LAGG and VPNs

stevencavanagh

Can't test it as igb0 is used for WAN and igb1 for LAN but I have no doubt that it will work for LAGG!

That is why I purchased the 2nd card to use separately for the LAGG interface.

I think the card is fine as I can connect to the card in the pfsense box from the laptop and the link is immediately 1G on both ports and I've switched the 2 cards around in the pfsense box and the issue remains on the card 2 position i.e. the problem does not transfer with the card. It could be the PC but doubt it and there is no more spare slots to try as it is a DELL Optiplex SFF PC.

stephenw10

Hmm odd. You might try using pciconfg -lvc Make sure both show the same PCIe speeds.

stevencavanagh

Look the same to me! Below is igb1 & igb2, the other 2 are the same.

igb1@pci0:1:0:1: class=0x020000 rev=0x01 hdr=0x00 vendor=0x8086 device=0x10c9 subvendor=0x8086 subdevice=0xa03c
vendor = 'Intel Corporation'
device = '82576 Gigabit Network Connection'
class = network
subclass = ethernet
cap 01[40] = powerspec 3 supports D0 D3 current D0
cap 05[50] = MSI supports 1 message, 64 bit, vector masks
cap 11[70] = MSI-X supports 10 messages, enabled
Table in map 0x1c[0x0], PBA in map 0x1c[0x2000]
cap 10[a0] = PCI-Express 2 endpoint max data 256(512) FLR RO NS
max read 512
link x1(x4) speed 2.5(2.5) ASPM disabled(L0s/L1)
ecap 0001[100] = AER 1 1 fatal 0 non-fatal 1 corrected
ecap 0003[140] = Serial 1 98b785ffff00fd44
ecap 000e[150] = ARI 1
ecap 0010[160] = SR-IOV 1 IOV disabled, Memory Space disabled, ARI disabled
0 VFs configured out of 8 supported
First VF RID Offset 0x0180, VF RID Stride 0x0002
VF Device ID 0x10ca
Page Sizes: 4096 (enabled), 8192, 65536, 262144, 1048576, 4194304
igb2@pci0:2:0:0: class=0x020000 rev=0x01 hdr=0x00 vendor=0x8086 device=0x10c9 subvendor=0x8086 subdevice=0xa03c
vendor = 'Intel Corporation'
device = '82576 Gigabit Network Connection'
class = network
subclass = ethernet
cap 01[40] = powerspec 3 supports D0 D3 current D0
cap 05[50] = MSI supports 1 message, 64 bit, vector masks
cap 11[70] = MSI-X supports 10 messages, enabled
Table in map 0x1c[0x0], PBA in map 0x1c[0x2000]
cap 10[a0] = PCI-Express 2 endpoint max data 256(512) FLR RO NS
max read 512
link x1(x4) speed 2.5(2.5) ASPM disabled(L0s/L1)
ecap 0001[100] = AER 1 0 fatal 0 non-fatal 1 corrected
ecap 0003[140] = Serial 1 98b785ffff00fd48
ecap 000e[150] = ARI 1
ecap 0010[160] = SR-IOV 1 IOV disabled, Memory Space disabled, ARI disabled
0 VFs configured out of 8 supported
First VF RID Offset 0x0180, VF RID Stride 0x0002
VF Device ID 0x10ca
Page Sizes: 4096 (enabled), 8192, 65536, 262144, 1048576, 4194304

stephenw10

Yup, looks the same to me too.

stevencavanagh

The only other thing I can think of is that the 2 PCIe slots (1 of x4, 1 of x16) are an older version than the card installed and therefore defaulting to the lower speed but this doesn't make sense either as when I plug my laptop direct to the pfsense PC it gets 1G

stephenw10

Yeah to be honest I would still expect the ports to link at 1G even if the PCIe slot was somehow unable to carry it.
I can't think of anything that would follow the slot like that.

stevencavanagh

Tried everything I can possibly think of now, including days googling around it but to no avail. Contacted Draytek again but no joy there either!

stephenw10

Hmm, I wonder if there's a power restriction on that slot and the NIC sees that. Must be something different about that slot

stevencavanagh

Are you meaning a power restriction in the PC settings or a potential fault?

stephenw10

I mean if somehow the board cannot supply full power to both slots the NIC links at lower speed in order to use less. Guessing at this point but there has to be something different about that slot causing the NIC to behave differently. There no difference shown in the docs for the system?

stevencavanagh

Looking around on google there is definitely something going on with the 16x slot on the SFF DELL PCs, some work at 1G and some don’t apparently but no fix for it!

stephenw10

Mmm, probably not much we can do then.

stevencavanagh

Not a lot, might have to invest in a 4 port NIC in the other slot

stevencavanagh

Right, ordered a new 4 port nic and fitted it in the unused slot. All ports identified and I now have igb4 and igb5 available. 2&3 are still set as LAG. Each of the 4 ports connect at 1G to the switch so good start there! What is the best way of trying the LAG (igb2 & 3) without cocking it all up. Do I simply disconnect from LAN and try connecting back in the LAG?

stephenw10

Yes, you should be able to just connect the LAGG ports to the switch ports that are configured for it.
You would need to move the VLANs onto it if they have been moved to a single port. At the very least the interface status or ifconfig will show is LACP is working correctly.

stevencavanagh

All up and running now on LAGG!

• Placed the 4 port card in the slot that was giving the trouble,
• Re-configured the LAGG and connected the ports
• Changed over the VLANs and off it went!

Thanks for all your help in sorting this, it is greatly appreciated and I learnt a lot about Pfsense during the process of getting it working!

stephenw10

Nice result! That was certainly a weird issue.