OPNsense Forum

Archive => 17.7 Legacy Series => Topic started by: romando on July 24, 2017, 03:42:49 pm

Title: Packet loss
Post by: romando on July 24, 2017, 03:42:49 pm
I have four interface 1(xn0) lan and 3 wan(xn1,xn2,xn3) with load balancing. Problem is frequently packet(http request) arrive on xn0 and nothing see on xn1, xn2, xn3, traffic may stuck from few seconds to several minutes and more, besides icmp is work all time. Maybe anyone know solution to resolv this?
Title: Re: Packet loss
Post by: franco on July 24, 2017, 06:31:28 pm
Xen + FreeBSD is difficult, try to disable all offloading on the host system into OPNsense, that may help.
Title: Re: Packet loss
Post by: romando on July 24, 2017, 07:56:19 pm
Thanks, but offloading is off. It worked almost two month on stable and few days on rc or problem be not so serious to be found or never exist, but now is a nightmare. And if I do states reset in firewall section this solve issue for a while. You really think this is xen issue?
I try revert to stable to see difference.
Title: Re: Packet loss
Post by: franco on July 25, 2017, 06:30:58 pm
Hi romando,

No, don't think it's Xen with the broader context that you have given.

Did this start to happen with a specific version?

17.7-RC is not different in kernel from latest 17.1 at all, so I'd rule out a base system change.

Is this true for all routing / forwarding? Or just specifics? Is there enough RAM or states available to handle your traffic? The box max start overflowing connections because it can't track all of them as your network grows.


Cheers,
Franco
Title: Re: Packet loss
Post by: romando on July 25, 2017, 09:53:00 pm
Hi franco,

It worked fine on 17.1.x, troubles started after few days when I switch to devel version from 17.1.9.
I checked only TCP(80,443) and ICMP. ICMP worked all time and all direction with no issue. Packets with issue is LAN to of any WANs interfaces, LAN to DMZ worked, so routed traffic been fine.

RAM enought, and I never seen is any of others params more than ~10%.

Which num of users in theory can handle opnsense? I have from 100 to 250 working emploers(browsing some sites all days  :) ), not to much I think.

Now I reverted to 17.1.10(recreate VM and restore config) and almost day not seeing none of the same problems.
Maybe tomorow I update to RC again and see what things happen.
Title: Re: Packet loss
Post by: romando on August 01, 2017, 11:56:29 am
So, I try to update to 17.7 from 17.1.11 again, and after a half day have the same problem.