Routing between WAN & LAN randomly stops

BlackDwarf

Hi guys.

I've got a Watchguard x1250e that I've just upgraded from 2.2.6 to 2.3.b.20160324.0511.

I'm having an issue where randomly the routing between WAN & LAN will stop completely. pfsense is still able to route externally, but refuses to pass anything through to LAN.

I can kick things back into action by logging into the serial console and re-assigning the interfaces to their respective ports.

Only think in the logs when it fails is:

Mar 24 14:39:48	php-fpm	84522	/rc.linkup: Hotplug event detected for LAN(lan) static IP (10.1.1.254 )
Mar 24 14:39:47	syslogd		sendto: No route to host
Mar 24 14:39:47	kernel		sk1: link state changed to DOWN

jimp

Sounds like the driver believes the LAN NIC has lost link… Seems like a hardware/driver issue.

chpalmer

Are you running the LCD package on that box?

BlackDwarf

LCDProc doesn't exist in the available packages, so no, I currently have no control over the LCD (no big issue really).

I thought I'd gotten it fixed by doing a factory defaults and starting again, gave me about 5.5hrs uptime but has just done it again.  >:(

Jimp, is there anything I can do to assist the team with tracking/fixing?

Is anyone else running 2.3 on Watchguard hardware?

cmb

@BlackDwarf:

Jimp, is there anything I can do to assist the team with tracking/fixing?

We only look at driver issues for hardware we sell. Those sk NICs have always caused grief for some portion of users.

In /boot/loader.conf.local set:
kern.ipc.nmbclusters=1000000

and reboot, see if that makes it behave any better.

Tons of things on Google if you search "sk0: link state changed to DOWN" (more people hitting it as their first NIC probably), might find something there.

Outside of that, it'll have to be reported and fixed upstream in FreeBSD.

Perforado

Repeating myself "hw.pci.enable_msix=0" in /boot/loader.conf.local is also always worth a try…

chpalmer

@BlackDwarf:

LCDProc doesn't exist in the available packages,

Is anyone else running 2.3 on Watchguard hardware?

Dah! I knew that…  Really!  :P      Ive got one Xcore-e box left in production and its my only box still on 2.2.6 just because I want to throw 2.3 on one I have here sitting on the shelf to test first.  Other than that the other Watchguards I have are XTMs and run fine.

Can you move over to your MSK interfaces and give them a try?  They would have higher throughput anyways as they are on a PCIe bus.  SK interfaces are on a PCI bus.