The pfSense Store

Author Topic: bandwidthd always promiscuous?  (Read 2132 times)

0 Members and 1 Guest are viewing this topic.

Offline Pootle

  • Full Member
  • ***
  • Posts: 114
    • View Profile
bandwidthd always promiscuous?
« on: March 18, 2007, 05:02:07 am »
Thought I'd have a go with bandwidthd, to keep an eye on things, but whenever I install, then copy a file from my fileserver, CPU on pfSense hits the roof even though it has no part in the traffic ???

Note: I am running pfSense in a VM (VMWare server) on the fileserver box, the LAN interface (that I have asked bandwidthd to monitor) is bridged straight to the internal LAN that the fileserver is using.

Apart from this small  ;) problem, it behaves fine.
 

Offline bsider

  • Newbie
  • *
  • Posts: 15
    • View Profile
Re: bandwidthd always promiscuous?
« Reply #1 on: April 05, 2007, 03:39:24 am »
i noticed that too
p.s. using exactly the same configuration

Offline hoba

  • Administrator
  • Hero Member
  • *****
  • Posts: 5837
  • What was the problem to this solution again?
    • View Profile
    • pfSense
Re: bandwidthd always promiscuous?
« Reply #2 on: April 05, 2007, 04:31:08 am »
I think this is a vmware problem. Networkperformance of vmware is not that good and running an interface in promiscous mode will add additional load.

Offline Pootle

  • Full Member
  • ***
  • Posts: 114
    • View Profile
Re: bandwidthd always promiscuous?
« Reply #3 on: April 05, 2007, 04:35:50 am »
I think this is a vmware problem. Networkperformance of vmware is not that good and running an interface in promiscous mode will add additional load.
Hoba, the VMWare load I understand, I was just surprised that monitoing the traffic that hit pfsense from the LAN (not all traffic on the network) set the interface into promiscuous mode.  The VMware hit for broadband levels of traffic is trivial, going promiscuous on a busy Gb LAN is a problem!

Online cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6322
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: bandwidthd always promiscuous?
« Reply #4 on: April 07, 2007, 02:43:46 pm »
Thought I'd have a go with bandwidthd, to keep an eye on things, but whenever I install, then copy a file from my fileserver, CPU on pfSense hits the roof even though it has no part in the traffic ???

Because in promiscuous mode it's going to see that file server traffic (assuming it's another VM on the same segment) because all VM's on a segment act like a hub. You're pegging the box because it's seeing and monitoring all that traffic.

bandwidthd may require promiscuous mode to function, though it would be worth investigating if that's really required if someone cares to do so.

Offline sullrich

  • Hero Member
  • *****
  • Posts: 5110
    • View Profile
    • pfSense
Re: bandwidthd always promiscuous?
« Reply #5 on: April 07, 2007, 03:15:10 pm »
It is required unfortunately.

Online cmb

  • Administrator
  • Hero Member
  • *****
  • Posts: 6322
    • LinkedIn
    • Twitter
    • View Profile
    • Chris Buechler
Re: bandwidthd always promiscuous?
« Reply #6 on: April 07, 2007, 07:59:33 pm »
It's not that big of a deal. It'll only happen if you:

1) Use a hub - Seriously, nobody should ever be using hubs anymore unless they actually do want to see all traffic.
2) Use VM's on the same segment - putting your firewall on a separate VM network should be feasible and fix this
3) have your firewall on a SPAN port - don't do that.