Re: Ping Spikes

Hi Jon,
Great questions and something I should have included in my original post. The Linux firewall is still in place (it is VYOS, and running on similar hardware). It is connected to a Brocade ICX-6450 switch trunked with various VLANs. In order to do a "hot swap" I wanted to initially configure OpenBSD and then switch them out. So my Internet interface (em0) on OpenBSD is connected to one VLAN (172.31.1.0/24 subnet) and what will become my transit VLAN is on em1 (I'm moving all my inter vlan routing to the switch). All connections are wired, copper, and gigabit.

Whether I ping the switch virtual interface (10.255.255.2) or another wired client in VLAN 10 from OpenBSD, I see varying ping times. I also see the same results going in the other direction (pinging OpenBSD from the switch or other wired clients). If I ping any other wired host on my VLAN 10 network from the router or any other host, I do not see this issue. My pings are routinely sub millisecond. That is why this through me off guard. I was not expecting to see this kind of variability on my local network with this kind of hardware.

Here is an example ping from a wired Linux box on my networking pinging the router:

$ ping 172.31.1.1
PING 172.31.1.1 (172.31.1.1) 56(84) bytes of data.
64 bytes from 172.31.1.1: icmp_seq=1 ttl=64 time=0.219 ms
64 bytes from 172.31.1.1: icmp_seq=2 ttl=64 time=0.213 ms
64 bytes from 172.31.1.1: icmp_seq=3 ttl=64 time=0.168 ms
64 bytes from 172.31.1.1: icmp_seq=4 ttl=64 time=0.228 ms
64 bytes from 172.31.1.1: icmp_seq=5 ttl=64 time=0.216 ms
64 bytes from 172.31.1.1: icmp_seq=6 ttl=64 time=0.292 ms
64 bytes from 172.31.1.1: icmp_seq=7 ttl=64 time=0.217 ms
64 bytes from 172.31.1.1: icmp_seq=8 ttl=64 time=0.227 ms
64 bytes from 172.31.1.1: icmp_seq=9 ttl=64 time=0.222 ms
^C
--- 172.31.1.1 ping statistics ---
9 packets transmitted, 9 received, 0% packet loss, time 8179ms
rtt min/avg/max/mdev = 0.168/0.222/0.292/0.029 ms

And the same ping from OpenBSD:

bsd# ping 172.31.1.1
PING 172.31.1.1 (172.31.1.1): 56 data bytes
64 bytes from 172.31.1.1: icmp_seq=0 ttl=64 time=3.744 ms
64 bytes from 172.31.1.1: icmp_seq=1 ttl=64 time=3.585 ms
64 bytes from 172.31.1.1: icmp_seq=2 ttl=64 time=4.743 ms
64 bytes from 172.31.1.1: icmp_seq=3 ttl=64 time=0.978 ms
64 bytes from 172.31.1.1: icmp_seq=4 ttl=64 time=4.548 ms

Thanks,
Jarod

> On Jun 7, 2025, at 6:14 PM, H. Hartzer <h@hartzer.sh> wrote:
>
> 
>>
>> Hello,
>> Trying to replace my existing Linux firewall with OpenBSD and PF and noticed that I am seeing random ping spikes to anything on my existing network:
>>
>> # ping 10.255.255.2
>> PING 10.255.255.2 (10.255.255.2): 56 data bytes
>> 64 bytes from 10.255.255.2: icmp_seq=0 ttl=64 time=13.024 ms
>> 64 bytes from 10.255.255.2: icmp_seq=1 ttl=64 time=8.367 ms
>> 64 bytes from 10.255.255.2: icmp_seq=2 ttl=64 time=3.442 ms
>> 64 bytes from 10.255.255.2: icmp_seq=3 ttl=64 time=0.873 ms
>> 64 bytes from 10.255.255.2: icmp_seq=4 ttl=64 time=0.796 ms
>> 64 bytes from 10.255.255.2: icmp_seq=5 ttl=64 time=0.752 ms
>> 64 bytes from 10.255.255.2: icmp_seq=6 ttl=64 time=4.074 ms
>> 64 bytes from 10.255.255.2: icmp_seq=7 ttl=64 time=0.661 ms
>> 64 bytes from 10.255.255.2: icmp_seq=8 ttl=64 time=0.698 ms
>> 64 bytes from 10.255.255.2: icmp_seq=9 ttl=64 time=1.002 ms
>>
>> Doing some light research it seems that some hardware has an issue with the inteldrm driver, especially when it is headless[1], however my hardware does not use this. My hardware is as follows:
>>
>> Motherboard: Supermicro X10SDV-4C-TLN2F
>> CPU: Intel Xeon processor D-1521
>> NIC: em0/1 (the devices I'm using) Intel I350
>> Graphics: Aspeed AST2400 BMC
>>
>> This board does have integrated graphics with its BMC from ASPEED. I also tried hooking up a VGA monitor to the port but the issues still occur. Is there something else I should be looking at here? Is the graphics driver a red herring in my case? Any one else using a Supermicro XeonD based system without issues?
>>
>> Thanks,
>> Jarod
>>
>> [1]: https://www.reddit.com/r/openbsd/comments/105c0zk/issues_with_openbsd_72_on_protectli/jg4aq13/
>
> Hi Jarod,
>
> This is interesting.
>
> The Reddit posting had much more substantial spikes than what you are
> seeing.
>
> "random pikes to anything on my existing network" -- Are you saying that
> from your OpenBSD host, to other hosts, you have this higher latency?
> Is other traffic going on at the same time?
>
> Do you not have this latency from other hosts?
>
> Is it all on one ethernet switch? Is wifi involved?
>
> Do you still have the Linux firewall in place? Can you have a third
> machine ping both and see what the latency differences are?
>
> -Henrich