Proxmox: WAN NIC passthrough issue with 2.5G connection to fiber router

lp.descamps

@lp-descamps
lost internet again

changed the sysctl net.link.ether.inet.max_age from 1200 to 300

I didn't get kernel arpresolve: can't allocate llinfo for 192.168.1.1 on igc0 errors this time

stephenw10

@lp-descamps said in Proxmox: WAN NIC passthrough issue with 2.5G connection to fiber router:

but I don't use 192.168.1.0 network on pfsense?!?

Might be a clue there though. Your WAN is DHCP I'm assuming? Perhaps something else is giving it a lease with that IP as the gateway.

lp.descamps

@stephenw10
there is a conflicting MAC

when internet is working I can see this in arp table,

WAN	100.68.0.1	42:9e:a4:3c:8e:2b		Expires in 1156 seconds	ethernet	  
WAN	100.69.245.16	7c:83:34:bd:4b:21		Permanent	        ethernet

when internet breaks, I get this

WAN	100.68.0.64	42:9e:a4:3c:8e:2b		Expires in 1186 seconds	ethernet	  
WAN	100.68.0.32	42:9e:a4:3c:8e:2b		Expires in 1186 seconds	ethernet	  
WAN	100.68.0.65	42:9e:a4:3c:8e:2b		Expires in 1186 seconds	ethernet	  
WAN	100.69.245.16	7c:83:34:bd:4b:21		Permanent	ethernet	  
WAN	100.68.0.69	42:9e:a4:3c:8e:2b		Expires in 1186 seconds	ethernet	  
WAN	100.68.0.31	42:9e:a4:3c:8e:2b		Expires in 1186 seconds	ethernet	   

stephenw10

Which of those, if any, is the WAN gateway? If it is it's a long way from the WAN IP or a huge subnet.

That doesn't look like it's necessarily a conflict though. One MAC address could be associated with all those IPs.

lp.descamps

@stephenw10
the wan gw is 100.68.0.1 42:9e:a4:3c:8e:2b
i can see it in the arp table before and after I lose internet
but sometimes I get incomplete instead of MAC

stephenw10

Hmm, if it shows 'incomplete' then it's unable to get the gateway MAC which implies a layer2 failure.

Where is the gateway in this case? Remote, at the ISP?

It does seem like you might be hitting an issue with the NIC though.

lp.descamps

@stephenw10
i believe the gw is remotely at the isp.
all I have at home is a fiber box that seems unmanaged
is there a way to set static arp?
how would I validate a hw nic failure?

stephenw10

I've yet to see the i225 disconnect issues that are relatively well known but as I understand it they usually show as the NIC losing link which I don't think you're seeing?

I would run a pcap on it in the failed state and see if it's actually passing packets at all.

lp.descamps

@stephenw10 that s one of the capture packetcapture-igc0-20241212183144.pcap

stephenw10

Hmm, so no incoming traffic at all.

Have you tried running it as not pass-through so pfSense just sees it as vtnet?

lp.descamps

@stephenw10 i was non-passthrough and had issues hence moving to passthrough

stephenw10

What sort of issues? Similar connection failures?

lp.descamps

@stephenw10 yes, loss of internet

stephenw10

Hmm, that does start to look like a NIC issue then if it fails the same way with the Linux driver.