Hi, I run pfSense as my firewall + load balancer. I run a website which is a high-traffic website. Sometimes I have 1000 to 2000 concurrent connections on my sites. Under heavy load, i see that some clients encounter timeouts or connection drops. Also, i have noticed that during those times, sometime the sync to firewall2 also doesn't happen and the error is logged.
I have a 15Mbps internet link burstable to 30Mbps which is usually between 10-15Mbps utilization. My State table size is upped to 100000. My webserver is optimized and most of the content is served from CDNs, only dynamic content comes to me. I tried adding more servers to the farm but doesn't help. I have checked the following links... http://www.pfsense.org/index.php?option=com_content&task=view&id=52&Itemid=49 http://forum.pfsense.org/index.php/topic,14208.0.html 1. What are the steps to not let timeouts happen? 2. Should I change Firewall Optimization Options? 3. How to run a high-volume traffic on pfSense? 4. Is the network getting blocked on the NIC (how to check this)? Info about the pfSense box.... Version 1.2.3-RELEASE built on Sun Dec 6 23:21:36 EST 2009 State table size 48940/100000 Firewall Optimization Options - Normal Hardware details.......... Handle 0x0011, DMI type 8, 9 bytes Port Connector Information Internal Reference Designator: J8A1 - NIC 1 Internal Connector Type: None External Reference Designator: NIC 1 External Connector Type: RJ-45 Port Type: Network Port Handle 0x0012, DMI type 8, 9 bytes Port Connector Information Internal Reference Designator: J8A1 - NIC 2 Internal Connector Type: None External Reference Designator: NIC 2 External Connector Type: RJ-45 Port Type: Network Port Handle 0x0013, DMI type 8, 9 bytes Port Connector Information Internal Reference Designator: J7A2 - NIC 3 Internal Connector Type: None External Reference Designator: NIC 3 External Connector Type: RJ-45 Port Type: Network Port Handle 0x0014, DMI type 8, 9 bytes Port Connector Information Internal Reference Designator: J7A2 - NIC 4 Internal Connector Type: None External Reference Designator: NIC 4 External Connector Type: RJ-45 Port Type: Network Port Handle 0x0015, DMI type 8, 9 bytes Port Connector Information Internal Reference Designator: J6A1 - NIC 5 Internal Connector Type: None External Reference Designator: NIC 5 External Connector Type: RJ-45 Port Type: Network Port OR igb0@pci0:3:0:0: class=0x020000 card=0x34f28086 chip=0x10c98086 rev=0x01 hdr=0x00 class = network subclass = ethernet igb1@pci0:3:0:1: class=0x020000 card=0x34f28086 chip=0x10c98086 rev=0x01 hdr=0x00 class = network subclass = ethernet igb2@pci0:6:0:0: class=0x020000 card=0x34f28086 chip=0x10c98086 rev=0x01 hdr=0x00 class = network subclass = ethernet igb3@pci0:6:0:1: class=0x020000 card=0x34f28086 chip=0x10c98086 rev=0x01 hdr=0x00 class = network subclass = ethernet em0@pci0:12:0:0: class=0x020000 card=0x34f28086 chip=0x10d38086 rev=0x00 hdr=0x00 class = network subclass = ethernet Thanks. ShiB. while ( ! ( succeed = try() ) );
