This seems like a good time to try out my shiny new ZFS memory usage boilerplate message.

23.01 can appear to use more memory than expected if you are using ZFS for a few different reasons:

ZFS ARC (Adaptive Replacement Cache) usage is reported differently, though the behavior is similar to older versions #14011. ZFS will give up this cache memory as needed but not always fast enough for certain workloads.

To correct the memory reporting on graphs and the dashboard, install the System Patches package and then create an entry for 0d83ed084a987f3446a0cbdcf249fc5b8722726f to apply the fix.

The first boot after upgrading the ARC usage will be high from all the disk activity during the upgrade. This will gradually lower, or a reboot will make it go back to "normal".

FreeBSD default cron jobs are enabled when they shouldn't be #14016, and run at 3am causing RAM usage from ARC to jump overnight.

To correct this, install the System Patches package and then create an entry for ff715efce5e6c65b3d49dc2da7e1bdc437ecbf12 to apply the fix.

To set limits on ZFS ARC size to reduce the chance of contention for RAM, configure a tunable for vfs.zfs.arc.max to set a limit on how many bytes it can consume, e.g. 67108864 would set a 64MB limit. Also consider setting a "Free Target". Both are explained in detail on https://docs.netgate.com/pfsense/en/latest/hardware/tune-zfs.html.

A reboot is required to fully activate the changes from these patches. The ZFS ARC limit will take effect immediately but the wired memory may not be immediately freed, so a reboot is helpful for that as well.

@stephenw10 Hi Steve
(this) Linux sees all as generic sdX as long as it's block storage so it doesn't matter how it is connected. To dive into would need a /dev/disk/by-path or such, which I did not last year.

I installed the M.2 into another PC (with only an Infiniband card, so no nic at all); installed 21.05 Rescue on it, and on first boot after I put the M.2 into the SG2220 and after a few minutes the card asked for DHCP on my WAN port and reacted on 192.168.1.1/24 as expected on the LAN side.
Problem fixed so far.
Thanks for the HowTo help!
Cheers
Michael

P.S.: I wonder what fails next on this box....

@stephenw10 said in Migrating from SG-5100 to 4100:

...
It also can be difficult if you have VLANs or other sub interface types. Editing the config directly can be an easier option.
...

Steve

Thanks for the response.
Yes, I'm using three different hardware interfaces with a handful of VLANs. I'll probably open a ticket for help with the conversion.

Thanks again!

Thank you @bigsy. One rj45 crossover patch after, problem resolved :)
As Auto-MDI-X is in the 1000BASE-T standard (ref), i've not tried that...

@richa99 said in Netgate 1100 and ONT:

SG1100

The 1100 is a router. Is there a reason you want another router behind it?

You can connect the 100 to the ONT and it'll work.

@arri That’s how I read that too.

@viragomann
Ahh, I've got you. I will give that a try.

☕️

All
For what it's worth, I just thought I would share my experience of my SG1100 failing to boot after a local power outage 2 days ago. After power was restored to the house, the SG1100 power LED came back ON, but with no activity on the console & the boot LED was OFF.

After six attempts at power cycling the device, only once did it actually boot.
So I took a punt at putting a voltmeter across the connector of the 12v power supply while off load and the reading was 11.8v. Decided to swap out the PSU for a equivalent 12v / 2A spare I have. The spare gave a voltmeter reading of 12.2 volts.

Connected the replacement PSU to the 1100 & it booted first time. Has been working just fine ever since even after several halt commands/power cycles.

I'm impressed with the resilience of my two year old 1100.

@dominikhoffmann See https://forum.netgate.com/topic/177872/sg-1100-black-diamond-led-always-off-in-23-01/

@stephenw10 Thanks Steve. 👍

To close the loop: disabling VLAN_HWFILTER on the igb port solved the issue.

Put this in Early Shell Command using the Shellcmd package:

/sbin/ifconfig igb0 -vlanhwfilter -vlanhwtso

I can now get a DHCP address on the igb0 WAN port from the Azores Networks WAG-20D ONT.

@thatguymark said in Netgate 2100 update to 23.01 from 22.05 issues:

In the process of trying to install some packages on my Netgate 2100, I was prompted to update the firmware to 23.01.

Don't install packages if a later version is detected/offered. Select Previous Stable in the update branch, so you're installing 22.05 packages on 22.05. (that said, 22.05 repos are offline temporarily, but it sounds like you already upgraded)

@thatguymark said in Netgate 2100 update to 23.01 from 22.05 issues:

CPU usage is all but maxed out

Was one package pfBlockerNG? There was a bug in an initial 3.2 release when TLD Wildcard blocking was enabled in DNSBL settings. Resolved in a package update that was probably after your post.

Were you able to resolve this?

For clarification the fact it shows as unregistered on the registration page is unrelated to not being able to pull in packages. It is correctly shown as an eligible device on the System Update page so should see pkgs if it's able to reach the pkg repos.

If you're still seeing it try running at the CLI: pkg-static -d update and see what error it returns.

Steve

8200max
2 Protectli FW6E and 1 Zotac ZBOX CI662 Nano in a Proxmox cluster.
1 Mac Mini Intel
2 QNAP TVS-h1288X NAS

Power cable of netgate unit was dangling as it was freshly installed ;)

69810040066__597B7506-AB09-4FB8-AFAF-C97D5E5F3CD7.png

@stephenw10 here in australia, its only really in the last few years that properties are upgrading to 1gbps internet connections as previously 100 would have been considered good.

In addition, guests are only now seeming to stream and cast, rather than use the tv systems provided by the hotels.

We are seeing a lot more throughput now, but nothing like other countries like America.

But there is often a lot of scope creep where they want a simple network, and then they add on cameras, iptv, admin networks, public networks, zigbee, etc...

So its important that i don't run out of routing and switching hence why I'm trying to read up about the new models.

But it seems from the feedback that the 8200 is very capable, even though it looks like a desktop style router.

Not needing VPN, ipsec, or any b2b configurations, we don't really need the expandability of the 1537 for now, so i think the 8200 seems like the smart choice

In the 2100 the SFP combo port has very limited configuration. It will appear as a 1000baseSX link whatever is connected to it:

[admin@2100-2.stevew.lan]/root: ifconfig -vvm mvneta0 mvneta0: flags=8a43<UP,BROADCAST,RUNNING,ALLMULTI,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=800bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LINKSTATE> capabilities=804bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LRO,LINKSTATE> ether 00:e0:ed:b6:13:59 inet6 fe80::2e0:edff:feb6:1359%mvneta0 prefixlen 64 scopeid 0x1 inet 172.21.16.220 netmask 0xffffff00 broadcast 172.21.16.255 media: Ethernet autoselect (1000baseSX <full-duplex>) status: active supported media: media autoselect media 1000baseSX mediaopt full-duplex media 1000baseSX media 1000baseT mediaopt full-duplex,master media 1000baseT mediaopt full-duplex media 1000baseT mediaopt master media 1000baseT media 100baseTX mediaopt full-duplex media 100baseTX media 10baseT/UTP mediaopt full-duplex media 10baseT/UTP media none nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

So it will either work or not with no real options tweak if it doesn't.

Steve

@stephenw10 That said... I have an 1100 out in the field plugged into a Netgear GS110TP and it works without issues.

Standards-compliant hardware will not pass power. YMMV when using hardware that isn't one of the 10-15 major manufacturers but if they state that the hardware follows the 802.3af/at/bt standards then you really should be fine.

@steveits Gotcha. I never realized that the 1100 has a switch.

@integrityrv In general yes. If the source had a built in switch (1100/2100/3100) you might need to have Netgate support convert the config for you which they will do for free. Otherwise it will ask to assign interfaces during the restore. The new one must be the same or later pfSense version.

@rustydusty1717 said in SG-3100 OPT1:

I see this currently:

mvneta2 (WAN)
mvneta1 (LAN)

and then I do have a mvneta0 - is this the opt1 port?

Yes
https://docs.netgate.com/pfsense/en/latest/solutions/sg-3100/io-ports.html

Did you import a config? Or May delete the interface?