pfSense

I have a SG-4860 running pfSense 2.3.0. If I create a single connection from one local subnet to another and attempt to transfer data at the gigabit line rate, pfSense will often choke and stop responding to all other traffic (pings, SSH, connection attempts to the Internet, etc.). I can reproduce this most easily by using iperf with the default setting of a single connection. Many times when I try this, the router stops routing all other traffic or responding to pings for the entire time iperf is connected, returning to normal after it quits. It seems to happen more often if I give a minute or so between tries. The issue seems to occur more often when using IPv6 but can be reproduced using IPv4 as well. When testing with IPv4, if the lockup occurs, the transfer rate will be in the ~700Mbps range instead of the expected ~930Mbps. When testing with IPv6, the transfer rate is always in the ~700Mbps range no matter whether the lockup occurs or not.

However, if I increase the number of connections ("-P <number>" in iperf), this drastically reduces the chances of the lockups occurring. With "-P 5", they seldom occur. With "-P 100" or even "-P 1000", they almost never occur. For IPv6, this also brings the transfer rate back up to the ~930Mbps range that I would expect from gigabit ethernet.