Netgate SG-1000 microFirewall

Author Topic: pfSense freezing with CBQ-shapers  (Read 2322 times)

0 Members and 1 Guest are viewing this topic.

Offline tman222

  • Jr. Member
  • **
  • Posts: 76
  • Karma: +11/-0
    • View Profile
Re: pfSense freezing with CBQ-shapers
« Reply #15 on: May 18, 2017, 08:27:46 pm »
I'm glad I came across this thread.  I have been having similar issues as those described here.  I setup Codel on the WAN interface and all LAN interfaces, including two VLAN's (which share one physical interface).  I also ran into trouble with intermittent freezing, followed by a crash and automatic reboot.  For me this mostly occurred during the upload portion of the speed test over at DSL Reports, but it also occurred from time to time during the traffic shaping setup, and usually when configuring one of the VLAN interfaces.  I originally thought that I maybe used bandwidth values that were too high, but even by changing those to lower the freeze ups still occurred.  What made the issue interesting is that the freeze ups did not occur each time the speed test was run or a bandwidth reconfiguration was done on the interfaces, it was a bit random.  The latest one occurred today and like some of the other posters here I had trouble getting getting pfSense to boot back up after that crash.  I feared that a complete reinstall might have been in order, but then after disconnecting all the interfaces except one of the LAN interfaces it finally booted back up and (thankfully) everything was fine (thank you to the OP for the suggestion to unplug the cables).

So it seems like the root cause of the instability might be related to enabling traffic shaping on VLAN's.  Has anyone been able to look into this some more as to why it might be occurring?  Is this a bug or is there an easy fix available?  In my case, the the VLAN's handle wireless traffic so I have the shaping disabled on them for now.  Perhaps I should not even have traffic shaping enabled on them in the first place?  In any case, hopefully I will see no more freeze up's going forward.   It would still be nice though to get this to work without freeze up's on VLAN's.  Thanks in advance for any advice and/or insight, I really appreciate it.

Offline putzomatic

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: pfSense freezing with CBQ-shapers
« Reply #16 on: May 19, 2017, 06:31:51 pm »
I am also having this issue on the May 18th build of 2.4.  I was previously on 2.3.4 and had no problems.  LAN interface is VLAN, traffic shaper enabled using wizard.  The only issue on 2.3.4 was that floating rules wouldn't trigger the shaper queues so I had to create a LAN rule in order for it to work, but no crashing.

The other day I figured I would try the 2.4 beta out since it seemed to be making progress, but immediately after updating, pfsense would crash about every 1-2 minutes after booting with the shaper enabled on the interfaces and if my LAN rule was  enabled that directs traffic to the shaper queues.  If I disable the shaper from the WAN and LAN (dont need to actually remove the shaper completely) interfaces and disable the LAN rule the system is stable.

Hardware info:
Supermircro C2578
8GB memory
Intel 256GB SSD

pfsense - 2.4.0-BETA (amd64)
built on Thu May 18 15:36:14 CDT 2017
FreeBSD 11.0-RELEASE-p10

I did not install pfsense with swap space so to my understanding I cannot save a crash dump.  Anyone know of a fix?  Otherwise I might have to go back to 2.3.4 until its resolved.

Thanks!

Offline Birke

  • Jr. Member
  • **
  • Posts: 75
  • Karma: +13/-0
    • View Profile
Re: pfSense freezing with CBQ-shapers
« Reply #17 on: May 22, 2017, 09:20:07 am »
i think the reason is something like this snort-problem:
Quote
Snort puts the interface it runs on in promiscuous mode, so this means it sees everything.  Snort uses libpcap to grab copies of the packets as they fly through the interface.  Snort is also positioned within the packet chain in such a way as to see data before the VLAN routing is applied.  So since the VLANs reside on your physical LAN interface, Snort is seeing the traffic as just coming from the LAN.

the shaper of the lan "sees" all packets too, like snort. that way a packet might get into two (different) shapers, the one of the vlan and the one of the lan. that might cause the errors.

has anyone tried only shapers on the vlans without shapers on the interface itself? if i'm right, that should work.

Offline putzomatic

  • Newbie
  • *
  • Posts: 3
  • Karma: +0/-0
    • View Profile
Re: pfSense freezing with CBQ-shapers
« Reply #18 on: May 22, 2017, 06:01:16 pm »
the shaper of the lan "sees" all packets too, like snort. that way a packet might get into two (different) shapers, the one of the vlan and the one of the lan. that might cause the errors.
has anyone tried only shapers on the vlans without shapers on the interface itself? if i'm right, that should work.

For me my LAN interface is actually a LAG group.  I could not apply the shaper to the interface without first creating a VLAN and assigning the LAN interface to the vlan of the LAG.
Im not sure if my issue is exactly the same though.  I have used the shaper wizard to set it up and its using HSFC queuing.  On 2.3.4 I had no issues with pfSense crashing but after updating to 2.4 I cant leave the shaper and shaper rules enabled without it crashing every 1-2 mins after pfSense starts up.  Bummer for sure.

Offline haaser

  • Newbie
  • *
  • Posts: 12
  • Karma: +0/-0
    • View Profile
Re: pfSense freezing with CBQ-shapers
« Reply #19 on: January 18, 2018, 11:55:45 pm »
Has anyone come up with a fix as this is still happening to me? I was modifying the traffic shaper tonight and the server crashed again. Seen this https://redmine.pfsense.org/issues/7351 on redmine and is they say its hardware. Is there a recommended network card that we should be using then or what as I am needing a fix or I am going to have to switch to fortigate.

Offline Chrismallia

  • Full Member
  • ***
  • Posts: 279
  • Karma: +23/-4
    • View Profile
Re: pfSense freezing with CBQ-shapers
« Reply #20 on: January 22, 2018, 08:54:15 am »
Has anyone come up with a fix as this is still happening to me? I was modifying the traffic shaper tonight and the server crashed again. Seen this https://redmine.pfsense.org/issues/7351 on redmine and is they say its hardware. Is there a recommended network card that we should be using then or what as I am needing a fix or I am going to have to switch to fortigate.

How are you setting up the shaper ? how does it crash ? does it crash while changing a setting?  you must share more info, and what NIcs are  you using? Intel are suggested

Offline stalks

  • Newbie
  • *
  • Posts: 9
  • Karma: +1/-0
    • View Profile
Re: pfSense freezing with CBQ-shapers
« Reply #21 on: February 18, 2018, 11:06:36 am »
Has anyone come up with a fix as this is still happening to me? I was modifying the traffic shaper tonight and the server crashed again. Seen this https://redmine.pfsense.org/issues/7351 on redmine and is they say its hardware. Is there a recommended network card that we should be using then or what as I am needing a fix or I am going to have to switch to fortigate.

How are you setting up the shaper ? how does it crash ? does it crash while changing a setting?  you must share more info, and what NIcs are  you using? Intel are suggested

I was trying to get this working on an Intel NUC, single NIC using VLANs. I import my config and the NUC hard froze, no kernel panic on-screen. I reboot and within a few seconds of boot, will freeze. I then disabled the shaper in the config and re-imported and can reproduce a hard crash by enabling the shaper.

Intel NUC, Intel (em) NIC, em0=LAN, em0.100=WAN, CBQ shapers

So I moved on to using a Dell Optiplex 380 (Core 2 Duo) single NIC. On importing the config, I get a spam of text on-screen. I had to take a video as a photo would show unreadable overlapping text.



See the short video at https://youtu.be/-LcRSjzZLt4

My pfSense box at the time was a Xen PVM with Intel emulated NICs bridged to VLANs on the host. So pfSense itself wasn't aware that it was on VLANs. However every few days either the WAN/LAN would stop receiving traffic. ifconfig <nic> down then up would bring it back up, so I was determined to get this working on a physical host. Worth noting that my venture into traffic shaping is recent and the Xen HVM setup has been working fine for a couple of years.

My next try was the same Optiplex 380, with an Intel PCI-E dual-NIC card. Now with no VLANs, instead using the switch to do the VLAN'ing. Touch wood, I've had no issues for 7 hours, time will tell if its stable.

So to summarise:

Xen PVM with CBQ: unstable
Intel NUC CBQ & VLAN: unstable
Optiplex 380 CBQ & VLAN: unstable
Optiplex 380 CBQ no VLAN: stable -- so far.

I'm beginning to think that maybe the whole ALTQ portion of FreeBSD needs to be avoided. I even tried OPNSense in desperation, and whilst it worked, without ALTQ queues the QoS just isn't nearly as good. Now working again on pfSense, and I hope it stays stable.
« Last Edit: February 18, 2018, 11:09:37 am by stalks »