No problem. Thanks for reporting the issue. The memstick should boot both UEFI and legacy, we are looking into it now.

Steve

@obloned No problem, glad to hear it worked!

SATA lead is binned now.

What got my head in a spin with this was it would install PF to the drive but really slowly (In hindsight it took that long i should have twigged on at that point something was wrong). Once installed it just wouldn't boot from the new install. This box makes for a really good PF bar the None AES-NI CPU. However the VPNs still max out my 80/20 connection happily.

Thanks for all your input on this one.

Nothing too exciting to see there. Very unlikely you could ever get pfSense running on there. It's not x86 and probably doesn't have enough RAM to operate usefully anyway.
If you want to experiment with it I'd look at openwrt/LEDE as a suitable target OS.

Steve

@areynot Well I sure hope so, 'cuz otherwise they've been lying to us of all these benefits of solid state drives. Now whether 30 seconds is that important to you... but pfsense doesn't need a big SSD, am running on a 16G that cost me usd$10, was no brainer, now if you are running on a VM... ur decision.

We have a similar (probably the same) problem - plagueing us for a while now. We use IKEv2 EAP-Radius with aes256-gcm on an SG-8860 on a 1gb fiber uplink.

When one of our users (he is on 100mbit fiber) tries e.g. speedtest.net while on the VPN, the pfsense box reliably crashes after a few seconds of upload (download works fine). When I try this at home on a 100mbit/40mbit DSL link, I can create all the traffic I'd like and can't get the box to crash.

I now switched algorithms to AES-256 with SHA512 (still with AES-NI, I didn't disable that) and it seems the crashes have either gone away or we weren't yet able to reproduce them today.
Kind regards,
Lukas

On the Silicom site, yes. See: https://forum.netgate.com/topic/72769/silcom-peg4i-82571eb-based

Do you not see the PEG part number on a label?

But as I said they list only a driver for the bypass relays not NICs and those should always be connected.

What does the output of pciconf -lv at the command line show?

Steve

@thenarc Thanks! I will give iperf a shot and see how it affects Load numbers and check throughput.
The "Load Average" numbers from "System Information" are typically lower than the following:
Load average 0.36, 0.34, 0.28
The VM has 3gigs of ram but am receiving two 8 gig sticks for the QNAP today so I will probably bump it up to 4 gigs.

Thanks again for the responses.

@stephenw10 said in High CPU usage on interrupt processing:

Hmm, is the firewall actually idle? No traffic at all?

Yeah, firewall is idle. The server is located in a small subnet and no one is currently connected to it.
There’s some occasional broadcast traffic (e.g. DHCP requests) form other devices/servers on the network, but I doubt it can cause any trouble.

I think you’re right about RAID.
I moved /tmp and /var to RAM but still there’s a lot of interrupts on mfi0 device, yet gstat shows no disk IO except some rare writes.

I’ll try remotely tinker with RAID-related settings in BIOS, maybe I find something I missed.
Thank you for suggestions!

Ok some further reading later....

The MC7750 is a CDMA only card and it appears DIP does not support CDMA hence the MC7750 cannot work in DIP mode.
I vaguely remember knowing that at one time previously but I seemed to have forgotten. 🙄

It appears you may be out if luck here. There is no support for QMI mode in FreeBSD/pfSense.

I suggest looking at a different card. 😞

Steve

You are adding 24 10GbE ports to the firewall in order to save power? 😕

As opposed to running a 24 port 10GbE switch?

If so then definitely forget that and use a switch!

You would only do that if you need 24 separate subnets or filtering between all of them.

What sort of VPN speed do you need here? You won't fill 20G of WAN with VPN traffic with any hardware.

Steve

Sure here you go.

But you can use fmertz's driver directly now via lcdproc if you want.
See: https://forum.netgate.com/topic/115071/ezio-driver-for-lcdproc

Steve

pfsense.hex.txt

Ha, looks like fmertz and I posted the same thing simaltaneously.

The info is in that thread.

Get the driver by either using the 2.4.4 dev package or uploading the attached driver from that thread into 2.4.3.

Then edit lcd.conf to include those lines shown on the first post.

Start/restart the service and it should load that. However if you make any changes from the gui it will be overwritten.

Steve

@stephenw10 said in ZBOX CI547 users here?:

@pvn Was that post here? Did it get deleted?

I don't get what are you asking. The copy-pasted post clearly is not deleted.

The CPU has AES-NI at 3.10 GHz

https://ark.intel.com/products/129949/Intel-Pentium-Gold-G5400T-Processor-4M-Cache-3_10-GHz

Should be more than adequate for your needs.

Good result then. ☺
Thanks for updating.

Steve

I've got the v1 of that switch and..... 😬

Works fine as an unmanaged switch.

Steve