LAGG and VPNs
-
I used ifconfig -vvma and got the following:-
igb2: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4e100bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP> capabilities=4f53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,NETMAP,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP> ether 98:b7:85:00:fd:44 media: Ethernet autoselect status: no carrier supported media: media autoselect media 1000baseT media 1000baseT mediaopt full-duplex media 100baseTX mediaopt full-duplex media 100baseTX media 10baseT/UTP mediaopt full-duplex media 10baseT/UTP nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> igb3: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4e100bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP> capabilities=4f53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,NETMAP,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP> ether 98:b7:85:00:fd:44 hwaddr 98:b7:85:00:fd:45 media: Ethernet autoselect status: no carrier supported media: media autoselect media 1000baseT media 1000baseT mediaopt full-duplex media 100baseTX mediaopt full-duplex media 100baseTX media 10baseT/UTP mediaopt full-duplex media 10baseT/UTP nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>Note : I have set the LAG at 1000M to try but it causes it to fail.
I notice that there is no option to set igb2 & igb3 speeds to 1000M, at least not whilst they are in the LAG or is there?
-
The interfaces in the LAGG should inherit settings if you set it. That output above show those links are not linked at all though, were they even connected?
-
so I will need to delete the LAGG and set both interfaces to 1000M manually and then re-create the LAGG.
The LAGG was working but it always syncs to 100M. It is currently failed because I have set the switch manually to 1000M for those ports - something Draytek tech support asked me to try
-
It should inherit that setting from lagg0 but it's set as autoselect there.
Unconfiguring the lagg and then configuring it again would be no change. It is possible to make changes to links in a lagg with a manual command that can be run at boot.
As a test just run:
ifconfig igb2 media 1000baseTHowever I would get a single link working at 1G first and then add the lagg back.
-
trying to get a single link but unsuccessful so far!
-
I have now tried every possible combination available to force the port to 1G (no LAG) but unable get it. If I connect the same cable from laptop to pfsense NIC I get 1G so not card or cable. Looks like I will have to go back to draytek to sort it as I'm now out of ideas!
-
What about if you use the em0 NIC?
-
Not tried using that but I'll give it a shot and see what happens!
-
Ok, swapped over to em0 and it connected at 1G!
So, took the same lead and plugged into a number of ports on both switches and always connected at 1G.
Consequently, went around each of the 5 ports individually with the same lead and results below:-
em0 - 1G
igb0 - 1G
igb1 - 1G
igb2 - 100M
igb3 - 100MHence card 2 has the problem. Cards 1&2 are the same type and new.
-
swapped over the LAN cards out of desperation and now have a 1G connection (not LAG)...
However, ignoring LAGG for now, I have a physical connection between the 2 switches but unable to access anything on the other switch. Must be VLAN issue but not sure where to go from here
-
So, I now have everything up in terms of connections but running on a single cable, not LAGG on igb1.
Firewall is fully open which at some point I will need to lock down but LAG now the remaining issue.
NIC 2 seems to be the issue.
Initially I installed pfsense with only 1 NIC card in and then added the second later once I had bought it. Pfsense detected it so I assumed all was good. Could that be causing the issue?
-
No it shouldn't make any difference how the cards were added. I agree there's something different about that second card.
Check the revision is the same as shown by:
pciconf -lvIt could be a firmware difference. Looks for the eeprom version in the boot log like:
igb0: EEPROM V3.11-0 eTrack 0x80000469 -
Info from pciconf -1v
igb2@pci0:2:0:0: class=0x020000 rev=0x01 hdr=0x00 vendor=0x8086 device=0x10c9 subvendor=0x8086 subdevice=0xa03c
vendor = 'Intel Corporation'
device = '82576 Gigabit Network Connection'
class = network
subclass = ethernet
igb3@pci0:2:0:1: class=0x020000 rev=0x01 hdr=0x00 vendor=0x8086 device=0x10c9 subvendor=0x8086 subdevice=0xa03c
vendor = 'Intel Corporation'
device = '82576 Gigabit Network Connection'
class = network
subclass = ethernetWhere do I find the boot log?
-
How does that compare with igb0/1?
You can see the boot log in the gui or in /var/log/dmesg.boot
-
Exactly the same as igb0/1
Boot log shows EEPROM version to be the same for all 4 ports
-
Hmm, maybe just a faulty card then.
Have you tested the LAGG using the NIC that links at 1G? I bet it works fine.
-
Can't test it as igb0 is used for WAN and igb1 for LAN but I have no doubt that it will work for LAGG!
That is why I purchased the 2nd card to use separately for the LAGG interface.
I think the card is fine as I can connect to the card in the pfsense box from the laptop and the link is immediately 1G on both ports and I've switched the 2 cards around in the pfsense box and the issue remains on the card 2 position i.e. the problem does not transfer with the card. It could be the PC but doubt it and there is no more spare slots to try as it is a DELL Optiplex SFF PC.
-
Hmm odd. You might try using
pciconfg -lvcMake sure both show the same PCIe speeds. -
Look the same to me! Below is igb1 & igb2, the other 2 are the same.
igb1@pci0:1:0:1: class=0x020000 rev=0x01 hdr=0x00 vendor=0x8086 device=0x10c9 subvendor=0x8086 subdevice=0xa03c
vendor = 'Intel Corporation'
device = '82576 Gigabit Network Connection'
class = network
subclass = ethernet
cap 01[40] = powerspec 3 supports D0 D3 current D0
cap 05[50] = MSI supports 1 message, 64 bit, vector masks
cap 11[70] = MSI-X supports 10 messages, enabled
Table in map 0x1c[0x0], PBA in map 0x1c[0x2000]
cap 10[a0] = PCI-Express 2 endpoint max data 256(512) FLR RO NS
max read 512
link x1(x4) speed 2.5(2.5) ASPM disabled(L0s/L1)
ecap 0001[100] = AER 1 1 fatal 0 non-fatal 1 corrected
ecap 0003[140] = Serial 1 98b785ffff00fd44
ecap 000e[150] = ARI 1
ecap 0010[160] = SR-IOV 1 IOV disabled, Memory Space disabled, ARI disabled
0 VFs configured out of 8 supported
First VF RID Offset 0x0180, VF RID Stride 0x0002
VF Device ID 0x10ca
Page Sizes: 4096 (enabled), 8192, 65536, 262144, 1048576, 4194304
igb2@pci0:2:0:0: class=0x020000 rev=0x01 hdr=0x00 vendor=0x8086 device=0x10c9 subvendor=0x8086 subdevice=0xa03c
vendor = 'Intel Corporation'
device = '82576 Gigabit Network Connection'
class = network
subclass = ethernet
cap 01[40] = powerspec 3 supports D0 D3 current D0
cap 05[50] = MSI supports 1 message, 64 bit, vector masks
cap 11[70] = MSI-X supports 10 messages, enabled
Table in map 0x1c[0x0], PBA in map 0x1c[0x2000]
cap 10[a0] = PCI-Express 2 endpoint max data 256(512) FLR RO NS
max read 512
link x1(x4) speed 2.5(2.5) ASPM disabled(L0s/L1)
ecap 0001[100] = AER 1 0 fatal 0 non-fatal 1 corrected
ecap 0003[140] = Serial 1 98b785ffff00fd48
ecap 000e[150] = ARI 1
ecap 0010[160] = SR-IOV 1 IOV disabled, Memory Space disabled, ARI disabled
0 VFs configured out of 8 supported
First VF RID Offset 0x0180, VF RID Stride 0x0002
VF Device ID 0x10ca
Page Sizes: 4096 (enabled), 8192, 65536, 262144, 1048576, 4194304 -
Yup, looks the same to me too.
