Pfsense on vmware not coping too well with 120 vlan interfaces
-
We're using pfSense in a slightly unusual config to provide NAT service from one subnet on a physical interface to 120 subnets each on their own vlan on a second physical interface.
I created the vlans, interfaces and nat rules via XML import.
NAT is working fine, however with all of the interfaces assigned I am now having trouble accessing the pfSense interface admin area:
https://pfsense/interfaces_assign.php
results in:
504 Gateway Time-out nginx
I've assigned pfSense with a fair amount of resources:
Intel(R) Xeon(R) CPU E5-2695 v3 @ 2.30GHz
16 CPUs: 2 package(s) x 8 core(s)Load average
1.20, 0.88, 0.63
CPU usage
1%
Memory usage
7% of 8157 MiBVersion 2.3.3-RELEASE-p1 (amd64)
built on Thu Mar 09 07:17:41 CST 2017
FreeBSD 10.3-RELEASE-p17Have I hit some limit in pfSense or should this be working?
Any advice would be appreciated. Thanks in advance.
-
Are you timing out on Interfaces>Assignments only or with the webConfigurator/GUI completely?
Does it respond to ping?
Can you access the shell?
Does ping from shell to 1 of 120 vlan subnets respond to ping? (you may not have this configured yet) -
So 120 vlans sharing 1 physical interface - seems efficient ;)
So users are at 10mbps and this is a 10ge interface?
-
https://redmine.pfsense.org/issues/6400
-
https://redmine.pfsense.org/issues/6400
That's the one. Watching redmine now and will add a me too :)
THnaks
-
Are you timing out on Interfaces>Assignments only or with the webConfigurator/GUI completely?
Does it respond to ping?
Can you access the shell?
Does ping from shell to 1 of 120 vlan subnets respond to ping? (you may not have this configured yet)The issue is only with timing out on https://pfsense/interfaces_assign.php
Other areas of the webConfigurator are working as expected.
I can access the shell with no issues but have not got my head around how to manage interfaces from there as yet.
NAT to the 120 subnets on 120 VLANs is working great.
So 120 vlans sharing 1 physical interface - seems efficient ;)
So users are at 10mbps and this is a 10ge interface?
This is a very specific lab / testing environment where NAT to the 120 subnets on vlans on the single interface makes absolute sense in the context of the outcomes we are looking to achieve. Traffic over vlans is less than 1KBps, so not a concern.