@stephenw10 I don't have any hardware lying around I can use, so purchasing a small appliance will be necessary.

@stephenw10 appreciate the clarification. Definitely don’t want to “steal” business from the mothership but many times people looking at used won’t funnel those dollars that way anyhow.

I bought some stuff, learned a little, life changed, needs also changed and now I want to pass those items to others so I can help fund me a better solution. Likely a 6100 with some other tweaks.

Makes sense to post some of that stuff here as others may be looking for similar things.

If you do a custom build stick with Intel based NIC’s to make life easier.

Also while you have many solutions for a 20mb solution, you may want to ask yourself where you will be 1-2 years down the road. For instance if you know 500mb is around the corner, it may make sense to build for that so you don’t have to repeat. On the flip side if you don’t see a near future change then go cheap and get your feet wet by experimenting.

Hmm, and I assume you do not see those errors in 2.6?

Not sure if there's a sysctl you can set for that. I'm not seeing anything that looks promising:
https://man.freebsd.org/cgi/man.cgi?query=bnxt&apropos=0&sektion=4&manpath=FreeBSD+14.0-CURRENT&arch=default&format=html#SYSCTL_VARIABLES

Yes you can't comment something that isn't set there!

You probably want to just disable uart1 like:

hint.uart.1.disabled="1"

So far, system has been running for about 53 hours since the upgrade from 2.6.0CE to 2.7.0 without issue.

three days post-2.6 > 2.7 update and have not seen any more of these errors, in nor out.

@GeorgeCZ58 said in Diagnosing latency spikes:

how did you resolve the issue?

Maybe he changed ISP.. nowhere in his testing did he show pfsense had anything to do with this - the only way to show that pfsense adding latency would be to sniff on the in out interfaces..

Here is his test without pfsense..

1. AS??? 10.208.128.1 87.6% 1000 2.2 4.1 1.1 53.3 5.7

To the first hop, but then hops after that show zero.. So that points to the device just not answering.. Now if he showed 87.6 loss or higher on every hop after that - then he could pretty safely say there is an issue with connectivity.

if you show a traceroute and all of sudden somewhere down the line you see loss, and that loss is with every hop after that, then that points to actual loss. But loss to specific hop and then zero or much lower points to the device with high just not answering all of the pings, or not answering them in a timely manner, etc.

Since in his pfsense is not listed as a hop in his first trace, would see he is tracing from pfsense directly - so pfsense isn't even nating or routing the traffic.. But some how it still adds latency to the return of something it sends out?? So what he got the answer but didn't actually process its return for X ms?

There was a recent thread where user thought pfsense was adding latency and showed him how to test..

Here sniffing on wan and lan at same time, from time traffic hit wan and pfsense sent it out lan it added a whole 0.000114 seconds.

https://forum.netgate.com/post/1112354

The product brief shows i226 does support rss.

The i226-v NICs in the 8200 support 4 Rx and 4 Tx queues:

igc0: <Intel(R) Ethernet Controller I226-V> mem 0x81300000-0x813fffff,0x81400000-0x81403fff at device 0.0 on pci4 igc0: Using 1024 TX descriptors and 1024 RX descriptors igc0: Using 4 RX queues 4 TX queues igc0: Using MSI-X interrupts with 5 vectors igc0: Ethernet address: 00:08:a2:12:e2:cc igc0: netmap queues/slots: TX 4/1024, RX 4/1024

Steve

@xqtSarah
As mentioned, if you virtualize pfSense and don't pass-though the NICs, the device drivers of the underlying operating system are used. So it's not on pfSense to support the hardware.

If you give pfSense direct hardware access by passing through the NIC you can checkout the FreeBSD 12.3-RELEASE Hardware Notes for compatibility.

No idea. Ask Nexcom? They probably don't have a FreeBSD driver though.

I would not expect those cards/drivers to be exchangeable. There's no standard for this so companies use different IO interfaces to control the relays.

If you're very lucky someone else might have already documented it.

Steve

You can still see the boot before the config mismatch though?

If you break out of that you can copy the dmesg output to a file to review after rebooting.

@Dobby_

Epyc can be upgraded and they do offer frequency orientated SKUs that have higher boost clocks.

Thanks
Dan

No worries. We've all done that. 😉

Glad you got it sorted.

Yes, that or some low level incompatibility. Wrong PCIe version perhaps, though it should be backwards compatible.

@stephenw10 said in Installing pfSense on Sophos XG 550 rev. 2:

Looks like it's x86. Unless it's got some boot restriction I'd expect to be able to run pfSense on there. It looks like a hungry beast though if you plan to run it 24/7!

Steve

Agreed, that will be juicy on power to run.

What are the requirements?

As far as I can see it's the same CPU as the MBT-2220 (Atom E3826). So I would not expect it to pass 750Mbps OpnVPN. Though we do now have DCO in Plus which would increase it significantly.
https://docs.netgate.com/platforms/minnowboard/faq.html#what-kind-of-performance-can-i-expect-from-the-dual-ethernet-minnowboard-turbots

Note those figures are for small packets. That CPU should pass 1Gbps (unencrypted) for full sized packets.

Steve

Thanks a lot for the help gentlemen!

Sounds like a possible flow-control issue. If it's actually an issue for you.

To test the PSU, you could add a HDD. If the PSU is marginal a HDD should push it over the edge quicker giving a clear indicator test. You do not need to mount the disk, just make sure it is spinning.