HUNSN RJ46, 6 x 2.5GbE I226-V - VLAN problem

mberezinski

@stephenw10

Does it pass untagged traffic?

It does.

Does it pass tagged traffic if you install pfSense bare metal on it directly?

I haven't tested it on bare metal.

This seems likely to be a Windows/Hyper-V issue.

I've done similar setups multiple times on different hardware without any problem. Maybe it's the issue of Windows 11 Pro drivers for i226-V. I have read that Intel is not happy with consumer-grade NICs being used in "advanced" scenarios. That's why there are no drivers for i226-v for Windows Server. Maybe it got VLAN support chopped off.

stephenw10

Possible but it seems unlikely. You can do VLANs in software even if the drivers don't expose any hardware capabilities.

whitehatmiddleman

Additional experience to add, I have an ikoolcore r2 which has 3 intel i226-v and a Realtek RTL8156BG.

After running a lot of tests and doing some traffic load across multiple vlan, I've determine the intel i226-v doesn't support vlan tagging well. If there is a significant load on one single interface, especially if it's trying to manage multiple tagged networks, the interface would down-up from time to time.
When I moving the tag networks over to the Realtek interface, which states it support vlan tagging, I didn't experience any issues.

If you have a managed switch, I suggest tagging on the switch port rather than from the host with the i226-v interface. It seems like the i226-v interface works well only for untagged networks directly from the host.

stephenw10

Is that running bare metal?

We use i226 NICs on the 4200 and 8200 and do not see any VLAN related issues there. It has all the usual VLAN hardware capabilities:

igc0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
	options=48020b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,HWSTATS,MEXTPG>
	capabilities=4f43fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWTSO,NETMAP,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>

[24.08-DEVELOPMENT][admin@4200.stevew.lan]/root: pciconf -lv igc0
igc0@pci0:25:0:0:	class=0x020000 rev=0x04 hdr=0x00 vendor=0x8086 device=0x125c subvendor=0x8086 subdevice=0x0000
    vendor     = 'Intel Corporation'
    device     = 'Ethernet Controller I226-V'
    class      = network
    subclass   = ethernet

whitehatmiddleman

@stephenw10 It's not bare metal, it's a vm in proxmox, but I was push 4 different vlans through a single interface. The Realtek interface, seems to be managing it really well and no intermittent down/ups . I've been using the rest of the i226-v interfaces for single networks and that's been working fine as well.

If I have the time and energy I try to do bare-metal, but honestly I prefer having pihole rather than pfblockerNG-DNSBL. I've tried to use DNSBL, but I still like pihole's ability to lock out domains by client and/or network segments.

The only thing currently running on the device are 2 vms, pfsense and pihole.

Gblenn

@whitehatmiddleman I'm having a similar problem on a machine with i226-V.

When launching a VM or LXC with a VLAN Tag applied, that entire VLAN becomes completely unusable and none of the devices already on that VLAN are reacheable.

The solution is to turn off HW offload in the i226-V by running this command (in this case it's enp3s0):
'ethtool -K enp3s0 rx off tx off tso off gso off gro off lro off'

To make this persistent, create a systemd service that handles this at boot

nano /etc/systemd/system/disable-igc-offloads.service

[Unit]
Description=Disable Intel i226/i225 Offloads
After=network.target

[Service]
Type=oneshot
ExecStart=/sbin/ethtool -K enp3s0 rx off tx off tso off gso off gro off lro off #Make sure to enter the correct interface name (enp1s0, enp2s0 etc)
RemainAfterExit=true

[Install]
WantedBy=multi-user.target

And then make sure to set the vmbr in question to be VLAN Aware. Either from the UI by ticking the box and clicking apply, or by adding these two lines to your iface vmbrN inet static/dhcp section:

    bridge-vlan-aware yes
    bridge-vids 2-4094

So it looks something like this:
auto vmbr1
iface vmbr1 inet static
address 192.168.4.104/24
gateway 192.168.4.1
bridge-ports enp3s0
bridge-stp off
bridge-fd 0
bridge-vlan-aware yes
bridge-vids 2-4094

stephenw10

So also on Proxmox? Which version?

Gblenn

@stephenw10 Yes this is on Proxmox and that machine has 8.4.14.
I was getting ready to upgrade to 9, in the hopes of resolving the issue. But then I got some AI help to fix it this way instead.

w0w

@Gblenn said in HUNSN RJ46, 6 x 2.5GbE I226-V - VLAN problem:

bridge-vlan-aware yes
bridge-vids 2-4094

Usually, that’s all you need to make it work in Proxmox — at least that’s what needs to be set in Proxmox 9.
I did not change the other adapter settings in Proxmox. But all I can say is that the i226-V and Proxmox are a no-go combination for virtual adapters (but not for PCI passthrough). I’ve experienced a lot of issues with link autonegotiation and drops, different hardware. If I passthrough the adapter to pfSense, it works perfectly. I blame the Linux drivers for the i226 — they are still a bit of a nightmare.

Gblenn

@w0w Wasn't enough for me on v8 though. I had to turn off HW Offload as well...
And I have never set interfaces to VLAN aware before on any of my other Proxmox machines (including one with version 9).

But this is the only one I have with i226's... and the only one where I run my NICs virtualized for the firewall...