Excessive secondary WAN bandwidth use

Comments

9 comments

  • Avatar
    Firewalla

    Tap on the network button

    Tap on your standby wan

    tap top right to edit

    and you can turn off the connectivity test. 

    tap top right save

    See if this works or not. 

     

    0
    Comment actions Permalink
  • Avatar
    Dave Taylor

    I'd considered that but it's a bit like "fixing" a blowing fuse by replacing it with 12 1/2 gauge fencing wire.  In particular I don't want to disable connectivity testing entirely, I still want it active when the link fails over to the secondary, with maybe a single "is this thing still on?" test once a week or so in case of something like the carrier disabling the SIM would be good.  Disabling the checking entirely means that I'd only find out if there's a problem when the secondary is actually needed, which defeats the point of automated failover.

    So this is probably also a feature request alongside a problem report, the problem is excessive bandwidth usage in the connectivity test, running at around 20MB a day every day, and the feature request is being able to mark a connection as a metered connection as per things like Windows so the system knows not to generate unnecessary traffic on it.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Do you know if your metered access will count ping to their default first hop gateway as bandwidth usage? 

    If your system is sensitive to 20MB of data per day, I think the best way is just to disable the tests. 

    0
    Comment actions Permalink
  • Avatar
    Dave Taylor

    Not sure how their accounting works, but if it's just a basic ping it shouldn't really amount to much so either a ping is being counted as a ton of data, or the Firewalla is sending a ton of data or perhaps sending a half-ton frequently enough that it all adds up - can you provide any details on what it's doing, i.e. how much and how often traffic is generated?  I've disabled connectivity checks and left it for 24 hours and usage is essentially zero, so all the bandwidth usage was the Firewalla doing connectivity checking.

    The situation in this case is that it's not running over a full (expensive) mobile plan which is unnecessary, it's an M2M link that might get used once a year if there's a problem with the fibre primary link.  So instead of paying a monthly fee like a standard mobile plan you pay a small amount once a year based on data usage, which should be close to zero if it wasn't for the apparent 20MB a day of connectivity checks.

    With the tests disabled, is there any checking done at any point that the link still works?  What I'm worried about is that if there is some glitch I won't find out about it until it's time to fail over, at which point the failover won't work.

    1
    Comment actions Permalink
  • Avatar
    sorinlakatos

    Hey Dave,
    Have you got any feedback from Firewalla regarding this issue? Or you just keep connectivity checks off?
    Also, is there a way to get the records straight from Firewalls of how much data the backup WAN is using? Or the only option is checking directly the backup router?

    0
    Comment actions Permalink
  • Avatar
    Dave Taylor

    In the end I turned all speed and throughput checks off for the WWAN link, but even with just basic is-the-link-up tests I was getting a lot of false positives resulting in constant alerts that the link had gone down, then two minutes later at the next test that it was back again.  The "fix" was to change the test servers and DNS name that was checked and keep winding the threshold down until I stopped getting alerts all the time, something like a 30% success rate.

    For the DNS name I used amazon.com which I figure is a DNS entry that a lot of effort goes into making visible/resolvable all the time, for the hosts I used DNS servers at the ISP which are only one or two hops away rather than 1.1.1.1 and 8.8.8.8 and whatever the others were.  The easiest way to find which ones to use is to see what DHCP from the ISP gives you as DNS servers, and that's your ping target.

    0
    Comment actions Permalink
  • Avatar
    sorinlakatos

    Thank you Dave. That means that your feature suggestions have not been implemented unfortunately. Let's hope that maybe in the future ...

    0
    Comment actions Permalink
  • Avatar
    Dave Taylor

    No, unfortunately.  It would be useful to have, a metered-connection mode where it doesn't do any bandwidth tests and sends a ping perhaps every five minutes and only if that fails does it try multiple pings, DNS lookups, etc.  And, for icing on the cake, automatically selects the DNS servers provided by the ISP's DHCP as the ping targets instead of 1.1.1.1/8.8.8.8, which may not incur usage charges.

    0
    Comment actions Permalink
  • Avatar
    IT Guy

    Updating this for anyone that may be researching this issue. The settings are in 3 places as of January, 2025:

    1. Network Performance > Internet Speed > Test Options
    2. Network Performance > Internet Quality > Test Options
    3. Network > [WAN Network] > Connectivity Test

    After disabling all 3 for my T-Mobile Cellular gateway which is a secondary WAN, I am no longer seeing any activity on the Firewalla Live Throughput graph for this network. I attempted to identify the upstream DNS server(s) used by T-Mobile but Firewalla returned the local gateway's IP as the T-Mobile gateway is caching DNS, so I just left it off. A google search turned up some IPs but seeing how I don't even know if using a T-Mobile vs. other DNS would negate a potential charge for the ping data, I choose to just leave it off.

    Once I confirm 0 data being logged by T-Mobile, I might try enabling the above tests one at a time to determine how much data each is using. Ideally I would like to have the tests enabled.

    The T-Mobile plan drops to 3G data after exceeding the monthly usage limit.

    0
    Comment actions Permalink

Please sign in to leave a comment.