Intel i210 NIC in 2.1
-
Hello,
is there a possibility to use the Intel NIC i210 in pfsense 2.1? -
No. The driver in 2.1 isn't new enough. If you have an active support subscription then they can send you an updated driver which will work but it was pulled out of 2.1 because it breaks ALTQ (you won't have traffic shaping).
I have an open ticket with support on a patch from a newer commit to FreeBSD that MAY fix the issue but it may not and if so it likely won't get resolved until 2.2 is released (or whatever the version number is that builds on FreeBSD 10).
I'm crossing my fingers though as I'd love to be able to drop in a pair of the new Lanner FW-8771 boxes…
-
I don't really see any reason that newer kernel module shouldn't be publicly available for those who know the risks and drawbacks. Perhaps I'm overlooking something. :-\
That Lanner box looks nice.
This allows network appliances to operate at ultra-high speed
Ultra high, that's fast! ;)
Steve
-
I don't really see any reason that newer kernel module shouldn't be publicly available for those who know the risks and drawbacks. Perhaps I'm overlooking something. :-\
I don't believe jimp ever said anything about not distributing it to anyone who asks, though I also don't believe he ever said that he would. Your best bet is to ask and see what happens. All I can say for sure is that he offered it to me through my support ticket and, for now, I declined due to the manual install and lack of traffic shaping.
That said, there wouldn't be anything stopping someone from compiling it themselves. Quite a few people around here have compiled drivers for various hardware themselves, some have provided tutorials.
That Lanner box looks nice.
This allows network appliances to operate at ultra-high speed
Ultra high, that's fast! ;)
Steve
Yup, "high speed" just isn't enough. I'm skipping "HD high speed" and going straight to "ultra-high speed".
Seriously though, I want to add a 3rd WAN connection @ 500/100 (plus my 100/100 and 20/20) and want to start doing snort & squid (for a specific application to cache images, not for all users) at the edge and my existing Lanner boxes with Core2Duo T7400 CPUs are struggling a bit, even without snort & squid.
-
;D
I'm surprised those T7400s would struggle at 120/120.
Steve
-
Struggle isn't the right word I guess. When maxing out both pipes the CPU usage is around 70%, likely due to the mild traffic shaping (a couple limiters on a vLAN interface + a bunch of PRIQ buckets on all interfaces). That's doesn't leave the headroom for a 500/100 pipe and certainly won't allow for snort & squid.
-
If you have any sort of CPU frequency scaling enabled then that might be 70% of some lower speed, worth checking. Also might not be evenly distributed across the cores, 100% on one core 40% on the other. You really would be out of CPU in that case.
Anyway somewhat off topic.
Steve
-
Good points. The frequency is at max, though I've no idea whether or not the load is unbalanced across cores. I'll check that this week.
-
No. The driver in 2.1 isn't new enough. If you have an active support subscription then they can send you an updated driver which will work but it was pulled out of 2.1 because it breaks ALTQ (you won't have traffic shaping).
Any news on Intel i210 NIC support that doesn't break traffic shaping???
Any info at all… such as a SWAG on when support might make it to a beta or production client would be greatly appreciated. I had to abandon using PfSense for a new install because I needed a 4 NIC on-board solution and the only mobos I could find that fit the bill were Supermicro with the i210.
Now I'm stuck using Untangle, Smoothwall, etc. until this becomes an option for PfSense. :-(
-
No. The driver in 2.1 isn't new enough. If you have an active support subscription then they can send you an updated driver which will work but it was pulled out of 2.1 because it breaks ALTQ (you won't have traffic shaping).
Any news on Intel i210 NIC support that doesn't break traffic shaping???
Any info at all… such as a SWAG on when support might make it to a beta or production client would be greatly appreciated. I had to abandon using PfSense for a new install because I needed a 4 NIC on-board solution and the only mobos I could find that fit the bill were Supermicro with the i210.
Now I'm stuck using Untangle, Smoothwall, etc. until this becomes an option for PfSense. :-(
Not that I've heard. I've still got the support ticket open but it's not really a priority for me anymore. I decided to go with the older Lanner FW-8865 with (12) i350 NICs instead. The small performance boost from Haswell isn't worth the compatibility issues of bleeding-edge hardware.
-
The small performance boost from Haswell isn't worth the compatibility issues of bleeding-edge hardware.
This, not sure why people are dead set on having haswell, its fine if the caveats do not apply to your use case but there are tons of brand new ivy bridge systems and parts for sale. The $/perf on ivy is higher in most cases right now, "new n' shiny" tends to command a premium. Even some sandy bridge stuff has discounts right now that might be the best option, and it sure ain't no pentium 4 space heater. Its a router, not a cell phone, you don't need this quarter's model :)
The performance and power difference of the last 3 "generations" is often barely above the statistical anomaly threshold. New features are nice, but working feature birds are worth 10 in the bush. (your network is probably the slowest thing anyways)
For petes sake though, don't buy atom junk ;)
-
pair of the new Lanner FW-8771 boxes…
Netgate now has one of these in-house. You can draw your own conclusions.
-
I built my own image with haswell nic support, but it wasn't exactly trivial - that is to say, the changes necessary aren't hard, but getting a working build environment took some effort.
-
I built my own image with haswell nic support, but it wasn't exactly trivial - that is to say, the changes necessary aren't hard, but getting a working build environment took some effort.
Does ALTQ work?
In any case, my FW-8865 boxes with the i350 NICs are here. Haven't had a chance to set them up yet, can't figure out the default IP for the IPMI card…
-
No, ALTQ doesn't work. I'd prefer to have it, but this box and a 24 port switch are replacing my failing dd-wrt consumer router; it's a pretty big upgrade as is.
If I notice QoS issues, I may have to revisit my solution (preferably in software, but maybe in hardware).
-
Hey everyone, first post to the forum. I've been live with pfSense at home for several weeks now. Very new to the project and very enthusiastic about the community. I built a brand new 2U rackmount form factor with new components as a fun project:
Case: Rosewill RSV-Z2600 – cheap case but annoyed mobo and PSU are backwards like most cheap cases
Power Supply: Seasonic SSR-360GP -- 360W 80 Plus Gold
CPU: Intel Xeon E3-1220v3 (Haswell 4th Generation) 3.1 GHz quad core, no hyperthreading
Mobo: Supermicro X10SLM+-LN4F -- 4 Intel i210 NICs on board.
RAM: Kingston KVR16E11/8EF -- 16GB DDR3 1600 MHz ECC server RAM
HDD: Crucial M4 64GB MLC SSD -- had this lying around, never used. Reading into turning on TRIM, haven't done so yetI knew going into this from reading this forum that the i210 was too new and wasn't natively supported. The uncompiled drivers are available on Intel's site, and I chose the ones that were backwards compatible with FreeBSD 8.x.
I'm new to FreeBSD but after installing pfSense memstick to HDD it would not fully boot up due to lack of NIC drivers. I was at least expecting to get to a working shell so I could mount a USB flash drive, copy the driver source code, and compile on pfSense. But the "Escape to shell" seemed to be a watered down shell and not the full shell, so it didn't support many commands. Couldn't mount a USB flash drive nor could I use any text editor.
Anyway, ended up downloading the full FreeBSD 8.3 64-bit ISO from FreeBSD's site and spinning up a fresh VirtualBox VM. Successfully compiled the Intel drivers and got the "if_igb.ko" driver I was looking for (yessss, my precious!). I ended up using the pfSense ISO (as opposed to the memstick download) since I needed to inject the driver file and loader.conf file into the ISO prior to installing to the server, so I extracted the pfSense ISO, copied the driver, then basically used another program to write to the USB flash drive.
Wow, what a long, scenic route just to get it working. On first boot, all went very well and the i210 NICs were recognized by pfSense and I was able to begin initial config. I fully realize traffic shaping issues are present, but I'm not using any of that.
Anyways, I wanted to share my frustrations and eventual success so that others who have the i210 NICs can use pfSense 2.1 at least until 2.2 is released based on FreeBSD 10.x with native support.
I uploaded the driver as .txt so the forum would accept it. Please strip off the extension. Mods/admins: apologies if this is forbidden -- I don't know of anywhere else to upload this in order to share it. Note, this driver was compiled on FreeBSD 8.3 64-bit, not 32-bit.
-
Copy the driver to:
/boot/kernel/
(I didn't find a need to add it to /boot/modules/) -
In /boot/loader.conf, add the line:
if_igb_load="YES"
-
-
Nice first post. :)
The .txt suffix sometimes causes problems with file corruption (on the older forum code at least). Do you have the MD5 hash of the kernel module to check?As you found there are no build tools included in pfSense for a number of reasons.
Steve
-
MD5: 419F0DA227322FEE06DCB835C14D53DB
SHA-1: 078FB6C206BA2E865006A8B093CAAC72820E4022
SHA-256: 2618048F471A27A03C8B588AA1716516C25B768EAD23BDA655B46579265DB236Man, I love "HashTab" for Windows. Best hash extension ever. ( http://implbits.com/HashTab.aspx )
And yeah, it was more than not having a build tool. Without recognizing the NICs on the first pfSense boot, I couldn't even get into a "real" FreeBSD Shell, so I couldn't mount a USB device or use any built-in text editors. Like the keyboard driver was really messed up and everything was on one line… After hours of frustration I just decided to do everything on a real FreeBSD 8.3 VM and copy all that stuff back on the pfSense ISO, burn ISO bit-wise to memstick, then boot the real box off custom memstick.
-
Hmm, well you should be able to do all that. pfSense is FreeBSD underneath. The ee text editor is included, or vi if your inclined to use it. ;)
Edit: Seems to download fine with the .txt extension though I have no way of testing it.
Steve
-
No. The driver in 2.1 isn't new enough. If you have an active support subscription then they can send you an updated driver which will work but it was pulled out of 2.1 because it breaks ALTQ (you won't have traffic shaping).
I have an open ticket with support on a patch from a newer commit to FreeBSD that MAY fix the issue but it may not and if so it likely won't get resolved until 2.2 is released (or whatever the version number is that builds on FreeBSD 10).
I'm crossing my fingers though as I'd love to be able to drop in a pair of the new Lanner FW-8771 boxes…
Jason,
Guess what we got in on Monday at Netgate (also pfSense HQ) this past Monday. 8) 8) 8)
IJS