Packetloss on pfsense firewall
-
Seems there are a few people on these forums who are having similar issues to myself. I am suffering from packetloss on my firewall, both internal and external interfaces somewhat regularly, at least a few times every hour. The packetloss is sustained for a few seconds. Long enough to drop my corporate vpn connection, freeze any voip/video conferencing or drop connections from video games. I believe this started occurring after i upgraded to version 2.4.5
To isolate the issue i ran ping plots from my main workstation to other devices on my network - which are all fine. Its defintely the firewall, i changed my ethernet cables for the firewall, which has not alleviated the problem. Checking the switchport interface showed no interface errors or CRC errors which would be related to my internal cabling.
I removed all packages other than snort security 3.2.9.11 and nmap security 1.4.4_1 but this has not resolved the issue.
I have read it can be a result of having a large number of dns aliases set - however i have none of those. On checking the system logs I can find no relevant entries at the time I am experiencing the issues.
Perhaps I should just roll back to a previous version of pfsense but im a firm believer in keeping up to date with patched software due to security concerns.
Any help / suggestions would be gratefully received as this one is driving me nuts - i want to keep a firewall with IPS services but its beginning to interfere with my abillity to work from home which has been a covid restriction requirement.
-
The only thing even remotely like that we're aware of is all covered under https://forum.netgate.com/post/908806 (with suggestions for workarounds). Best to keep it on that thread.
-
@jimp Thanks - I will investigate nad perform recommended remediation. From an initial read of that thread though is that directed to those running pfsense on a hypervisor? I am running on a custom purpose made bare metal system
Intel(R) Celeron(R) CPU J1900 @ 1.99GHz
Current: 1992 MHz, Max: 1993 MHz
4 CPUs: 1 package(s) x 4 core(s)
AES-NI CPU Crypto: No
4GB RAM
4 NICS and a small ish 30GB SSD -
@jimp I have limited the FW maximum table entries - turned off bogon networks on my interfaces and will see how that goes, If I have further packetloss I will attempt to restrict to 1 core with the kern.smp.disabled=1 option and report the findings on the thread you linked. Thanks for the link to that thread!
-
Hi Jimp - I turned off bogon networks, limited FW max table entries and also resticted the CPU to a single core - however im still experiencing sporadic packetloss on the LAN interface. I have correlated the CPU graph to these outages and cant find any spikes in cpu that relate toi the activity - so i think it may be another issue. Do you have any tips for troubleshooting this? Either that or should I just roll back to a previous working version?
-
@1-21Giggawatts said in Packetloss on pfsense firewall:
I removed all packages other than snort security 3.2.9.11 and nmap security 1.4.4_1 but this has not resolved the issue.
I would have started by removing just these two packages, as they place themselves just between the OS and the NIC drivers and can need a lot of data handling.
What type of NIC's ? NIC settings (the ones in pfSense) : System > Advanced > Networking ?
What type of VPN connection are you using ? You "client" into the corporate VPN server ? Or are you running the VPN server ?
Check system and DNS logs. Are services being restarted ? Interfaces being restarted ?
@1-21Giggawatts said in Packetloss on pfsense firewall:
i want to keep a firewall with IPS services
Maybe exclude snorting the VPN as this network could be considered as a rather non-hostile network.
-
@Gertjan Hi Gertjan - thanks for your post. I am running anyconnect client based VPN - however the issue is not isolated to when using that, it happens when not connected - the disconnect of VPN is as a result of the dropped traffic. VPN doesnt always drop - however any latency sensitive apps such as MSTeams VOIP is badly affected.
I have 4 dedicated NICS on this device however am only using WAN and LAN. In terms of settings only IPv6 is, Hardware TCP Segmentation Offloading and Hardware Large Receive Offloading is enabled. Im not sure what these settings were prior to upgrade however i have not changed them.
In terms of the system logs there are no entries that correlate with these short outages - only entries relating prolonged outage while i change cables - reset interfaces on switch etc.
Should I look at changing Hardware TCP Segmentation Offloading and Hardware Large Receive Offloading ?
-
@1-21Giggawatts said in Packetloss on pfsense firewall:
I am running anyconnect client based VPN
You mean : you're not using the VPN-client on pfSense but a VPN client on your PC ?
This means that you have drops, using VPN, or not using VPN.@1-21Giggawatts said in Packetloss on pfsense firewall:
Hardware TCP Segmentation ...
You should 'play' with these settings - try every combination. Google about them - in relation with your NIC Chip ID's.@1-21Giggawatts said in Packetloss on pfsense firewall:
both internal and external interfaces somewhat regularly, at least a few times every hour.
Possible that you test with a clean setup ?
Clean = only WAN and LAN setup, password changed - nothing (== no packages) else. -
@Gertjan Hi Gertjan - I removed both snort and nmap, disabled both Hardware TCP Segmentation Offloading and Hardware Large Receive Offloading. Still getting packetloss on the internal interface. Its quite frustrating - I may have to just go back to 2.4.4 when I get time to completely re-install this firewall. Unfortunately it may have to wait until the weekend, as I rely on it for work at the moment.
-
Although it looks like 2.4.4 is no longer available via the website, is there a way to get a hold of this version?
-
2.4.4 ? Dono.
Enter console, option 8 and type
dmesgNothing special in the last 10 - 20 lines ?
-
@Gertjan said in Packetloss on pfsense firewall:
dmesg
here is the complete output
Copyright (c) 1992-2020 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 11.3-STABLE #236 21cbb70bbd1(RELENG_2_4_5): Tue Mar 24 15:26:53 EDT 2020
root@buildbot1-nyi.netgate.com:/build/ce-crossbuild-245/obj/amd64/YNx4Qq3j/build/ce-crossbuild-245/sources/FreeBSD-src/sys/pfSense amd64
FreeBSD clang version 8.0.1 (tags/RELEASE_801/final 366581) (based on LLVM 8.0.1)
CPU: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz (2000.05-MHz K8-class CPU)
Origin="GenuineIntel" Id=0x30678 Family=0x6 Model=0x37 Stepping=8
Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
Features2=0x41d8e3bf<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,TSCDLT,RDRAND>
AMD Features=0x28100800<SYSCALL,NX,RDTSCP,LM>
AMD Features2=0x101<LAHF,Prefetch>
Structured Extended Features=0x2282<TSCADJ,SMEP,ERMS,NFPUSG>
VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID
TSC: P-state invariant, performance statistics
real memory = 4294967296 (4096 MB)
avail memory = 3975340032 (3791 MB)
Event timer "LAPIC" quality 600
ACPI APIC Table: <ALASKA A M I >
WARNING: L1 data cache covers less APIC IDs than a core
0 < 1
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
FreeBSD/SMP: 1 package(s) x 4 core(s)
Firmware Warning (ACPI): 32/64X length mismatch in FADT/Gpe0Block: 128/32 (20171214/tbfadt-748)
ioapic0 <Version 2.0> irqs 0-86 on motherboard
SMP: AP CPU #2 Launched!
SMP: AP CPU #1 Launched!
SMP: AP CPU #3 Launched!
Timecounter "TSC" frequency 2000054784 Hz quality 1000
ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_bss_fw, 0xffffffff806a1f20, 0) error 1
ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_ibss_fw, 0xffffffff806a1fd0, 0) error 1
random: entropy device external interface
ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw.LICENSE.
ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (ipw_monitor_fw, 0xffffffff806a2080, 0) error 1
iwi_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
iwi_bss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_bss_fw, 0xffffffff806c9140, 0) error 1
iwi_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
iwi_ibss: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_ibss_fw, 0xffffffff806c91f0, 0) error 1
iwi_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_iwi.LICENSE.
iwi_monitor: If you agree with the license, set legal.intel_iwi.license_ack=1 in /boot/loader.conf.
module_register_init: MOD_LOAD (iwi_monitor_fw, 0xffffffff806c92a0, 0) error 1
wlan: mac acl policy registered
kbd1 at kbdmux0
000.000022 [4213] netmap_init netmap: loaded module
random: registering fast source Intel Secure Key RNG
random: fast provider: "Intel Secure Key RNG"
mlx5en: Mellanox Ethernet driver 3.5.2 (September 2019)
nexus0
cryptosoft0: <software crypto> on motherboard
padlock0: No ACE support.
acpi0: <ALASKA A M I > on motherboard
acpi0: Power Button (fixed)
unknown: I/O range not supported
cpu0: <ACPI CPU> on acpi0
cpu1: <ACPI CPU> on acpi0
cpu2: <ACPI CPU> on acpi0
cpu3: <ACPI CPU> on acpi0
atrtc0: <AT realtime clock> port 0x70-0x77 on acpi0
atrtc0: Warning: Couldn't map I/O.
atrtc0: registered as a time-of-day clock, resolution 1.000000s
Event timer "RTC" frequency 32768 Hz quality 0
hpet0: <High Precision Event Timer> iomem 0xfed00000-0xfed003ff irq 8 on acpi0
Timecounter "HPET" frequency 14318180 Hz quality 950
Event timer "HPET" frequency 14318180 Hz quality 450
Event timer "HPET1" frequency 14318180 Hz quality 440
Event timer "HPET2" frequency 14318180 Hz quality 440
attimer0: <AT timer> port 0x40-0x43,0x50-0x53 irq 0 on acpi0
Timecounter "i8254" frequency 1193182 Hz quality 0
Event timer "i8254" frequency 1193182 Hz quality 100
Timecounter "ACPI-safe" frequency 3579545 Hz quality 850
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x408-0x40b on acpi0
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pcib0: _OSC returned error 0x10
pci0: <ACPI PCI bus> on pcib0
vgapci0: <VGA-compatible display> port 0xf080-0xf087 mem 0xd0000000-0xd03fffff,0xc0000000-0xcfffffff irq 16 at device 2.0 on pci0
vgapci0: Boot video device
ahci0: <AHCI SATA controller> port 0xf070-0xf077,0xf060-0xf063,0xf050-0xf057,0xf040-0xf043,0xf020-0xf03f mem 0xd0715000-0xd07157ff irq 19 at device 19.0 on pci0
ahci0: AHCI v1.30 with 2 1.5Gbps ports, Port Multiplier not supported
ahcich0: <AHCI channel> at channel 0 on ahci0
ahcich1: <AHCI channel> at channel 1 on ahci0
xhci0: <Intel BayTrail USB 3.0 controller> mem 0xd0700000-0xd070ffff irq 20 at device 20.0 on pci0
xhci0: 32 bytes context size, 64-bit DMA
xhci0: Port routing mask set to 0xffffffff
usbus0 on xhci0
usbus0: 5.0Gbps Super Speed USB v3.0
hdac0: <Intel BayTrail HDA Controller> mem 0xd0710000-0xd0713fff irq 22 at device 27.0 on pci0
pcib1: <ACPI PCI-PCI bridge> irq 16 at device 28.0 on pci0
pcib1: [GIANT-LOCKED]
pci1: <ACPI PCI bus> on pcib1
em0: <Intel(R) PRO/1000 Network Connection 7.6.1-k> port 0xe000-0xe01f mem 0xd0600000-0xd061ffff,0xd0620000-0xd0623fff irq 16 at device 0.0 on pci1
em0: Using an MSI interrupt
em0: Ethernet address: 00:e0:67:05:24:40
em0: netmap queues/slots: TX 1/1024, RX 1/1024
pcib2: <ACPI PCI-PCI bridge> irq 18 at device 28.2 on pci0
pcib2: [GIANT-LOCKED]
pci2: <ACPI PCI bus> on pcib2
em1: <Intel(R) PRO/1000 Network Connection 7.6.1-k> port 0xd000-0xd01f mem 0xd0500000-0xd051ffff,0xd0520000-0xd0523fff irq 18 at device 0.0 on pci2
em1: Using an MSI interrupt
em1: Ethernet address: 00:e0:67:05:24:42
em1: netmap queues/slots: TX 1/1024, RX 1/1024
pcib3: <ACPI PCI-PCI bridge> irq 19 at device 28.3 on pci0
pcib3: [GIANT-LOCKED]
pci3: <ACPI PCI bus> on pcib3
em2: <Intel(R) PRO/1000 Network Connection 7.6.1-k> port 0xc000-0xc01f mem 0xd0400000-0xd041ffff,0xd0420000-0xd0423fff irq 19 at device 0.0 on pci3
em2: Using an MSI interrupt
em2: Ethernet address: 00:e0:67:05:24:43
em2: netmap queues/slots: TX 1/1024, RX 1/1024
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
acpi_button0: <Sleep Button> on acpi0
atkbdc0: <Keyboard controller (i8042)> port 0x60,0x64 irq 1 on acpi0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
orm0: <ISA Option ROMs> at iomem 0xce800-0xcf7ff,0xcf800-0xd07ff,0xd0800-0xd17ff on isa0
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
ppc0: cannot reserve I/O port range
est0: <Enhanced SpeedStep Frequency Control> on cpu0
est1: <Enhanced SpeedStep Frequency Control> on cpu1
est2: <Enhanced SpeedStep Frequency Control> on cpu2
est3: <Enhanced SpeedStep Frequency Control> on cpu3
Timecounters tick every 1.000 msec
hdacc0: <Intel (0x2882) HDA CODEC> at cad 2 on hdac0
hdaa0: <Intel (0x2882) Audio Function Group> at nid 1 on hdacc0
pcm0: <Intel (0x2882) (HDMI/DP 8ch)> at nid 4 on hdaa0
ugen0.1: <0x8086 XHCI root HUB> at usbus0
uhub0: <0x8086 XHCI root HUB, class 9/0, rev 3.00/1.00, addr 1> on usbus0
ada0 at ahcich0 bus 0 scbus0 target 0 lun 0
ada0: <KingFast P0831A> ACS-2 ATA SATA 3.x device
ada0: Serial Number 20171206D1003
ada0: 150.000MB/s transfers (SATA 1.x, UDMA6, PIO 512bytes)
ada0: Command Queueing enabled
ada0: 30029MB (61500000 512 byte sectors)
Trying to mount root from ufs:/dev/ufsid/5b2dea8cd0cdb885 [rw]...
random: unblocking device.
uhub0: 7 ports with 7 removable, self powered
CPU: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz (2000.05-MHz K8-class CPU)
Origin="GenuineIntel" Id=0x30678 Family=0x6 Model=0x37 Stepping=8
Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
Features2=0x41d8e3bf<SSE3,PCLMULQDQ,DTES64,MON,DS_CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,TSCDLT,RDRAND>
AMD Features=0x28100800<SYSCALL,NX,RDTSCP,LM>
AMD Features2=0x101<LAHF,Prefetch>
Structured Extended Features=0x2282<TSCADJ,SMEP,ERMS,NFPUSG>
Structured Extended Features3=0xc000400<MD_CLEAR,IBPB,STIBP>
VT-x: PAT,HLT,MTF,PAUSE,EPT,UG,VPID
TSC: P-state invariant, performance statistics
lo0: link state changed to UP
em0: link state changed to UP
em1: link state changed to UP
em1: link state changed to DOWN
pflog0: promiscuous mode enabled
em1: link state changed to UP
em0: link state changed to DOWN
em1: link state changed to DOWN
em0: link state changed to UP
em1: link state changed to UP
coretemp0: <CPU On-Die Thermal Sensors> on cpu0
coretemp1: <CPU On-Die Thermal Sensors> on cpu1
coretemp2: <CPU On-Die Thermal Sensors> on cpu2
coretemp3: <CPU On-Die Thermal Sensors> on cpu3not sure if this line is normal?
Firmware Warning (ACPI): 32/64X length mismatch in FADT/Gpe0Block: 128/32 (20171214/tbfadt-748) -
Its using the 82583V network card drivers - are these fully supported with this version of Pfsense?
em0@pci0:1:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00
vendor = 'Intel Corporation'
device = '82583V Gigabit Network Connection'
class = network
subclass = ethernet
em1@pci0:2:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00
vendor = 'Intel Corporation'
device = '82583V Gigabit Network Connection'
class = network
subclass = ethernet
em2@pci0:3:0:0: class=0x020000 card=0x00008086 chip=0x150c8086 rev=0x00 hdr=0x00
vendor = 'Intel Corporation'
device = '82583V Gigabit Network Connection'
class = network
subclass = ethernet -
One thing i notice in the demsg dump is that it only seems to be loading drivers for 3 NIC's - there are 4 on the unit -perhaps that is causing an issue? There are only 2 connected which is correct according to link state. Any help with this much appreciated - its driving me nuts!
em0: <Intel(R) PRO/1000 Network Connection 7.6.1-k> port 0xe000-0xe01f mem 0xd0600000-0xd061ffff,0xd0620000-0xd0623fff irq 16 at device 0.0 on pci1
em0: Using an MSI interrupt
em0: Ethernet address: 00:e0:67:05:24:40
em0: netmap queues/slots: TX 1/1024, RX 1/1024em1: <Intel(R) PRO/1000 Network Connection 7.6.1-k> port 0xd000-0xd01f mem 0xd0500000-0xd051ffff,0xd0520000-0xd0523fff irq 18 at device 0.0 on pci2
em1: Using an MSI interrupt
em1: Ethernet address: 00:e0:67:05:24:42
em1: netmap queues/slots: TX 1/1024, RX 1/1024em2: <Intel(R) PRO/1000 Network Connection 7.6.1-k> port 0xc000-0xc01f mem 0xd0400000-0xd041ffff,0xd0420000-0xd0423fff irq 19 at device 0.0 on pci3
em2: Using an MSI interrupt
em2: Ethernet address: 00:e0:67:05:24:43
em2: netmap queues/slots: TX 1/1024, RX 1/1024em0: link state changed to UP
em1: link state changed to UP -
Im probably going to try and go back to an earlier version - is there any way to export the configuration for 2.4.5 so i dont have to configure 2.4.4 from scratch?
-
@1-21Giggawatts said in Packetloss on pfsense firewall:
- is there any way to export the configuration for 2.4.5 so i dont have to configure 2.4.4 from scratch?
Diagnostics > Backup & Restore > Backup & Restore
Before you shift back : pfSense 2.4.5 uses FreeBSD 11.3-STABLE and has pretty good Intel NIC support.
But ...Install Google and type
FreeBSD Intel 82583Vand heck out the first link found ... 235147 – em(4) driver not working for Intel 82583V Gigabit chip
This bug report concerns FreeBSD 12.0 and mentions issues with the 82583V NICs and also states that FreeBSD 11.2 - which was the FreeBSD version used by 2.4.4.p3, did work correctly.
FreeBSD 11.3 probably included the new '82583V" drivers that 12.0 and up also used.A patch was proposed. can't tell if that was also backported to FreeBSD 11.3.
Btw : IMHO : not entirely the fault of FreeBSD. It seemed to have shut down the support of old 'mechanical' interrupt handling. Or, some boards out there use modern Giga bit NIC's - but they are hooked up in the system the old way ... (which NOT support real Giga connections at all , or placing a huge load on the system while doing so...)
Is there something you can do in your BIOS to overcome the NIC issue ?
-
@Gertjan Im not 100% on which driver is is using do these lines from my genral system log at bootup indicate i am using em1 driver? what does the em1 signify?
May 20 16:57:06 kernel em1: link state changed to UPI also noticed that it was using the same IRQ number for one of my interfaces as the <ACPI PCI-PCI bridge> - would that cause an issue like this if that happened also to be the same IRQ for the LAN interface?
May 20 15:48:41 kernel em1: <Intel(R) PRO/1000 Network Connection 7.6.1-k> port 0xd000-0xd01f mem 0xd0500000-0xd051ffff,0xd0520000-0xd0523fff irq 18 at device 0.0 on pci2
May 20 15:48:41 kernel pci2: <ACPI PCI bus> on pcib2
May 20 15:48:41 kernel pcib2: [GIANT-LOCKED]
May 20 15:48:41 kernel pcib2: <ACPI PCI-PCI bridge> irq 18 at device 28.2 on pci0 -
Its a little custom box for pfsense - when connecting to a monitor and rebooting i dont see any options for getting into the BIOS which is a real pain, i only see options for ctrl-s to open the intel boot agent, which doesnt give me access to any of the IRQ settings..
All getting a bit too hard, does anyone know if I export my configuration from 2.4.5 it can be imported again to 2.4.4?
-
@1-21Giggawatts said in Packetloss on pfsense firewall:
what does the em1 signify?
Intel NIC's use the driver that identifies itself as "em" - old Intel ones are known as 'fxp' - as Realtek is known as 'rl' etc.
The first NIC found is registred as em1 - the second as em2 and so on.Btw : you really should have em1, em2, em3 and em4 on your system. The fact some are hooked up or not, doesn't make a difference.
I have also a Quand Intel NIC card, and all 4 exists. Although I have only 2 of them assigned to interfaces.
The fact that you only have 3 out of 4 means : NIC => bad. One of them, em3 isn't found. The means troubles. Which is great, because your system has troubles .... so you know what to do next ;)This is my 'kernel hardware detection log (dmesg)' :
First two lines : the system discovers it has a PCI bus ...
pcib3: <ACPI PCI-PCI bridge> at device 30.0 on pci0 pci2: <ACPI PCI bus> on pcib3and then the first card is found - an old quand Intel NIC :
em0: <Intel(R) PRO/1000 Legacy Network Connection 1.1.0> port 0xd8c0-0xd8ff mem 0xef980000-0xef99ffff,0xefa00000-0xefa3ffff irq 18 at device 2.0 on pci2 em0: Ethernet address: 6c:b3:11:50:c6:c6 em0: netmap queues/slots: TX 1/256, RX 1/256 em1: <Intel(R) PRO/1000 Legacy Network Connection 1.1.0> port 0xdc00-0xdc3f mem 0xef9a0000-0xef9bffff,0xefa40000-0xefa7ffff irq 19 at device 2.1 on pci2 em1: Ethernet address: 6c:b3:11:50:c6:c7 em1: netmap queues/slots: TX 1/256, RX 1/256 em2: <Intel(R) PRO/1000 Legacy Network Connection 1.1.0> port 0xdc40-0xdc7f mem 0xef9c0000-0xef9dffff,0xefa80000-0xefabffff irq 19 at device 3.0 on pci2 em2: Ethernet address: 00:1b:21:32:da:42 em2: netmap queues/slots: TX 1/256, RX 1/256 em3: <Intel(R) PRO/1000 Legacy Network Connection 1.1.0> port 0xdc80-0xdcbf mem 0xef9e0000-0xef9fffff,0xefac0000-0xefafffff irq 16 at device 3.1 on pci2 em3: Ethernet address: 00:1b:21:32:da:43 em3: netmap queues/slots: TX 1/256, RX 1/256The onboard NIC is found :
fxp0: <Intel 82801GB (ICH7) 10/100 Ethernet> port 0xdcc0-0xdcff mem 0xef97f000-0 xef97ffff irq 20 at device 8.0 on pci2 miibus0: <MII bus> on fxp0 inphy0: <i82562ET 10/100 media interface> PHY 1 on miibus0 inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto, auto-flow fxp0: Ethernet address: 00:12:3f:b3:58:75You can see that there are 4 "em" NIC's found, and the "fxp" (the onboard Intel NIC).
Again, only fxp0, em0 and em1 are actually hooked up.@1-21Giggawatts said in Packetloss on pfsense firewall:
I also noticed that it was using the same IRQ number for one of my interfaces as the <ACPI PCI-PCI bridge> - would that cause an issue like this if that happened also to be the same IRQ for the LAN interface?
IRQ are auto distributes these days That's what they been called ACPI is all about : alocating resources among devices found during boot.
A quad NIC should/could share the same IRQ - why not.@1-21Giggawatts said in Packetloss on pfsense firewall:
All getting a bit too hard, does anyone know if I export my configuration from 2.4.5 it can be imported again to 2.4.4?
Of course.
It's been done all the time. -
Thanks for the clarification on em drivers. yeah it looked like something is borked as it only found 3. I bit the bullet and re-installed 2.4.5 fresh and restored config tonight - problem has dissappeared - happy days! I will check my kernel logs and see if it finds all 4 NIC's now.
