pfSense stops passing traffic after some time when using Outbound NAT pool w/ Sticky Address
With an outbound NAT mapping configured using pool option "Round Robin with Sticky Address" or "Random with Sticky Address", and approximately 100-200 users averaging ~10Mb/s. After anywhere from an hour to seven days, all interfaces will stop passing traffic.
The customer mentioned that with three to four workstations moving up to 800Mb/s, they issue was not able to be reproduced. Once they enable the Guest network (100-200 users mentioned above), they are able to reproduce the issue.
They mentioned they were using the same configuration on broadcom NICs and that the system would panic in that configuration under the same load. However, on the current hardware, Intel i340-t4 cards, onboard broadcom ethernet disabled, the system does not panic on failure.
If the pool option "Round Robin" or "Random" is selected, there appears to be no issue.
The customer had a failover gateway group configured, although it's not clear if it is relevant to the issue.
Updated by Marcos Mendoza 5 months ago
- Status changed from New to Feedback
- Priority changed from Normal to Low
There is not enough information to reasonably infer much. It's highly unlikely that all interfaces would stop passing traffic short of some driver/os issue. More details on the network/rules/packet captures would be needed.
Some possibly related info can be found here: