@JonathanLee - nope ... 2.7.2 CE from Dec of last year.

Hmm, as you say the llinfo arp messages have obscured anything that might give us a clue.

Really not much to go on there. The backtrace shows a general memory error but that could be hardware or software.

Is that the first time it has happened? Did it happen after upgrading to 23.09.1?

Yup use a static mapping: https://docs.netgate.com/pfsense/en/latest/services/dhcp/ipv4.html#static-mappings

@mtis This issue might also be caused by the ISP requiring DHCP renew requests to be QOS marked or VLAN Priority tagged. I have a french ISP that requires all DHCP frames to Priority 6 vlan tagged - otherwise they just don’t reply to the frames.
Do you have any chance of doing a packet capture of the ISP’s CPE doing DHCP discover and renew? Then you could see what they might be doing (if not just requiring renews to be broadcasted).

That's not a wireless problem. It sounds like you have misconfiguration in the VLANs somewhere. Probably in the switch.

Steve

Sorry typo'd that; it shouldn't be under TNSR!

Also IIMB is already present in 23.09. You can just enable it.

Great. Yes there are a bunch of improvements there coming in 24.03.

Edit the entry then you will see that.

@stephenw10 Thanks for those suggestions. I will give it a shot.

@stephenw10 @Gertjan around 24 hours after switching off all of the power saving modes, and everything is chugging along perfectly with zero errors or logs on the console.
I thought I had configured something wrong and would have to do a fresh reinstall and reconfig. Thank you so much!

@MakOwner
I concur with @stephenw10 's recommendation to set up an IP-alias VIP (under Firewall/Virtual IPs) for each additional public IP address. I got my multi-address configuration set up in an hour or two using that approach, despite being a complete newbie with pfSense. Once the VIPs are in place you can either use 1:1 NAT to map one of those addresses to an internal server, or use individual port forward rules. If you do 1:1 NAT you'll still want firewall rules to block all server ports you don't want exposed, so it ends up about the same number of firewall rules either way --- which way you do it depends on how you'd rather think about the setup.

Probably because internal users are trying to use an FQDN to access it that resolves to the pfSense public IP address.

See: https://docs.netgate.com/pfsense/en/latest/recipes/port-forwards-from-local-networks.html

Steve

Branch naming issue. The beta should be available to anyone who wants to test but should only show on the System > Updates screen when you navigate to it.

Steve

@bmeeks Thank you sir, should allow for much more streamline of upgrades for anyone running Suricata, especially remote updating. Hour away leaving the gas station took seconds from a cell phone to update and load 90,773 signatures/rules successfully without the need to be logged into the console ready on standby. PfSense updates for me at least should now be just as streamlined and fast from this one update alone. Gracias!!!

@JKnott

@JKnott said in 10gigabit routing performance, jumbo frames, intel x710 observations:

@PixieDust said in 10gigabit routing performance, jumbo frames, intel x710 observations:

As another tidbit, it looks like loop interface can be built with 131072 MTU support, but other parts of the network stack don't allow that to work. (MTU 49152 doesn't exceed 10Gb/sec either).

Everything on the LAN has to support the same MTU. You can't use different MTU unless there's a router in between.

I'm not referring to different network elements having incompatible MTU values.

I'll expand the loopback scenario listed above:

Loopback test
on pfSense node, run test at 48K MTU:
ifconfig lo0 127.0.0.1 netmask 255.0.0.0 mtu 49152
iperf3 -s -D -B 127.0.0.1
iperf3 -c 127.0.0.1 -B 127.0.0.1
Performance appears capped at about 9Gb/sec. Expected?
Same test on Ubuntu 22.04, I see > 30Gb/sec.

on pfSense node, run test at 1500B MTU
ifconfig lo0 127.0.0.1 netmask 255.0.0.0 mtu 1500
iperf3 -s -D -B 127.0.0.1
iperf3 -c 127.0.0.1 -B 127.0.0.1
Performance is about 3gb/sec, expected?
Same test on Ubuntu 22.04, I see > 30Gb/sec.

You cannot set the loopback (lo0) mtu to 131072, nor 65536.

I assume your LAN is using the 192.168.1.X subnet?

That config all looks good. But make sure the native VLAN is also a non-member on ports 2-4. Most switches will prevent you setting more than on VLAN unatgged (including native) on one port. But not all!

If that is the case make sure your switch doesn't have a separate PVID setting. If it does that would need to be set to 20 on ports 2-4.

@stephenw10 Not sure I missed it. Updated to 2.7.2. Packages are showing now. Thanks!

Ok, I'll wait to hear. This could be a confusing error caused by trying to access something that doesn't exist in DCO mode. Though I don't see that here on any instances so it would probably have to be some combination of settings.

Thank you both very much.