Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    [SOLVED] 2.3.1_1 still stops routing traffic every day

    Scheduled Pinned Locked Moved General pfSense Questions
    13 Posts 3 Posters 1.8k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pedreter
      last edited by

      Hi!

      i am still having the issues described here  https://forum.pfsense.org/index.php?topic=110710.75  pfsense stops routing traffic every day… if i reboot, everything works again. i have 2 supermicro servers
      (8 cores, 32 GB Ram) in version 2.3.1_1  that according to forum administrator cmb should work know, but not in my case... user murmur seems to have the same problem.

      Firewalls have no load as of now, just new installation... and both have default config everywhere. i am not using IPSec.

      There is no error signs anywhere, no error logs, no weird console symptoms...

      I have another pair of fws with same hardware in old pfsense version 2.1.5 working as a charm.

      any thoughts, please?

      1 Reply Last reply Reply Quote 0
      • C
        cmb
        last edited by

        @pedreter:

        i am still having the issues described here  https://forum.pfsense.org/index.php?topic=110710.75  pfsense stops routing traffic every day… if i reboot, everything works again. i <snip>Firewalls have no load as of now, just new installation... and both have default config everywhere. i am not using IPSec.</snip>

        That's precisely why I locked that thread. You're not having that issue, it's fixed. That issue was strictly with IPsec enabled.

        The console is still responsive when it stops working? Anything in the system log or logged to the console? What NICs do you have in the system? What tunables if any in loader.conf(.local).

        1 Reply Last reply Reply Quote 0
        • P
          pedreter
          last edited by

          @cmb:

          @pedreter:

          i am still having the issues described here  https://forum.pfsense.org/index.php?topic=110710.75  pfsense stops routing traffic every day… if i reboot, everything works again. i <snip>Firewalls have no load as of now, just new installation... and both have default config everywhere. i am not using IPSec.</snip>

          That's precisely why I locked that thread. You're not having that issue, it's fixed. That issue was strictly with IPsec enabled.

          The console is still responsive when it stops working? Anything in the system log or logged to the console? What NICs do you have in the system? What tunables if any in loader.conf(.local).

          Hi!

          Thanks cmb, yes i know that issue was ipsec related but as symptoms are the same, i thought it could be somehow related.

          Servers have 2 interfaces, LAN and WAN and both freeze at he same time. The only way to get in the system is via keyboard console… once insde, top command does not show anything weird... cpu load is near 0% , there is absolutely no error logs anywhere... it seems like if nothing happened... there is no CARP so far between them.

          i have tried to stop filtering with pcftl and re-enabling again... no luck.

          All configuration files, as the one you mention (loader.conf) have default values (it is a new installation, not an update). This servers do not have real traffic yet. nothing tuned... all by default.

          i suspect of any internal cron task process  because both hang more or less at the same time! (between 4am and 5am every day) but i have not found anything unusual in logs... no errors, no warnings...
          In the network they are installed, there is no production traffic so far.

          As stated, with the same hardware, version 2.1.5 works perfectly...

          1 Reply Last reply Reply Quote 0
          • C
            cmb
            last edited by

            What type of NICs? You probably need to bump nmbclusters. https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards

            1 Reply Last reply Reply Quote 0
            • P
              pedreter
              last edited by

              @cmb:

              What type of NICs? You probably need to bump nmbclusters. https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards

              Good idea!!  i will check values in servers running pfsense 2.1.5 and will set them in new servers…

              Thanks Cmb!

              Pedreter.

              1 Reply Last reply Reply Quote 0
              • DerelictD
                Derelict LAYER 8 Netgate
                last edited by

                Why is it so difficult to get an answer to a simple question like, "What type of NICs?" It was directly asked. Twice.

                Chattanooga, Tennessee, USA
                A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                Do Not Chat For Help! NO_WAN_EGRESS(TM)

                1 Reply Last reply Reply Quote 0
                • P
                  pedreter
                  last edited by

                  @Derelict:

                  Why is it so difficult to get an answer to a simple question like, "What type of NICs?" It was directly asked. Twice.

                  Sorry, my fault, i just mentioned i have 2 NICs without more details, please excuse me…

                  Each server has a Dual Intel i350 GbE card.

                  1 Reply Last reply Reply Quote 0
                  • DerelictD
                    Derelict LAYER 8 Netgate
                    last edited by

                    Just to be sure are they real Intel cards or Chinese knock-offs off eBay?

                    Chattanooga, Tennessee, USA
                    A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                    DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                    Do Not Chat For Help! NO_WAN_EGRESS(TM)

                    1 Reply Last reply Reply Quote 0
                    • P
                      pedreter
                      last edited by

                      @Derelict:

                      Just to be sure are they real Intel cards or Chinese knock-offs off eBay?

                      Unless Supermicro has cheated me, they are Genuine Intel cards!  ( https://www.supermicro.nl/products/system/3U/5039/SYS-5039MS-H12TRF.cfm ) bought from a Supermicro authorized reseller.

                      GbE models are not in this doc https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards  but….

                      1 Reply Last reply Reply Quote 0
                      • DerelictD
                        Derelict LAYER 8 Netgate
                        last edited by

                        @pedreter:

                        @Derelict:

                        Just to be sure are they real Intel cards or Chinese knock-offs off eBay?

                        Unless Supermicro has cheated me, they are Genuine Intel cards!  ( https://www.supermicro.nl/products/system/3U/5039/SYS-5039MS-H12TRF.cfm ) bought from a Supermicro authorized reseller.

                        GbE models are not in this doc https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards  but….

                        i350s are presenting with the igb driver, right? It's a multi-port card right?

                        Isn't this section speaking directly to you? https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards#Intel_igb.284.29_and_em.284.29_Cards

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • P
                          pedreter
                          last edited by

                          @Derelict:

                          @pedreter:

                          @Derelict:

                          Just to be sure are they real Intel cards or Chinese knock-offs off eBay?

                          Unless Supermicro has cheated me, they are Genuine Intel cards!  ( https://www.supermicro.nl/products/system/3U/5039/SYS-5039MS-H12TRF.cfm ) bought from a Supermicro authorized reseller.

                          GbE models are not in this doc https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards  but….

                          i350s are presenting with the igb driver, right? It's a multi-port card right?

                          Isn't this section speaking directly to you? https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards#Intel_igb.284.29_and_em.284.29_Cards

                          Yes, you are right… i have applied recommendations an let's see...

                          Thanks for your time (and patience) on Sunday...

                          Pedreter.

                          1 Reply Last reply Reply Quote 0
                          • P
                            pedreter
                            last edited by

                            SOLVED!

                            HI! more than 3 days without a hang now! Thanks cmb… you were right! nmblclusters issue!

                            Pedreter.

                            1 Reply Last reply Reply Quote 0
                            • C
                              cmb
                              last edited by

                              Glad that worked.

                              1 Reply Last reply Reply Quote 0
                              • First post
                                Last post
                              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.