PfSense freezing with CBQ-shapers
-
Has anyone come up with a fix as this is still happening to me? I was modifying the traffic shaper tonight and the server crashed again. Seen this https://redmine.pfsense.org/issues/7351 on redmine and is they say its hardware. Is there a recommended network card that we should be using then or what as I am needing a fix or I am going to have to switch to fortigate.
How are you setting up the shaper ? how does it crash ? does it crash while changing a setting? you must share more info, and what NIcs are you using? Intel are suggested
-
Has anyone come up with a fix as this is still happening to me? I was modifying the traffic shaper tonight and the server crashed again. Seen this https://redmine.pfsense.org/issues/7351 on redmine and is they say its hardware. Is there a recommended network card that we should be using then or what as I am needing a fix or I am going to have to switch to fortigate.
How are you setting up the shaper ? how does it crash ? does it crash while changing a setting? you must share more info, and what NIcs are you using? Intel are suggested
I was trying to get this working on an Intel NUC, single NIC using VLANs. I import my config and the NUC hard froze, no kernel panic on-screen. I reboot and within a few seconds of boot, will freeze. I then disabled the shaper in the config and re-imported and can reproduce a hard crash by enabling the shaper.
Intel NUC, Intel (em) NIC, em0=LAN, em0.100=WAN, CBQ shapers
So I moved on to using a Dell Optiplex 380 (Core 2 Duo) single NIC. On importing the config, I get a spam of text on-screen. I had to take a video as a photo would show unreadable overlapping text.
See the short video at https://youtu.be/-LcRSjzZLt4
My pfSense box at the time was a Xen PVM with Intel emulated NICs bridged to VLANs on the host. So pfSense itself wasn't aware that it was on VLANs. However every few days either the WAN/LAN would stop receiving traffic. ifconfig <nic>down then up would bring it back up, so I was determined to get this working on a physical host. Worth noting that my venture into traffic shaping is recent and the Xen HVM setup has been working fine for a couple of years.
My next try was the same Optiplex 380, with an Intel PCI-E dual-NIC card. Now with no VLANs, instead using the switch to do the VLAN'ing. Touch wood, I've had no issues for 7 hours, time will tell if its stable.
So to summarise:
Xen PVM with CBQ: unstable
Intel NUC CBQ & VLAN: unstable
Optiplex 380 CBQ & VLAN: unstable
Optiplex 380 CBQ no VLAN: stable – so far.I'm beginning to think that maybe the whole ALTQ portion of FreeBSD needs to be avoided. I even tried OPNSense in desperation, and whilst it worked, without ALTQ queues the QoS just isn't nearly as good. Now working again on pfSense, and I hope it stays stable.</nic>
-
Hi,
I've experienced the same full crash last weekend. I've completely changed my main gateway to pfSense, with pfBlockerNG, Snort, ntopng … that worked perfectly. My last ToDo was to implement the traffic shaping with CBQ. I'm also using VLAN, my pfSense is running on ESXi 6.0U3.
Shortly after creating the CBQ queues and during the first speedtests, suddenly my Zabbix sent me some alarms even before I noticed that all outbound connections went down. The webserver was not reacting anymore, I could not gain access via the shell, no ping working to my pfSense. Finally I fired the vSphere remote console to get direct access to the system and - it was not reacting to any keys as well!
So the complete system just fully crashed! It did not even produce a crash log, it just froze and I needed to hard reset the VM. :o
I went back to a snapshot I've created before my traffic shaper configuration and started reading ... for now I'm using traffic limiter to achieve my QOS and guest VLAN limitation. These are working properly, although CBQ is more advanced.
I'm wondering that there is nothing listed on the roadmap in terms of fixing this ... I can't imagine there are only a few people using the ALTQ stuff and VLAN's?
-
I can't imagine there are only a few people using the ALTQ stuff and VLAN's
Perhaps, like me, they've had to find workarounds. I'd love to use the NUC as a PFSense gateway, but with a single NIC and PFSense's VLAN issue, its a no-go.
There are some bug reports related to shaping and VLANs however I believe they are super low priority for the dev team.
https://redmine.pfsense.org/issues/6295
https://redmine.pfsense.org/issues/7351
https://redmine.pfsense.org/issues/7606In your case, couldn't you create ESX virtual NICs and VLAN from the Hypervisor instead? I did that with Xen and worked great for a couple of years. My issues only came about once I added traffic shaping to the mix. On a side note, my old Dell Optiplex is still running okay. The NUC is sat on top of that screaming "use me" :P
-
I just ran into this bug on the new SG-2100. I configured a VLAN switchport and added CBQ traffic shaping on the new OPT interface and it locked up, hard.
I had to reset the device to factory defaults to recover. This bug is disastrous in a production environment.