New Version 2.4.4 - Interface Error --> aq_add_macvlan err -53, aq_error 14
- 
 The interface is working correctly but that error keeps logging repeatedly. 
 Sometimes the server is rebooting without a single warning. Just today I went to enable the ssh remote access and the server crashed and then rebooted.Cheers, 
 Peter Franca
- 
 Did it happen to offer a crash report after the reboot? Does that hardware have a serial console available? If so, try to setup a console client to log the output. If it does print crash data to the console that would help track down what is happening. If it reboots without any crash data at all, that's more troubling and tends to lean more toward a hardware issue. FreeBSD 11.2 may be driving the hardware in a more strenuous way that didn't trigger an issue on older versions. 
- 
  
 I had to post a pic because the Antispam Solution of the Forum didn't allow the text.
- 
 Was that just adding a new VLAN where others existed or is that the only VLAN on that card? 
 I assume you only see that when adding to ixl0 as the parent?Steve 
- 
 Hello Steve, we have about 10 VLANs, which where created under 2.4.3. These vlans work fine after the upgrade to 2.4.4, but creating a new vlan with ixl0 as parent is impossible. 
- 
 Hmm, interesting. The fact existing VLANs on ixl work OK implies it's something happening when they are created in the webgui. 
 Where exactly do you see this error?
 How do you have the ixl NIC configured?Are you able to try adding a VLAN by editing the config directly and rebooting? Steve 
- 
  
- 
 Same hardware. Same issues. 
 Seems to not affect traffic flows, but editing one (of 21) interfaces and saving changes last round about 20 to 30 minutes.
 For every interface pfsense seems to retry to set a vlanmac several times:
  
- 
 Hi there, just configured a new cluster for a customer last wednesday and saw those exact same error messages pop up in the general log. Never had these before but also never had ixL interfaces (the 10G ones were ix ones almost every time). Anything to do with the driver perhaps? As those are two completely new hardware machines that have a module bay with a 4-port SFP+ module (ixl0-3) and both had those messages right from the start, I don't think the hardware is at fault. Messages popped up when adding the 6 VLANs from the customers setup to the ixl0 interface and we have those popping up seemingly random and sparse in the logs but now the customer's worried if hardware or software is at fault. If there's anything to help analyze, I'm sure we can provide a few details to catch the meaning of it. Greets 
 Jens
- 
 Hmm, there does seem to be something that has snuck in here. The previous reports of this suggested that VLANs already added to the interface in 2.4.3 were not affected and continued to function. That implies it's something in the actual addition process that is triggering the error. 
 It would be interesting to try manually editing the config to add a new VLAN with an ixl parent and see if that works.If that was the case though you would think that simply rebooting after adding those new VLANs would bring them up correctly. It does seem to be VLAN hardware offloading failing. Steve 
- 
 Does is have something to do with the older "error" in this thread that mentioned the problem would be gone with a further driver update? Could this be related to a newer driver or driver changes to ixl on FreeBSD 11.2 perhaps? https://communities.intel.com/thread/103549 Otherwise the VLANs came up alright, what I did see was CARP on those VLAN interfaces somewhat "jittery". If you refresh CARP status on both nodes, you could see the them switching master roles very very shortly but noticable for a second. After witnessing this, I rebooted both nodes. After a bit of research this weekend I found this thread and tried salvaging the reboot log from those boxes: Nov 2 15:48:06 kernel done. Nov 2 15:48:05 php-cgi rc.bootup: Configuring CARP settings finalize... Nov 2 15:48:05 php-cgi rc.bootup: pfsync done in 0 seconds. Nov 2 15:48:05 php-fpm 334 /rc.carpbackup: HA cluster member "(192.168.91.4@ixl0.91): (V091_PHONE)" has resumed CARP state "BACKUP" for vhid 4 Nov 2 15:48:05 php-fpm 334 /rc.carpbackup: HA cluster member "(192.168.82.4@ixl0.82): (V082_BZD)" has resumed CARP state "BACKUP" for vhid 4 Nov 2 15:48:05 php-fpm 334 /rc.carpbackup: HA cluster member "(192.168.80.4@ixl0.80): (V080_HNR)" has resumed CARP state "BACKUP" for vhid 4 Nov 2 15:48:05 php-cgi rc.bootup: waiting for pfsync... Nov 2 15:48:05 php-fpm 335 /rc.carpbackup: HA cluster member "(192.168.95.4@ixl0.95): (V095_ADMIN)" has resumed CARP state "BACKUP" for vhid 4 Nov 2 15:48:05 php-fpm 334 /rc.carpbackup: HA cluster member "(10.0.0.4@ixl0.10): (V010_VERWA)" has resumed CARP state "BACKUP" for vhid 4 Nov 2 15:48:04 kernel carp: 4@ixl0.91: INIT -> BACKUP (initialization complete) Nov 2 15:48:04 kernel ixl0.91: promiscuous mode enabled Nov 2 15:48:04 check_reload_status Carp backup event Nov 2 15:48:04 kernel carp: 4@ixl0.82: INIT -> BACKUP (initialization complete) Nov 2 15:48:04 kernel ixl0.82: promiscuous mode enabled Nov 2 15:48:04 check_reload_status Carp backup event Nov 2 15:48:04 kernel carp: 4@ixl0.80: INIT -> BACKUP (initialization complete) Nov 2 15:48:04 kernel ixl0.80: promiscuous mode enabled Nov 2 15:48:04 check_reload_status Carp backup event Nov 2 15:48:04 kernel carp: 4@ixl0.10: INIT -> BACKUP (initialization complete) Nov 2 15:48:04 kernel ixl0.10: promiscuous mode enabled Nov 2 15:48:04 kernel carp: demoted by 240 to 720 (interface down) Nov 2 15:48:04 kernel igb4: promiscuous mode enabled Nov 2 15:48:04 kernel carp: demoted by 240 to 480 (interface down) Nov 2 15:48:04 kernel igb0: promiscuous mode enabled Nov 2 15:48:04 check_reload_status Carp backup event Nov 2 15:48:04 kernel carp: 4@ixl0.95: INIT -> BACKUP (initialization complete) Nov 2 15:48:04 kernel ixl0.95: promiscuous mode enabled Nov 2 15:48:04 kernel ixl0: promiscuous mode enabled Nov 2 15:48:04 kernel carp: demoted by 240 to 240 (interface down) Nov 2 15:48:04 kernel igb1: promiscuous mode enabled Nov 2 15:48:04 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:04 check_reload_status Carp backup event Nov 2 15:48:04 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:04 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:04 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:04 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:04 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:04 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:04 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:04 kernel done. Nov 2 15:48:03 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:03 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:03 kernel done. Nov 2 15:48:03 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:03 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:03 kernel vlan4: changing name to 'ixl0.95' Nov 2 15:48:03 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:03 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:03 syslogd Logging subprocess 11242 (exec /usr/local/sbin/sshguard) exited due to signal 15. Nov 2 15:48:03 sshd 10982 Server listening on 0.0.0.0 port 22. Nov 2 15:48:03 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:03 sshd 10982 Server listening on :: port 22. Nov 2 15:48:03 kernel vlan3: changing name to 'ixl0.91' Nov 2 15:48:03 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:03 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:03 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:03 kernel vlan2: changing name to 'ixl0.82' Nov 2 15:48:03 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:02 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:02 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:02 kernel vlan1: changing name to 'ixl0.80' Nov 2 15:48:02 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:02 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:02 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:02 kernel ixl0: aq_add_macvlan err -53, aq_error 14 Nov 2 15:48:02 kernel vlan0: changing name to 'ixl0.10' Nov 2 15:48:02 kernel device_attach: est3 attach returned 6 Nov 2 15:48:02 kernel est: cpu_vendor GenuineIntel, msr 211200002200 Nov 2 15:48:02 kernel est: CPU supports Enhanced Speedstep, but is not recognized. Nov 2 15:48:02 kernel est3: <Enhanced SpeedStep Frequency Control> on cpu3 Nov 2 15:48:02 kernel coretemp3: <CPU On-Die Thermal Sensors> on cpu3(log is newest on top) 
 Seems to me that assigning and renaming the VLANs somehow triggers that error, too.
- 
 I reported a bug for this case. 
 https://redmine.pfsense.org/issues/9123
- 
 It does look like there have been some driver updates in FreeBSD that might apply to this. 
 If you're able to test FreeBSD 11-stable or 12 that would be useful.Steve 
- 
 I'd like to help but as those are remote installations from a customer, I'm not at freedom to drive there, pull out the standby one and throw FreeBSD on it. ;) I'd like to (at least to help sort things out), but unfortunately that will be a hard one. 
- 
 @stephenw10 said in New Version 2.4.4 - Interface Error --> aq_add_macvlan err -53, aq_error 14: It does look like there have been some driver updates in FreeBSD that might apply to this. 
 If you're able to test FreeBSD 11-stable or 12 that would be useful.Steve I can help, but don't know how to upgrade to a newer version of FreeBSD in PFSense. The only way I know how to upgrade FreeBSD, freebsd-update, does not exist - so a brief instruction would be helpful. 
- 
 You would need to install FreeBSD instead of pfSense really. The changes look significant, I don't think it would load into 11.2 from 11-stable. Our current dev snapshots are still built on 11.2. Steve 
- 
 I've found that if I disable a physical interface (the parent so to speak) and only have tagged vlans on that interface, the error does not show. Also, if the error does occur, it can provoke a kernel panic immediately or at shutdown. There is definitely something fishy going on. Is there a way to log the commands that are applied after a save in the web interface so I can further debug which command is causing the problem? 
- 
 Not really. The best you can probably do is boot in verbose mode to log more debug info. Other then recompiling the driver with debugging enabled but that will probably give you far too much detail. Add to /boot/loader.conf.local: 
 boot_verbose="YES"Steve 
- 
 @stephenw10 Adding boot_verbose did not give more info, other than the occasional printing of "vlanx: bpf attached" in between the errors. Found from the Intel source code that "-14" means "invalid argument". It is also not consistent. In one test I moved all the VLAN's from ixl0 (which was throwing the error) to ixl1 (which did not) and then back - error gone. The resulting config.xml did not show any difference from before the moving the vlans back-and-forth. After a reboot the errors where back. To provoke the error reliably: press save on an interface detail page (no change needed, just press save on e.g. the WAN page), then "Apply Changes" will throw the error. 
- 
 Really I think the only way to do this is to try to replicate it in FreeBSD. First in 11.2 and then in 12. Unfortunately I don't have access to any ixl NICs to try that.  Steve 


