Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    PfSense + HP Proliant + Cisco gateway = interferences?

    Hardware
    1
    2
    2.1k
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      toomeek
      last edited by

      I don't know is this hardware related problem, but will describe it anyway.

      I have HP Proliant ML 110 G6 server running on Intel(R) Xeon(R) CPU X3430 @ 2.40GHz, 4GB DDR3 1333MHz, 2 x 500GB SATA in mdadm RAID1, and following NICs:
      10:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 01)
      1e:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5723 Gigabit Ethernet PCIe (rev 10)
      30:00.0 Ethernet controller: Intel Corporation 82557/8/9/0/1 Ethernet Pro 100 (rev 08)

      On this server pfSense i386 is running as Virtual Machine under KVM.
      I see some ping loss on very fast link (80Mbit down, 8Mbit up), average 10-15ms. pfSense is shaping this for ~30 stations.
      –- www.onet.pl ping statistics ---
      372 packets transmitted, 355 received, 4% packet loss, time 371519ms
      rtt min/avg/max/mdev = 10.766/12.957/44.302/2.583 ms

      On some stations there are "disconnections" or "page unavailable" errors, on some other WWW loads really fast, even on pfSense VM I see sometimes "Unable to check updates" on Dashboard. I was thinking DNS-resolver related problem, but changing DNS order / addressess didn't change anything. I see no ping loss to the server itself or VM.
      But main fast link is distributed by Cisco EPC3925 VoIP Wireless Gateway at front.
      We just discovered that disabling SPI Firewall Protection (options: Block Anonymous Internet Requests, Block IP Flood Detection) on Cisco device solved this issue, but still check to see if it was a problem.

      703 packets transmitted, 703 received, 0% packet loss, time 702932ms
      rtt min/avg/max/mdev = 36.791/39.765/106.076/5.097 ms

      Interesting?

      UPDATE: ahh, I forgot.. all NICs are bridged (br0, br1, br2) to add support networking. All are Intel "e1000" emulated hardware.
      pfsense-host.png
      pfsense-host.png_thumb
      pfsense-Cisco-device-firewall.png
      pfsense-Cisco-device-firewall.png_thumb

      1 Reply Last reply Reply Quote 0
      • T
        toomeek
        last edited by

        Just for update, because it's RESOLVED!!!
        This is very strange, however..

        For ANY Cisco router/device at first line please disable "SPI Firewall protection", especially "Block IP Flood Detection".
        on WAN of this device, since it's interferencing with pfSense somehow and causing delays/disconnections.

        For me, it happends 2 times on 2 different Cisco routers (not only with HP server).

        pfsense-Cisco-device-firewall.png
        pfsense-Cisco-device-firewall.png_thumb

        1 Reply Last reply Reply Quote 0
        • First post
          Last post
        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.