[RESOLVED] Latency issues when high throughput over IPSEC tunnel
-
Hello all,
Apologies in advance if this question has been addressed elsewhere; I searched and could not find any answers that seemed to match my situation.I am using pFsense as the primary VPN/Internet router at all 4 of my company's offices, with IPSEC tunnels linking them all together. I have just recently replaced a Cisco 800 series at our main office with pFsense and am having some issues.
Namely, when running our backup jobs/replication schedule, the latency to the lan IP of pFsense sporadically spikes. It seems to be "cyclic" in nature, with the pings going up steadily from 1 MS to as high as 200, then dropping off suddenly, and repeating. This also applies for the default gateway address, etc. It seems that the heavy IPSEC traffic is causing extreme slowdowns for the entire box. I don't think it's a hardware issue, but I'm open to any suggestions. Here are my specs:
Dual Xeon 2.3 Ghz
4 GB Ram
Main disk: 2x 35 GB SCSI in Raid 1
Secondary disk: 1x 35GB SCSI (mounted at /var)
pfSense version: 1.2.3Also attached find the RRD Graph of CPU usage which spikes (predictably) during the sync/backup runs (starting at 12:00 and again at 13:00)
-
Here is the latency to the lan IP of pfSense
-
I've done some more digging, and below is the output of the top -S command
It seems that the interrupts for my interfaces are using a disproportionate amount of CPU time. Do these numbers look right?EDIT: bge0 is my LAN interface
-
I resolved the issue today. Just in case anyone else has this issue, my problem was solved with a simple BIOS update. I had always noticed a "CPU Microcode error" when booting the system, but I had never thought much about it. When I noticed that the microcode was used for TX/RX Checksum offloading, I decided to update the BIOS and try to resolve the "CPU Microcode error". This also gave me the added benefit of exposing all 4 cores to the OS, whereas only 2 processors had showed previously.