Suggestion from pfSense in Interface to Network port assigning when change/upgrade NIC card



  • Hi, pfSense pro!

    Many of typical users here on pfSense forum using own hardware to install and manage pfSense.
    Common storyline for own hardware users are the same: start from ordinary desktop -> then powerful 64bit system with 2/4 port NIC card when start to using additional another one ISP -> and as perfect end 2 x powerful 1U servers as HA Firewall/Router cluster with several physical links to 2-3 ISP.
    Depend of needs and IT-passion. :)

    How pfSense help and cut all headpain off and make transition flawless in case when user (most existed scenarios):

    • replace 1 old 100Mb NIC card ---> 1 new 1Gb NIC card (when just need more speed from same ISP with 1 physical connection);
    • replace 1 old 100Mb NIC card ---> 1 new 2x1G NIC / 4x1G NIC card (when not more speed needed, but may be 2nd physical link to another ISP, and as bonus a little investment in a inside network grow in neared future);
    • replace 1 old 2x1G NIC card ---> 1 new 4x1G NIC card (when 2 physical links to ISPs needed, and due inside network grow);
    • replace 2 old 100Mb NIC card ---> 2 new 4x1G NIC card (when shift to high speed and 2 physical links on different ISPs exist, and due inside network grow);
      ??????

    Recently I find only one link in forum that really provide solution:
    @ady2 said in Replace 2 port with 4 port nic card:

    If somebody will have same issue, here is how I did: I have edited the config file in sublime text editor and replaced the necessary ports (e.g. em0 with igb1) for interfaces and VLANs. After I have restore to the edited config and I get a message on the top that there are some discrepancies for my interfaces (that was expected as my config was for new nic card and I have still the old one ). I have shut down the pfsense computer, replaced the old nic with the new one and restarted and everything was working fine from the first time (no other settings were necessary except just to find the right ports that corresponds to the new nic card.
    Thanks

    Editing by hands configuration files (most lovely way for IT-nerds) is not very great way for ordinary IT admins. If You not agree - look at the forum posts at last 3 years: most of them are from newbies who have no common IT-education about TCP/IP, routings, they even lazy to read official docs or spend time to search on forum... :(

    Better to predict (based on difference between previous success configuration and current new state) and give suggestion in form of drop-down lists and buttons [APPLY]...

    Because system have all for this:

    • MAC of previous used physical Network ports;
    • system name of Network ports (xl0, xl1, re0, re1, .....) with assigned MACs;
    • previously assigned Interface to Network port;

    On the first look feature looks like some sort of "bells & wishes". But from another point of view: each feature that make user life easy - increasing pfSense popularity, help NetGate to earn more profit, improve quality of end product (both hardware and software), sells more, and at final stage we all become to WIN-WIN situation.

    Your thoughts about this ?


  • Netgate Administrator

    The expected method for doing this is to shutdown, replace the card and boot back up. You will be presented with the 'assign interfaces' menu at the console and you can then re-assign the existing interfaces to the new ports.

    However it can fall down in a number of circumstances.
    If you replace NICs with a more NICs of the same type, say a dual igb card with a quad igb card, you will not see the menu as igb0 and igb1 will still exist. But the actual ports in use will be unknown, some testing required to find them.
    If you have a more complex configuration with ports in laggs or bridges etc it's not possible to assign those directly at the console. In that situation it's better to edit the config file directly but there will be somepoint at which there is a mismatch. Again you may also not know which ports are which interfaces.

    pfSense does not currently record the MAC addresses of the interfaces in the config file so tracking changes there would be a significant difference. Coding it non-trivial!

    I'm not sure the effort required can be justified given how often people hit this. I've only ever hit it a few times and I'm always playing about with hardware. Though you could also argue I'm probably better prepared for it than most. 😉

    A feature request in Redmine is probably a better place for this if you have a firm idea of how you would want to see it.
    https://redmine.pfsense.org/

    Steve



  • @stephenw10 said in Suggestion from pfSense in Interface to Network port assigning when change/upgrade NIC card:

    The expected method for doing this is to shutdown, replace the card and boot back up. You will be presented with the 'assign interfaces' menu at the console and you can then re-assign the existing interfaces to the new ports.

    Yes, the way are: ake photo of connected cables -> shutdown applience -> disconnect cables -> replace NICs —> connect cables -> power up

    But no one need in this case to connect to terminal, may be much better going on the way: to connect to Web config by ordinary way (most users have WiFi at home and notebook, and really not happy to seeking for usb-com adapter and playing with terminal app).

    From pfSense side this was easy:
    If showdown happened with one set of NICs (and port MACs), and after that start happened with different set of NICs (and port MACs), this mean pfSense need to automatically create one rules (on the top of others) to allow user to connect to pfSense Web config.

    Determining the port from which user have previous access to pfSence Web configurator are not so difficult:

    • pfSense know the physical port from which access was established before hardware changes;
    • pfSense know the IP and MAC of device from which access to was previously established;

    However it can fall down in a number of circumstances.
    If you replace NICs with a more NICs of the same type, say a dual igb card with a quad igb card, you will not see the menu as igb0 and igb1 will still exist. But the actual ports in use will be unknown, some testing required to find them.

    Ok, pfSense just doing this in case see that hardware was changed between restarts. No problem :)

    If you have a more complex configuration with ports in laggs or bridges etc it's not possible to assign those directly at the console. In that situation it's better to edit the config file directly but there will be somepoint at which there is a mismatch. Again you may also not know which ports are which interfaces.

    As I mention before, better to try help user with minimal addition efforts from his side. Not pushing him to Console, try to doing this automatically as much as possible and in case of fail - ok, suggest user to going to Console.... ;)

    pfSense does not currently record the MAC addresses of the interfaces in the config file so tracking changes there would be a significant difference. Coding it non-trivial!

    Friend, cmon! ;) This is just coding. Thinking, writing on paper and coding. Ok, agree, not 20min work.

    I'm not sure the effort required can be justified given how often people hit this. I've only ever hit it a few times and I'm always playing about with hardware. Though you could also argue I'm probably better prepared for it than most. 😉

    I strongly agree with more applience doing well/correctly without users efforts -> more users buy pfSence applience or using pfSence software.

    Agree, changing the NICs (or in case if migrating on new device) happened 1 time at 1-2-3 years (depend on user needs and hardware failures).

    But exactly in this moments all emotions that users experience later attached to whole pfSense appliance/software platform: if less head pain and efforts and all working well as before - user experience are positive grow.
    Otherwise - negative emotional experience recorded.

    And this reflected in NetGate appliance sells, and whole satisfaction from pfSense platform.

    Because only tech-nerds, IT-folks happy to everyday tuning the devices and software, other consumers - definitely NO. This is important point.

    A feature request in Redmine is probably a better place for this if you have a firm idea of how you would want to see it.
    https://redmine.pfsense.org/
    Registered today, thanks!

    But why people’s write here in forum sections?




Log in to reply