Netgate 4100 SFP modules compatibility
-
Ok, sounds like a very odd issue to chase-down. No visible public Redmine for it, so must be secret.
️ -
Actually I'm still trying to replicate locally before opening it. I haven't found it easy to replicate at all but some users hit it on every boot. I think it must be a specific combination of things I haven't tried yet.
When you do hit it though it's pretty obvious because the MAC is reported as all zeros.
But notably it appears to only happen with passive DAC cables.
Steve
-
-
Only be rebooting with the DAC detached as far as I know. Which is... not convenient!
Of course as well as changing the NDI it also stops passing traffic on that link.
-
That is really odd for an otherwise transparent connection and not something I have heard of before in the (too many) years working with SFP links. Other than the programmed id for the DAC there is very little going on with an SFP port-to-port link over twinax.
It sounds unlikely to be a pfSense issue; perhaps upstream or at the Intel driver level?
A hardware issue would be a surprise but are the reports confined to Silicom routers alone?
Rob
-
Indeed it feels more like a driver or hardware issue. I've seen it on other hardware.
It does at least seem consistent. If you reboot and it comes back up fine it should always do so. And it's not that easy to hit. None of the passive DAC cables I have here hit it on anything I've tested with. -
Thank you guys for deeply looking into this, it is very appreciated. I would just like to refocus on my initial request which was to use a SFP module with a RJ45 connector and a basic network cable so no DAC involved here :) I'm using those on an UniFi switch (SFP+ 10 Gb) and it works well, I just want to do the same on my firewall with a 2.5 Gb SFP module.
-
Technically we cannot support any SFP RJ-45 modules because Intel states specifically they are not supported with the C3K SoCs.
That said we have seen people using them and there are reports here on the forum or working modules. We have also seen modules that fail though, the issue is real!
It could only work at 1G though on the 4100. The SFP ports there are on the combo ports and can only link at 1G.
Steve
-
@stephenw10 Thanks a lot Stephen, not the answer I wanted to hear but I will deal with it :). Just to confirm, I will be able to use one of the integrated 2.5 Gb ports and reassign it the WAN interface, correct ?
-
Yes, you can use the 2.5G ports as anything you want, including a WAN.
-
That would do the trick then. I may not sleep well at night because I'm a kind of OCD guy and I'm not sure I will be able to deal with a WAN interface plugged in a LAN labelled port but I should survive to it.
I won't be able to test until the end of September so threat can be closed. Thanks again for the definitive answer ;)
-
There are some newer Broadcom-based SFP RJ45 adapters on the market that run at a lower wattage. When you have an SFP cage that is wired direct to the Atom CPU they make a lot of sense.
For those using SFP+ RJ45 the newer Broadcom units not only use less power in like-for-like conditions they also offer support for longer cable lengths at 10 GbE.
️ -
You have a link to a part? The Mikrotik part uses that?
-
Not to hand but anything with the Broadcom BCM84891. The 10Gtek 80-meter come to mind but there are others.
Edit: There is one with me here - Ipolex 10G-SFP-T-80, apparently. Clearly I didn't just pull it out and push it back in...
️ -
@stephenw10
Chatted to an old guru about this yesterday and with zero hesitation he recalled a race condition triggered by a brief interface flap pulling on latent or inactive code for MAC spoofing that had zeros set as the default, rather than being populated with the regular MAC address.He has no knowledge of pfSense per se but it was interesting that his thought was contrary to mine in that pfSense software is probably the place to look.
️ -
Normally though if you spoof the MAC it appears as a separate line in the ifconfig output. It always reports the hardware MAC in addition. But, yes, certainly worth considering. If I could replicate this myself it would be a lot easier!
