Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Killed: out of swap space

    Scheduled Pinned Locked Moved General pfSense Questions
    8 Posts 3 Posters 623 Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • P
      pfsense555
      last edited by

      Hi,

      I have 2 Netgate SG-8860 running pfsense version 2.4.3-RELEASE (amd64) configured as a high availability CARP redundancy cluster and one of the 2 firewalls every few days all of a sudden get a out of swap space error and the GUI becomes inaccessible and the entire firewall stops operating and doesn't let traffic through. My system has 8gb of RAM and on average we use 2gb and 0mb of swap space. Attached is screenshots of the RRD data of 2 of the times the error happened. Any suggestions would be much appreciated.
      ![RRD Data 1.PNG](/public/imported_attachments/1/RRD Data 1.PNG)
      ![RRD Data 1.PNG_thumb](/public/imported_attachments/1/RRD Data 1.PNG_thumb)
      ![RRD Data 2.PNG](/public/imported_attachments/1/RRD Data 2.PNG)
      ![RRD Data 2.PNG_thumb](/public/imported_attachments/1/RRD Data 2.PNG_thumb)

      1 Reply Last reply Reply Quote 0
      • DerelictD
        Derelict LAYER 8 Netgate
        last edited by

        Need to watch it and look at the processes to see which one is growing.

        My guess: it's a package.

        You can run ps alxw from Diagnostics > Command Prompt or from the shell. You probably want to find whatever is growing in VSZ and/or RSS.

        Chattanooga, Tennessee, USA
        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
        Do Not Chat For Help! NO_WAN_EGRESS(TM)

        1 Reply Last reply Reply Quote 0
        • P
          pfsense555
          last edited by

          The problem is it only happens when the firewall is the active node and the second it happens it becomes inaccessible and i cannot afford to bring it back online since i am using it for a live production environment.

          1 Reply Last reply Reply Quote 0
          • KOMK
            KOM
            last edited by

            Which packages are you running?

            1 Reply Last reply Reply Quote 0
            • DerelictD
              Derelict LAYER 8 Netgate
              last edited by

              You need to watch those graphs and when you see it growing find out what it is before it consumes all of your swap and blows up.

              Chattanooga, Tennessee, USA
              A comprehensive network diagram is worth 10,000 words and 15 conference calls.
              DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
              Do Not Chat For Help! NO_WAN_EGRESS(TM)

              1 Reply Last reply Reply Quote 0
              • P
                pfsense555
                last edited by

                I am running haproxy and pfblcokerng.

                We monitor the graphs constantly and it never uses more then %25 of the RAM but the second this problem happens we get locked out of the GUI and command line, and it only happens every few days of using it as the MASTER node.

                1 Reply Last reply Reply Quote 0
                • KOMK
                  KOM
                  last edited by

                  pfBlocker has a rep for being a resource hog sometimes.  I could disable it for a few days and monitor the status.

                  1 Reply Last reply Reply Quote 0
                  • P
                    pfsense555
                    last edited by

                    Ok, thanks for your suggestion will give that a try.

                    1 Reply Last reply Reply Quote 0
                    • First post
                      Last post
                    Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.