Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Traffic shaper frequent crashing

    Scheduled Pinned Locked Moved Traffic Shaping
    10 Posts 2 Posters 3.0k Views
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • K
      keelingj
      last edited by

      Having a problem with the traffic shaper crashing frequently.  Sometimes it bombs several times per day, other times it runs for a week or more.  It recovers, but the internet goes out for a few minutes while the service restarts.  Any ideas?

      C2758 8-core Atom
      32GB ECC RAM
      100GB Intel DC S3700

      1 Reply Last reply Reply Quote 0
      • N
        Nullity
        last edited by

        Can you be more precise about your situation?

        Do you mean that your internet continues to work but the traffic-shaping rules no longer apply or do you mean pfSense entirely crashes (forwards no packets)? What services are you running (suricata, squid, etc)? What is your network topology?

        We need much more information.

        Personally, I have never had pfSense randomly crash. Occasionally when I disabled/enabled traffic-shaping in a certain way I would lose an interface for a few minutes, but that is it.

        Please correct any obvious misinformation in my posts.
        -Not a professional; an arrogant ignoramous.

        1 Reply Last reply Reply Quote 0
        • K
          keelingj
          last edited by

          When it crashes, all internet activity stalls for 3-5 minutes.  A colored bar appears on the Dashboard screen notifying me that a crash has occurred.  I click the Report button and it clears the alert.

          Running a fairly basic install: Snort and Squid3 configured as transparent web proxy.  Network topology is basic: cable modem on WAN and private IP range on LAN.

          This is the only interesting snippet from the crash log:

          Fatal trap 12: page fault while in kernel mode
          cpuid = 4; apic id = 08
          fault virtual address = 0xffff804000000000
          fault code = supervisor read data, page not present
          instruction pointer = 0x20:0xffffffff80f4397c
          stack pointer         = 0x28:0xfffffe00002c68b0
          frame pointer         = 0x28:0xfffffe00002c68c0
          code segment = base 0x0, limit 0xfffff, type 0x1b
          = DPL 0, pres 1, long 1, def32 0, gran 1
          processor eflags = interrupt enabled, resume, IOPL = 0
          current process = 12 (irq279: igb2:que 4)

          C2758 8-core Atom
          32GB ECC RAM
          100GB Intel DC S3700

          1 Reply Last reply Reply Quote 0
          • N
            Nullity
            last edited by

            @keelingj:

            When it crashes, all internet activity stalls for 3-5 minutes.  A colored bar appears on the Dashboard screen notifying me that a crash has occurred.  I click the Report button and it clears the alert.

            Running a fairly basic install: Snort and Squid3 configured as transparent web proxy.  Network topology is basic: cable modem on WAN and private IP range on LAN.

            If I were to guess, I would say this is more likely related to Snort or Squid.

            Please correct any obvious misinformation in my posts.
            -Not a professional; an arrogant ignoramous.

            1 Reply Last reply Reply Quote 0
            • K
              keelingj
              last edited by

              @Nullity:

              @keelingj:

              When it crashes, all internet activity stalls for 3-5 minutes.  A colored bar appears on the Dashboard screen notifying me that a crash has occurred.  I click the Report button and it clears the alert.

              Running a fairly basic install: Snort and Squid3 configured as transparent web proxy.  Network topology is basic: cable modem on WAN and private IP range on LAN.

              If I were to guess, I would say this is more likely related to Snort or Squid.

              Does this help?

              C2758 8-core Atom
              32GB ECC RAM
              100GB Intel DC S3700

              1 Reply Last reply Reply Quote 0
              • N
                Nullity
                last edited by

                Try removing "upper-limit" from the qInternet queue.

                Please correct any obvious misinformation in my posts.
                -Not a professional; an arrogant ignoramous.

                1 Reply Last reply Reply Quote 0
                • K
                  keelingj
                  last edited by

                  @Nullity:

                  Try removing "upper-limit" from the qInternet queue.

                  Done.  Seems odd there would be a config issue as I used the wizard.

                  C2758 8-core Atom
                  32GB ECC RAM
                  100GB Intel DC S3700

                  1 Reply Last reply Reply Quote 0
                  • K
                    keelingj
                    last edited by

                    OK, this isn't a viable workaround.  Disabling "upper-limit" allows heavy internet usage to saturate the uplink and cause ping spikes.

                    C2758 8-core Atom
                    32GB ECC RAM
                    100GB Intel DC S3700

                    1 Reply Last reply Reply Quote 0
                    • N
                      Nullity
                      last edited by

                      @keelingj:

                      OK, this isn't a viable workaround.  Disabling "upper-limit" allows heavy internet usage to saturate the uplink and cause ping spikes.

                      Setting upper-limit to the same value as the interface's "Bandwidth" param is redundant. Traffic passing through qInternet is rate-limited to "101Mbit" either way (according to your error message).

                      Please correct any obvious misinformation in my posts.
                      -Not a professional; an arrogant ignoramous.

                      1 Reply Last reply Reply Quote 0
                      • N
                        Nullity
                        last edited by

                        @keelingj:

                        OK, this isn't a viable workaround.  Disabling "upper-limit" allows heavy internet usage to saturate the uplink and cause ping spikes.

                        If you are not multi-LAN, qInternet is unneeded.

                        IIRC, qInternet is meant to separate intra-LAN traffic (in a multi-LAN setup) from LAN<->WAN (internet) traffic.

                        Please correct any obvious misinformation in my posts.
                        -Not a professional; an arrogant ignoramous.

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.