PfSense freezes on 1Gbit/s UDP Flood
-
Hello,
I'm building a new Firewall Cluster for our data center with pfsense and since now I'm really impressed from this software. Actually I do some different workloads. One of them is a simulated dDoS Attack with spoofed DNS UDP packets. The attack hits the firewall with about 1Gbit/s. The Uplinks are 2x 1Gbit with LACP. So now I have the problem that while an attack is going on the whole System freezes. My question is if this is normal because of such a high packet rate or should this not happen and there is eventually a problem with the hardware.
Hardware:
Dual Intel(R) Xeon(R) CPU E5520 @ 2.27GHz
Supermicro X8DTU-F
24GB ECC Ram
Intel SSD 330
2x Intel I350-T4 Quad Port network cardsThanks for any advice.
-
So now I have the problem that while an attack is going on the whole System freezes.
Freezes as in: doesn't respond to pings? ssh sessions drop out? console doesn't respond to Enter key? Keyboard indicator lights (e.g. Caps Lock, Num Lock) don't respond to presses of the corresponding key?
UDP flood probably indicates a high interrupt rate which could result in the CPU having few spare cycles to do other than handle interrupts. Does the freeze condition clear within a few minutes of the attack finishing?
-
Hi,
freezes means that the whole systems is not responding. No ssh, gui and no console (eg. top vmstat etc.) is responding. When the attacks are finished the systems works and responds immediately normal.
I tried different settings from this FQA http://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards. I also disabled logging Firewall logs to the local disk.
-
I have found the problem. The dual motherboard was equipped with only one Intel CPU, because I needed the place for my 3rd network card I now have reinstalled the second CPU and the system is running normally again. Very strange, it seems not all dual motherboards runs smooth with only one CPU.
-
I'm amazed that anyone would ever find a good reason to pull a CPU off their board. Its definitely counter-intuitive.
Those rack-mounted systems really do force alot of compromise. -
Can you confirm that Intel I350-T4 Quad working fine in pfsense 2.1 ?
Thanks. -
Can you confirm that Intel I350-T4 Quad working fine in pfsense 2.1 ?
Thanks.Works in 2.0.3 and 2.1
-
Have you tried to up the sysctl setting "net.inet.udp.recvspace" to at least "131072" in the "System: Advanced: System Tunables"? (this should handle +200Mbit.)
-
Sorry for my late response. Finally I have found the Problem. At the dashboard i had activated the thermal sensor plugin. When I flood my pfSense system with 1Gbit UDP packets and had the dashboard in my we browser open the whole system freezes when the plugin startet to refresh. Now I have deactivated the plugin and the freezes while an UDP flood are gone.
-
Thats interesting…
-
It still freezes when flooding with UDP packets…
On the SYN ACK scripts, you cant reach any servers behind pfsense. Like they go offline. Its still responsive (GUI) and ping works fine...
Give me an IP to test and I will prove it ;)
Mine is off and its still not responsive.