Bad performance on new install
I'm trying to find out what's been bogging down pfSense for a while now, it started about the 2.4.4 update.
Usually a working installation starts getting slower on what would seem configuration changes, I know it makes no sense but it's as if they were piling on on it. It's the most noticeable on the WebGUI; pages takes extremely long to load, a change takes forever to go into effect or it return an error or timeout. A page reload brings it back but after a while these errors get a promotion to the actual network in the form of packet retransmissions, tons of 'em.
I tried thought maybe it's a bad NIC but changing the NICs didn't fix it. The router(s) is virtualized, so, even it wasn't at capacity of even near, I gave a single VM its own host, didn't fix it either. Not only that, CPU load is at idle when it's unresponsive. The most action I've seen is a single core going to say, 30% or so, and that was when pfSense was at the core. It appears to just zombie on, "I'll get back to you--or not, no biggie."
I took a video of this, here:
I don't know how to embed it, sorry. In the background, there's the console to that failing pfSense instance with top running. This a VM that was spare clone, I reset to factory but even then it's still super slow, here it is freshly installed.
Could you tell me where to look to find out what's going on?
Last week, following a month or so of these random problems I switched platforms to MikroTik's CHR and after a [very] rough start I got it working. I'd rather go back to the familiar more user-friendly environment of pfSense though. With the network working I'm not in such a rush to wipe and reload as I was basically solving every issue before, hopefully you guys have some advice on this. Thanks!
Well...not really but I found a way around it. There was one thing I hadn't tried: going back to 2.4.3. The image was already in the ISOs server and I had nothing to lose.
I think the problem if PHP7, 2.4.3 uses version 5. I don't know a thing about code but I'm sure new PHP in pfSense has a pretty hardcore stink following it. That's it I'm becoming a software medium/high class streetwalker. I'mma be Madame Installia from now on.
I don't know how to get the VM tools, it won't install because there's a new version available.
If you know how to get the VM tools, please, drop a line. I hope other packages don't fail as well because I need like 8-to-10 in the core router/firewall. ️ I wish I'd been using a caching proxy this whole time to get the old packages from it.
Gertjan last edited by
True : the foot print of 7.2 is a little bit bigger. But it's globally faster as 5.x.
So, no, can't be a PHP issue, because in that case everybody would be seeing what you see.
I advise you to look at the logs, dmseg output, etc : pfSense 2.4.4 and 2.4.3 do not use the same kernel. I suspect some hardware issue, like bad NIC driver support.
Or, as usual : VM troubles, like the VM doesn't support FreeBSD 11.2 well (just an example)
If you know how to get the VM tools, please, drop a line
Install them from the available package - its right there in 2.4.4
I have, well--had. That's what I've been focusing on, watching the logs like a hawk, the MBUFs, memory--it's really weird. I tried giving pfSense PCI passthrough of NICs and regular virtualization, on both eventually it would end in the same result.
The only constant I'm seeing is the WebGUI that starts slowing down; the more settings changed, the slower it gets, and of course it takes a lot of settings to set up a network. A way to go around it is by restoring a backup, but it wouldn't always take. The backup itself needs to be perfect as well otherwise it seems to snowball stuff from where it was taken. This is all pure speculation of course, I don't have the skills to go in deeper but it's what I'm observing from all of these reinstalls.
In the beginning I thought it was something with either HAProxy or the certificate store because certificates+HaProxy stopped working. After a while I gave up and routed request to an inner working proxy.
I do not know what you mean by dmseg output though, but of I go back to 2.4.4 I'm getting up on that right away. meanwhile I'll take another pass at the book. Thanks!
Grimson last edited by
The only constant I'm seeing is the WebGUI that starts slowing down; the more settings changed, the slower it gets, and of course it takes a lot of settings to set up a network.
Sounds like Auto Config Backup was enabled while pfSense didn't have access to the Internet.
It's now working again, like if nothing had happened at all, all packages work and there aren't any slowdowns at all--I did do something, though. I was getting frustrated and just went, fkit and opted in for the dev branch. Currently I'm on
I took a snapshot first, naturally. Went I made the stop by 2.4.4 I didn't immediately got the latest, I thought maybe it was all in my head and felt things out but it was again bad and on the same VM, from 2.4.3->2.4.4 I got the 2.4.5, didn't even get enough time to finish writing organizing some notes to get up to the server room when the purple login screen appeared reflected on the other screen where I was writing.
It's got only 1GB of memory, it's the smallest pfSense firewall I've deployed and isn't even at half with several services running. I think I'mma stay put.
It's sort of ironic how I should've learned a lesson about never impulse-update again, except that a beta saved my butt.
There was a memory leak fixed in Unbound that I guess might have exhibited this. Maybe if it started swapping and got progressively worse. That should have been fairly evident though either on the pfSense dash or the VM performance graphs.