Intel i210 NIC in 2.1



  • Hello,
    is there a possibility to use the Intel NIC i210 in pfsense 2.1?



  • No.  The driver in 2.1 isn't new enough.  If you have an active support subscription then they can send you an updated driver which will work but it was pulled out of 2.1 because it breaks ALTQ (you won't have traffic shaping).

    I have an open ticket with support on a patch from a newer commit to FreeBSD that MAY fix the issue but it may not and if so it likely won't get resolved until 2.2 is released (or whatever the version number is that builds on FreeBSD 10).

    I'm crossing my fingers though as I'd love to be able to drop in a pair of the new Lanner FW-8771 boxes…


  • Netgate Administrator

    I don't really see any reason that newer kernel module shouldn't be publicly available for those who know the risks and drawbacks. Perhaps I'm overlooking something.  :-\

    That Lanner box looks nice.

    This allows network appliances to operate at ultra-high speed

    Ultra high, that's fast!  ;)

    Steve



  • @stephenw10:

    I don't really see any reason that newer kernel module shouldn't be publicly available for those who know the risks and drawbacks. Perhaps I'm overlooking something.  :-\

    I don't believe jimp ever said anything about not distributing it to anyone who asks, though I also don't believe he ever said that he would.  Your best bet is to ask and see what happens.  All I can say for sure is that he offered it to me through my support ticket and, for now, I declined due to the manual install and lack of traffic shaping.

    That said, there wouldn't be anything stopping someone from compiling it themselves.  Quite a few people around here have compiled drivers for various hardware themselves, some have provided tutorials.

    @stephenw10:

    That Lanner box looks nice.

    This allows network appliances to operate at ultra-high speed

    Ultra high, that's fast!  ;)

    Steve

    Yup, "high speed" just isn't enough.  I'm skipping "HD high speed" and going straight to "ultra-high speed".

    Seriously though, I want to add a 3rd WAN connection @ 500/100 (plus my 100/100 and 20/20) and want to start doing snort & squid (for a specific application to cache images, not for all users) at the edge and my existing Lanner boxes with Core2Duo T7400 CPUs are struggling a bit, even without snort & squid.


  • Netgate Administrator

    ;D

    I'm surprised those T7400s would struggle at 120/120.

    Steve



  • Struggle isn't the right word I guess.  When maxing out both pipes the CPU usage is around 70%, likely due to the mild traffic shaping (a couple limiters on a vLAN interface + a bunch of PRIQ buckets on all interfaces).  That's doesn't leave the headroom for a 500/100 pipe and certainly won't allow for snort & squid.


  • Netgate Administrator

    If you have any sort of CPU frequency scaling enabled then that might be 70% of some lower speed, worth checking. Also might not be evenly distributed across the cores, 100% on one core 40% on the other. You really would be out of CPU in that case.

    Anyway somewhat off topic.

    Steve



  • Good points.  The frequency is at max, though I've no idea whether or not the load is unbalanced across cores.  I'll check that this week.



  • @Jason:

    No.  The driver in 2.1 isn't new enough.  If you have an active support subscription then they can send you an updated driver which will work but it was pulled out of 2.1 because it breaks ALTQ (you won't have traffic shaping).

    Any news on Intel i210 NIC support that doesn't break traffic shaping???

    Any info at all… such as a SWAG on when support might make it to a beta or production client would be greatly appreciated. I had to abandon using PfSense for a new install because I needed a 4 NIC on-board solution and the only mobos I could find that fit the bill were Supermicro with the i210.

    Now I'm stuck using Untangle, Smoothwall, etc. until this becomes an option for PfSense.  :-(



  • @longhorn:

    @Jason:

    No.  The driver in 2.1 isn't new enough.  If you have an active support subscription then they can send you an updated driver which will work but it was pulled out of 2.1 because it breaks ALTQ (you won't have traffic shaping).

    Any news on Intel i210 NIC support that doesn't break traffic shaping???

    Any info at all… such as a SWAG on when support might make it to a beta or production client would be greatly appreciated. I had to abandon using PfSense for a new install because I needed a 4 NIC on-board solution and the only mobos I could find that fit the bill were Supermicro with the i210.

    Now I'm stuck using Untangle, Smoothwall, etc. until this becomes an option for PfSense.  :-(

    Not that I've heard. I've still got the support ticket open but it's not really a priority for me anymore.  I decided to go with the older Lanner FW-8865 with (12) i350 NICs instead.  The small performance boost from Haswell isn't worth the compatibility issues of bleeding-edge hardware.



  • @Jason:

    The small performance boost from Haswell isn't worth the compatibility issues of bleeding-edge hardware.

    This, not sure why people are dead set on having haswell, its fine if the caveats do not apply to your use case but there are tons of brand new ivy bridge systems and parts for sale. The $/perf on ivy is higher in most cases right now, "new n' shiny" tends to command a premium. Even some sandy bridge stuff has discounts right now that might be the best option, and it sure ain't no pentium 4 space heater. Its a router, not a cell phone, you don't need this quarter's model :)

    The performance and power difference of the last 3 "generations" is often barely above the statistical anomaly threshold. New features are nice, but working feature birds are worth 10 in the bush. (your network is probably the slowest thing anyways)

    For petes sake though, don't buy atom junk ;)



  • @Jason:

    pair of the new Lanner FW-8771 boxes…

    Netgate now has one of these in-house.  You can draw your own conclusions.



  • I built my own image with haswell nic support, but it wasn't exactly trivial - that is to say, the changes necessary aren't hard, but getting a working build environment took some effort.



  • @dhiltonp:

    I built my own image with haswell nic support, but it wasn't exactly trivial - that is to say, the changes necessary aren't hard, but getting a working build environment took some effort.

    Does ALTQ work?

    In any case, my FW-8865 boxes with the i350 NICs are here.  Haven't had a chance to set them up yet, can't figure out the default IP for the IPMI card…



  • No, ALTQ doesn't work. I'd prefer to have it, but this box and a 24 port switch are replacing my failing dd-wrt consumer router; it's a pretty big upgrade as is.

    If I notice QoS issues, I may have to revisit my solution (preferably in software, but maybe in hardware).



  • Hey everyone, first post to the forum.  I've been live with pfSense at home for several weeks now.  Very new to the project and very enthusiastic about the community.  I built a brand new 2U rackmount form factor with new components as a fun project:

    Case:  Rosewill RSV-Z2600 – cheap case but annoyed mobo and PSU are backwards like most cheap cases
    Power Supply:  Seasonic SSR-360GP -- 360W 80 Plus Gold
    CPU:  Intel Xeon E3-1220v3 (Haswell 4th Generation) 3.1 GHz quad core, no hyperthreading
    Mobo:  Supermicro X10SLM+-LN4F -- 4 Intel i210 NICs on board.
    RAM:  Kingston KVR16E11/8EF -- 16GB DDR3 1600 MHz ECC server RAM
    HDD:  Crucial M4 64GB MLC SSD -- had this lying around, never used.  Reading into turning on TRIM, haven't done so yet

    I knew going into this from reading this forum that the i210 was too new and wasn't natively supported.  The uncompiled drivers are available on Intel's site, and I chose the ones that were backwards compatible with FreeBSD 8.x.

    I'm new to FreeBSD but after installing pfSense memstick to HDD it would not fully boot up due to lack of NIC drivers.  I was at least expecting to get to a working shell so I could mount a USB flash drive, copy the driver source code, and compile on pfSense.  But the "Escape to shell" seemed to be a watered down shell and not the full shell, so it didn't support many commands.  Couldn't mount a USB flash drive nor could I use any text editor.

    Anyway, ended up downloading the full FreeBSD 8.3 64-bit ISO from FreeBSD's site and spinning up a fresh VirtualBox VM.  Successfully compiled the Intel drivers and got the "if_igb.ko" driver I was looking for (yessss, my precious!).  I ended up using the pfSense ISO (as opposed to the memstick download) since I needed to inject the driver file and loader.conf file into the ISO prior to installing to the server, so I extracted the pfSense ISO, copied the driver, then basically used another program to write to the USB flash drive.

    Wow, what a long, scenic route just to get it working.  On first boot, all went very well and the i210 NICs were recognized by pfSense and I was able to begin initial config.  I fully realize traffic shaping issues are present, but I'm not using any of that.

    Anyways, I wanted to share my frustrations and eventual success so that others who have the i210 NICs can use pfSense 2.1 at least until 2.2 is released based on FreeBSD 10.x with native support.

    I uploaded the driver as .txt so the forum would accept it.  Please strip off the extension.  Mods/admins: apologies if this is forbidden -- I don't know of anywhere else to upload this in order to share it.  Note, this driver was compiled on FreeBSD 8.3 64-bit, not 32-bit.

    • Copy the driver to:
      /boot/kernel/
      (I didn't find a need to add it to /boot/modules/)

    • In /boot/loader.conf, add the line:
      if_igb_load="YES"

    if_igb.ko.txt


  • Netgate Administrator

    Nice first post.  :)
    The .txt suffix sometimes causes problems with file corruption (on the older forum code at least). Do you have the MD5 hash of the kernel module to check?

    As you found there are no build tools included in pfSense for a number of reasons.

    Steve



  • MD5:  419F0DA227322FEE06DCB835C14D53DB
    SHA-1:  078FB6C206BA2E865006A8B093CAAC72820E4022
    SHA-256:  2618048F471A27A03C8B588AA1716516C25B768EAD23BDA655B46579265DB236

    Man, I love "HashTab" for Windows.  Best hash extension ever.  ( http://implbits.com/HashTab.aspx )

    And yeah, it was more than not having a build tool.  Without recognizing the NICs on the first pfSense boot, I couldn't even get into a "real" FreeBSD Shell, so I couldn't mount a USB device or use any built-in text editors.  Like the keyboard driver was really messed up and everything was on one line… After hours of frustration I just decided to do everything on a real FreeBSD 8.3 VM and copy all that stuff back on the pfSense ISO, burn ISO bit-wise to memstick, then boot the real box off custom memstick.


  • Netgate Administrator

    Hmm, well you should be able to do all that. pfSense is FreeBSD underneath. The ee text editor is included, or vi if your inclined to use it.  ;)

    Edit: Seems to download fine with the .txt extension though I have no way of testing it.

    Steve



  • @Jason:

    No.  The driver in 2.1 isn't new enough.  If you have an active support subscription then they can send you an updated driver which will work but it was pulled out of 2.1 because it breaks ALTQ (you won't have traffic shaping).

    I have an open ticket with support on a patch from a newer commit to FreeBSD that MAY fix the issue but it may not and if so it likely won't get resolved until 2.2 is released (or whatever the version number is that builds on FreeBSD 10).

    I'm crossing my fingers though as I'd love to be able to drop in a pair of the new Lanner FW-8771 boxes…

    Jason,

    Guess what we got in on Monday at Netgate (also pfSense HQ) this past Monday.  8) 8) 8)

    IJS



  • How do you like it?  I was considering those but just didn't want to deal with the hassle of bleeding-edge hardware that wouldn't be properly supported for 6 months.  I had a failing box and needed a replacement then.

    Anyway, I absolutely love the 8865 boxes I bought.  I'm considering tossing in some 10Gbe ports but I'm planning on holding off on that until you guys kick out 2.2.



  • i did wat you sayed finger but still my network card is not showing.

    this is how i did installed pfsense with a usb netwerk adapter then went to the shell added the file from your post added in the config and rebooted the pc but then it still did not show the network adapter.

    or is this file only working for the i210 and not for the i217-v?



  • same here. Driver seems to work fine for i210 but not the i217 version.

    @Finger79: Is it possible that you can create a driver for the i217? Would be great!


  • Netgate Administrator

    Hmm, the i217-v appears to be still using the em driver which I didn't expect:
    https://downloadcenter.intel.com/Detail_Desc.aspx?DwnldID=17509

    No version of the igb driver is going to help in that case. You'll have to compile a newer em version.

    Steve



  • Many thanks Finger79  ;D ;D ;Dv! The solution worked great and saved me.

    I hope so the support will come out of the box very soon !



  • @dhiltonp:

    I built my own image with haswell nic support, but it wasn't exactly trivial - that is to say, the changes necessary aren't hard, but getting a working build environment took some effort.

    Is it posible to get this image?
    I have I210AT on my ASUS P9D-I



  • @Jason:

    …bleeding-edge hardware that wouldn't be properly supported for 6 months....

    The Intel ET2 Server NIC's, among others using this same driver as the i210 are also having issues, has been out since Q3 2010.. 4 Year old hardware is definitely not bleeding edge.
    Quite frustrating considering these NIC's were shipping as upgrade options directly from Dell and HP for their rack mount servers almost 4 years ago.
    You wouldnt think for a second that there should be an issue with enterprise class hardware that has been in the field for this long, but this is indeed the case.

    I wouldn't get your hopes up for this issue to be resolved any time soon. It first cropped up this summer during beta testing, and would involve Intel developing a current driver on FreeBSD 8 which they no longer seem to do, they are building for the 9.x Kernel. Its safe to say that unless something is changed with Altq there will be no solution till 2.2 based off the newer version of FreeBSD.



  • In which way are altq broken?
    Are it a fatal brokage (eg leading to panics, crashes and such) or are it simply that altq just dont work, it will behave like altq didnt exist and all traffic are prioritized equally?



  • I'm getting a lot of requests for the custom pfSense 2.1 ISO with the i210 driver installed.  It's not feasible for me to re-build the image and send it to everyone, but below I documented the process.  It's not that bad.  The hard part was the first part (downloading the Intel driver source code, downloading the FreeBSD 8.3 ISO, building it in VirtualBox, transferring the compiled driver back out of the virtual disk image…)

    (Below tools are Windows oriented.  The same tools may also be available on Mac/Linux.)

    1.  Download the 2.1 Release ISO.
    2.  Extract the ISO to a folder using something like 7-Zip.
    3.  Copy if_igb.ko to /boot/kernel
    4.  Add the line if_igb_load="YES" to /boot/loader.conf
    5.  Make a new custom ISO.  I found a tool called UltraISO.  That, or I might have used WinImage to inject the files (I don't remember which tool I used).
    6a.  Burn this custom ISO to CD if you want that installation method.  (Or PXE boot, etc.)
    6b.  If you need to convert the ISO to be used like a memstick .img file, I used UNetbootin and was able to burn the ISO directly to USB flash drive.



  • @Finger79:

    I'm getting a lot of requests for the custom pfSense 2.1 ISO with the i210 driver installed.  It's not feasible for me to re-build the image and send it to everyone, but below I documented the process.  It's not that bad.  The hard part was the first part (downloading the Intel driver source code, downloading the FreeBSD 8.3 ISO, building it in VirtualBox, transferring the compiled driver back out of the virtual disk image…)

    (Below tools are Windows oriented.  The same tools may also be available on Mac/Linux.)

    1.  Download the 2.1 Release ISO.
    2.  Extract the ISO to a folder using something like 7-Zip.
    3.  Copy if_igb.ko to /boot/kernel
    4.  Add the line if_igb_load="YES" to /boot/loader.conf
    5.  Make a new custom ISO.  I found a tool called UltraISO.  That, or I might have used WinImage to inject the files (I don't remember which tool I used).
    6a.  Burn this custom ISO to CD if you want that installation method.  (Or PXE boot, etc.)
    6b.  If you need to convert the ISO to be used like a memstick .img file, I used UNetbootin and was able to burn the ISO directly to USB flash drive.

    Thanks i will try.

    The part i cant get to work is the burn/convert/memstick part.
    I always get "cant load kernel" when i boot from the memstick.

    But thanks again for th how to.



  • Yes, thanks for the tutorial.  I was able to burn the ISO, but when starting up the installer, I also get the "can't load kernel" message.  :(



  • Did you guys rename if_igb.ko.txt to if_igb.ko ?  Sorry if that sounds silly, heh.  Also, you're using the 64-bit pfSense release, right?



  • Yes, I did rename the file and also using 64bit release.



  • @arkestler:

    Yes, I did rename the file and also using 64bit release.

    Same here.
    I tried all thing i know but still only got "cant load kernel" with the modified iso.

    i have tried in VirtualBOX Oracle also.



  • Has anybody got this working?

    I would like to install my new server since i soon getting GB connection to internet and the old server cant hold up.


  • Netgate Administrator

    Just install the standard 64bit ISO and then load the kernel module afterwards. If you only have i210 NICs then that makes it slightly more complicated to get the module onto the box but still much easier than producing your own custom ISO. Perhaps you have another NIC you can add temporarily.

    Steve



  • @stephenw10:

    Just install the standard 64bit ISO and then load the kernel module afterwards. If you only have i210 NICs then that makes it slightly more complicated to get the module onto the box but still much easier than producing your own custom ISO. Perhaps you have another NIC you can add temporarily.

    Steve

    I only have the i210's with no option to put another nic, so how would I go about loading the module when the stock ISO won't even install?


  • Netgate Administrator

    Ah OK, because it finds no NICs at all?



  • @stephenw10:

    Ah OK, because it finds no NICs at all?

    Exactly!



  • Can you boot pf from CD and make the necessary changes by adding the driver from a USB key and modding loader.conf before you reboot?


Log in to reply