Problem with inter VLAN Connections
-
Hello everyone,
I switched my Intel X550-T2 to an X710-T4L since this change my inter vlan communication or vlan communication in general is instable.
ssh connections, or tcp connection in general, gets reset sometimes.
In a packet trace it looks like the dst pc reset the connection but on the other side the connection stays open until the service says timeout.
So this isnt the case, the pfsense somehow resets the connection but doesnt see it?Sometimes in a call /ms teams) or some sort the audio/video stutters also since this change.
Is there any way to troubleshoot that?
Ah in the vlan the connections are stable, so if I open a ssh or a tcp connection, to the pfsense for example, nothing happens.
Any help is appreciated.Setup:
ixl2 - LAN 192.168.178.1/24 - into MikroTik Switch 10G FC off
ixl3 - VMNET 172.16.24.1/24 - into MikroTik Switch 10G FC off
ixl3.100 - GUESTWLAN 172.16.23.1/24
ixl3.30 - LAB 192.168.30.1/24
Access Point located in ixl3.100 and ixl2 - into MikoTik Switch 1G FC autoKind regards,
-
OKAy, I found the problem: the state - somehow - gets exceeded very fast so that the TCP:A flag is not allowed anymore.
I Try to reboot at first and then try to figure out to make the states waiting times a bit higher. All is default but this is weird. -
Okay I really do need the help of the community here:
I really cant find any issue with my routing or why the state gets stale so fast.Here i Tried to find the issue:
First I can open an ssh connection, but after 20 Seconds the Flag doesnt get accepted anymore even the Rule is build to accept any TCP Flag
I really cant find an issue with the routing or some sort of, maybe its a flag configuration but the optimazation options are the same as before: Normal
same as the State Timeouts:
Nothing fits with this 20 Seconds, the packet capture shows that its not 20 Seconds but 10 but even that makes no sense. -
@sysadminfromhell Are you running any part of it through a VM instance?
-
@Popolou no the pfsense is Baremetal but I found that the driver which currently get shipped with pfsense should be broken with the x710. The card is not very populated right now because its hard to get it cheap but I guess this should be the case here maybe. I try ti get more information about it to find a way to troubleshoot that.
https://forum.netgate.com/topic/162333/intel-x710-issues/36 -
@sysadminfromhell Under System -> Advanced -> Networking towards the bottom under Network Interfaces, can i ask what do you have ticked/unticked?
-
@Popolou as before with the x550:
-
@sysadminfromhell Those seem correct. I had very similar issues (posted about it) and noticed some of the same symptoms. Needed to remove all hardware offloading to restore functionality. Have you disabled the checksum offloading and tested? I've had mixed results with this on an x710 too.
-
@Popolou I did not check that, but I can test it and see if this works. I Keep you updated
-
@Popolou unfurtanatly its the same problem:
I now try to enable all the offload and see if this fixes it.
If not, maybe I need and developer to look at it or give me a hint to troubleshoot it more. Maybe I need the new drivers? -
@sysadminfromhell Even here the same issue:
-
I will buy a new x550 and replace it once again if not someone has a Idea (driver update or some sort of trick). I just need to inform netgate before because if I change my network card the ndi changes too.
-
@Popolou So I pciked up a x550 locally to replace the broken one and the x710 which appearently doesnt work properly and see there: "almost" no problems. I guess somehow the IPSec is broken and the S2S connection to my lab doesnt work properly.
-
@sysadminfromhell I suppose it's possible it could have been a cheap/fake x710 giving you the problems. I'd have probably looked at the firewall rules or checked if there was any rate limiting in place but it sounds like the replacement nic has put you right.