Improving startup performance



  • I use pfSense in VMware on, well, a few different computers, one at a time. Mostly on one though, and most of the time it stays running all the time. But when I'm doing hardware changes to that main computer, I commission another computer to handle the pfSense virtual machine. I love how modular VMware can make networking. Seamless, and extremely painless.

    However, there's one thing that gets me, and that's watching the pfSense startup screen take forever to do menial tasks it should really not be doing.

    Three things come to mind:

    1. Configuring WAN interface

    2. Syncing system time before startup

    3. Starting OpenNTP time client (If I remember correctly)

    4. and 3) I wish to remove completely, as the system time is actually synchronized by Windows, and the time gets reset to the Windows time every time the VM restarts. That would cut out about 15-20 seconds of startup delay.

    5. takes much longer to perform during startup than it does from the WebUI. I'm not sure what goes on behind the scenes when it "configures WAN interface", but it seems to be waiting for something (DHCP, maybe?) to time out. I use a PPPoE connection (DSL), which, while a DHCP address can also be given, it can't access the internet through the DHCP-obtained address. I'd like to be able to filter through whatever it does during this sequence and figure out what's taking it so long…

    Any ideas on how to squish these little annoyances?



  • Take a look at rc.bootup if you want to play yourself otherwise start a bounty to have someone better analyze what is going in there!



  • Hm, well this is useful… it's in a language I speak, PHP.

    I managed to fix #2 and #3 easily (seriously, why does it need to do two updates of the same function? they do the same thing...), but #1 is still something I'm not too sure about. There seems to be a lot of redundancy and overhead in the startup process but I really, really, really hate *nix (hence FreeBSD) and don't want to dig deeper into that. I couldn't figure out any way to cut corners on #1. It's a pretty complicated scrip, most of which doesn't apply to my simple configuration. Seriously though, why is pfSense mingling in the wireless department? I thought the common phrase touted by the "we're not even going to add a file server at all" crowd was, pfSense was just a firewall and nothing more? facepalm

    Attached, startup on its "home" machine, and the several errors it's been spitting out for a while (my edits didn't cause that).




  • What is this 1.2?



  • Having wireless support isn't anything like adding a file server to a firewall. A wireless card is just another network interface to connect to networks and a file server is a completely new set of packages and vulnerabilities that shouldn't ever be a concern on an enterprise level routing device. It's why you don't see a Cisco router or ASA with file server capabilities either.



  • Hey Falcon4

    Since you are using vmware with pfsense why don't you use "vmrun suspend" to stop your guests then when you want to run a guest do a "vmrun start". It should only be 2 sec start time. This is should work if you have a static IP from your ISP.

    If you get dynamic ips from your ISP then you would have to deal with the following issuses.

    You should have static routs on all ips.
    You will have to restart the WAN interface to get a dynamic ip.
    Any package that gets its WAN ip on startup would have to be restarted also.

    Hope I was some help



  • but I really, really, really hate *nix

    WTF? why don't you use one of those cool, reliable Windows firewalls then?

    please…



  • @phospher:

    but I really, really, really hate *nix

    WTF? why don't you use one of those cool, reliable Windows firewalls then?

    please…

    Because the only thing *nix is good for is networking… and even that makes me cringe. In a perfect world, there would actually be (at all) some non-bloated kind of routing software for Windows that I could run natively, with a web interface and enough flexibility to also run a native Windows transparent caching proxy, along with the other software I run in Windows. Meanwhile that seems to be a pipe dream. So I have to run bloated VMware with pfSense to handle the gateway functionality, because all Windows can offer is "internet connection sharing", which is just a HUGE slap in the face to anything "networking". Oh, what I wouldn't give to put a WebUI on ICS to make it usable.

    As for just suspending (which, by the way, is as simple as clicking the "pause" button, what's all this "vmrun suspend" stuff?), that only works to a certain extent... it doesn't allow me to edit the configuration to mess with hardware. As I also mentioned, I use PPPoE, so suspending is already a little problematic, but still doesn't take nearly as long as rebooting completely...



  • If you are using pfSense in vmware as a router/firewall for actual computers, why don't you just suck it up and install it properly.  Once the WAN interface is initialized then the NTP stuff takes only milliseconds to complete. 
    As for hating *nix, WTF? UNIX has been around since 1969, long enough to be good at things other than networking, stop being a pussy and learn to basics and work with it, or don't touch it and stick with Windows.  You my friend are just ignorant.  If all else fails, give up the PHP developing on Windows and go get a job at McDonalds.



  • why don't you just suck it up and install it properly

    Because then I'd be wasting a perfectly good computer on an operating system whose only qualification for existence is networking. No thank you.



  • Falcon4, I suggest you open your eyes and at least do a bit of research before claiming that Unix is only good for networking.

    I am typing this message from a Unix box and the vast majority of my time spent using or developing for computers is on Unix type machines. I've got a room full of servers running Unix doing things other than networking.

    If you're so worried about "wasting" a computer on Unix to do some networking, go buy a little embedded Alix box for less than $200 and install pfSense on that.

    Bashing Unix here is not going to make you any friends or encourage anyone to help you.


Log in to reply