State tables seams not to be synced
-
Thank you very much. I will test it all the day tomorrow, but I think i works now.
-
Hey Jimp
We have now moved the servers to our production enviroment, but onlt for test right now.
When the firewalls routes a heavy amount of data (In our production enviroment, we have 25Gbit internet connection, but only 1Gbit network adapter in the pfsense server). Testing the setup with af Gbit workstation on the locale network, and running speedtest.net the pfSense servers freeze. I have tested with having keyboard/monitor connected, and there it also freezes. The only thing I can do is to reboot the pfsense server and then i works agian, until I stresstest i again.
I can't find anything in the log, because it is cleared on every reboot.
I have found out, that I can stop it from frezing if I remove the CARP IP from the Translation address at the NAT rule for the locale subnet. It is setuped, like shown above.
I really hope you can help.
-
What kind of hardware is involved here?
Not sure if you'd be hitting a limit of what that can handle, or if it might be a network card driver bug or related issue.
As long as you're just testing, can you try a 2.0 snapshot instead?
-
But I don't think it is a hardware or driver bug, because it works just fine when it it uses the interface IP insted of the CARP IP.
Are there any way of showing an old log?
I can't use pfSense 2.0 because I need to use it in production within some days.
-
Should the limit of pfSense be 500-600Mbit/sek?
-
Testing with 2.0 would help narrow the problem down. It wasn't meant as a long-term solution (though if it works where 1.2.3 doesn't - it may have to be)
Even if your issue is with a CARP VIP, it could still be a driver issue. You could try a different type of network card (Intel, Broadcom, Realtek, etc) as a test also to see if the behavior changes.
Depending on the hardware, pfSense can handle more than that amount of traffic, though the exact amount also depends heavily on the number of packets per second (pps).
-
I haven't tryed with 2.0 yet. But im going to test it right away.
Maybe it is at problem with the driver. Im running pfSense 1.2.3 on af DELL R210 installed with an Intel
PRO/1000 MT Quad Port Server Adapter
I got the driver module if_igb.ko from another user of this forum, who had builded the driver on af FreeBSD. (He is now running with no problem)I have done this:
Edit /etc/inc/globals.inc - add igb to the list for vlans on line 79.
Edit /etc/inc/interfaces.inc - add igb to the list starting on line 1511.But are the maybe other places I should add something?
Thanks for your help.
-
No, that's all you should need to do to add that in.
Though if you had to load the module manually from another source, the odds of it being a driver issue are fairly high.
-
Yes. We will have to wait for the pfSense 2.0.
-
Could this do something for me: http://forum.pfsense.org/index.php/topic,27233.0.html
-
You already did that.
-
jimp: Have you seen that I have the same problem with 2.0?
http://forum.pfsense.org/index.php/topic,28442.0.html
