Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Freezing of application every 20min for 4-5 seconds

    Scheduled Pinned Locked Moved Firewalling
    5 Posts 3 Posters 509 Views 3 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • H Offline
      hollister
      last edited by

      Since about 4 weeks I had a problem with freezing of applications.
      About every20min for 4-5sec.
      I do have 2 Firewalls in series.
      The pfsense is the 2nd one.
      I found the WAN interface had the following checked: "Block bogon networks"
      My ping times to the pfsense are as follows:
      --- 10.1.0.1 ping statistics ---
      518 packets transmitted, 518 received, 0% packet loss, time 529085ms
      rtt min/avg/max/mdev = 0.111/192.356/5371.000/804.919 ms, pipe 6

      After I uncheck "Block bogon networks"
      --- 10.1.0.1 ping statistics ---
      267 packets transmitted, 267 received, 0% packet loss, time 272367ms
      rtt min/avg/max/mdev = 0.111/0.270/0.540/0.079 ms
      I am where I should be

      Not sure this is by design like that.
      I figured that I do not need to block bogon networks on the 2nd firewall.

      1 Reply Last reply Reply Quote 0
      • bmeeksB Offline
        bmeeks
        last edited by bmeeks

        You may be experiencing the known bug with pf and pfctl that popped up in FreeBSD 11.3/STABLE.

        More info is needed about your setup to be sure.

        1. What version of pfSense are you running?
        2. Do you have the IPv6 bogons table activated for blocking?
        3. Do you have any packages installed that make use of large pf tables? For example, pfBlockerNG or pfBlockerNG-devel with DNSBL enabled?
        4. Are you running on bare metal or a Hypervisor?
        5. Do you have a multi-CPU and multi-core architecture?

        Here is a link to the thread tracking this issue: https://forum.netgate.com/topic/149595/2-4-5-a-20200110-1421-and-earlier-high-cpu-usage-from-pfctl/65.

        Not saying for sure this is your problem, but it could be.

        H 1 Reply Last reply Reply Quote 0
        • H Offline
          hollister @bmeeks
          last edited by

          @bmeeks

          1. 2.4.5
          2. I do not have IPv6 setup
          3. not that I am aware of (just 3 packages)
          4. bare metal
          5. System: PC Engines APU2

          Once I disabled the Block bogon networks, everything seems normal.
          The upper first FW had 10.0.1.1 the 2nd FW (pfsense) is on 10.1.0.1 and the modem is on 192.168.0.1
          So probably something to do with bogon networks
          The delays (every 20-30min) for 4-5sec coincided with the upgrade from pfsense 2.4.4 to 2.4.5 (at least that is what I am thinking)

          bmeeksB 1 Reply Last reply Reply Quote 0
          • bmeeksB Offline
            bmeeks @hollister
            last edited by bmeeks

            @hollister said in Freezing of application every 20min for 4-5 seconds:

            @bmeeks

            1. 2.4.5
            2. I do not have IPv6 setup
            3. not that I am aware of (just 3 packages)
            4. bare metal
            5. System: PC Engines APU2

            Once I disabled the Block bogon networks, everything seems normal.
            The upper first FW had 10.0.1.1 the 2nd FW (pfsense) is on 10.1.0.1 and the modem is on 192.168.0.1
            So probably something to do with bogon networks
            The delays (every 20-30min) for 4-5sec coincided with the upgrade from pfsense 2.4.4 to 2.4.5 (at least that is what I am thinking)

            The bogons table, especially the IPv6 one, is very large now and that was the first noticed "trigger" of the new bug. pfSense updates that table periodically when "block bogons" is enabled, and the update triggers the bug. The bug produces huge lags in network flow and even seems to lock up the machine for seconds at the time until the table update eventually completes. Details are in that thread I listed, You would need to read it from the top to get the whole picture.

            So yes, disabling the "block bogons" option will turn off the trigger for the bug.

            This bug was caused by a change made in FreeBSD 11.3 itself, and when pfSense updated to FreeBSD 11.3/STABLE as part of the 2.4.5 release, then this bug came into pfSense and reared its head. Users that disable the bogons blocking won't notice the bug unless they also use something like pfBlockerNG that can create and update very, very large pf tables.

            1 Reply Last reply Reply Quote 0
            • jimpJ Offline
              jimp Rebel Alliance Developer Netgate
              last edited by

              https://forum.netgate.com/post/908806

              Remember: Upvote with the 👍 button for any user/post you find to be helpful, informative, or deserving of recognition!

              Need help fast? Netgate Global Support!

              Do not Chat/PM for help!

              1 Reply Last reply Reply Quote 0
              • First post
                Last post
              Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.