Actions
Bug #14693
open
Filter reload with NAT reflection rules is extremely slow
Status:
New
Priority:
Normal
Assignee:
-
Category:
NAT Reflection
Target version:
-
Start date:
Due date:
% Done:
0%
Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.7.0
Affected Architecture:
amd64
Description
We're running a PFSense cluster which contains the following amount of rules:
- 60x Outbound NAT rule
- 120x NAT rule (port forward)
- 80x 1:1 NAT rule
- 850x Firewall rule
When reloading the filter (or applying changes to rules / NAT) the full reload will take 10 minutes to finish!
When i check the logs on the "Filter Reload" page the "NAT Reflection" rules are taking 5 seconds each! The Firewall rules are quite fast, they are loaded all together in about 5 seconds!
Initializing Creating aliases Creating gateway group item... Generating Limiter rules Generating NAT rules Creating 1:1 rules... Creating reflection NAT rule for VIP for xxxxxx... -> takes about 5 seconds Creating reflection NAT rule for VIP for xxxxxx... -> takes about 5 seconds Creating reflection NAT rule for VIP for xxxxxx... -> takes about 5 seconds Creating reflection NAT rule for VIP for xxxxxx... -> takes about 5 seconds Creating reflection NAT rule for VIP for xxxxxx... -> takes about 5 seconds (and so on, for all reflection rules)
So the problem (delay) seems only to be present at the "NAT reflection" rules.
Each server is running baremetal with the following specs:
- 2x Intel(R) Xeon(R) CPU E5-2650 v2 @ 2.60GHz
- 64GB RAM
- SSD storage
How can we speed up our reloads?
No data to display
Actions