Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Pfsense on vmware not coping too well with 120 vlan interfaces

    Scheduled Pinned Locked Moved General pfSense Questions
    6 Posts 4 Posters 895 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • B Offline
      basic612
      last edited by

      We're using pfSense in a slightly unusual config to provide NAT service from one subnet on a physical interface to 120 subnets each on their own vlan on a second physical interface.

      I created the vlans, interfaces and nat rules via XML import.

      NAT is working fine, however with all of the interfaces assigned I am now having trouble accessing the pfSense interface admin area:

      https://pfsense/interfaces_assign.php

      results in:

      504 Gateway Time-out

nginx

      I've assigned pfSense with a fair amount of resources:

      Intel(R) Xeon(R) CPU E5-2695 v3 @ 2.30GHz
      16 CPUs: 2 package(s) x 8 core(s)

      Load average
      1.20, 0.88, 0.63
      CPU usage
      1%
      Memory usage
      7% of 8157 MiB

      Version 2.3.3-RELEASE-p1 (amd64)
      built on Thu Mar 09 07:17:41 CST 2017
      FreeBSD 10.3-RELEASE-p17

      Have I hit some limit in pfSense or should this be working?

      Any advice would be appreciated. Thanks in advance.

      1 Reply Last reply Reply Quote 0
      • B Offline
        Biscuitsntea
        last edited by

        Are you timing out on Interfaces>Assignments only or with the webConfigurator/GUI completely?
        Does it respond to ping?
        Can you access the shell?
        Does ping from shell to 1 of 120 vlan subnets respond to ping? (you may not have this configured yet)

        1 Reply Last reply Reply Quote 0
        • johnpozJ Offline
          johnpoz LAYER 8 Global Moderator
          last edited by

          So 120 vlans sharing 1 physical interface - seems efficient ;)

          So users are at 10mbps and this is a 10ge interface?

          An intelligent man is sometimes forced to be drunk to spend time with his fools
          If you get confused: Listen to the Music Play
          Please don't Chat/PM me for help, unless mod related
          SG-4860 25.07.1 | Lab VMs 2.8, 25.07.1

          1 Reply Last reply Reply Quote 0
          • D Offline
            doktornotor Banned
            last edited by

            https://redmine.pfsense.org/issues/6400

            1 Reply Last reply Reply Quote 0
            • B Offline
              basic612
              last edited by

              @doktornotor:

              https://redmine.pfsense.org/issues/6400

              That's the one. Watching redmine now and will add a me too :)

              THnaks

              1 Reply Last reply Reply Quote 0
              • B Offline
                basic612
                last edited by

                @Presbuteros:

                Are you timing out on Interfaces>Assignments only or with the webConfigurator/GUI completely?
                Does it respond to ping?
                Can you access the shell?
                Does ping from shell to 1 of 120 vlan subnets respond to ping? (you may not have this configured yet)

                The issue is only with timing out on https://pfsense/interfaces_assign.php

                Other areas of the webConfigurator are working as expected.

                I can access the shell with no issues but have not got my head around how to manage interfaces from there as yet.

                NAT to the 120 subnets on 120 VLANs is working great.

                @johnpoz:

                So 120 vlans sharing 1 physical interface - seems efficient ;)

                So users are at 10mbps and this is a 10ge interface?

                This is a very specific lab / testing environment where NAT to the 120 subnets on vlans on the single interface makes absolute sense in the context of the outcomes we are looking to achieve. Traffic over vlans is less than 1KBps, so not a concern.

                1 Reply Last reply Reply Quote 0
                • First post
                  Last post
                Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.