Em0: watchdog timeout - resetting
-
Before updating the units, have you done some tunings and/or tweaks? I mean custom settings according
to the hardware? The custom settings will gone after an update or upgrade if they are not written to the loader.conf.local pending on the circumstance that all files will be new written or overwritten. -
no, no tuning, not tweaks. thwe firewall rules are pretty basic, no vlans, and just 2 IPSec Tunnels
Thnx
Dickie
-
are you hitting mbuf limit? (status/monitoring–>category:system & graph=Mbuf clusters)
if yes: https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards#Intel_igb.284.29_and_em.284.29_Cards -
Well in a thought i had, to unhook the interface from the comcast modem and put a 100 Mb switch between them, it has so far cured the timeouts, but its not a gigabit link for now….... I will investigate the MBUF issues and see if that is happening, BUT at least the firewall is stable again. (so far) its been 12 hours.
Thnx
-
and put a 100 Mb switch between them, it has so far cured the timeouts, but its not a gigabit link for now…....
As many others in your situation go with a Netgear GS105E, GS108E, GS108PE or GS108Tv2
to solve this issue the switches are starting at $25 that is nothing for a 5 Port GB Switch in a solid metal case
with good rubber duck anti slipping feeds. They have from VLAN support, over QoS, toether with LAG (LACP)
capabilities and on top mirrored Ports as feature set for other things to realize in front of the WAN.I will investigate the MBUF issues and see if that is happening, BUT at least the firewall is stable again. (so far) its been 12 hours.
With 8 GB RAM you can easily try out to go to 1000000 mbuf size and together with 4 GB RAM you can try out
starting at 500000 but think about, if you run out of RAM you can also ending up with a booting loop! So since
RAM is cheap to get it would be more and more easy to tune and tweak some things that all is running more
smooth and liquid.
2 GB RAM firewall only
2 GB - 4 GB RAM firewall, snort
4 GB - 8 GB firewall, snort & squid
8 GB - 16 GB firewall, snort, squid, many VPN tunnels- high up mbuf size
- high up squid default RAM size
- high up RAM disk sizes
-
Would this something to solve your issue right?
missing NIC port, em0: The EEPROM Checksum Is Not Valid (follow-up) -
Thank you Frank,
I will look into your last post.
As for a follow up to the other posts. Right now the system has 2 GB Ram, more ordered now. I have tried the NIC tweak as mentioned here (https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards#Intel_igb.284.29_and_em.284.29_Cards). There was no change in the behavior. One thing I did fail to mention was that there are 4 webcams that stream thru this firewall, yesterday i stopped all 4 streams and the firewall stopped crashing. The thing I am curious about, was there a driver change between 2.2.6 and 2.3-RELEASE? As I did not have this issue before the upgrade and I did not change NIC's or any other hardware.
Thnx
Dickie
-
yes, there are numerous changes in 2.3, including the latest intel drivers
-
As for a follow up to the other posts. Right now the system has 2 GB Ram, more ordered now. I have tried the NIC tweak as mentioned here
(https://doc.pfsense.org/index.php/Tuning_and_Troubleshooting_Network_Cards#Intel_igb.284.29_and_em.284.29_Cards).Please do this carefully, together with 2 GB or 4 GB and much services or installed packets you are able to
end up in a so called "booting loop" then. So therefore I was talking about the much more RAM likes 8 GB
to be on the save side. To be able to free up kernel space and move it to the RAM side would be fine in many
conditions.There was no change in the behavior.
This can be really differ on high throughput or high load peaks in your network if they run then out of buffer
or RAM. Or what ever else is causing a really strong network flow.One thing I did fail to mention was that there are 4 webcams that stream thru this firewall, yesterday i stopped all 4 streams and the firewall stopped crashing. The thing I am curious about, was there a driver change between 2.2.6 and 2.3-RELEASE?
I was putting all cameras inside oft a DMZ and the capture server or storage likes SAN/NAS too, so they
don´t need to run their streams through the firewall at all, for sure this will be also running well if all
devices are in the same LAN subnet.As I did not have this issue before the upgrade and I did not change NIC's or any other hardware.
Its not really important if on the other side something was changing it could be based on that side too!
And yes a new version likes 2.3 is coming with many new functions, options and features inserted.yes, there are numerous changes in 2.3, including the latest intel drivers
That is right but two other things were seen many times in other cases affected with similar issues
or malfunctions too. Pleas have a look over here;- Using netmap-fwd on 2.3 as stated by cmb;
The fastforwarding sysctl no longer exists at all. tryforward is always on and can't be turned off.
netmap-fwd isn't something that's available for general use yet. - 2.3 Lockup with no packages cmb stated about that;
One thing I'm curious about is whether having netmap enabled is the source of an edge case issue with some em cards.
- Using netmap-fwd on 2.3 as stated by cmb;
-
never-enuff: I sent you a PM with an alternate kernel to try, minus netmap. I don't know whether that will fix it, but it's something I'm trying to confirm or deny with those who are seeing issues like that.
-
I've had problems with Intel NIC watchdog resets in Linux and got around it by disabling all kinds of offload features (but checksumming still enabled).