PfSense randomly loses connection, and reboot is only solution.



  • So, I just did and fresh install on a new computer. Using the built-in NIC as LAN, and an USB-nic for WAN.
    After a few hours I lost connection to Internet, but I still could reach the FW, and I all clients could ping the GW. All DNS:es were unreachable tho.
    The only solution to solve the problem was to reboot.

    Here are some info, just after the connection-loss:

    $ dmesg
    Copyright (c) 1992-2012 The FreeBSD Project.
    Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
    	The Regents of the University of California. All rights reserved.
    FreeBSD is a registered trademark of The FreeBSD Foundation.
    FreeBSD 8.3-RELEASE-p11 #0: Wed Sep 11 18:39:44 EDT 2013
        root@snapshots-8_3-i386.builders.pfsense.org:/usr/obj.pfSense/usr/pfSensesrc/src/sys/pfSense_SMP.8 i386
    Timecounter "i8254" frequency 1193182 Hz quality 0
    CPU: Intel(R) Celeron(R) CPU 2.53GHz (2527.08-MHz 686-class CPU)
      Origin = "GenuineIntel"  Id = 0xf41  Family = f  Model = 4  Stepping = 1
      Features=0xbfebfbff <fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>Features2=0x451d <sse3,dtes64,mon,ds_cpl,tm2,cnxt-id,xtpr>AMD Features=0x100000 <nx>TSC: P-state invariant
    real memory  = 2147483648 (2048 MB)
    avail memory = 2072616960 (1976 MB)
    ACPI APIC Table: <dell  sx280 ="">
    ioapic0: Changing APIC ID to 8
    ioapic0 <version 2.0=""> irqs 0-23 on motherboard
    lapic0: Forcing LINT1 to edge trigger
    wlan: mac acl policy registered
    ipw_bss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
    ipw_bss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
    module_register_init: MOD_LOAD (ipw_bss_fw, 0xc07bb6f0, 0) error 1
    ipw_ibss: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
    ipw_ibss: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
    module_register_init: MOD_LOAD (ipw_ibss_fw, 0xc07bb790, 0) error 1
    ipw_monitor: You need to read the LICENSE file in /usr/share/doc/legal/intel_ipw/.
    ipw_monitor: If you agree with the license, set legal.intel_ipw.license_ack=1 in /boot/loader.conf.
    module_register_init: MOD_LOAD (ipw_monitor_fw, 0xc07bb830, 0) error 1
    kbd1 at kbdmux0
    cryptosoft0: <software crypto=""> on motherboard
    padlock0: No ACE support.
    acpi0: <dell sx280 =""> on motherboard
    acpi0: [ITHREAD]
    acpi0: Power Button (fixed)
    acpi0: reservation of 0, a0000 (3) failed
    acpi0: reservation of 100000, f00000 (3) failed
    acpi0: reservation of 1000000, 7e686c00 (3) failed
    Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
    acpi_timer0: <24-bit timer at 3.579545MHz> port 0x808-0x80b on acpi0
    cpu0: <acpi cpu=""> on acpi0
    acpi_button0: <power button=""> on acpi0
    pcib0: <acpi host-pci="" bridge=""> port 0xcf8-0xcff on acpi0
    pci0: <acpi pci="" bus=""> on pcib0
    pcib1: <acpi pci-pci="" bridge=""> irq 16 at device 1.0 on pci0
    pci1: <acpi pci="" bus=""> on pcib1
    vgapci0: <vga-compatible display=""> port 0xecd8-0xecdf mem 0xdff00000-0xdff7ffff,0xc0000000-0xcfffffff,0xdfec0000-0xdfefffff irq 16 at device 2.0 on pci0
    agp0: <intel 82915g="" (915g="" gmch)="" svga="" controller=""> on vgapci0
    agp0: aperture size is 256M, detected 7932k stolen memory
    vgapci1: <vga-compatible display=""> mem 0xdff80000-0xdfffffff at device 2.1 on pci0
    pcib2: <acpi pci-pci="" bridge=""> irq 16 at device 28.0 on pci0
    pci2: <acpi pci="" bus=""> on pcib2
    bge0: <broadcom netxtreme="" gigabit="" ethernet="" controller,="" asic="" rev.="" 0x004001=""> mem 0xdfcf0000-0xdfcfffff irq 16 at device 0.0 on pci2
    bge0: CHIP ID 0x00004001; ASIC REV 0x04; CHIP REV 0x40; PCI-E
    miibus0: <mii bus=""> on bge0
    brgphy0: <bcm5750 10="" 100="" 1000basetx="" phy=""> PHY 1 on miibus0
    brgphy0:  10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-master, 1000baseT-FDX, 1000baseT-FDX-master, auto, auto-flow
    bge0: [ITHREAD]
    uhci0: <intel 82801fb="" fr="" fw="" frw="" (ich6)="" usb="" controller="" usb-a=""> port 0xff80-0xff9f irq 21 at device 29.0 on pci0
    uhci0: [ITHREAD]
    uhci0: LegSup = 0x3000
    usbus0: <intel 82801fb="" fr="" fw="" frw="" (ich6)="" usb="" controller="" usb-a=""> on uhci0
    uhci1: <intel 82801fb="" fr="" fw="" frw="" (ich6)="" usb="" controller="" usb-b=""> port 0xff60-0xff7f irq 22 at device 29.1 on pci0
    uhci1: [ITHREAD]
    usbus1: <intel 82801fb="" fr="" fw="" frw="" (ich6)="" usb="" controller="" usb-b=""> on uhci1
    uhci2: <intel 82801fb="" fr="" fw="" frw="" (ich6)="" usb="" controller="" usb-c=""> port 0xff40-0xff5f irq 18 at device 29.2 on pci0
    uhci2: [ITHREAD]
    usbus2: <intel 82801fb="" fr="" fw="" frw="" (ich6)="" usb="" controller="" usb-c=""> on uhci2
    uhci3: <intel 82801fb="" fr="" fw="" frw="" (ich6)="" usb="" controller="" usb-d=""> port 0xff20-0xff3f irq 23 at device 29.3 on pci0
    uhci3: [ITHREAD]
    usbus3: <intel 82801fb="" fr="" fw="" frw="" (ich6)="" usb="" controller="" usb-d=""> on uhci3
    ehci0: <intel 82801fb="" (ich6)="" usb="" 2.0="" controller=""> mem 0xffa80800-0xffa80bff irq 21 at device 29.7 on pci0
    ehci0: [ITHREAD]
    usbus4: EHCI version 1.0
    usbus4: <intel 82801fb="" (ich6)="" usb="" 2.0="" controller=""> on ehci0
    pcib3: <acpi pci-pci="" bridge=""> at device 30.0 on pci0
    pci3: <acpi pci="" bus=""> on pcib3
    isab0: <pci-isa bridge=""> at device 31.0 on pci0
    isa0: <isa bus=""> on isab0
    atapci0: <intel ich6="" udma100="" controller=""> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0xffa0-0xffaf irq 16 at device 31.1 on pci0
    ata0: <ata channel=""> at channel 0 on atapci0
    ata0: [ITHREAD]
    ata1: <ata channel=""> at channel 1 on atapci0
    ata1: [ITHREAD]
    atapci1: <intel ich6="" sata150="" controller=""> port 0xfe00-0xfe07,0xfe10-0xfe13,0xfe20-0xfe27,0xfe30-0xfe33,0xfea0-0xfeaf irq 20 at device 31.2 on pci0
    atapci1: [ITHREAD]
    ata2: <ata channel=""> at channel 0 on atapci1
    ata2: [ITHREAD]
    ata3: <ata channel=""> at channel 1 on atapci1
    ata3: [ITHREAD]
    pci0: <serial bus,="" smbus=""> at device 31.3 (no driver attached)
    acpi_hpet0: <high precision="" event="" timer=""> iomem 0xfed00000-0xfed003ff on acpi0
    Timecounter "HPET" frequency 14318180 Hz quality 900
    atrtc0: <at realtime="" clock=""> port 0x70-0x7f irq 8 on acpi0
    ppc0: <parallel port=""> port 0x378-0x37f,0x778-0x77f irq 7 on acpi0
    ppc0: SMC-like chipset (ECP/EPP/PS2/NIBBLE) in COMPATIBLE mode
    ppc0: FIFO with 16/16/8 bytes threshold
    ppc0: [ITHREAD]
    ppbus0: <parallel port="" bus=""> on ppc0
    plip0: <plip network="" interface=""> on ppbus0
    plip0: [ITHREAD]
    lpt0: <printer> on ppbus0
    lpt0: [ITHREAD]
    lpt0: Interrupt-driven port
    ppi0: <parallel i="" o=""> on ppbus0
    uart0: <16550 or compatible> port 0x3f8-0x3ff irq 4 flags 0x10 on acpi0
    uart0: [FILTER]
    pmtimer0 on isa0
    orm0: <isa option="" roms=""> at iomem 0xc0000-0xcafff,0xcb000-0xcc7ff,0xcc800-0xcdfff,0xce000-0xcffff pnpid ORM0000 on isa0
    sc0: <system console=""> at flags 0x100 on isa0
    sc0: VGA <16 virtual consoles, flags=0x300>
    vga0: <generic isa="" vga=""> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
    atkbdc0: <keyboard controller="" (i8042)=""> at port 0x60,0x64 on isa0
    atkbd0: <at keyboard=""> irq 1 on atkbdc0
    kbd0 at atkbd0
    atkbd0: [GIANT-LOCKED]
    atkbd0: [ITHREAD]
    p4tcc0: <cpu frequency="" thermal="" control=""> on cpu0
    Timecounter "TSC" frequency 2527082964 Hz quality 800
    Timecounters tick every 1.000 msec
    IPsec: Initialized Security Association Processing.
    usbus0: 12Mbps Full Speed USB v1.0
    usbus1: 12Mbps Full Speed USB v1.0
    usbus2: 12Mbps Full Speed USB v1.0
    usbus3: 12Mbps Full Speed USB v1.0
    usbus4: 480Mbps High Speed USB v2.0
    ugen0.1: <intel> at usbus0
    uhub0: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr=""> on usbus0
    ugen1.1: <intel> at usbus1
    uhub1: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr=""> on usbus1
    ugen2.1: <intel> at usbus2
    uhub2: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr=""> on usbus2
    ugen3.1: <intel> at usbus3
    uhub3: <intel 1="" 9="" uhci="" root="" hub,="" class="" 0,="" rev="" 1.00="" 1.00,="" addr=""> on usbus3
    ugen4.1: <intel> at usbus4
    uhub4: <intel 1="" 9="" ehci="" root="" hub,="" class="" 0,="" rev="" 2.00="" 1.00,="" addr=""> on usbus4
    acd0: CDROM <hl-dt-st gcr-8240n="" 1.06=""> at ata0-master UDMA33 
    ad4: 38146MB <wdc wd400bd-75jma0="" 05.01c05=""> at ata2-master UDMA100 SATA
    uhub0: 2 ports with 2 removable, self powered
    uhub1: 2 ports with 2 removable, self powered
    uhub2: 2 ports with 2 removable, self powered
    uhub3: 2 ports with 2 removable, self powered
    uhub4: 8 ports with 8 removable, self powered
    ugen4.2: <vendor 0x0b95=""> at usbus4
    axe0: <vendor 2="" 0x0b95="" product="" 0x772a,="" rev="" 2.00="" 0.01,="" addr=""> on usbus4
    Trying to mount root from ufs:/dev/ad4s1a
    miibus1: <mii bus=""> on axe0
    ukphy0: <generic ieee="" 802.3u="" media="" interface=""> PHY 16 on miibus1
    ukphy0:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto, auto-flow
    ue0: <usb ethernet=""> on axe0
    ZFS NOTICE: Prefetch is disabled by default on i386 -- to enable,
                add "vfs.zfs.prefetch_disable=0" to /boot/loader.conf.
    ZFS WARNING: Recommended minimum kmem_size is 512MB; expect unstable behavior.
                 Consider tuning vm.kmem_size and vm.kmem_size_max
                 in /boot/loader.conf.
    ZFS filesystem version 5
    ZFS storage pool version 28
    ue0: link state changed to DOWN
    bge0: link state changed to DOWN
    tun2: changing name to 'ovpns2'
    tun3: changing name to 'ovpns3'
    ovpns2: link state changed to UP
    pflog0: promiscuous mode enabled
    ue0: link state changed to UP
    bge0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP</usb></generic></mii></vendor></vendor></wdc></hl-dt-st></intel></intel></intel></intel></intel></intel></intel></intel></intel></intel></cpu></at></keyboard></generic></system></isa></parallel></printer></plip></parallel></parallel></at></high></serial></ata></ata></intel></ata></ata></intel></isa></pci-isa></acpi></acpi></intel></intel></intel></intel></intel></intel></intel></intel></intel></intel></bcm5750></mii></broadcom></acpi></acpi></vga-compatible></intel></vga-compatible></acpi></acpi></acpi></acpi></power></acpi></dell></software></version></dell ></nx></sse3,dtes64,mon,ds_cpl,tm2,cnxt-id,xtpr></fpu,vme,de,pse,tsc,msr,pae,mce,cx8,apic,sep,mtrr,pge,mca,cmov,pat,pse36,clflush,dts,acpi,mmx,fxsr,sse,sse2,ss,htt,tm,pbe>
    

    I have no idea if the connection-loss started when ue0 seems to have went crazy.

    Here is a picture of System Activity after connection was lost:

    Help would me much appreciated, since I finally upgraded the CPU from 450mhz to 2.53ghz, and 192mb ram > 2gb.

    Thanks.



  • Forget to say that the USB-NIC is Asix ax88772b, using axe_4.ko

    [2.1-RELEASE][admin@firewall.ninya.org]/root(4): usbconfig -u 4 dump_device_desc
    
    ugen4.2: <product 0x772a="" vendor="" 0x0b95="">at usbus4, cfg=0 md=HOST spd=HIGH (480Mbps) pwr=ON
    
      bLength = 0x0012
      bDescriptorType = 0x0001
      bcdUSB = 0x0200
      bDeviceClass = 0x00ff
      bDeviceSubClass = 0x00ff
      bDeviceProtocol = 0x0000
      bMaxPacketSize0 = 0x0040
      idVendor = 0x0b95
      idProduct = 0x772a
      bcdDevice = 0x0001
      iManufacturer = 0x0001  <asix elec.="" corp.="">iProduct = 0x0002  <ax88x72a>iSerialNumber = 0x0003  <000002>
      bNumConfigurations = 0x0001</ax88x72a></asix></product> 
    


  • Did you already do the MBUF tweak?  In /boot/loader.conf… you might try setting kern.ipc.nmbclusters="32768".  The default I believe is 0.  You'll need to reboot the firewall after the change.

    This fixed some goofy NIC behavior in 2 of my remote office deployments.



  • I had the same issue using a USB nic. The fix was to ditch the USB nic and do both lan and wan on the same port using vlans. Of course you will need a switch capable of vlans to make this work.


  • Netgate Administrator

    @rocketdog:

    Forget to say that the USB-NIC is Asix ax88772b, using axe_4.ko

    Do you just mean its using the axe driver or you have actually loaded some alternative kernel module? I'm not familiar with 'axe_4.ko'.

    Steve



  • @BeerHat:

    Did you already do the MBUF tweak?  In /boot/loader.conf… you might try setting kern.ipc.nmbclusters="32768".  The default I believe is 0.  You'll need to reboot the firewall after the change.

    This fixed some goofy NIC behavior in 2 of my remote office deployments.

    Thanks! I'll give this a try.

    P.S. The FW hasn't dropped in 24 hours now!

    @mikeisfly:

    I had the same issue using a USB nic. The fix was to ditch the USB nic and do both lan and wan on the same port using vlans. Of course you will need a switch capable of vlans to make this work.

    The thing is, I don't want to get rid of my USB-nic.

    @stephenw10:

    Do you just mean its using the axe driver or you have actually loaded some alternative kernel module? I'm not familiar with 'axe_4.ko'.

    Steve

    Yeah, I just meant it's using the axe driver. I dunno why I wrote "axe_4.ko"



  • I noticed this during bootup:

    ukphy0: <generic ieee="" 802.3u="" media="" interface=""> PHY 16 on miibus1
    ukphy0:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto, auto-flow
    ue0: <usb ethernet=""> on axe0
    usb_alloc_device: set address 2 failed (USB_ERR_STALLED, ignored)
    usbd_setup_device_desc: getting device descriptor at addr 2 failed, USB_ERR_STALLED
    ZFS NOTICE: Prefetch is disabled by default on i386 -- to enable,
                add "vfs.zfs.prefetch_disable=0" to /boot/loader.conf.
    ZFS WARNING: Recommended minimum kmem_size is 512MB; expect unstable behavior.
                 Consider tuning vm.kmem_size and vm.kmem_size_max
                 in /boot/loader.conf.</usb></generic>
    

    Anyone knows what those STALLED-errors means?

    And how should the loader.conf look?

    vm.kmem_size="4355443200"
    vm.kmem_size_max="4355443200"
    

    or```
    vm.kmem_size=4355443200
    vm.kmem_size_max=4355443200



  • Google didnt gave me much, so I give it a shot here:
    Another problem I've found is that I can't reach http://192.168.0.1 with Mozilla (with or without safemode), only through Chrome. With Mozilla it just keeps "reading 192.168.0.1", while in Chrome it's in matter of milliseconds.

    And by the way, the comp I'm running the current FW on is an Dell SX280, I'm not sure if you guys can see it directly through dmesg, but I cannot get the thermal sensors to work. Any ideas?


  • Netgate Administrator

    The thermal sensors dashboard widget (I assume that's what you mean?) relies on the sensor selection in System: Advanced: Miscellaneous:. Since the SX280 is pre-Core architecture it can only use ACPI to read the CPU temperature which relies on Dell having written a bios that passes that info to a non Windows OS.
    If you just want to know what the CPU temp is you can probably use the mbmon FreeBSD package to read it but it doesn't talk to the dashboard widget.

    Steve



  • @stephenw10:

    The thermal sensors dashboard widget (I assume that's what you mean?) relies on the sensor selection in System: Advanced: Miscellaneous:. Since the SX280 is pre-Core architecture it can only use ACPI to read the CPU temperature which relies on Dell having written a bios that passes that info to a non Windows OS.
    If you just want to know what the CPU temp is you can probably use the mbmon FreeBSD package to read it but it doesn't talk to the dashboard widget.

    Steve

    Excatly. After a lot of testing, I've come to realize that neither the ACPI-thing nore mbmon works.

    [2.1-RELEASE][admin@firewall.ninya.org]/root(4): mbmon
    ioctl(smb0:open): No such file or directory
    No Hardware Monitor found!!
    InitMBInfo: Bad file descriptor
    
    


  • I'm not sure what wrong, but suddenly my FW starts to act like a monkey. It loses all connection to my gateway, and the only solution is, as topis say, reboot. 'dmesg' gives nothing. Anyone got a clue? This is really frustrating since I'm running TOR, http, mumble etc.


  • Netgate Administrator

    So you can still access the webgui? And can you, like previously, still ping the gateway?

    What is the gateway? Is the pfSense box behind another router or does it have a public IP on WAN? How is it connected?

    You need to methodically go through and identify exactly which part of the connection is failing. What you can ping and what you can't. Is DNS working? Does the routing table look reasonable?

    It's interesting that neither ACPI or mbmon work with that box. There must be a few people running identical hardware since they are so common. There will at least be people running FreeBSD on it. Do you have the most recent bios?

    Steve



  • Yeah, I can access the webGui. The GW is down, cannot be pinged (red-flagged @ webGui) etc. DNS:es can't be reached..

    I have a static ip, static GW, and the FW is connected directly to the "wall-jack".

    Not sure about the BIOS, but could take a look..Been thinking about things getting overheated, but then why would just the GW drop?
    The box seems no the have any support for temp-support, so I have no idea about if it is a overheat-problem..


  • Netgate Administrator

    Ok so the gateway device is some box at your ISP?
    When the gateway is marked down there will be something in the system logs. Often it will report the reason for marking it down as either excessive packet loss or delay. If it does not it usually means the connection has gone down. Is the WAN interface still showing as UP?
    It may be the remote box doesn't like being pinged continuously. You could try altering the ping interval (1s be default) or disabling apinger entirely in System: Routing: Gateways: (edit gateway - advanced section for apinger tuning).

    Steve



  • @rocketdog:

    Not sure about the BIOS, but could take a look..Been thinking about things getting overheated, but then why would just the GW drop?

    If you do a Dmesg after the GW drops, does it show the link flapping on the ue0 nic?

    If so, you either have a failing NIC or just general instability with the USB NIC (these aren't exactly what I would consider to be stable).

    If the System Logs do not show Apinger alarm, restarting the NIC and followed by a filter reload, then the problem probably lies with the NIC (I've had this with a failing NIC before).



  • @dreamslacker:

    If you do a Dmesg after the GW drops, does it show the link flapping on the ue0 nic?

    If so, you either have a failing NIC or just general instability with the USB NIC (these aren't exactly what I would consider to be stable).

    If the System Logs do not show Apinger alarm, restarting the NIC and followed by a filter reload, then the problem probably lies with the NIC (I've had this with a failing NIC before).

    Yeah, tons of ups and downs. The FW has worked as a charm for the last few days…I tuned some stuff on a server (did some ifconfig eth0 RX downtune IIRC), and the TOR-server went down about 20%...Before, and when the FW-problems occured, the tor-relay was full throttle.. So I guess it's just this damn USB NIC. Too much traffic and it goes bananas..

    How do you reload filters?



  • Looking at dmesg, I've lost connections several times…probably while I've not been using internet etc. And I have no idea for how long the ue0 is down, and why it comes back up again. Ideas?

    ukphy0: <generic ieee="" 802.3u="" media="" interface=""> PHY 16 on miibus1
    ukphy0:  none, 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto, auto-flow
    ue0: <usb ethernet=""> on axe0
    ZFS WARNING: Recommended minimum kmem_size is 512MB; expect unstable behavior.
                 Consider tuning vm.kmem_size and vm.kmem_size_max
                 in /boot/loader.conf.
    ZFS filesystem version 5
    ZFS storage pool version 28
    ue0: link state changed to DOWN
    bge0: link state changed to DOWN
    pflog0: promiscuous mode enabled
    ue0: link state changed to UP
    bge0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: promiscuous mode enabled
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP
    ue0: link state changed to DOWN
    ue0: link state changed to UP</usb></generic>
    

    Found this! What could cause this? 1-5 minutes downtime, but no "uplink" messages?

    Edit: Missed to get these lines in the screenshot.

    Feb 10 19:35:41 	apinger: Starting Alarm Pinger, apinger(17013)
    Feb 10 19:35:51 	apinger: ALARM: WANGW(188.133.122.1) *** down ***
    Feb 10 21:20:37 	apinger: ALARM: GW_WAN(188.122.133.1) *** down ***
    Feb 11 00:39:54 	apinger: Starting Alarm Pinger, apinger(13674)
    Feb 11 00:40:05 	apinger: ALARM: WANGW(188.133.122.1) *** down ***
    Feb 11 03:03:19 	apinger: ALARM: GW_WAN(188.122.133.1) *** down ***
    Feb 11 03:31:54 	apinger: Starting Alarm Pinger, apinger(15720)
    Feb 11 03:32:04 	apinger: ALARM: WANGW(188.133.122.1) *** down ***
    Feb 13 00:17:28 	apinger: ALARM: GW_WAN(188.122.133.1) *** loss ***
    Feb 13 00:47:10 	apinger: alarm canceled: GW_WAN(188.122.133.1) *** loss ***
    

    "Starting Alarm Pinger", then 10 seconds later I'm offline. Where can I find options about this thingy?


  • Netgate Administrator

    How far apart are these up down events?
    Why is it using promiscuous mode? Is it bridged?

    Steve



  • @stephenw10:

    How far apart are these up down events?
    Why is it using promiscuous mode? Is it bridged?

    Steve

    Promiscuous mode? I have no idea. I've never seen options like that. It is no bridged.


  • Netgate Administrator

    Usually a NIC would only need to use promiscuous mode if it has to be able to process frames addressed to other MACs.  This is the case if it is part of a bridge or has been used for packet capturing among others.

    Steve



  • @stephenw10:

    Usually a NIC would only need to use promiscuous mode if it has to be able to process frames addressed to other MACs.  This is the case if it is part of a bridge or has been used for packet capturing among others.

    Steve

    According to "Diagnostics > Packet Capture" promiscuous mode is disabled. By the way did, did you see my edit on my previous post?


  • Netgate Administrator

    You can tune apinger or disable it completely in System: Routing: Gateways: edit gateway, advanced.
    That's not going to help if your usb nic really is flaky though.

    Steve



  • @rocketdog:

    So I guess it's just this damn USB NIC. Too much traffic and it goes bananas..

    How do you reload filters?

    Seems like the case.  USB NICs aren't exactly stellar performers.  I seriously recommend getting a cheap VLAN capable switch (Netgear GS108T or HP Procurve 1810-8G or Mikrotik RB260GS) and using that with your BGE nic to create the WAN & LAN interfaces via VLANs instead.  It's far more stable than trying to work with the USB NIC.



  • As soon as I turn on squid, the USB drops within hours. Since I disabled it, it hasnt dropped once.  :) Too bad tho, since I really liked Squid. I guess I'll start using it the day I find relaying onion traffic boring.  8)



  • Sorry for keeping this thread alive, but..since I figured out, the reason the USB-NIC overloads is because of Squid, is there any certain tweaks I could do to Squid towards the hardware?



  • @rocketdog:

    Sorry for keeping this thread alive, but..since I figured out, the reason the USB-NIC overloads is because of Squid, is there any certain tweaks I could do to Squid towards the hardware?

    What is squid doing when the USB nic drops? Line up the logs. Look to make the logs more verbose.

    Have you tried a different set of USB headers? Does it correspond with high load on the PC?



  • @bryan.paradis:

    @rocketdog:

    Sorry for keeping this thread alive, but..since I figured out, the reason the USB-NIC overloads is because of Squid, is there any certain tweaks I could do to Squid towards the hardware?

    What is squid doing when the USB nic drops? Line up the logs. Look to make the logs more verbose.

    Have you tried a different set of USB headers? Does it correspond with high load on the PC?

    After all, it's just not Squid, it is traffic itself. USB-NIC/GW still drops, just not as frequent as with Squid enabled.

    Attached some RRD graphs. If you want RRD graphs of CPU or other system-related stuff, just give me a shout.








  • Hi there,

    We used to use USB NICs and can confirm this flapping behavior - UP/DOWN within seconds. The only solution is NOT to use USB NICs with pfSense/FreeBSD. Go for VLAN switches and non-USB NICs.

    Thanks,
    msu


Log in to reply