[ask] hardware seizing
-
here my config :
–-(fxp1 = LAN) for management
l
pfsense-------- (em0 ) ------------ switch (vlan 11, 12, 13, 14, 15)
(fxp0=WAN) l
--- (em1 ) ------------ switch (vlan 21, 22, 23, 24, 25)
l
--- (fxp2 ) ------------ proxy server
l
--- (fxp3 ) ------------ freenas serverpfsense :
supermicro pdsml-ln2 board with intel core duo 2,2 ghz, 2 gb ram, 40 gb hdisk, 6 ethernet card (2 onboard , 1 pci quad port)
all vlan member about 50 host clientfreenas :
as common disk storageproxy server :
for redirect all http port request also for content filterswitch : tp-link manageable switch
proxy & freenas : same like pfsense machinei have high cpu usage (70% - 90%) when host client massive download from freenas
i see on pfsense graph about 60 - 90 mbps on opt4 interfacewhat make it so high cpu? its from local access
or is it time for upgrade pfsense hardware ?
any advice ...
thanks -
i have high cpu usage (70% - 90%) when host client massive download from freenas
Your diagram suggests that all the traffic between host client and freenas goes through pfSense. Is there a good reason why you haven't connected freenas to the same VLAN as host client so the traffic is handled by the switch alone?
If you must have the traffic going though pfSense (e.g. to implement a non-trivial security policy) then I suspect you might get higher efficiencies by connecting the freeNAS to a modern (but probably not too modern else it may not be supported) Intel PCIExpress GigE controller.
-
Your diagram suggests that all the traffic between host client and freenas goes through pfSense. Is there a good reason why you haven't connected freenas to the same VLAN as host client so the traffic is handled by the switch alone?
- all vlan host client can access freenas except vlan 15 and 25
this accomplished by rule firewall - accessing freenas with overide dns, eg. data.local.lan
is it possible to create multi ip (each vlan) and overide dns for that multi ip with dns forwarder ?
example : data.local.lan for ip vlan11 (192.168.2.100), ip vlan21 ((192.168.3.100) etc
since freenas support vlan that easy to configure and hook to each vlan member.
how about that plan ?
If you must have the traffic going though pfSense (e.g. to implement a non-trivial security policy) then I suspect you might get higher efficiencies by connecting the freeNAS to a modern (but probably not too modern else it may not be supported) Intel PCIExpress GigE controller.
from ur advise its like no problem with cpu prosesor
since supermicro board have onboard intel pci-e gig controller, i'll try to hook freenas on this interface for test as your advice and i'll give here for resultthanks for advice
- all vlan host client can access freenas except vlan 15 and 25
-
is it possible to create multi ip (each vlan) and overide dns for that multi ip with dns forwarder ?
example : data.local.lan for ip vlan11 (192.168.2.100), ip vlan21 ((192.168.3.100) etc
since freenas support vlan that easy to configure and hook to each vlan member.It might be possible with some DNS supported on pfSense but I can't se how it would be configured for dnsmasq through the web GUI.
from ur advise its like no problem with cpu prosesor
I didn't say that. I suggested you MIGHT get higher efficiencies through using a different NIC for the NAS. To be specific, some efficiencies MIGHT be gained through use of jumbo frames (I don't know if NAS supports jumbo frames on its NIC; I don't know if jumbo frames are supported on the pfSense NIC you intend to use) or use of interrupt moderation features of SOME intel Gigabit NICs.
It has been stated a number of times in the pfSense forums that an Alix board is capable of pushing through about 80Mbps. Those boards have a 500MHz CPU, single core. I would be surprised if your system is really using 70% of the CPU if ALL it is doing is forwarding 80Mbps to or from the NAS. But I don't know what else it was doing when you took the figures you reported.
I don't see an answer to my previous question:
Is there a good reason why you haven't connected freenas to the same VLAN as host client so the traffic is handled by the switch alone?
If the NAS was on the same VLAN as its clients (or even a significant number of clients) then they could talk directly through the switch without having to go through pfSense.