WEIRD ping behavior on pfsense 2.1.3 - ESXi 5.5u1

l4zz4r0

Dear All,

I've got a weird issue with my pfSense VM (ESXi 5.5U1 host) :

I followed pfsense documentation article about installing pfsense on ESXi.

I've 3 NIC (lan, static IP wan, dmz). and at the beginning all seems to me working right (good throughput speed, NAT, Openvpn etc).

But I discovered that when I try to ping WAN GW from web interface or even from shell ping packets start with a huge delay.

Same behavior trying to ping anything from the fw vm (Lan IP, External IP, DNS IP, 8.8.8.8

Other icmp type (traceroute) works with no delay at all.

Echo Request & Echo Reply from WAN IP GW go and come with right timing and delay, but every ping request start with a delay :

eg :

ping WAN_GW_IP
PING WAN_GW_IP (WAN_GW_IP): 56 data bytes
64 bytes from WAN_GW_IP: icmp_seq=0 ttl=64 time=5.373 ms

then it hangs for about 4 to 5 seconds then :

64 bytes from WAN_GW_IP: icmp_seq=1 ttl=64 time=4.083 ms

other 5 seconds then :

64 bytes from WAN_GW_IP: icmp_seq=2 ttl=64 time=4.083 ms

and so on . . .

As side effect : obviously APINGER don't work correctly, I had to stop GATEWAY MONITORING, for a lot of reload requests (VPN, FW RULES etc . . ).

I've noticed that ping seems to work correctly when I reload FW rules (it works for the time rules being loaded, then stop working correctly again).

Already tried to tcpdump icmp request and all seems ok.

UPDATE : tcpdump run from nternal lan host (10.10.0.15) while pinging from pfsense lan gw ip (10.10.0.254) :

tcpdump -ni eth0 icmp and host 10.10.0.254
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes

15:13:28.902147 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 0, length 64
15:13:28.902214 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 0, length 64

15:13:45.114724 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 1, length 64
15:13:45.114790 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 1, length 64

15:14:02.308370 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 2, length 64
15:14:02.308423 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 2, length 64
15:14:23.864931 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 3, length 64
15:14:23.864999 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 3, length 64
15:14:52.628042 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 4, length 64
15:14:52.628109 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 4, length 64
15:15:02.679425 IP 10.10.0.254 > 10.10.0.15: ICMP host 173.194.35.48 unreachable, length 36
15:15:08.866422 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 5, length 64
15:15:08.866488 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 5, length 64
15:15:14.365213 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 6, length 64
15:15:14.365261 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 6, length 64
15:15:35.941256 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 7, length 64
15:15:35.941307 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 7, length 64
15:16:02.532726 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 8, length 64
15:16:02.532782 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 8, length 64
15:16:17.911306 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 9, length 64
15:16:17.911371 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 9, length 64
15:16:42.425018 IP 10.10.0.254 > 10.10.0.15: ICMP echo request, id 31327, seq 10, length 64
15:16:42.425073 IP 10.10.0.15 > 10.10.0.254: ICMP echo reply, id 31327, seq 10, length 64

look at tcpdump timestamp. Lan client respond quickly, but huge interval from one echo request and another echo request.

weird.

Any ideas ?

Thanking in advance,

Finest regards

Paolo