Problems with TCP sessions terminating
On my home network I have a 3-legged pfsense VM:
WAN interface (to my ADSL router)
LAN interface (most client machines are here)
MGMT interface ("management" style interfaces are here. Eg: VMware hosts, switch interfaces, ILOMs, etc)
(These are separate VLANs all running on the same physical switch, a Netgear GS716T.)
I am having a problem where any long-lived or data-intensive TCP sessions between the LAN and MGMT networks are being broken. Some symptoms:
- SSH sessions are terminated if left running (regardless of whether inactive at a prompt, or whether something like top is running).
- vSphere client connections to hosts or vCentre terminate if left running.
- vSphere console sessions often freeze and reconnect (noticable by the "X users are connected to this console message).
- Trying to do an install on a VM by mapping an ISO from the local machine freeze as soon as the VM tries to boot from the ISO.
- Browsing Samba shares is fine, but any attempt to copy a file causes a timeout and "cannot find server" error.
None of these issues occur if the client and server machine are on the same VLAN - it's only when the traffic has to be routed and traverse the pfsense VM that they manifest.
All the networks have simple pass any-any rules on them.
Interestingly, I have NOT noticed any problems with traffic from either LAN or MGMT to the outside world (eg: large HTTP transfers), which also go through the same pfsense firewall (and are NATed).
This behaviour has been present ever since I setup the pfsense VM, but it's never really annoyed me enough to try and figure out what's going on - it finally has, but I can't see anything obviously wrong (and it's been probably 10+ years since I did any serious routing/firewalling type work, so I'm struggling to remember what can be broken).
Any ideas ?
Need some more info about your setup:
NICs being used
Latest firmware on the switch?
pfsense version is 2.0.3-RELEASE
Host is ESXi 5.1 build 914609
Physical NIC is a LOM, intel 82574L chipset
Virtual NICs are E1000
Virtual HW version is vmx-09
It does look like there is a more recent revision of the switch FW, but the Netgear website is playing up so I can't download it. I will update it and test again as soon as I can.
Nothing obvious there - except I need to update my own ESXi ::)
Is the LOM the only NIC? It's a bit unusual using that with anything but management.
Do you happen to have both tagged and untagged VLANs on the same interface.
Good luck with the Netgear site. I've been there before. Had to try three different browsers before I got one that worked.