10gbit pfsense
-
Does someone also have packages drops with 10gbit intel cards? We have the following card in our pfsense https://www.uptimed.nl/producten/netwerkkaarten/10g-server-dual-sfp+-netwerkkaart-intel-x520-chipset
There is no load only icmp with drops. This is on a dell r430. We tested centos where this is not a problem.
-
How are you testing?
I would not expect any issues with that hardware.
Steve
-
Just a simple ping we get between 50 and 60% loss, we also tested with a layer 3 switch s4048on without problems. For now it’s running opn sense without loss. We got a second r430 and 2 more 10gbit cards to test with pfsense. The other end is pfsense connected with gbic -> fiber -> (isp huawai switch, local bunker) -> fiber -> gbic -> pfsense.
-
I mean are you testing to or from pfSense directly? Do you still see that loss if you ping through pfSense from a client behind it?
Ultimately try running a pcap whilst pinging to see what's actually being sent and received.
Steve
-
@stephenw10 we have tested it from behind pfsense with windows and from the ssh terminal on the pfsense to the pfsense there is no hop in between. Only the isp switch but that is not a route only a switch.
-
(Note: I am a working together with @marcvb on this issue)
We just got some new information about this issue.
We've got multiple gateways defined in pfSense, all of them with gateway monitoring enabled. One of those gateways is offline because the device at the other end is not connected yet. We are however getting packet loss on another gateway, that other gateway is on another interface in pfSense which is a VLAN on the same physical interface as the offline gateway.
When we disable gateway monitoring on the offline gateway, the packet loss on the other gateway (which is offline) goes away. So there seems to be an issue with the gateway monitoring.
-
Hmm, how are you seeing packetloss on a gateway that is off-line? Maybe I'm not understanding that.
Also I assume you're seeing packet loss when running pings at the command line but also in the gateway monitor?
I would still be running a pcap on the lossy interface to see what is actually being sent and what comes back. Is the traffic actually lost or is it somehow not making it back through the firewall.
Steve
-
@stephenw10 we are seeing package loss on gateways that are online and when we add an extra gateway that is offline. We have contacted the isp if the switch has some kind of ddos or Mac flapping security, the pfsense, OPNSense and S4048-on dell switches are showing the same problem. So we believe it is the isp switch that is in between. Will update this ticket if we get a response. It’s a Huawei smart max5800. If we remove the offline gateway the online gateways are not having packet loss.
The reason we are not calling it a day is if one of the gateways goes down for maintenace or power outage that the other gateways are not affected.
-
Mmm, I would certainly not expect the status of any gateway to affect any traffic not on that subnet.
Steve
-
The problem is clear to us now, the q in q vlan in the isp switch is changed to normal vlan. There is no loss anymore
-
Ah, fun!
Thanks for coming back with that.Steve
-
We are back on qinq and for each vlan (on same NIC) we created a bridge interface so each vlan bridge interface has its unique MAC address. The Huawei switch did not work with qinq and the same Mac over multiple vlans. The option to change the Mac on the vlan is greyed out and can only be changed on the parent interface.
Hopes it saves someone time in the future.
