Show Posts
1
24.7 Production Series / pfsync in HA setup leads to regular tcp stalls
« on: November 11, 2024, 04:38:46 pm »
Hi,
I am seeing the following issue:
"longer" tcp connections stall every one in n-th try.
I can reproduce this by running a while loop on the firewall itself that uses curl to get a 500mb file.
When the current download rate slowly drops to 0 and never recovers i have reproduced the issue.
All devices "behind" this setup are affected, larger downloads sometimes fail, docker image pulls have high chance of failure.
When I switch off pfsync the issue is resolved.
The firewall rule on the sync interface allows all traffic.
Pfsync is configured according to https://docs.opnsense.org/manual/how-tos/carp.html
a) can anybody reproduce?
b) is this a bug?
Martin
Update: I can reproduce this on two freshly installed 24.7.8 firewalls. Running the curl loop on both at the same time leads to stalls rather quickly.
Update2: I setup the same on two pfsense 2.7.2 firewalls. This does not reproduce the issue.
I am seeing the following issue:
"longer" tcp connections stall every one in n-th try.
I can reproduce this by running a while loop on the firewall itself that uses curl to get a 500mb file.
When the current download rate slowly drops to 0 and never recovers i have reproduced the issue.
All devices "behind" this setup are affected, larger downloads sometimes fail, docker image pulls have high chance of failure.
When I switch off pfsync the issue is resolved.
The firewall rule on the sync interface allows all traffic.
Pfsync is configured according to https://docs.opnsense.org/manual/how-tos/carp.html
a) can anybody reproduce?
b) is this a bug?
Martin
Update: I can reproduce this on two freshly installed 24.7.8 firewalls. Running the curl loop on both at the same time leads to stalls rather quickly.
Update2: I setup the same on two pfsense 2.7.2 firewalls. This does not reproduce the issue.