PfSense on a Riverbed Steelhead

cjohnson

Why do you think it's a BIOS problem vs any number of other reasons it could be dead?
At the time mostly, because of the LED/fan behavior; and a gut feeling based upon experience.

PS, I see a pair 770 on ebay for $99ea. Might be more time/cost effective to buy one or both.
This is exactly what I had done already. The second one wasn't here yet and I was working with what I had on hand at the time. The second box has since arrived. I swapped the BIOS ROM over from the working one and it booted right up to RiOS. After that, I shut it down and booted it back up on an ubuntu usb. Flashrom dumped the good ROM to a file; hot swapped in the bad one and dumped that to a file as well.

I'm gonna' open 'em both up in a hex editor later and see what the difference(s) between the two is/are before I boot it up again and hot swap/re-flash the bad one with the image from the good one.

I might do some digging around in the RiOS drive while I'm in there flashin' ROMs and see what sorta' goodies I can find related to LED color/controls and bypass relay controls too.

Okijames

@cjohnson Good to hear there's hope for both units. FWIW I overwrote my RIOS drive in pursuit of a BIOS dump. Success on the BIOS dump (adios RIOS) and happy to send your way if you want another working example.

cjohnson

for anyone who's wondering....just another fine point of detail about the bypass functionality of the four network interfaces (LAN 0_0, WAN 0_0, LAN 0_1, WAN 0_1) on the right hand side (while viewed from the front) of the box.

1. set either/both pairs of those NICs to "no bypass" in BIOS (they're labeled as NIC 3&4, NIC 5&6 in BIOS)
2. save the changes and exit BIOS
3. put the box in standby state (hold the front power switch down for a few seconds, before POST completes)
4. the link status LED (not the activity LED) of the NIC pair you've set to "no bypass" will now be lit up amber

BIOS label "NIC 3&4"
pins 4&5 of LAN 0_0 will be connected to pins 4&5 of WAN 0_0
pins 7&8 of LAN 0_0 will be connected to pins 7&8 of WAN 0_0

BIOS label "NIC 5&6"
pins 4&5 of LAN 0_1 will be connected to pins 4&5 of WAN 0_1
pins 7&8 of LAN 0_1 will be connected to pins 7&8 of WAN 0_1

this essentially means that with the box in this "standby" state, you'll be passing only PoE (not ethernet data) to/from LAN 0_0 to/from WAN 0_0 and, to/from LAN 0_1 to/from WAN 0_1. as soon as you power it up, the PoE shunt is opened.

stephenw10

Hmm, that seems odd. I might have expected the other two pairs to be linked for 100M pass-through. PoE pass-through that gets interrupted seems pretty much pointless!

Steve

sambiggs

Thanks for all your guidance. I thought I'd followed it , but my CX-755 is giving an error:

smbmsg: Error performing SMBus IO: Device not configured

Any ideas?
Although I'm learning as I go, apparently not quickly enough. Thx.

Okijames

@sambiggs Try loading ichsmb and then smb manually. Post the output of these commands...

kldload ichsmb
kldload smb

sambiggs

I'd put those into the config.xml, right before the smbmsg commands. This is copied from the PuTTY output:

ichsmb0: <Intel 631xESB/6321ESB (ESB2) SMBus controller> port 0x540-0x55f irq 19 at device 31.3 on pci0
smbus0: <System Management Bus> on ichsmb0
smb0: <SMBus generic I/O> on smbus0
smbmsg: Error performing SMBus IO: Device not configured

stephenw10

Had you tried scanning the smbus at all? That can easy lock up requiring a reboot.

Did you try entering all the commands manually first without putting anything in the config file?

Steve

sambiggs

Sequence was:

1st:

• Drop to shell and add the following to /boot/loader.conf.local to load the smbus drivers
• ichsmb_load=“YES”
• smb_load=“YES”
• add "smbmsg -s 0x48 -c 0x55 -o 6 0x03 0xfc 0x01 0xfe 0x66 0x99" to config.xml

Result

• Perhaps there was a "satisfying click" and I was then able to get a link light on em0, but it is not usable in pfSense.
• em1-3 show no link lights

2nd:

• remove the added lines from /boot/loader.conf.local
• add "kldload ichsmb" and "kldload smb" to config.xml

Result

• No click, and no noticeable difference. The error shown above appeared in the console output

I haven't knowingly tried scanning the smbus, as I am still dumbly following your previous posts, and either that wasn't there, or it was buried in the stuff about your 1050 model, which I avoided in the cause of simplicity.

I haven't properly understood the sideline about LED colour, but fwiw I get a single steady orange.

cjohnson

I still have the original RiOS drives with all the shell scripts and pythons scripts and all that stuff in it. I've been trying to reverse engineer it to figure out how it operates the status LED. If someone wants a look at it, I could probably send a few files your way....

Okijames

@sambiggs Probably best to ignore the messages related to the 1050, it's a very different box. Refer instead to my "soup-to-nuts" post from Nov 29th, with a few modifications because your CX-755 has 2 pair of bypass NICs vs the single pair on my CX-550...

The NIC numbering will be different, as a guess yours might look like this.

em0 = LAN0_0
em1 = WAN0_0
em2 = LAN0_1
em3 = WAN0_1
em4 = Primary
em5 = Aux

You will need an additional smbmsg line in config.xml to enable the second pair of bypass ports...

<shellcmd>smbmsg -s 0x48 -c 0x55 -o 6 0x03 0xfc 0x00 0xff 0x66 0x99</shellcmd>

As Stephen said, the smbus is touchy. I'd recommend removing the loader.conf and config.xml edits. Power cycle the box. Then see what happens when you manually enter the commands...

kldload ichsmb
kldload smb

smbmsg -s 0x48 -c 0x55 -o 6 0x03 0xfc 0x01 0xfe 0x66 0x99
smbmsg -s 0x48 -c 0x55 -o 6 0x03 0xfc 0x00 0xff 0x66 0x99

sambiggs

OK, cleared those and ran commands manually.
No apparent error messages

Enter an option: 8

[2.3.5-RELEASE][root@pfSense.localdomain]/root: kldload ichsmb
ichsmb0: <Intel 631xESB/6321ESB (ESB2) SMBus controller> port 0x540-0x55f irq 19 at device 31.3 on pci0
smbus0: <System Management Bus> on ichsmb0
[2.3.5-RELEASE][root@pfSense.localdomain]/root: kldload smb
smb0: <SMBus generic I/O> on smbus0
[2.3.5-RELEASE][root@pfSense.localdomain]/root: smbmsg -s 0x48 -c 0x55 -o 6 0x03 0xfc 0x01 0xfe 0x66 0x99
[2.3.5-RELEASE][root@pfSense.localdomain]/root: smbmsg -s 0x48 -c 0x55 -o 6 0x03 0xfc 0x00 0xff 0x66 0x99
[2.3.5-RELEASE][root@pfSense.localdomain]/root:

HOWEVER
After testing a little more thoroughly, the ports are not arranged as I had assumed (Yes, I know, "ass out of U & ME") but are em2 em3 em0 em1 em4 em5. When I tested previously, I may have been looking for connection on a port that was disabled

They are all working
...but it may be that they were working before. I cannot be sure because of my poor testing.

Thanks for assistance, and for taking the trouble to share your efforts

Okijames

Does anyone have a BIOS for CX570 or CX770 that's more recent than 02/14/2014? Screenshot below. I am trying to add an Samsung 970 Pro NVME drive, but it's not working, I'm thinking the BIOS is too old.

cjohnson

I just looked at my both of my CX-770's, one i've modded slightly (added RAM/changed HDD's etc.), the other is totally stock) and they both have dates that're the same as yours.

not sure if you've thought of this but, as possible workaround of the BIOS limitations, you might do a hybrid boot sort of thing. something like maybe put all of the minimum boot stuff on a small SATA SSD to satisfy what BIOS needs, then a kernel can take over interrogating the PCIe bus and getting the rest of what it needs from your NVMe.... maybe?

stephenw10

@okijames said in PfSense on a Riverbed Steelhead:

Samsung 970 Pro NVME

Exactly what sort of drive is that? How are you connecting it? m.2? PCIe card? An adapter of some sort?

Okijames

@stephenw10 @cjohnson M.2 NVME, I have a in a PCIE extension cable thingie. PCIE edgecard -> short cable -> M.2 socket. It "works" in that the NVME drive is recognized by ESXi, as a PCI device, but not as a storage adapter. ESXI can pass it through to a VM, but I can't use it as local shared storage for the hypervisor.

https://www.amazon.com/gp/product/B07TKYMQXZ/ref=ppx_yo_dt_b_asin_title_o04_s00?ie=UTF8&psc=1

PS, it is a 1TB NVME so a bit much to pass through just for pfSense :)

mjamesPFS

@freska99

I was wondering if you ever got this running on your 1050?

I trying to to the same and tying to understand the steps you took.

I was able to use a USB thumb drive and install PfSense 2.5.1 on a an internal HD but none of my interfaces work including em4 and em5 which should be the Primary and Aux interfaces.

stephenw10

Like not detected or not passing traffic?

The non-bypassed ports should show link at least.

mjamesPFS

@stephenw10,

Thank you for the quick reply. Sorry it has taken me so long to get back to you. I finally had some time yesterday to take another look. Turns out I had a bad vLAN setting on my lab switch. I now have access to PFSense from the web interface and SSH. I still need to figure out how access the other network interfaces but for now I have the primary and aux interfaces working.

B/R.
Mike

foureight84

@okijames Did you ever find newer bios for this board? I've been having issues using newer SATA SSDs due to the old bios. Most of them do not detect the correct capacity (1GB instead of 128GB for example).

I don't have access to the Riverbed support page for this product since it requires an active license.