Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    2.4.5 High latency and packet loss, not in a vm

    Scheduled Pinned Locked Moved Problems Installing or Upgrading pfSense Software
    81 Posts 22 Posters 18.1k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • ?
      A Former User
      last edited by

      @stephenw10

      So, I'm either going to go back to 2.4.4-p3 or another solution (I have a ISR I could drag out of the closet). I want to go back to the set and forget setup I have enjoyed with pfsense for a while now.

      The question that I feel needs to be answered by the FreeBSD team is this:

      Why was that hard limit implemented? I would assume there was some observed reason for rewriting that with a hard limit.

      1 Reply Last reply Reply Quote 0
      • M
        mikekoke
        last edited by

        Has anyone managed to find a permanent solution to the problem where pfblocker and bogons can be enabled without latency or loss?

        ? 1 Reply Last reply Reply Quote 0
        • ?
          A Former User @mikekoke
          last edited by A Former User

          @mikekoke Not that I can see.

          There is a bug in redmine that has exactly one update from Netgate, can't reproduce in their testing environment. We are passed the idea that it is a bug. It is. It sure looks like a bug that would require upstream (FreeBSD) participation in resolving.

          The question is do they even bother fixing it?

          You could say:

          1. Use 2.4.5 if you do not have a large number of total items in tables.
          2. Stay on 2.4.4-p3 if you have a large number of total table items.

          2.4.4-p3 remains a viable release. Accommodations made to set repositories to the 2.4.4 versions make it a reasonable option.

          Put all the effort into 2.5 knowing that both current options are safe and secure or divert resources to fixing 2.4.5? FreeBSD 11.3 is not EOL but it is also not a target for ongoing development. Will FreeBSD put resources into this bug?

          I don't know the answers to those questions. I not going to offer an opinion on one way or the other. I do think Netgate should put out a statement setting out their position for the short term. 2.5 is the long term resolution.

          S 1 Reply Last reply Reply Quote 0
          • S
            SteveITS Galactic Empire @A Former User
            last edited by

            @jwj said in 2.4.5 High latency and packet loss, not in a vm:

            Accommodations made to set repositories to the 2.4.4 versions make it a reasonable option.

            Does that repo/branch choice also affect packages update/installation?

            Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
            When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
            Upvote ๐Ÿ‘ helpful posts!

            1 Reply Last reply Reply Quote 0
            • ?
              A Former User
              last edited by

              Yeah, there are two drop down menu choices under System->Update->System Update and System->Update->Update Settings.

              The base OS/pfsense and the package repo should be correct. As always backup your configuration, make a snapshot if your in a virtual env, and have a plan to recover if you end up FUBAR.

              It is too bad the download link for 2.4.4-p3 has not been restored. You can open a ticket and ask (nicely :) for one even if you do not own Netgate HW or have a support contract.

              1 Reply Last reply Reply Quote 0
              • S
                SteveITS Galactic Empire
                last edited by

                @jwj said in 2.4.5 High latency and packet loss, not in a vm:

                System->Update->Update Settings.

                Thanks. I got around to testing and this affects what package updates are detected, e.g. Suricata 4.1.7 vs 5.x. So that's good to know. Would be handy if they left the previous version there all the time (and/or had a warning on the package page if you're checking the wrong repo for your version) but nice it's there now.

                Pre-2.7.2/23.09: Only install packages for your version, or risk breaking it. Select your branch in System/Update/Update Settings.
                When upgrading, allow 10-15 minutes to restart, or more depending on packages and device speed.
                Upvote ๐Ÿ‘ helpful posts!

                1 Reply Last reply Reply Quote 0
                • Y
                  Yamabushi
                  last edited by

                  So any updates on this issue? I've been checking in here regularly. Three days have elapsed since the last post in this thread. My apologies if I have missed something, but are there any solid mitigations or upcoming updates to address this?

                  getcomG 1 Reply Last reply Reply Quote 0
                  • getcomG
                    getcom @Yamabushi
                    last edited by

                    @Yamabushi said in 2.4.5 High latency and packet loss, not in a vm:

                    So any updates on this issue? I've been checking in here regularly. Three days have elapsed since the last post in this thread. My apologies if I have missed something, but are there any solid mitigations or upcoming updates to address this?

                    No, the root cause is still unknown. Netgate cannot reproduce this issue which means the test conditions are different to the affected systems.
                    At the moment all my systems are back to 2.4.4-P3. I wiped the disks with dd and reinstalled the system from scratch. After basic installation I set the repository to the previous version to avoid the installation of packages of the 2.4.5 release.
                    Additionally I switched to ZFS.
                    After that I restored the backup, which does not contain any package information and after this step I manually installed the needed packages.
                    Now all systems are back to normal working condition.
                    I wanted to run some more tests on a spare part hardware (an original Netgate system) to get an idea what is the root cause. But we have a strange time and not all is running as expected which means that I did not find a time slot for that...I assume that I`m not allone...

                    Y 1 Reply Last reply Reply Quote 1
                    • Y
                      Yamabushi @getcom
                      last edited by

                      Thank you for your prompt and detailed response! I guess I will have to continue to wait and see what happens. Thank you, again!

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S
                        stephenw10 Netgate Administrator
                        last edited by

                        If any of you have a test system that is hitting this and you can allow us to access it please open a ticket so we can set something up: https://go.netgate.com/
                        I've tried all sorts of things here to replicate it and it just stubbornly behaves perfectly. ๐Ÿ™„

                        Steve

                        K ? 2 Replies Last reply Reply Quote 2
                        • K
                          Krisbe @stephenw10
                          last edited by

                          @stephenw10
                          Done!

                          1 Reply Last reply Reply Quote 3
                          • ?
                            A Former User @stephenw10
                            last edited by

                            @stephenw10 Ticket submitted. As per murphys law, my power is out at the moment.

                            1 Reply Last reply Reply Quote 3
                            • stephenw10S
                              stephenw10 Netgate Administrator
                              last edited by

                              Thanks guys. Hopefully we can get some data there.

                              Steve

                              1 Reply Last reply Reply Quote 1
                              • ?
                                A Former User
                                last edited by

                                I was doing some thinking about this issue last night at 3am.

                                I know I hit it (on a VM) and I was thinking "What have I changed from the defaults that maybe some other users have also) and I figured maybe

                                net.isr.dispatch = deferred
                                

                                I know I set that to try and get a PPPoE performance increase. Have others who are hitting this bug set that too?

                                1 Reply Last reply Reply Quote 0
                                • stephenw10S
                                  stephenw10 Netgate Administrator
                                  last edited by

                                  No, net.isr.dispatch = deferred does not appear to be common to system hitting this. Good thought though.

                                  Steve

                                  1 Reply Last reply Reply Quote 0
                                  • RicoR
                                    Rico LAYER 8 Rebel Alliance
                                    last edited by

                                    Hmmm someone with a test system hitting this issue could maybe share his config.xml so we can try with swarm intelligence? โ˜บ

                                    -Rico

                                    ? 1 Reply Last reply Reply Quote 1
                                    • ?
                                      A Former User @Rico
                                      last edited by

                                      @Rico Already shared config and other information with Netgate. @stephenw10 has been immensely helpful coordinating that.

                                      1 Reply Last reply Reply Quote 0
                                      • Q
                                        q54e3w
                                        last edited by q54e3w

                                        @stephenw10 said in 2.4.5 High latency and packet loss, not in a vm:

                                        https://go.netgate.com/

                                        Just opened a support ticket with my config.xml attached, INC-49525.
                                        Not a virtual instance, X11SDV Xeon-D 2100 series motherboard, 16GB RAM.

                                        1 Reply Last reply Reply Quote 0
                                        • W
                                          wernsting
                                          last edited by stephenw10

                                          Had the same issue yesterday when I upgraded. Have since reverted to 2.4.4-p3 and the issue disappeared completely.

                                          I run it on a Eglobal Braswell Fanless Mini PC AES-NI Intel N3160/J3160 Qaud Core Pfsense Computer Server 4K 2HDMI 2LAN(RJ-45) 300M Wifi.

                                          ? 1 Reply Last reply Reply Quote 0
                                          • ?
                                            A Former User @wernsting
                                            last edited by

                                            @wernsting Do you have any large aliases or huge lists of IP's in any firewall rules? Have you modified the max table entries (and if so, to what)?
                                            Do you use PPPoE?

                                            1 Reply Last reply Reply Quote 0
                                            • First post
                                              Last post
                                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.