2.1-RELEASE Steeper HW Requirements?
I've been running an old PC with pfSense since before 1.2. (.99?) I've been having problems lately with things bogging down under load and I don't know which part of my hardware (or software) is the problem. My specs:
WAN=2Mb synchronous connection
LAN=10/100 connected to 4 802.11g AP's plus a few misc connections–nothing big or special.
The PC: PIII/600 MHz, 128MB SDRAM
WAN: Intel 82559
LAN: VIA VT6105
DMZ: ADMTek AN983 (not in use at the moment and not configured, but still plugged into the PCI bus)
The problem is worst with iPads and, lately, Androids that seem to be pounding the card as hard as it can take it, judging from the literally pancake-flat line in the traffic graph. I don't know what app is causing this.
So I see 3 possible problems, and I'm hoping those of you with more experience will know what it is:
1. 2.1 is just fatter, with FreeBSD-8.3 after all, and just needs more resources in general; the minimum/recommended requirements on the pfsense.org pfront page need to be updated in this case.
2. I'm running out of memory. I tried to configure shaping and once wizard complained about running out of memory; re-running it had no errors. Memory averages 70-80% are normal most of the time, even under load. CPU, however, varies wildly.
3. The NIC isn't up to snuff: it is VIA, after all. I'm thinking of swapping the two NICs and putting the Intel on the LAN side, but I can't do that until we change providers due WiMax radio's annoying requirement to manually enter the MAC of every NIC directly connecting to it.
Since there is now mission-critical stuff attached to this connection (our motel front desk computers), I'm trying to confince my boss to replace this box with one of the fanless ones out there. But until then...what do you all recommend?
Add more RAM.
128MB has been the absolute minimum spec for some time. If you have enabled IPv6 there are a whole load of extra things that run, disable it if you don't need it.
Thanks, Steve! I think I have another stick of RAM up there somewhere, or else I'll temporarily rob one from some other machine lying around somewhere. I'll post the results here in case anyone else has the same problem.
I guess you have no idea what the mystery app that can pound the network like that is, though?
Replying to myself, I still may need more RAM, but I've definitely found the primary source of the problem: mod_evasive.c. Whoever, whenever they're doing it, the captive portal is being bombarded, resulting in the famous error and driving one PHP daemon up to 100% cpu. After blocking the luser with a firewall rule, everything goes back to normal.