Re: [pfSense Support] snort issue w/ memory
No such luck Scott - if it helps - you guys had us (via paid support) upgrade to the rc version due to BGP implementation On Nov 7, 2009, at 1:05 PM, Scott Ullrich wrote: On Fri, Nov 6, 2009 at 10:57 PM, Glenn Kelley wrote: Grace and Peace Friends: In Snort we are seeing the following: Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to allocate 74957108 bytes) in /usr/local/pkg/snort.inc on line 1488 When we attempt to see if there are any ip addresses being blocked. This is a bit annoying - any suggestions? This should be resolved. Reinstall your package 15 minutes after this message (1:05PM EDT Saturday). Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] snort issue w/ memory
On Sat, Nov 7, 2009 at 9:53 PM, Glenn Kelley wrote: > No such luck > > Scott - if it helps - you guys had us (via paid support) upgrade to the rc > version due to BGP implementation Thanks, I will forward this to the snort maintainer. Maybe he can help. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] snort issue w/ memory
How is that for open source support! You guys rock. On Sat, Nov 7, 2009 at 10:05 AM, Scott Ullrich wrote: > On Fri, Nov 6, 2009 at 10:57 PM, Glenn Kelley wrote: >> Grace and Peace Friends: >> In Snort we are seeing the following: >> Fatal error: Allowed memory size of 33554432 bytes exhausted (tried to >> allocate 74957108 bytes) in /usr/local/pkg/snort.inc on line 1488 >> When we attempt to see if there are any ip addresses being blocked. >> This is a bit annoying - any suggestions? > > This should be resolved. Reinstall your package 15 minutes after > this message (1:05PM EDT Saturday). > > Scott > > - > To unsubscribe, e-mail: support-unsubscr...@pfsense.com > For additional commands, e-mail: support-h...@pfsense.com > > Commercial support available - https://portal.pfsense.org > > - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] snort issue w/ memory
On Sat, Nov 7, 2009 at 9:53 PM, Glenn Kelley wrote: > No such luck > > Scott - if it helps - you guys had us (via paid support) upgrade to the rc > version due to BGP implementation BTW: did the error message change after reinstalling the package with my changes? Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] snort issue w/ memory
Any clue how to remove an ip that is blocked w/o having the gui ? We uninstalled but still have some IP's blocked - Reinstalled - same thing On Nov 8, 2009, at 2:05 PM, Scott Ullrich wrote: On Sat, Nov 7, 2009 at 9:53 PM, Glenn Kelley wrote: No such luck Scott - if it helps - you guys had us (via paid support) upgrade to the rc version due to BGP implementation Thanks, I will forward this to the snort maintainer. Maybe he can help. Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] snort issue w/ memory
On Sun, Nov 8, 2009 at 5:39 PM, Glenn Kelley wrote: > Any clue how to remove an ip that is blocked w/o having the gui ? > We uninstalled but still have some IP's blocked - > Reinstalled - same thing Try /usr/local/sbin/expiretable -v -t 1 virusprot Scott - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] throughput, haproxy
Seth Mos wrote: Lenny schreef: But I would really like to ask again, as this is very important: will replacing the PCI-X NIC with PCI-e one give some boost in performance? Unlikely, there is little reason to switch. The theoretical bandwidth cases are not too helpful. The intel dual port pci-e cards are x4 ~ (4 * 250MB/s) The intel dual port pci-x card is 64bit 133 mhz is ~ 1000MB/s So, no you are not likely to see any improvement. If any, I suspect it's more of a chipset thing. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org You're kind of taking this last hope from me:) Then what are the options for someone who has traffic more than pfSense can take? For a example, a streamer with packet length of 1840 and 50kpps, that's 700Mb. Is there a possibility of some sort of pfSense cluster? Because as far as I understand, I have one of the fastest CPUs on the market, not counting the i7 and I still can't pass more than 50kpps with a packet length of 600, and that's just image files. Thanks, Lenny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] throughput, haproxy
From: "Lenny" Sent: Sunday, November 08, 2009 1:38 AM Seth Mos wrote: Lenny schreef: But I would really like to ask again, as this is very important: will replacing the PCI-X NIC with PCI-e one give some boost in performance? Unlikely, there is little reason to switch. The theoretical bandwidth cases are not too helpful. The intel dual port pci-e cards are x4 ~ (4 * 250MB/s) The intel dual port pci-x card is 64bit 133 mhz is ~ 1000MB/s So, no you are not likely to see any improvement. If any, I suspect it's more of a chipset thing. Regards, Seth - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org You're kind of taking this last hope from me:) Then what are the options for someone who has traffic more than pfSense can take? For a example, a streamer with packet length of 1840 and 50kpps, that's 700Mb. Is there a possibility of some sort of pfSense cluster? Because as far as I understand, I have one of the fastest CPUs on the market, not counting the i7 and I still can't pass more than 50kpps with a packet length of 600, and that's just image files. Thanks, Lenny. Lenny, now I am experimenting a lot trying to find out why sometimes when there is heavy load CARP-master switches to stand-by and never comes back. I know this problem is different from yours but look at the performance I get on pretty old hardware. UDP-stream generator > pfSense CARP cluster on HP DL360 G3 -> receiver This from receiver: [ ID] Interval Transfer Bandwidth Jitter Lost/Total Datagrams [ 4] 350.0-360.0 sec 1.05 GBytes903 Mbits/sec 0.013 ms 12/767479 (0.0016%) [ ID] Interval Transfer Bandwidth Jitter Lost/Total Datagrams [ 4] 360.0-370.0 sec 1.05 GBytes902 Mbits/sec 0.013 ms 334/767174 (0.044%) [ ID] Interval Transfer Bandwidth Jitter Lost/Total Datagrams [ 4] 370.0-380.0 sec 1.05 GBytes901 Mbits/sec 0.013 ms8/766545 (0.001%) [ ID] Interval Transfer Bandwidth Jitter Lost/Total Datagrams [ 4] 380.0-390.0 sec 1.05 GBytes903 Mbits/sec 0.015 ms 19/767586 (0.0025%) This is on pfSense: last pid: 44303; load averages: 0.08, 0.02, 0.00 up 3+07:30:11 23:14:56 89 processes: 6 running, 66 sleeping, 17 waiting CPU: 0.1% user, 0.0% nice, 0.2% system, 15.7% interrupt, 83.9% idle Mem: 44M Active, 10M Inact, 39M Wired, 76K Cache, 17M Buf, 1906M Free Swap: 4096M Total, 4096M Free PID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU COMMAND 13 root1 171 ki31 0K 8K CPU1 1 79.3H 100.00% idle: cpu1 11 root1 171 ki31 0K 8K CPU3 3 79.3H 100.00% idle: cpu3 12 root1 171 ki31 0K 8K RUN2 79.1H 100.00% idle: cpu2 40 root1 -68- 0K 8K CPU0 0 30:17 54.20% irq30: bge1 14 root1 171 ki31 0K 8K RUN0 78.6H 41.06% idle: cpu0 39 root1 -68- 0K 8K WAIT 0 18:12 4.05% irq28: bge0 ... and it results in approximately 76kpps. And this is pretty old HP DL360 G3 with Broadcom NICs. There must be some mystery in your set up. Your system MUST perform better. Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] throughput, haproxy
Evgeny Yurchenko wrote: Then what are the options for someone who has traffic more than pfSense can take? For a example, a streamer with packet length of 1840 and 50kpps, that's 700Mb. Is there a possibility of some sort of pfSense cluster? Because as far as I understand, I have one of the fastest CPUs on the market, not counting the i7 and I still can't pass more than 50kpps with a packet length of 600, and that's just image files. Thanks, Lenny. Lenny, now I am experimenting a lot trying to find out why sometimes when there is heavy load CARP-master switches to stand-by and never comes back. I know this problem is different from yours but look at the performance I get on pretty old hardware. UDP-stream generator > pfSense CARP cluster on HP DL360 G3 -> receiver This from receiver: [ ID] Interval Transfer Bandwidth Jitter Lost/Total Datagrams [ 4] 350.0-360.0 sec 1.05 GBytes903 Mbits/sec 0.013 ms 12/767479 (0.0016%) [ ID] Interval Transfer Bandwidth Jitter Lost/Total Datagrams [ 4] 360.0-370.0 sec 1.05 GBytes902 Mbits/sec 0.013 ms 334/767174 (0.044%) [ ID] Interval Transfer Bandwidth Jitter Lost/Total Datagrams [ 4] 370.0-380.0 sec 1.05 GBytes901 Mbits/sec 0.013 ms 8/766545 (0.001%) [ ID] Interval Transfer Bandwidth Jitter Lost/Total Datagrams [ 4] 380.0-390.0 sec 1.05 GBytes903 Mbits/sec 0.015 ms 19/767586 (0.0025%) This is on pfSense: last pid: 44303; load averages: 0.08, 0.02, 0.00 up 3+07:30:11 23:14:56 89 processes: 6 running, 66 sleeping, 17 waiting CPU: 0.1% user, 0.0% nice, 0.2% system, 15.7% interrupt, 83.9% idle Mem: 44M Active, 10M Inact, 39M Wired, 76K Cache, 17M Buf, 1906M Free Swap: 4096M Total, 4096M Free PID USERNAME THR PRI NICE SIZERES STATE C TIME WCPU COMMAND 13 root1 171 ki31 0K 8K CPU1 1 79.3H 100.00% idle: cpu1 11 root1 171 ki31 0K 8K CPU3 3 79.3H 100.00% idle: cpu3 12 root1 171 ki31 0K 8K RUN2 79.1H 100.00% idle: cpu2 40 root1 -68- 0K 8K CPU0 0 30:17 54.20% irq30: bge1 14 root1 171 ki31 0K 8K RUN0 78.6H 41.06% idle: cpu0 39 root1 -68- 0K 8K WAIT 0 18:12 4.05% irq28: bge0 ... and it results in approximately 76kpps. And this is pretty old HP DL360 G3 with Broadcom NICs. There must be some mystery in your set up. Your system MUST perform better. Evgeny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org Evgeny, Now I'm totally lost:( I had this long thread this year on this issue here and eventually the only thing the guys could advise me is to buy a newer server. I did. And while I do see an improvement in performance (it's about twice it was before) I'm still nowhere near what you have. I realize that your traffic is lab UDP and mine is production TCP, so let's say you'd get half of that in production, but then still - you're only on 54% CPU. By the way, how come your second NIC is only loading the CPU 4%? Shouldn't it be pretty much like the first one? It's what I have. I'm ready to show you my config/diagrams/whatever, but I need this issue resolved. Please? Lenny. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
[pfSense Support] Sticky Connections
I'm running 1.2.3-rc3, load balancing two connections (MultiWAN, NAT mode) shortly after enabling Sticky Connections I notice problems making connections. Looking through the lists this appears to be a known issue. Is there a workaround or is there any case where this does work or do I have something misconfigured? - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
Re: [pfSense Support] Sticky Connections
On Mon, Nov 9, 2009 at 1:48 AM, Dave Warren wrote: > I'm running 1.2.3-rc3, load balancing two connections (MultiWAN, NAT > mode) shortly after enabling Sticky Connections I notice problems making > connections. > > Looking through the lists this appears to be a known issue. Is there a > workaround or is there any case where this does work or do I have > something misconfigured? > Don't use it with multi-WAN, it only works for server load balancing. - To unsubscribe, e-mail: support-unsubscr...@pfsense.com For additional commands, e-mail: support-h...@pfsense.com Commercial support available - https://portal.pfsense.org
