LAGG and VPNs
-
trying to get a single link but unsuccessful so far!
-
I have now tried every possible combination available to force the port to 1G (no LAG) but unable get it. If I connect the same cable from laptop to pfsense NIC I get 1G so not card or cable. Looks like I will have to go back to draytek to sort it as I'm now out of ideas!
-
What about if you use the em0 NIC?
-
Not tried using that but I'll give it a shot and see what happens!
-
Ok, swapped over to em0 and it connected at 1G!
So, took the same lead and plugged into a number of ports on both switches and always connected at 1G.
Consequently, went around each of the 5 ports individually with the same lead and results below:-
em0 - 1G
igb0 - 1G
igb1 - 1G
igb2 - 100M
igb3 - 100MHence card 2 has the problem. Cards 1&2 are the same type and new.
-
swapped over the LAN cards out of desperation and now have a 1G connection (not LAG)...
However, ignoring LAGG for now, I have a physical connection between the 2 switches but unable to access anything on the other switch. Must be VLAN issue but not sure where to go from here
-
So, I now have everything up in terms of connections but running on a single cable, not LAGG on igb1.
Firewall is fully open which at some point I will need to lock down but LAG now the remaining issue.
NIC 2 seems to be the issue.
Initially I installed pfsense with only 1 NIC card in and then added the second later once I had bought it. Pfsense detected it so I assumed all was good. Could that be causing the issue?
-
No it shouldn't make any difference how the cards were added. I agree there's something different about that second card.
Check the revision is the same as shown by:
pciconf -lvIt could be a firmware difference. Looks for the eeprom version in the boot log like:
igb0: EEPROM V3.11-0 eTrack 0x80000469 -
Info from pciconf -1v
igb2@pci0:2:0:0: class=0x020000 rev=0x01 hdr=0x00 vendor=0x8086 device=0x10c9 subvendor=0x8086 subdevice=0xa03c
vendor = 'Intel Corporation'
device = '82576 Gigabit Network Connection'
class = network
subclass = ethernet
igb3@pci0:2:0:1: class=0x020000 rev=0x01 hdr=0x00 vendor=0x8086 device=0x10c9 subvendor=0x8086 subdevice=0xa03c
vendor = 'Intel Corporation'
device = '82576 Gigabit Network Connection'
class = network
subclass = ethernetWhere do I find the boot log?
-
How does that compare with igb0/1?
You can see the boot log in the gui or in /var/log/dmesg.boot
-
Exactly the same as igb0/1
Boot log shows EEPROM version to be the same for all 4 ports
-
Hmm, maybe just a faulty card then.
Have you tested the LAGG using the NIC that links at 1G? I bet it works fine.
-
Can't test it as igb0 is used for WAN and igb1 for LAN but I have no doubt that it will work for LAGG!
That is why I purchased the 2nd card to use separately for the LAGG interface.
I think the card is fine as I can connect to the card in the pfsense box from the laptop and the link is immediately 1G on both ports and I've switched the 2 cards around in the pfsense box and the issue remains on the card 2 position i.e. the problem does not transfer with the card. It could be the PC but doubt it and there is no more spare slots to try as it is a DELL Optiplex SFF PC.
-
Hmm odd. You might try using
pciconfg -lvcMake sure both show the same PCIe speeds. -
Look the same to me! Below is igb1 & igb2, the other 2 are the same.
igb1@pci0:1:0:1: class=0x020000 rev=0x01 hdr=0x00 vendor=0x8086 device=0x10c9 subvendor=0x8086 subdevice=0xa03c
vendor = 'Intel Corporation'
device = '82576 Gigabit Network Connection'
class = network
subclass = ethernet
cap 01[40] = powerspec 3 supports D0 D3 current D0
cap 05[50] = MSI supports 1 message, 64 bit, vector masks
cap 11[70] = MSI-X supports 10 messages, enabled
Table in map 0x1c[0x0], PBA in map 0x1c[0x2000]
cap 10[a0] = PCI-Express 2 endpoint max data 256(512) FLR RO NS
max read 512
link x1(x4) speed 2.5(2.5) ASPM disabled(L0s/L1)
ecap 0001[100] = AER 1 1 fatal 0 non-fatal 1 corrected
ecap 0003[140] = Serial 1 98b785ffff00fd44
ecap 000e[150] = ARI 1
ecap 0010[160] = SR-IOV 1 IOV disabled, Memory Space disabled, ARI disabled
0 VFs configured out of 8 supported
First VF RID Offset 0x0180, VF RID Stride 0x0002
VF Device ID 0x10ca
Page Sizes: 4096 (enabled), 8192, 65536, 262144, 1048576, 4194304
igb2@pci0:2:0:0: class=0x020000 rev=0x01 hdr=0x00 vendor=0x8086 device=0x10c9 subvendor=0x8086 subdevice=0xa03c
vendor = 'Intel Corporation'
device = '82576 Gigabit Network Connection'
class = network
subclass = ethernet
cap 01[40] = powerspec 3 supports D0 D3 current D0
cap 05[50] = MSI supports 1 message, 64 bit, vector masks
cap 11[70] = MSI-X supports 10 messages, enabled
Table in map 0x1c[0x0], PBA in map 0x1c[0x2000]
cap 10[a0] = PCI-Express 2 endpoint max data 256(512) FLR RO NS
max read 512
link x1(x4) speed 2.5(2.5) ASPM disabled(L0s/L1)
ecap 0001[100] = AER 1 0 fatal 0 non-fatal 1 corrected
ecap 0003[140] = Serial 1 98b785ffff00fd48
ecap 000e[150] = ARI 1
ecap 0010[160] = SR-IOV 1 IOV disabled, Memory Space disabled, ARI disabled
0 VFs configured out of 8 supported
First VF RID Offset 0x0180, VF RID Stride 0x0002
VF Device ID 0x10ca
Page Sizes: 4096 (enabled), 8192, 65536, 262144, 1048576, 4194304 -
Yup, looks the same to me too.
-
The only other thing I can think of is that the 2 PCIe slots (1 of x4, 1 of x16) are an older version than the card installed and therefore defaulting to the lower speed but this doesn't make sense either as when I plug my laptop direct to the pfsense PC it gets 1G
-
Yeah to be honest I would still expect the ports to link at 1G even if the PCIe slot was somehow unable to carry it.
I can't think of anything that would follow the slot like that. -
Tried everything I can possibly think of now, including days googling around it but to no avail. Contacted Draytek again but no joy there either!
-
Hmm, I wonder if there's a power restriction on that slot and the NIC sees that. Must be something different about that slot
