• Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login
Netgate Discussion Forum
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Search
  • Register
  • Login

pfSense Nodes Configuration in High Availability and Latency Issue

Scheduled Pinned Locked Moved HA/CARP/VIPs
2 Posts 2 Posters 243 Views
Loading More Posts
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • A
    alkaid
    last edited by May 13, 2024, 2:45 PM

    Hi all,

    I configured two pfSense nodes (latest version) in High Availability (HA) mode. Everything seemed to be working fine, but I noticed a significant increase in latency when connecting via HTTPS from the outside to one of my sites. With the HA configuration enabled, latency before displaying pages exceeds 1450 ms, whereas it was previously around 45ms without HA.

    Upon investigating, I discovered some strange behavior. While performing a packet capture on the WAN interface of the MASTER node, for TCP packets on port 443 coming from my external IP, I observed the following exchanges:

    IP 85.xxx.251.xxx.35861 > 87.xxx.15.xxx.443: tcp 0
    IP 85.xxx.251.xxx.35861 > 87.xxx.15.xxx.443: tcp 0
    IP 85.xxx.251.xxx.35861 > 87.xxx.15.xxx.443: tcp 0
    IP 85.xxx.251.xxx.35861 > 87.xxx.15.xxx.443: tcp 0
    IP 85.xxx.251.xxx.35861 > 87.xxx.15.xxx.443: tcp 0
    ...

    Oddly, there were no return packets.

    To my surprise, the responses were being sent from the node in BACKUP mode, as shown in the sequence below:

    IP 87.xxx.xxx.88.443 > 85.xxx.251.220
    IP 87.xxx.xxx.88.443 > 85.xxx.251.220
    IP 87.xxx.xxx.88.443 > 85.xxx.251.220
    IP 87.xxx.xxx.88.443 > 85.xxx.251.220
    IP 87.xxx.xxx.88.443 > 85.xxx.251.220
    ...

    This situation is abnormal and I suspect it is causing the observed latency.

    To resolve this issue and reduce latency, I am forced to disable the CARP protocol on the MASTER node. The BACKUP node then assumes the role of MASTER, and the latency issues disappear.

    In advance, many thanks

    V 1 Reply Last reply May 13, 2024, 3:17 PM Reply Quote 0
    • V
      viragomann @alkaid
      last edited by May 13, 2024, 3:17 PM

      @alkaid
      So maybe your backend server is configured to use the secondary node as default gateway.

      The default gateway on your local devices behind the HA pair should be the CARP VIP of the subnet.

      1 Reply Last reply Reply Quote 0
      2 out of 2
      • First post
        2/2
        Last post
      Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.
        This community forum collects and processes your personal information.
        consent.not_received