Parent interface of VLANs got down suddenly! | KVM pfsense



  • Hello there! I’ve into an issue for a while with no real solution or clear explanation of what is happening with the installation. First of all my installation includes these next items:

    Dell r430 server
    KVM
    pfsense 2.4.3

    I have a few interfaces and one of them has several VLANs associated with it. After running the firewall for a while the parent interface IP address, which is hosted on the firewall(pfsense), becomes unreachable and sequentially all VLANs associated with become unreachable. Therefore I’m seeking for real help with this issue.

    Also I have to tell that the interface of KVM’s pfsense parent is set to “direct”, and “bridge”.

    Kindly check the attachments for a snapshot of the VLANs when they become offline.

    Thanks in advance



  • Do you have disabled the hardware checksum offloading as described here https://doc.pfsense.org/index.php/Virtualizing_pfSense_on_Proxmox?

    What kind of virtual NICs are you using?

    Something respective in the logs?



  • Thanks for the reply… I will enable that option(disabling hardware offloading) and observer for it.

    Thank you once again!



  • Did it help?  *(disabling checksum offload)  - because it did not seem to help in my case.



  • Thanks for the suggestion. Till now it seems that the issue has been fixed! I’m still observing the firewall and I will update this thread in case there is an update. Thank you once again for the quick and smart suggestion.

    Best wishes!



  • Hello there! Unfortunately the issue occurred again today. But this time it took a relatively long time in comparison to the other periods I’ve been observing for a while. Regarding your question about the kind of VNICs I am using, I use this configuration for the interfaces

    (
        <interface type=“direct”><mac address=“52:54:00:12:ee:67”><source dev=“em1” mode=“bridge”>
          <model type=“rtl8139”><address type=“pci” domain=“0x0000” bus=“0x00” slot=“0x03” function=“0x0”>

    )

    and you asked for logs but I couldn’t determine which logs you exactly need. Therefore, could you please be more specific regarding the logs that you need.

    Thanks in advance</address></model></mac></interface>



  • I meant the system log. Status > System Logs > System > General
    If there are some issues related to interface drop-outs you should find log entries there.

    pfSense works better with an e1000 NICs than with the rtl, but don’t know, if that helps here.



  • I can’t use “e1000” NICs as the firewall VLANs become offline after applying the changes for the new option(which is “e1000”). Any suggestion?



  • As far as I know, the e1000 supports VLAN.  ???
    I’m using virtIO NICs with my virtualized pfSense on KVM without no issue, since I’ve deactivated checksum offloading. And I’ve also defined multiple VLANs on one NIC.



  • I am still trying to fix this problem although I’m not pretty sure whether it has been solved! Anyway, may you share with me your KVM configuration regarding the interfaces parts?

    Thanks



  • Here’s the interface setting of the virtual machine interface, where I’m running multiple vLANs on in pfSense:

    
        <interface type="network"><mac address="52:54:00:e9:79:76"><source bridge="br.wifi">
          <model type="virtio"><address type="pci" domain="0x0000" bus="0x00" slot="0x05" function="0x0">
    
    The host network bridge is controlled by wickedd. No special settings in the ifcfg-br.wifi:
    

    BOOTPROTO='none’
    BRIDGE='yes’
    BRIDGE_FORWARDDELAY='0’
    BRIDGE_PORTS='eth2’
    BRIDGE_STP=‘off’
    BROADCAST=’‘
    ETHTOOL_OPTIONS=’‘
    IPADDR=’‘
    MTU=’‘
    NAME=’‘
    NETMASK=’‘
    NETWORK=’‘
    REMOTE_IPADDR=’'
    STARTMODE=‘auto’

    
    The eth2 config:
    

    BOOTPROTO=‘none’
    BROADCAST=’'
    DHCLIENT_SET_DEFAULT_ROUTE=‘no’
    ETHTOOL_OPTIONS=’‘
    IPADDR=’‘
    MTU=’'
    NAME=‘I211 Gigabit Network Connection’
    NETMASK=’‘
    NETWORK=’‘
    REMOTE_IPADDR=’‘
    STARTMODE=‘auto’
    PREFIXLEN=’’

    
    The interface is connected to an Engenius Wifi AP and there are 5 vLAN configured on it in pfSense, no conventional network.</address></model></mac></interface> 
    


  • Thank you for sharing this with me. I will double check the settings of mine as well as of yours and update my settings accordingly. I will update this thread if there is any update.

    Kind regards.



  • Hello there! Unfortunately the problem occurred again today. For those of you who are asking for “system logs” here are what I got

    May 16 09:21:20 dpinger WB_MAJ_BNS1 172.16.6.24: sendto error: 64
    May 16 09:21:20 dpinger WB_RD2 172.16.6.2: sendto error: 64
    May 16 09:21:20 dpinger WB_EDU 172.16.6.21: sendto error: 64
    May 16 09:21:20 dpinger WB_RD3 172.16.6.3: sendto error: 64
    May 16 09:21:20 dpinger WB_OFF 172.16.6.22: sendto error: 64
    May 16 09:21:20 dpinger WB_RD1 172.16.6.1: sendto error: 64
    May 16 09:21:20 dpinger WB_OOF_BNS 172.16.6.28: sendto error: 64
    May 16 09:21:20 dpinger WB_WAHO 172.16.6.27: sendto error: 64
    May 16 09:21:20 dpinger LANs_Bridge 172.16.101.10: sendto error: 64
    May 16 09:21:20 dpinger WB_RD2 172.16.6.2: sendto error: 64
    May 16 09:21:20 dpinger WB_MAJ_BNS1 172.16.6.24: sendto error: 64
    May 16 09:21:20 dpinger WB_EDU 172.16.6.21: sendto error: 64
    May 16 09:21:20 dpinger WB_RD3 172.16.6.3: sendto error: 64
    May 16 09:21:20 dpinger WB_OFF 172.16.6.22: sendto error: 64
    May 16 09:21:20 dpinger WB_RD1 172.16.6.1: sendto error: 64
    May 16 09:21:19 dpinger WB_OOF_BNS 172.16.6.28: sendto error: 64
    May 16 09:21:19 dpinger WB_WAHO 172.16.6.27: sendto error: 64
    May 16 09:21:19 dpinger LANs_Bridge 172.16.101.10: sendto error: 64
    May 16 09:21:19 dpinger WB_MAJ_BNS1 172.16.6.24: sendto error: 64
    May 16 09:21:19 dpinger WB_RD2 172.16.6.2: sendto error: 64
    May 16 09:21:19 dpinger WB_EDU 172.16.6.21: sendto error: 64
    May 16 09:21:19 dpinger WB_RD3 172.16.6.3: sendto error: 64
    May 16 09:21:19 dpinger WB_OFF 172.16.6.22: sendto error: 64

    So is there any idea to fix this problem?



  • Is there any suggestion for this?


 

© Copyright 2002 - 2018 Rubicon Communications, LLC | Privacy Policy