Any Changes to Intel NIC VLAN support in 2.7 to be aware of?
-
I'm not sure what this is all about yet but I have been playing with single NIC setups because they are really cool on small intel NUC machines.
I had it working perfectly in 2.6.0 and you guessed it I upgraded to 2.7 and it's "not working".
It worked for a few seconds. then died with some errors on the screen.
Sorry not a all specific. I will dive in more and post actual results.
I'm seeing "lock order reversal" and netlink "lock attempted at:" (and then some data dump)
This at first makes me suspect the switch.
But not having the problem on 2.6.0All I'll say for now is that it's not working.
I need to try other some hardware.
My arrangement puts the WAN on em0.x and LAN on em0
I also tried the reverse and putting WAN on em0 and LAN on em0.x
Not cooperating at all.
Are there any changes I need to look out for?
And any other VLAN related issues? -
-
-
-
The lock order reversal warnings are usually just warnings and not blocking items. Debugging in 2.7 alerts you to them.
What exactly is failing? The em0.X VLAN is not seeing traffic?
-
@stephenw10 I tore that system down and am starting over.
Was a basic Dell optiplex (small form factor) PC.
i5 gen 3 CPU and motherboard Intel desktop nic.Upon fresh install I set one vlan em0.7 to be WAN
and em0 (non vlan to be LAN).It gets a DHCP Internet connection just fine on vlan7
192.168.1.1 is pingable on LAN but web interface does not respond at all.
It does not route/nat traffic.If I reverse the WAN/LAN (clean intall again as well)
Put WAN on em0
and LAN on em0.7 it works for a bit and very quickly fails (within a few seconds of passing heavy traffic) with a page or so of information
Stops routing/natting and is no longer pingable on 192.168.1.1But system/menu and shell work fine.
system is not frozen.Will revisit/redo on another system and actually get a photo of the pagedump/debug that displays as it fails.
As usual I post very high level information a a general query as to if there are any know or related issues, that may pertain to 2.7.DEV
-
The use scenario is a small mini PC with one Intel NIC (like an Intel NUC).
Small 8-port managed switch. (Netgear GS308E) in this test.
Switch is known (to us) to work very well and reliably in this arrangement.
Port 1 carries default lan and vlan7
Port 8 has only vlan7 (not tagged) default vlan excluded) and is the WAN/Internet connection.
Remaining ports 2-7 are default lan only no tagging.
This arrangement works great in 2.6.0
I have several deployed and have been trouble free & reliable.
My first stab at it on 2.7.DEV failed pretty uggily. -
You might try putting both interfaces as VLANs. It's a better design to do that anyway IMO. Avoid the risk of stripping the tags and ending up on the wring interface. But it should work either way.
-
@stephenw10 Upon hitting this problem again I will try that.
And you are right it should work either way.
My only reason for keeping the default vlan was that I could in most cases just have the end user
plug the Internet connection directly into the PFSense box (that only has one ethernet interface)..
It would grab a connection and bypass the switch and I could verify if the PFsense box itself +Internet connection was fine/healthy/working and bypass the vlan switch or quickly determine if the problem was switch or downstream related. -
Have you only seen it on em? I have a number of boxes I could test this on but almost all use igb NICs.
-
@stephenw10 First box.
only tested one so far.
It so happend to be em.
Most that I do will be.
Intel NUC, Qotom mini PC etc.
Dell rack servers... (usually broadcom and not a single NIC)
If you know of any cool AMD option I'll try it.
:) -
Ok let me see if I can replicate on something...
-
@stephenw10 That piece of hardware left the shop..
I had to install windows 10 pro on it.
During that process I updated the motherboard firmware ...
It had an older 2013 bios on it.
The new firmware included new firmware for the NIC.
Unfortunately I did not have a chance to try it again after the firmware _ IME + NIC firmware update.But I will be trying some other more up to date hardware soon.
As well as some of that older stuff.
-SG -
@stephenw10 OK I have a 2.6.0 box up & running single RE NIC interface.
And cheap TPlink $27 8 port managed switch. HAHA.
AMD quadcore X4 750 CPU from 2012.
It's working flawlessly.
Going to let it run and move traffic for while just to be sure it's rock solid stable.
Then bring it up to the latest 2.7 snapshot and see how it does.
If it's happy I'll try the same with intel.
UEFI would not fly on this box even with 2.6.0.
I had to go bios install.
Seems to be more trouble than it's worth (UEFI) LOL.
I was saying that six years ago.
I'm still trying to learn more about it and get a little better with it.
I'm at least TRYING to install/build UEFI systems when they work.
I have LAN on re0.5 and WAN on re0.7
I skipped trying to use the default LAN for the moment.
I like it this way too.
Definitely prettier.
I realize 2.7.0 will throw lots of debug messages.
That doesn't bother me but if it stops routing traffic.....
Or is no longer pingable.. :) -
@stephenw10 AMD single re0 box is doing well on 2.7.0.a.20230424.0600
It didn't blow up on my first speed test like that other box.
Might have been a false alarm and some freaky hardware.
Which I'd had the change to try it on that machine again after all of the firmware updates which included NIC firmware. -
To be clear when you did hit this it actually kernel panicked and dumped a crash report? Or just the lock order reveral stuff and stopped passing traffic?
-
@stephenw10 Just the message and no traffic.
No kernel panic.
OS/shell still responsive functioning.
No traffic no ping response on LAN. -
@stephenw10 I just brought up another older em box.
Gen2 i5 dell mini PC.
Of course any that I have here have firmware all up to date..
The previous one was a customer's Windows box that needed all of the firmware updates
prior to a clean windows install.It's working just fine. (latest 1.7 snapshot)
I am getting the same netlock attempted at: message
Then 17 lines of details.It only happened once in about 1/2 hour.
And is not obvious impacting functionality routing NAT or availability.
As far as I know - it's not a concern.
But I'm curious what it means.
When it happened before It was obvious that routing and ability to ping it's lan interface address
happened at the same time.
a reboot would get it back but then as soon as you passed any significant traffic it would happen again.I did not see any of these messages on the AMD re system running latest 1.7 snapshot.
-
See: https://docs.freebsd.org/en/books/faq/#lock-order-reversal
And: https://forum.netgate.com/topic/174821/reporting-lock-order-reversal-lor-backtraces
Yes, they are unwanted but mostly harmless. You are seeing them because witness is enabled in 2.7 snaps currently.
Steve