifacts from time to time (e.g. color blocks, etc.)
Today I noticed that browsing the web, while Netflix streaming on TV, is also lagging. Most of the sites would load, but with big lag, occasionally a site wouldn't load at all. Accessing WebAdmin is also laggy, even SSH session suffer a lagged response (when using TOP or IFTOP commands for example). As soon as I stop the playback, everything comes back to normal operation, web, SSH, WebAdmin, etc.
I also have a BD player with Netflix service (Oppo) and it has the same effect (causes lag). Streaming other sites (like YouTube) has no problem at all. So, only Netflix seems to be the issue.
I'm on the latest UTM firmware, TV and BD player are added to Web Protection exception for hosts, both are hardwired to my Cisco SG200-26 switch (not a WiFi AP problem). When looking at TOP command the CPU doesn't go above 2-3% when streaming. Nothing in the logs either (nothing that I could see at least).
When browsing internal sites, on local network, no problems. Only content that's accessed through the UTM gateway has issues when streaming. So, I don't think it's an issue with the switch.
Is there a way to skip certain hosts from IPS, like you can for web protection? I've tried to add the IP addresses of the TV and BD player to IPS exceptions, but that didn't seem to work.
I sort of solved the issue. Once I removed the devices from the 'skip of the transparent mode' list of web protection (which I had done due to Netflix streaming issues), the problems stopped. I had to add an exception to skip the AV for those hosts, though.
This is still a very strange behavior. The IPS scans didn't stop, but no more random packet drops, which were causing the lagged response.
Just relatively recently I've started noticing poor performance when watching Netflix on my TV. The movie would start playing, and then all of the sudden I'd get an error message that the "content requested can't be played at this time, try again later", restarting the movie works fine, but same message appears after some time. The quality of the videos seem to be also suffering, although it would play in 1080p, you could see video encoding artifacts from time to time (e.g. color blocks, etc.)
Today I noticed that browsing the web, while Netflix streaming on TV, is also lagging. Most of the sites would load, but with big lag, occasionally a site wouldn't load at all. Accessing WebAdmin is also laggy, even SSH session suffer a lagged response (when using TOP or IFTOP commands for example). As soon as I stop the playback, everything comes back to normal operation, web, SSH, WebAdmin, etc.
I also have a BD player with Netflix service (Oppo) and it has the same effect (causes lag). Streaming other sites (like YouTube) has no problem at all. So, only Netflix seems to be the issue.
I'm on the latest UTM firmware, TV and BD player are added to Web Protection exception for hosts, both are hardwired to my Cisco SG200-26 switch (not a WiFi AP problem). When looking at TOP command the CPU doesn't go above 2-3% when streaming. Nothing in the logs either (nothing that I could see at least).
When browsing internal sites, on local network, no problems. Only content that's accessed through the UTM gateway has issues when streaming. So, I don't think it's an issue with the switch.
Has anyone seen anything like this before?
what is your hardware you are running utm on consist of?
I have been noticing lag in browsing when it seems that my wife is watching Netflix. I just found this thread and have not done any testing yet, but my IDS is not turned on for my streaming network (Different NIC). In fact, no security is on the streaming network except for basic firewall rules.
My server has more then enough oomph for my 50mbit connection. I have an i3 4370 3.8Ghz with 8 GB of RAM. It is rare for me to see my CPU usage over 1%. Looking at my CPU log for today, it barley registers (See attached files).
It almost seems like the proxy goes to sleep. Once you get it moving for a site, it is fine. Read for a bit, go to a new site and it is slow again.
When I have some time, I will do some testing myself. Unfortunately, between work and school, my free time is rare. I am taking a break from homework to write this...
I have been noticing lag in browsing when it seems that my wife is watching Netflix. I just found this thread and have not done any testing yet, but my IDS is not turned on for my streaming network (Different NIC). In fact, no security is on the streaming network except for basic firewall rules.
My server has more then enough oomph for my 50mbit connection. I have an i3 4370 3.8Ghz with 8 GB of RAM. It is rare for me to see my CPU usage over 1%. Looking at my CPU log for today, it barley registers (See attached files).
It almost seems like the proxy goes to sleep. Once you get it moving for a site, it is fine. Read for a bit, go to a new site and it is slow again.
When I have some time, I will do some testing myself. Unfortunately, between work and school, my free time is rare. I am taking a break from homework to write this...
C68
The easiest test is to get a ping going to an external site and launch Netflix movie. Watch for dropped packets. That is what happens to me.
I hate to bear bad news but your issue is most likely your nics:
Intel 82579LM
Intel 82574L
There is an outstanding Linux kernel bug that is a known issue by Intel but Intel has so far not fixed it. i am willing to say they are not going to. The solution is to use newer i-seires nics or install broadcom netextremes.
I hate to bear bad news but your issue is most likely your nics:
Intel 82579LM
Intel 82574L
There is an outstanding Linux kernel bug that is a known issue by Intel but Intel has so far not fixed it. i am willing to say they are not going to. The solution is to use newer i-seires nics or install broadcom netextremes.
William, I heard of this, but couldn't find synopsis of the bug. Can you elaborate on what the bug is?
William, I heard of this, but couldn't find synopsis of the bug. Can you elaborate on what the bug is?
Thanks!
it manifests itself in a number of ways. For UTM the most common is random disconnects that are quick but they occur randomly and sometimes in serial fashion. You would see it in your case as you are seeing it. Your Intel chipset is now on par with realtek in my book. Intel is no longer a blanket stable vendor for Linux you have to now make sure you are not using the chipsets you have on your mobo. I would replace the nics as per my earlier post(disable the ones on the mobo). This will necessitate a config backup/reinstall.
it manifests itself in a number of ways. For UTM the most common is random disconnects that are quick but they occur randomly and sometimes in serial fashion. You would see it in your case as you are seeing it. Your Intel chipset is now on par with realtek in my book. Intel is no longer a blanket stable vendor for Linux you have to now make sure you are not using the chipsets you have on your mobo. I would replace the nics as per my earlier post(disable the ones on the mobo). This will necessitate a config backup/reinstall.
It may be the bug, but I wanted to point out that in my case the issue isn't "random", only with certain conditions present (i.e. streaming netflix with IPS turned on and with host entered into skip list for web filtering).
It may be the bug, but I wanted to point out that in my case the issue isn't "random", only with certain conditions present (i.e. streaming netflix with IPS turned on and with host entered into skip list for web filtering).
considering this isn't widespread and i have used a similar config i would replace the nics..if it still continues then you probably have a mis -configuration but we cannot be sure until all known problems are removed...and right now your nics are a known hardware problem.
after executing commands to disable TSO, GSO, and GRO on eth0 and 1, the issue went away.
My question now is: is there a way to make this change survive a reboot? I realize that it'll unlikely to survive an up2date update though, but at least surviving a reboot will work for me.
and see if your NIC is already listed there. If it is already listed then you don't have to do anything. Sophos already has the tso disabled for your NIC.
If its not listed there, Check the vendor/device ID of your currently used Intel NIC,
Quote