pfSense(s) on Proxmox losing connection when traffic is high



  • Proxmox 5.4
    pfSense 2.4.4

    Hello,
    We are facing an issue with pfSense virtual machines on a Proxmox cluster.
    When the traffic spikes (daily scheduled backups between other VMs behind the pfSense and a remote storage server), sometimes the pfSense will completely lose its network connection, either the LAN or the WAN. CPU/RAM is normal.
    This does not happen at every daily spike of traffic, it seems pretty random.
    We have multiple pfSense firewalls affected by the same issue.
    Console remains available when the connection is down, so we can look at logs, where/what should I look for to diagnose the issue ?

    Thank you



  • @JohnMolt43
    Is "Hardware Checksum Offloading" disabled on pfSense?



  • The three hardware offloading option are indeed disabled.

    Virtual device is "e1000" for both interfaces.


  • Rebel Alliance Developer Netgate

    Any reason you're using e1000 instead of the virtio adapters?



  • @jimp said in pfSense(s) on Proxmox losing connection when traffic is high:

    Any reason you're using e1000 instead of the virtio adapters?

    Good question, I do not know, I inherited this setup.
    Do you recommend using the virtio driver instead of the e1000 driver ?


  • Rebel Alliance Developer Netgate

    If you already have checksums disabled I don't think there is any compelling reason to stay with e1000 these days. If it's an older setup that has been around a while, it may have been installed before virtio was well supported.

    Since it's a VM it would be easy enough to take a backup, snapshot it, and try it out.

    Either way, though, you should upgrade to 2.4.5-p1



  • @jimp said in pfSense(s) on Proxmox losing connection when traffic is high:

    If you already have checksums disabled I don't think there is any compelling reason to stay with e1000 these days. If it's an older setup that has been around a while, it may have been installed before virtio was well supported.

    Since it's a VM it would be easy enough to take a backup, snapshot it, and try it out.

    Either way, though, you should upgrade to 2.4.5-p1

    Noted

    I will plan an update and the driver change



  • I actually have the same issue. Initial repository rsync systematically leads to network crash of the router after a while (few hours). I have this issue on two different Proxmox clusters implementing different configuration. One is using e1000 interfaces (for historical reasons), the other is using well configured VirtIO (Hardware Checks disabled).

    Both are up to date. The historical one had this issue for a while but I stopped using rsync since.

    I always install updates a few after they got out.



  • As an update on the topic, I have updated to 2.4.5-p1 and changed the virtual driver to virtio instead of e1000.
    This has greatly improved the stability of the pfSense and the high traffic induced network loss have disappeared.

    We still experience some random network loss that are under investigation.


Log in to reply