Windows 2003 NetBIOS + pfSense CPU Usage / Traffic
-
Hi There,
This is a problem we have encountered a number of times and I still can't seem to understand why this is happening.
The issue is very similar to: http://forum.pfsense.org/index.php?topic=25717.0
We have two pf 1.2.3 boxes in CARP, and we have noticed that when installing a new Windows 2003 machine (both VMs and physical servers) our Pfsense CPU usage reaches 100% as well as a spike in our switches and router CPU usage. Traffic also spikes leaving the network inaccessible.
It appears to happen after DHCP fail and windows automatically assigns the usual 169.254.x.x private IP.
Looking at the packet capture, it appears to flood the network and propagate to our other devices including our upstream.
No. Time Source Destination Protocol Length Info
1 0.000000 169.254.21.229 169.254.255.255 BROWSER 216 Get Backup List Request
2 0.000005 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
3 0.000010 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1e>
4 0.000014 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
5 0.000019 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
6 0.000023 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
7 0.000027 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1e>
8 0.000033 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
9 0.000037 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1e>
10 0.000045 169.254.21.229 169.254.255.255 BROWSER 216 Get Backup List Request
11 0.000050 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
12 0.000055 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
13 0.000059 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
14 0.000064 169.254.21.229 169.254.255.255 NBNS 110 Registration NB VM007-143<00>
15 0.000069 169.254.21.229 169.254.255.255 BROWSER 216 Get Backup List Request
16 0.000074 169.254.21.229 169.254.255.255 BROWSER 216 Get Backup List Request
17 0.000080 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
18 0.000084 169.254.21.229 169.254.255.255 BROWSER 216 Get Backup List Request
19 0.000091 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
20 0.000104 169.254.21.229 169.254.255.255 BROWSER 216 Get Backup List Request
21 0.000113 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
22 0.000120 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
23 0.000125 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
24 0.000131 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
25 0.000138 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1e>
26 0.000146 169.254.21.229 169.254.255.255 NBNS 110 Registration NB VM007-143<00>
27 0.000155 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
28 0.000163 169.254.21.229 169.254.255.255 NBNS 110 Registration NB WORKGROUP<00>
29 0.000170 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1e>
30 0.000178 169.254.21.229 169.254.255.255 BROWSER 216 Get Backup List Request
31 0.000186 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
32 0.000192 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
33 0.000197 169.254.21.229 169.254.255.255 NBNS 110 Registration NB VM007-143<00>
34 0.000204 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
35 0.000212 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
36 0.000219 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
37 0.000224 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
38 0.000231 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
39 0.000239 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1e>
40 0.000246 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
41 0.000253 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1e>
42 0.000261 169.254.21.229 169.254.255.255 BROWSER 216 Get Backup List Request
43 0.000268 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
44 0.000275 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
45 0.000283 169.254.21.229 169.254.255.255 BROWSER 216 Get Backup List Request
46 0.000295 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
47 0.000302 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1b>
48 0.000309 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1e>
49 0.000317 169.254.21.229 169.254.255.255 NBNS 92 Name query NB WORKGROUP<1e>
50 0.000324 169.254.21.229 169.254.255.255 BROWSER 216 Get Backup List RequestHas anyone else had similar issues or came up with a solution? Right now any new 2003 server provisioned must either have a DHCP server running on the VLAN or must be disconnected from the network while the TCP/IP information is fed.
Thanks in advance.
First attachment is of the pfsense CPU usage:
-
Next attachment is of the pfSense states during the issue.
-
These attachments are of one of our edge router's CPU & Traffic.
-
Are you blocking the auto-assigned IP range from passing through?