Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [ask] hardware seizing

    Scheduled Pinned Locked Moved Hardware
    4 Posts 2 Posters 1.9k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      kakashi
      last edited by

      here my config  :

      –-(fxp1 = LAN) for management
                      l
      pfsense-------- (em0 ) ------------ switch (vlan 11, 12, 13, 14, 15)
      (fxp0=WAN) l
                      --- (em1 ) ------------ switch (vlan 21, 22, 23, 24, 25)
                      l
                      --- (fxp2 ) ------------ proxy server
                      l
                      --- (fxp3 ) ------------ freenas server

      pfsense :
      supermicro pdsml-ln2 board with intel core duo 2,2 ghz, 2 gb ram, 40 gb hdisk, 6 ethernet card (2 onboard , 1 pci quad port)
      all vlan member about 50 host client

      freenas :
      as common disk storage

      proxy server :
      for redirect all http port request also for content filter

      switch : tp-link manageable switch
      proxy & freenas : same like pfsense machine

      i have high cpu usage (70% - 90%) when host client massive download from freenas
      i see on pfsense graph about 60 - 90 mbps on opt4 interface

      what make it so high cpu? its from local access
      or is it time for upgrade pfsense hardware ?
      any advice ...
      thanks

      1 Reply Last reply Reply Quote 0
      • W
        wallabybob
        last edited by

        @kakashi:

        i have high cpu usage (70% - 90%) when host client massive download from freenas

        Your diagram suggests that all the traffic between host client and freenas goes through pfSense. Is there a good reason why you haven't connected freenas to the same VLAN as host client so the traffic is handled by the switch alone?

        If you must have the traffic going though pfSense (e.g. to implement a non-trivial security policy) then I suspect you might get higher efficiencies by connecting the freeNAS to a modern (but probably not too modern else it may not be supported) Intel PCIExpress GigE controller.

        1 Reply Last reply Reply Quote 0
        • K
          kakashi
          last edited by 

          Your diagram suggests that all the traffic between host client and freenas goes through pfSense. Is there a good reason why you haven't connected freenas to the same VLAN as host client so the traffic is handled by the switch alone?
          • all vlan host client can access freenas except vlan 15 and 25
            this accomplished by rule firewall
          • accessing freenas with overide dns, eg. data.local.lan
            is it possible to create multi ip (each vlan) and overide dns for that multi ip with dns forwarder ?
            example : data.local.lan for ip vlan11 (192.168.2.100), ip vlan21 ((192.168.3.100) etc
            since freenas support vlan that easy to configure and hook to each vlan member.
            how about that plan ?
          If you must have the traffic going though pfSense (e.g. to implement a non-trivial security policy) then I suspect you might get higher efficiencies by connecting the freeNAS to a modern (but probably not too modern else it may not be supported) Intel PCIExpress GigE controller.

          from ur advise its like no problem with cpu prosesor
          since supermicro board have onboard intel pci-e gig controller, i'll try to hook freenas on this interface for test as your advice and i'll give here for result

          thanks for advice

          1 Reply Last reply Reply Quote 0
          • W
            wallabybob
            last edited by

            @kakashi:

            is it possible to create multi ip (each vlan) and overide dns for that multi ip with dns forwarder ?
            example : data.local.lan for ip vlan11 (192.168.2.100), ip vlan21 ((192.168.3.100) etc
            since freenas support vlan that easy to configure and hook to each vlan member.

            It might be possible with some DNS supported on pfSense but I can't se how it would be configured for dnsmasq through the web GUI.

            @kakashi:

            from ur advise its like no problem with cpu prosesor

            I didn't say that. I suggested you MIGHT get higher efficiencies through using a different NIC for the NAS. To be specific, some efficiencies MIGHT be gained through use of jumbo frames (I don't know if NAS supports jumbo frames on its NIC; I don't know if jumbo frames are supported on the pfSense NIC you intend to use) or use of interrupt moderation features of SOME intel Gigabit NICs.

            It has been stated a number of times in the pfSense forums that an Alix board is capable of pushing through about 80Mbps. Those boards have a 500MHz CPU, single core. I would be surprised if your system is really using 70% of the CPU if ALL it is doing is forwarding 80Mbps to or from the NAS. But I don't know what else it was doing when you took the figures you reported.

            I don't see an answer to my previous question:

            Is there a good reason why you haven't connected freenas to the same VLAN as host client so the traffic is handled by the switch alone?

            If the NAS was on the same VLAN as its clients (or even a significant number of clients) then they could talk directly through the switch without having to go through pfSense.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post
            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.