States – Crashing PfSense



  • It seems that if someone has P2P applications etc open, or when the state table is around the 3000 Mark (usually sits between 80 and 600) the internet will go down for everyone.

    The webConfigurator goes down, but the direct console seems to work OK.

    restarting the webConfigurator doesn't fix it, u have to reboot the whole machine.

    Anyone have any suggestions? Maybe u can clear the states via direct input. It's Beta2 running on A Dell Poweredge something,

    2 x 500Mhz PIII processors
    256MB Registered SDRAM
    6GB HDD.

    We're running Dual WAN (2Mbit on the 3Com Card, 1Mbit on the SiS 900 Card, LAn on the Intel Pro Server Card) It has been up and running before for months at a time, and I've had P2P working properly before.
    ??? ???



  • Please upgrade to beta3 an report back. In case you are using the loadbalancing feature you should delete the pool and rebuild it with the beta3 gui. There were several loadbalancer fixes.



  • OK, I shall try at my earliest oppertunity to upgraded, I wanted to be sure that there were changes in beta 3 that might fix it, load balanacer is in use, and thus I'll try, (Is there an Upgrade option, or is it a clean install and then use the backup config?)



  • Get the beta3-fullupdate-file from one of the mirrors and feed it to the webgui at system>firmware, manual firmware update. It will reboot after it applied the update. After that apply the small hotfix the same way that can be found at the mirrors as well (this fixes two bugs that were found shortly after beta3 was released). After these steps delete your loadbalancer pool and rebuild it from the beta3 webgui as there were some changes behind the scenes.



  • ???

    I've upgraded, and still having problems.

    Today it's "crashed" about 4 times, but after about 10 minutes it comes back, as though nothing ever happened.

    There is are about 501  states, I increased it to 12,000 by default..

    Memory usage is at 14% at the moment.
    CPU usage is 1%

    Again it's a dual 500mhz PIII system with 256MB Registered SDRAM.

    the weird thing about this is that it comes back, but when it's gone I can't even open the web configurator.

    The only thing in the system log are loads of these messages:

    Apr 24 10:23:39 last message repeated 5 times
    Apr 24 10:20:12 slbd[292]: Service changed status, reloading filter policy



  • If you have loads of those messages then your load balancing is not configured correctly.  Double check the monitor IP's.



  • Ok, that makes sense because we only seem to go out on one line..

    what should the monitor IP be? our Static IP from the Internet, or something like google.com I read it has to be 1hop to work..

    We have two lines like this

    ISP1 StaticIP –---- Netgear DG834V1 ------------->PfSense (OPT1)

    ISP2 StaticIP ------ Netgear DG834V2 ------------->PfSense (WAN)



  • http://forum.pfsense.org/index.php?topic=1049.0

    I jsut read that, and I've fixed the load balancer, one uses Google's IP address, the other a short hop of one of our ISP's server, still wonder if our own static IP would work or not.

    anyway, whatismyip.com now changes when I refresh it, and I'll see if the crashing continue's tomorrow..



  • best you put on only 1 wan cable
    and test with a pc a trace route to www.google.com
    the adress you get as first afther youre router is the monitor adress
    now disconect that wan
    and put the ather wan online
    test agian
    you take now a difrent route
    find the first hop adress and use that as a monitoradress for the second wan



  • @smeg9:

    Today it's "crashed" about 4 times, but after about 10 minutes it comes back, as though nothing ever happened.

    There is are about 501  states, I increased it to 12,000 by default..

    Each state eats about 1KByte of ram (this has been covered elsewhere, forum, ML, etc) the default of 10K is the pf default, we don't change it as it's good for our small platforms (64M).  My work machines all run with 128K states, I'm going to raise that on my next upgrade to 256K.  I've seen some of my machines approach (and hit in a few cases) the 128K state table limit.  Your issue is certainly not with PF.

    @smeg9:

    Again it's a dual 500mhz PIII system with 256MB Registered SDRAM.

    p2p is a state hog, with those machine specs, I'd raise the state table size to at least 64K, probably to as much as 128K depending on what packages I had installed (ntop is a memory hog for instance).

    –Bill



  • Alright I'll raise the states…  ;D

    The Load Balancer is working now I've done the Monitor IP address things, and so far the net hasn't gone down. Thankfully.

    I love the new RRD graphs in Beta3  ;)

    I still get these messages though.

    slbd[11921]: Service changed status, reloading filter policy

    And I got (some time in the early hours of the morning)

    Apr 26 04:47:26 php: : There were error(s) loading the rules: - The line in question reads []:
    Apr 26 04:47:26 kernel: pool_ticket: 993769 != 993770

    So I'm still not sure what's going wrong, but hey, the internet seems to be working!!


Log in to reply