PfSense + HP Proliant + Cisco gateway = interferences?

  • I don't know is this hardware related problem, but will describe it anyway.

    I have HP Proliant ML 110 G6 server running on Intel(R) Xeon(R) CPU X3430 @ 2.40GHz, 4GB DDR3 1333MHz, 2 x 500GB SATA in mdadm RAID1, and following NICs:
    10:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168B PCI Express Gigabit Ethernet controller (rev 01)
    1e:00.0 Ethernet controller: Broadcom Corporation NetXtreme BCM5723 Gigabit Ethernet PCIe (rev 10)
    30:00.0 Ethernet controller: Intel Corporation 82557/8/9/0/1 Ethernet Pro 100 (rev 08)

    On this server pfSense i386 is running as Virtual Machine under KVM.
    I see some ping loss on very fast link (80Mbit down, 8Mbit up), average 10-15ms. pfSense is shaping this for ~30 stations.
    –- ping statistics ---
    372 packets transmitted, 355 received, 4% packet loss, time 371519ms
    rtt min/avg/max/mdev = 10.766/12.957/44.302/2.583 ms

    On some stations there are "disconnections" or "page unavailable" errors, on some other WWW loads really fast, even on pfSense VM I see sometimes "Unable to check updates" on Dashboard. I was thinking DNS-resolver related problem, but changing DNS order / addressess didn't change anything. I see no ping loss to the server itself or VM.
    But main fast link is distributed by Cisco EPC3925 VoIP Wireless Gateway at front.
    We just discovered that disabling SPI Firewall Protection (options: Block Anonymous Internet Requests, Block IP Flood Detection) on Cisco device solved this issue, but still check to see if it was a problem.

    703 packets transmitted, 703 received, 0% packet loss, time 702932ms
    rtt min/avg/max/mdev = 36.791/39.765/106.076/5.097 ms


    UPDATE: ahh, I forgot.. all NICs are bridged (br0, br1, br2) to add support networking. All are Intel "e1000" emulated hardware.

  • Just for update, because it's RESOLVED!!!
    This is very strange, however..

    For ANY Cisco router/device at first line please disable "SPI Firewall protection", especially "Block IP Flood Detection".
    on WAN of this device, since it's interferencing with pfSense somehow and causing delays/disconnections.

    For me, it happends 2 times on 2 different Cisco routers (not only with HP server).

Log in to reply