Having another go at setting up a lan lagg on pfsense
-
Hi all, I am having another go at setting up a lan lagg and am having issues :(.
The goal is to link aggregate the LAN and OPT1 port.I am following this guide.
https://doc.pfsense.org/index.php/Migrate_Assigned_LAN_to_LAGGStep 1 - It is best to perform this change from an interface that is not involved
So my setup has WAN, LAN (being used) OPT1 (free), I will be using the OPT1 interface, OPT1 is disabled.
See attachment 1,
Step 2 The switch must be properly configured to accommodate the LAGG. This typically means configuring an LACP group and setting ports to use that group. The NICs involved, in this example re0 and re2, should be connected to properly configured ports on the switch before starting.
Ok so I plugged both the LAN and the OPT1 cable into the switch (can still access pfsense gui). I then created a new group and added port 1 and 2 to it using LACP.
see attachment 2
However if both the LAN and the OPT1 cables are plugged into the switch I lose access to pfsense gui.
If I unplug the OPT1 interface I can then access the pfsense gui, if I unplug the LAN interface I lose connection to the pfsense gui.
see attachment 3
Ok so I tried unpluging the OPT1 cable, in a view to replug in the OPT1 cable after the lagg is setup.
Step 3 Ensure the second NIC for the LAGG is not assigned (e.g. re0 mapped to OPT1)
Check Interfaces > (assign) and remove its entry if presentOPT1 is not assigned.
Step 4
- Create a new LAGG including only the second NIC
- Navigate to Interfaces > (assign) on the LAGG tab
- Click "+" to create a new LAGG
- Click to select the NIC to use with this LAGG (re0)
- Select the proper LAGG protocol, such as LACP
- Enter a description
- Click Save
Done
Step 5 - Navigate to Interfaces > (assign), change the assignment of LAN to the newly created LAGG interface (LAGG0) Click Save
This is where it all goes wrong I lose access to the web GUI, I tried repluging in the OPT1 cable with and without the LAN cable plugged in. I have to login to the console and undo the changes.
I am missing something here, where am I going wrong?
-
I've never setup a LAGG on pfSense, but a couple of suggestions:
-
If you have another spare port, set that up for management access so you can adjust the LAGG config without loosing access.
-
If you don't have another spare port, open HTTPS on the WAN side and restrict by IP, etc and access the GUI that way, again so you can adjust the LAGG config without loosing access.
When you login to the console, normally it shows you a list of interfaces and their IP addresses, are you seeing the expected LAN IP address on lagg0? Or drop to the shell and run ifconfig -a to check.
-
-
Stupid question.
Why not do this at the switch? Assuming you need a server or something with it for bandwidth. What could it serve if your WAN/WANS won't be pushing that?
-
Stupid question.
Long answer
I am running squid cache which is stored on pfsense (the router) I want to increase the bandwidth between the router and the switch so when users hit the cache (which is on the pfsense router) they can use the dual link.
In other words going from a 1gbps to 2gbps LAN to router connection.
Also I am doing it for a bit of a learning process (playing with pfsense features) also planing for the future (Australia is getting gigabit internet starting 2017).
-
Stupid question.
Long answer
I am running squid cache which is stored on pfsense (the router) I want to increase the bandwidth between the router and the switch so when users hit the cache (which is on the pfsense router) they can use the dual link.
…In LACP mode, the only catch that you should be aware of is that for one specific client, you will not achieve greater than the maximum speed of one link.
This is because "LACP balances outgoing traffic across the active ports based on hashed protocol header information and accepts incoming traffic from any active port. The hash includes the Ethernet source and destination address and, if available, the VLAN tag, and the IPv4 or IPv6 source and destination address." – https://www.freebsd.org/doc/handbook/network-aggregation.html.
So a client talking to the proxy server results in the same IP and MAC addresses on both sides…consequently the same hash and the same link selected for each packet.
You will find that switches implement LACP in the same manner.
So only if there are multiple clients whose hashed addresses produce differing results (50/50 chance) will you actually see a performance improvement. -
So only if there are multiple clients whose hashed addresses produce differing results (50/50 chance) will you actually see a performance improvement.
Or if two clients download from the route (squid cache) at the same time. Both clients will get 1gbps each instead of half.
-
Stupid question.
Long answer
I am running squid cache which is stored on pfsense (the router) I want to increase the bandwidth between the router and the switch so when users hit the cache (which is on the pfsense router) they can use the dual link.
In other words going from a 1gbps to 2gbps LAN to router connection.
Also I am doing it for a bit of a learning process (playing with pfsense features) also planing for the future (Australia is getting gigabit internet starting 2017).
What kind of throughput does your squid disk cache have?! I'm actually very curious about this topic. I have link aggregate setup and was wondering if I had the placebo effect with performance. My needs aren't greater than one gigabit link, but I feel as though the way it processes the data is either different or processed by the computer differently and in a better way.
-
You should be able to tell if the LACP is up or not by looking at the switch and/or pfsense. There is no reason you can't bring another interface up on another VLAN and be sure the link is functioning before messing with your LAN.
-
Stupid question.
Long answer
I am running squid cache which is stored on pfsense (the router) I want to increase the bandwidth between the router and the switch so when users hit the cache (which is on the pfsense router) they can use the dual link.
In other words going from a 1gbps to 2gbps LAN to router connection.
Also I am doing it for a bit of a learning process (playing with pfsense features) also planing for the future (Australia is getting gigabit internet starting 2017).
What kind of throughput does your squid disk cache have?! I'm actually very curious about this topic. I have link aggregate setup and was wondering if I had the placebo effect with performance. My needs aren't greater than one gigabit link, but I feel as though the way it processes the data is either different or processed by the computer differently and in a better way.
Well the cache drive is a msata which can do
Up to 540 MB/sec Sequential Read
Up to 520 MB/sec Sequential WriteHowever my APU1D4 maxes out it's CPU at 30MBps, So for my next build (which is a few years away)I would need more CPU for this to work.
However still wanted to play around with it. -
Stupid question.
Long answer
I am running squid cache which is stored on pfsense (the router) I want to increase the bandwidth between the router and the switch so when users hit the cache (which is on the pfsense router) they can use the dual link.
In other words going from a 1gbps to 2gbps LAN to router connection.
Also I am doing it for a bit of a learning process (playing with pfsense features) also planing for the future (Australia is getting gigabit internet starting 2017).
What kind of throughput does your squid disk cache have?! I'm actually very curious about this topic. I have link aggregate setup and was wondering if I had the placebo effect with performance. My needs aren't greater than one gigabit link, but I feel as though the way it processes the data is either different or processed by the computer differently and in a better way.
Well the cache drive is a msata which can do
Up to 540 MB/sec Sequential Read
Up to 520 MB/sec Sequential WriteHowever my APU1D4 maxes out it's CPU at 30MBps, So for my next build (which is a few years away)I would need more CPU for this to work.
However still wanted to play around with it.Because science. 8)
-
Is there anyway I can set the LAGG via the console before I try accessing the gui via the WAN port?
-
Make what will be the second LACP interface an OPT interface, IP it, and connect to pfSense using a laptop plugged into that.
Create a two-port LACP group on your switch.
Create the LACP group using the first pfSense LAGG interface, assign it to LAN, and connect it to the first LACP port on the switch and make sure it works.
Connect to pfSense over LAN, add the other interface to the LAGG and connect it to the switch. It should just be added to the group.