Disable start up interface reassignment
-
Thank you,
That should be enough to recreate them. Is there anyway to see past mappings of optX to mac address?
-
Unlikely since they would all have been replaced by the current values.
I'm unclear exactly what you are seeing here though. You have to re-assign the interfaces at each boot? I'd still expect the same number of interfaces with the same names even if all the MACs change?
-
Same number of interfaces. It's not every reboot but every now and again the assignment script starts and I have to reassign the interfaces. Some of my interfaces are bridges so the mac won't change. Some are pooled VFs when they are dynamically assigned. Why my hypervisor doesn't keep assigning the same VFs to pfSense I have yet to figure out.
-
The assignment script only starts if it fails interface check. That means that at least one interface that is assigned in the config file doesn't exist on the system.
So it shouldn't matter how the hypervisor presents them or what MAC it uses as long as the correct number of NICs of any type are present.
-
Thanks, good to know. I'm going to keep an eye on the number of interfaces between reboots.
-
@Justaguy-0
Btw for me the solutions was-
When it is working as desired, document externally the interface configuration including:- Physical computer box lan label, Function, Proxmox PCI device port address, Proxmox VBR, MAC, pfsense NIC lable, pfsenese IP & VLAN.
-
Reboot the Proxmox hypervisor. In hindsight one of the passed through NIC got in an unusable state at the hypervisor level.
I however still believe pfsense interface reassignment could be improved by better utilisation of information from the last working configuration. Perhaps the simplest would be just to display all data from the last assignment when reassignment is required. Better again allow the user to just reassign interfaces which have changed.
-
-
I agree the pfSense interface reassignment could use some improvement. As stephenw10 suggests it is the number of NICs that is causing the assignment script to run, but why should it reassign unchanged NICs? Or why does it list non physical interfaces such as bridges or VPN taps? What is going to happen when I free up some time and build some scripts to create interfaces with rule/routing sets to further my SD-LAN aspirations?
-
@Patch I think the concern is, a NIC is added, detected first, or in the middle, and all others shift up one…0>1, 1>2, etc. Assuming 0 is still LAN or 1 is router management could be dangerous depending on firewall rules.
-
Yes, the current behaviour is required because the NIC order is determined only by the order they are parsed in he PCIe device tree. Thus if an expansion card is removed or fails the remaining NICs, using the same driver, may not be assigned as the same interfaces. In that situation it is safer to drop to the re-assign prompt than to continue to boot and end up with the wrong rules on an interface.
To do anything else requires non-trivial work.Steve
-
I can see handing the problem completely back to the console is safer for pfsense (if it does nothing then it can't make a mistake).
However it could be more helpful for the user.
-
pfsense assigns interfaces based on the order however more data about past interface assignments is or could be recorded / displayed / matched.
-
With the current design approach loss of one NIC disabled the function of all NIC on reboot, making rebooting a more expensive (in operator time) debugging technique.
-
-
Mmm, an interface check at shutdown/reboot could mitigate that maybe?
-
@stephenw10 Maybe but I think he’s suggesting this in the console:
(Msg about interface changes detected)
Old assignments used on previous boot (found in config file):
Ix0 WAN
ix1 LAN
ix2 OPTAssign interfaces:
(Choices) -
@SteveITS
Together with any other identifying information such as MAC address or bus address both for the old assignment and currently detected interfaces. -
Yes it would require the MAC/NIC relationships to be stored and displayed in order to know which NIC has gone AWOL. The user needs that info to re-assign/remove the appropriate interface.
-
I have 1 pfSense instance where assignment script runs on every reboot. The big issue for me is that I can't reboot pfSense without manual intervention as it won't come up on it's own. I am adding and removing Nics the Virto driver and pfSense is adding them and removing them respectively live while booted. There are no Nic interface changes while rebooting. To get it to boot and where I don't have to rebuild rules is that I do have to add 2 Nic interfaces for the assignment script as it asks me to assign a Bridge interface and Ovpns interface to a physical Nic. Next time I'll rebuild the VPN and bridge configuration.
I do have other pfSenses where once in a while the script runs and I'm not making interface changes. But I can't say for sure a hypervisor update didn't change something in how it is representing the Nic interface to pfSense.
-
A bridge or openvpn or any other virtual interface type is excluded from the interface check because they may not exist at that point. So whatever is triggering it is one of the other interfaces. What do you have assigned?
-
I have 6 physical interfaces assigned. 1 PCI pass-through for WAN, 2 are VFs and 3 are bridges. All of the MACs are set in the VM config other than the PCI pass-through. For virtual interfaces there are 4, 3 ovpns and 1 bridge. The ovpns that is tied to the bridge that comes up in the assignment script along with the bridge. When I get a chance I'll redo that ovpns and bridge to see if it makes a difference.
-
Hmm, I wouldn't expect an issue there then. What does that actually look like in the interface list?
-
I have 2 issues. This pfSense won't boot without my intervention and that the assignment script asks me to assign a physical interface to the bridge and a opvns interface. If I don't give the a bridge and a opvns an interface I'm having to rebuild rules and routing.
-
Yes, that's a problem at the console because those sub-interface types don't exist yet when you are presented with the menu. However the fact it is shown at all means one of the assigned 'physical' interfaces is not present.
What interfaces do you see listed at the console menu after it has booted correctly?
