BETA BLOWS, WANT TO DOWNGRADE ASAP

A Former User

were running pfsense 2.1 Beta on our Network for MANY MANY months in our Multi-million dollar
company. other than the brief time my boss was a moron and switched us to Cisco. that came
back to bite him in the a** and has since been fired and right back to pfsense we went..

we standardized on Supermicro Servers with Dual Port PCI-e Gig-E intel Nics.

we have AT last count 60 of these pfsense servers in production in Colocation as well as Warehouses
and our offices.

at our warehouses/colo sites, we run at pretty close to 75% utilization of Gig-E bandwidth.

Downtime???? what downtime? 0… nada... even on EARLY 2.1 Snapshots.... (other than the brief 2 month stint my boss
did with Cisco but that wasnt a pfsense issue)

we have a HUGE mix of VOIP and Data... and lots of servers spread out...

cmb

@SunCatalyst:

other than the brief time my boss was a moron and switched us to Cisco. that came
back to bite him in the a** and has since been fired and right back to pfsense we went..

So much for the old "nobody ever got fired for buying Cisco" mantra.  ;D

What came back to bite you? Email response fine if you prefer not posting publicly (cmb at pfsense dot org), I'd like to know even if it's not something I can share.

NOYB

Oh right make public accusations but only share in private.

If not backed up in public.  It did not happen.  Or the cause was actually something else and blamed on Cisco.

I want to know too.

dhatz

@NOYB:

Or the cause was actually something else and blamed on Cisco.

Cisco does have its strengths and weaknesses, but based on human nature I find it a bit hard to believe that a "multi-million dollar" company's IT manager would be fired for choosing "enterprise-grade" Cisco gear (unless the company has a very tech-savvy management that really understands the issues involved, which usually means that said company is itself in telecoms or IT).

A Former User

what we ran into when we switched to Cisco…

no unbound, no radius,  and other packages which we run on pfsense, plus UniFi controller
software for the Wireless Access Points in some of our offices, warehouses.
our Links were congested to start with at 75% link usage and it went to
almost 90%. (which in turn forced him to order another Gig-E drop to everywhere)

which in turn forced him to spend LOTS more money on servers to run services on, which
in turn took up more rack space, more man hours to deploy , time to send techs to every
place we have routers in. etc etc.

as far as Cisco hardware itself. Works great BUT the incured EXTRA costs every
month surely didnt help is ALREADY crazy amount of money he dropped on cisco
hardware... and then the servers. when he ordered the Cisco routers , he didnt order
ones rated at passing Multi Gig-e worth of traffic.. and that caused problems of its own..
(heard some of the purchases WERENT approved and he ordered this stuff anyways)

all in all , management was pissed we had some downtime during the what should
have been a 6 hour maint window per site to cut over (on different days according to when
our utilization was at the lowest) and in some cases it was BEYOND 24 hours....
(boss was shipping hardware that HADNT been config'd to places, and techs didnt realize
what happened until they tried to cut over) , CEO found out what was going on and
they called him in the office and it was game over... think it was the combined mess
that ultimately got him fired....

NOYB

Sounds more like a planning, process, procedure, and MANAGEMENT issue to me.

stephenw10

Exactly. Switching significant parts of your network infrastructure is probably going to cause problems no matter what two things you're switching between. You can minimise those problems by careful planning and testing, something it sounds like this guy didn't do (or not carefully enough anyway).

Steve

Oh and this thread probably wouldn't be attracting nearly as much attention had it been titled:
BETA BLOWS ON MY HARDWARE, WANT TO DOWNGRADE ASAP

Or even better.

Beta is not working well on my hardware, is it possible to downgrade?  ;D

A Former User

Steve, he didnt listen to reason and test in the Lab before deploying…. EVERYONE in the dept is glad he is gone.
things have changed tremendously for the better after he was fired.

i could have fixed all the messes with the Cisco hardware . but was easier to cut back over to a system that works and pull the other hardware.
were currently looking at 10GE for places that need more than 1 Gig-E drop. 2 times Gig-E seems to be more expensive than 10GE.
and were looking at which 10GE adapters are supported and work well in FreeBSD and then order and Test extensively in the Lab.
all of our stuff is on Extensively tested Supermicro Xeon servers (2 different models) and have onboard intel nics. unfornately NOT 10GE.

back to the subject... Downgrade... just backup your config and reinstall... takes me all of about 10 minutes to
have a working system from the time the CD goes in the drive til i have a working config.

mcrook

Here is the output finally from that command:

rl0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=3808 <vlan_mtu,wol_ucast,wol_mcast,wol_magic>ether 00:04:e2:06:65:1d
        inet6 fe80::204:e2ff:fe06:651d%rl0 prefixlen 64 scopeid 0x7
        nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
rl1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=3808 <vlan_mtu,wol_ucast,wol_mcast,wol_magic>ether 00:04:e2:06:65:1d
        inet6 fe80::2e0:29ff:fe94:cb6a%rl1 prefixlen 64 scopeid 0x8
        nd6 options=3 <performnud,accept_rtadv>media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
re0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether d8:5d:4c:d0:74:c9
        inet6 fe80::da5d:4cff:fed0:74c9%re0 prefixlen 64 scopeid 0x9
        inet 75.157.237.26 netmask 0xffffff00 broadcast 75.157.237.255
        nd6 options=1 <performnud>media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
re1: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=209b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic>ether d8:5d:4c:d0:76:ad
        inet6 fe80::da5d:4cff:fed0:76ad%re1 prefixlen 64 scopeid 0xa
        nd6 options=1 <performnud>media: Ethernet autoselect (none)
        status: no carrier
fxp0: flags=8802 <broadcast,simplex,multicast>metric 0 mtu 1500
        options=4219b <rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwtso>ether 00:07:e9:bc:61:42
        media: Ethernet autoselect (none)
        status: no carrier
enc0: flags=0<> metric 0 mtu 1536
pfsync0: flags=0<> metric 0 mtu 1460
        syncpeer: 224.0.0.240 maxupd: 128 syncok: 1
lo0: flags=8049 <up,loopback,running,multicast>metric 0 mtu 16384
        options=3 <rxcsum,txcsum>inet 127.0.0.1 netmask 0xff000000
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0xe
        nd6 options=3 <performnud,accept_rtadv>pflog0: flags=100 <promisc>metric 0 mtu 33200
lagg0: flags=8843 <up,broadcast,running,simplex,multicast>metric 0 mtu 1500
        options=3808 <vlan_mtu,wol_ucast,wol_mcast,wol_magic>ether 00:04:e2:06:65:1d
        inet6 fe80::204:e2ff:fe06:651d%lagg0 prefixlen 64 scopeid 0x10
        inet 192.168.25.17 netmask 0xfffffc00 broadcast 192.168.27.255
        nd6 options=1 <performnud>media: Ethernet autoselect
        status: active
        laggproto lacp
        laggport: rl1 flags=1c <active,collecting,distributing>laggport: rl0 flags=1c <active,collecting,distributing>poes10: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
poes11: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
poes12: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
poes13: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
poes14: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
poes15: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
poes16: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
poes17: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
poes18: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
poes19: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
poes110: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
poes111: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
poes112: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
poes113: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
poes114: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
poes115: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
poes116: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500
poes117: flags=8890 <pointopoint,noarp,simplex,multicast>metric 0 mtu 1500

Thank you for your help!</pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></pointopoint,noarp,simplex,multicast></active,collecting,distributing></active,collecting,distributing></performnud></vlan_mtu,wol_ucast,wol_mcast,wol_magic></up,broadcast,running,simplex,multicast></promisc></performnud,accept_rtadv></rxcsum,txcsum></up,loopback,running,multicast></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,tso4,wol_magic,vlan_hwtso></broadcast,simplex,multicast></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast></full-duplex></performnud></rxcsum,txcsum,vlan_mtu,vlan_hwtagging,vlan_hwcsum,wol_magic></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu,wol_ucast,wol_mcast,wol_magic></up,broadcast,running,simplex,multicast></full-duplex></performnud,accept_rtadv></vlan_mtu,wol_ucast,wol_mcast,wol_magic></up,broadcast,running,simplex,multicast>

mcrook

BUMP

Any ideas?

stephenw10

Nothing jumps out. You are running quite a few PPPoE connections though, it's possible you are testing this further than other users.
Unfortunately your ifconfig output is so long it has obscured the output of /etc/rc.banner. If you could run just that part and paste the output here that might show something.

Steve

CuriousG

@mcrook:

BUMP

Any ideas?

I'm also using re* NICs and had a problem when going from 2.0RC3 to 2.0REL.  So for a long time I was running 2.0RC3.  I figure it would work itself out from a newer release.  Once 2.02REL came out I tried it again and I had the same issue where the WAN interface wouldn't work with DHCP.  What fixed it for me was manually setting the WAN interface to force 100BASET full duplex.  I'm not saying that's your problem since it appears you are getting an IP address (not sure if you're using static).  Wouldn't hurt to give it a try.