Netgate Store

Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Messages - muppet

Pages: [1] 2 3 4
1
When it's frozen, what happens if you do a ifconfig down of the WAN interface, then ifconfig up?

Also is there anything here that's relevant?

2
General Questions / Re: ESXI VM shutting down by itself
« on: May 06, 2018, 07:46:49 pm »
What do the logs show you, any reason for the shutdown being logged?
Have you maybe put something in cron?
Or installed a UPS addon and it's triggering?

3
Installation and Upgrades / Re: Can't access Internet!
« on: May 06, 2018, 01:22:23 pm »
You don't mention anything about how you've set it up, but if it's virtualised and you haven't turned off hardware offload, then that's probably the problem.

4
General Questions / Re: Error Message--CPU0: local APIC error 0x2
« on: May 05, 2018, 04:35:37 pm »
If you're unsure what SSH is, I suspect the other concepts required to understand and use pfSense will just confuse and annoy you.

I know what you're saying with regards to being new, but there are lots of tutorials for how to learn/understand linux/freebsd.  Jumping straight into pfSense wouldn't be the place I'd start :-)

It may be worth investing the few $ to get access to the pfSense portal/book, which will help hold you hand.

5
General Questions / Re: Error Message--CPU0: local APIC error 0x2
« on: May 05, 2018, 02:48:41 pm »
SSH to your firewall.
Login
Press 8 to get a shell
run "vi /boot/device.hints"

add the line
hint.apic.0.disabled="1"
to the bottom of the file.

Given that you have trouble with the Unix very basics, I suspect you might not know how to use vi either, so you probably want to read up a basic "how to use the vi editor" before you attempt this.

Your question is so simple that I suspect that's why you've been ignored, a simple google search for "edit freebsd device.hints" turns up this as the very first page.

6
Edit: The post is incorrect, see below.


What filesystem is your pfSense box?
If you picked ZFS it's probably always writing out to the journal.

7
Firewalling / Re: Proxmox and securing host
« on: April 16, 2018, 04:10:43 pm »
Well it's up to you really.
I have the same setup, Proxmox with a pfSense guest and that guest gives me my Internet access.
I haven't bothered to do anything else to secure the Proxmox box.

My thinking is that vmbr0 has only two connections in it, the physical port on my KVM box and the WAN port of pfSense.  It has no listening IP or Layer3 connectivity, so I don't see how the network could really be placed at risk.  Of course if I accidentally put an IP address on that vmbr0 then it could be, but I have PPPoE over the top anyway so there's still an additional layer of no-access.

Really it's up to you.  If your network is very critical and security is a A1+ must, then most people would suggest a seperate physical firewall for proper isolation.  However if like me you're a home setup then I think you'll be fine as long as you keep a tight reign on your firewall rules.

8
Thanks KOM, I have created a ticket here.
I fully expect to get shouted at though :)

Thanks for your help.

9
Why not try 2.4.3?  It's 2 patch releases ahead and has more FreeBSD patches in it...

10
OK so I finally got the time this weekend with the kids asleep to install pfSense 2.4.2 (I can't find a way to load -P1 but it doesn't matter)

And with the same config/QoS config, I get the following results (repeatable every time)

pfSense 2.4.2 - Speedtest 92Mb/s Down, 18Mb/s Up
pfsense 2.4.3 - Speedtest 49Mb/s Down, 18Mb/s Up

Both of those are with the same FAIRQ configuration.

So there appears to be some sort of performance regression between 2.4.2 and 2.4.3.  What can I do to diagnose this further?  I'd log a ticket on Redmine but I can't actually point to a bug and "It's different between versions" isn't something any sane develop can work with.

Does anyone have any suggestions for how to debug this further so can we can bisect it to a FreeBSD or pfSense patch?

11
Hardware is a Intel(R) Core(TM) i5-5250U CPU.  pfSense is one of two VM's on a Proxmox (kvm) host, cpu type is Host.  pfSense is allocated a Gig of memory and using ~25% of that.  PTI is turned off, both in the pfSense guest and the vm host. The only extra packages I use are openvpn-export and Avahi.

I have allocated it 2 CPUs in Proxmox, so really it's probably getting a single core with Hyperthreading turned on.

I can see the old pfSense v2.4.2 but is there a way to get the -P1 I was originally using?  I assume if I install 2.4.2 and then do an upgrade I'll go to 2.4.3, not -P1?

I think I have an old vm backup somewhere, but would be good to reinstall from proper image.

12
So I've done some more testing - can anyone smarter than me tell me if the below shows that my 2 x vCPUs are being pegged here?

Code: [Select]

  PID USERNAME   PRI NICE   SIZE    RES STATE   C   TIME    WCPU COMMAND
   11 root       155 ki31     0K    32K CPU1    1 291.7H  55.16% [idle{idle: cpu1}]
   11 root       155 ki31     0K    32K RUN     0 290.1H  50.37% [idle{idle: cpu0}]
   12 root       -92    -     0K   400K WAIT    0 213:36  48.55% [intr{irq261: virtio_pci2}]
   12 root       -92    -     0K   400K WAIT    1 148:00  43.18% [intr{irq264: virtio_pci3}]

That's running a 100Mb/s iperf that only gets ~50-70Mb/s with FAIRQ turned on.

With it off:

Code: [Select]
  PID USERNAME   PRI NICE   SIZE    RES STATE   C   TIME    WCPU COMMAND
   11 root       155 ki31     0K    32K CPU1    1 291.7H  91.36% [idle{idle: cpu1}]
   11 root       155 ki31     0K    32K RUN     0 290.1H  87.53% [idle{idle: cpu0}]
   12 root       -92    -     0K   400K WAIT    0 215:07  11.89% [intr{irq261: virtio_pci2}]
   12 root       -92    -     0K   400K WAIT    1 149:20   8.10% [intr{irq264: virtio_pci3}]

That to me says that I'm CPU bound in the first example

Can someone confirm/deny this for me please :)

13
You disabled offload in the Advanced Tab as suggested?

14
Yea, I'll see if I can dig out some actual hardware to try it on.
It's just the old thing of it was working on 2.4.2-P1.
I know because that was the first pfSense version I've deployed and I did extensive testing to make sure my QoS was working correctly and with excellent performance, and it was!
And then after 2.4.3 I suddenly have this bad performance problem.
I agree though, it's possible it's a hypervisor issue or a hardware issue that's crept in somewhere.

Thanks for your help.

15
I've done a lot more testing and something is definetly amiss, but it might be a problem of mine.
I am running pfSense virtualised on Proxmox.

When I run a single iperf stream from an external host into my network with no traffic queues configured (i.e. unticked on WAN/LAN) then I get a good 94-95 Mb/s
When I tick them, regardless of PRIQ or FAIRQ, that drops to about 60-70Mb/s, but the WAN interface still records it's getting 100Mb/s.

I will have to do some more digging, but for the moment it looks like maybe my CPU is being pegged harder (though both pfsense and proxmox show only 50% CPU is being used when a queue is active, but only 15% when one isn't)

Is there a way to download 2.4.2-P1 so I can go back and forth and test?

Pages: [1] 2 3 4