Stalling HTTP downloads after upgrade to 21

Started by floek, February 06, 2021, 03:40:24 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
February 06, 2021, 03:40:24 PM
Hi folks,

I'm using opnsense in a virtual environment (xcp-ng / xenserver) with static ip addresses. I recently upgraded to v21 and now I see stalling downloads on my vms. The download rate is falling to zero after some megabytes. After some debugging, I can reproduce this even via curl on the ssh shell of opnsense. The Firewall VM is bridged to an interface (simple 1G Ethernet), which is connected with rfc1918 ips to a router with public ips. On the router the curl is working.

If have no special filtering of IDS running. Just simple packet filters and nat.
When I capture the packets with Wireshark I get many TCP retransmissions and TCP out of order messages.

TCP Offload Engines are turned off.

Can you help me?

Thanks,
floek
February 06, 2021, 04:13:49 PM #1
Hi again,

as I also upgraded my xcp-ng installation, I found an issue which may be related:
https://xcp-ng.org/forum/topic/3774/poor-pfsense-wan-speeds-after-xcp-ng-updates/151

Maybe it's a Xen issue and not a opnsense problem.

floek
February 06, 2021, 07:25:02 PM #2
Have you installed the xen plugin for opensense?
This will enable monitoring of cpu/memory/network via the xcp-ng centre program (under windows only, yuk)
February 06, 2021, 07:52:38 PM #3
@aimdev thanks, I've got Xen integration already running.

There seems to be a problem with a Xen patch to fix the issue xsa-332 (https://xenbits.xen.org/xsa/advisory-332.html) and BSD systems, like opnsense. The xcp-ng guys provided a kernel without this patch, which fixed my issue for now. I' have to wait for a final fix.
Print
Go Up Pages1
User actions