Occasionally need a restart of the ZenArmor service

Could this be a netmap driver issue? It seems from time to time we have a disconnect from the WAN (or slow / non existent throughput). I have noticed that if I restart the Zenarmor service, then things start working again.

Question 1: Is there a way from cron to have a daily restart?

Question 2: Should I move to the netmap emulation?

Here's a pciconf -lvv output

root@OPNsense:~ # pciconf -lvv
hostb0@pci0:0:0:0: class=0x060000 rev=0x13 hdr=0x00 vendor=0x8086 device=0x3406 subvendor=0x1028 subdevice=0x0235
vendor = 'Intel Corporation'
device = '5520 I/O Hub to ESI Port'
class = bridge
subclass = HOST-PCI
pcib1@pci0:0:1:0: class=0x060400 rev=0x13 hdr=0x01 vendor=0x8086 device=0x3408 subvendor=0x1028 subdevice=0x0235
vendor = 'Intel Corporation'
device = '5520/5500/X58 I/O Hub PCI Express Root Port 1'
class = bridge
subclass = PCI-PCI
pcib2@pci0:0:3:0: class=0x060400 rev=0x13 hdr=0x01 vendor=0x8086 device=0x340a subvendor=0x1028 subdevice=0x0235
vendor = 'Intel Corporation'
device = '5520/5500/X58 I/O Hub PCI Express Root Port 3'
class = bridge
subclass = PCI-PCI
pcib3@pci0:0:4:0: class=0x060400 rev=0x13 hdr=0x01 vendor=0x8086 device=0x340b subvendor=0x1028 subdevice=0x0235
vendor = 'Intel Corporation'
device = '5520/X58 I/O Hub PCI Express Root Port 4'
class = bridge
subclass = PCI-PCI
pcib4@pci0:0:5:0: class=0x060400 rev=0x13 hdr=0x01 vendor=0x8086 device=0x340c subvendor=0x1028 subdevice=0x0235
vendor = 'Intel Corporation'
device = '5520/X58 I/O Hub PCI Express Root Port 5'
class = bridge
subclass = PCI-PCI
pcib5@pci0:0:6:0: class=0x060400 rev=0x13 hdr=0x01 vendor=0x8086 device=0x340d subvendor=0x1028 subdevice=0x0235
vendor = 'Intel Corporation'
device = '5520/X58 I/O Hub PCI Express Root Port 6'
class = bridge
subclass = PCI-PCI
pcib9@pci0:0:7:0: class=0x060400 rev=0x13 hdr=0x01 vendor=0x8086 device=0x340e subvendor=0x1028 subdevice=0x0235
vendor = 'Intel Corporation'
device = '5520/5500/X58 I/O Hub PCI Express Root Port 7'
class = bridge
subclass = PCI-PCI
pcib10@pci0:0:9:0: class=0x060400 rev=0x13 hdr=0x01 vendor=0x8086 device=0x3410 subvendor=0x1028 subdevice=0x0235
vendor = 'Intel Corporation'
device = '7500/5520/5500/X58 I/O Hub PCI Express Root Port 9'
class = bridge
subclass = PCI-PCI
none0@pci0:0:20:0: class=0x080000 rev=0x13 hdr=0x00 vendor=0x8086 device=0x342e subvendor=0x0000 subdevice=0x0000
vendor = 'Intel Corporation'
device = '7500/5520/5500/X58 I/O Hub System Management Registers'
class = base peripheral
subclass = interrupt controller
none1@pci0:0:20:1: class=0x080000 rev=0x13 hdr=0x00 vendor=0x8086 device=0x3422 subvendor=0x0000 subdevice=0x0000
vendor = 'Intel Corporation'
device = '7500/5520/5500/X58 I/O Hub GPIO and Scratch Pad Registers'
class = base peripheral
subclass = interrupt controller
none2@pci0:0:20:2: class=0x080000 rev=0x13 hdr=0x00 vendor=0x8086 device=0x3423 subvendor=0x0000 subdevice=0x0000
vendor = 'Intel Corporation'
device = '7500/5520/5500/X58 I/O Hub Control Status and RAS Registers'
class = base peripheral
subclass = interrupt controller
uhci0@pci0:0:26:0: class=0x0c0300 rev=0x02 hdr=0x00 vendor=0x8086 device=0x2937 subvendor=0x1028 subdevice=0x0235
vendor = 'Intel Corporation'
device = '82801I (ICH9 Family) USB UHCI Controller'
class = serial bus
subclass = USB
uhci1@pci0:0:26:1: class=0x0c0300 rev=0x02 hdr=0x00 vendor=0x8086 device=0x2938 subvendor=0x1028 subdevice=0x0235
vendor = 'Intel Corporation'
device = '82801I (ICH9 Family) USB UHCI Controller'
class = serial bus
subclass = USB
ehci0@pci0:0:26:7: class=0x0c0320 rev=0x02 hdr=0x00 vendor=0x8086 device=0x293c subvendor=0x1028 subdevice=0x0235
vendor = 'Intel Corporation'
device = '82801I (ICH9 Family) USB2 EHCI Controller'
class = serial bus
subclass = USB
uhci2@pci0:0:29:0: class=0x0c0300 rev=0x02 hdr=0x00 vendor=0x8086 device=0x2934 subvendor=0x1028 subdevice=0x0235
vendor = 'Intel Corporation'
device = '82801I (ICH9 Family) USB UHCI Controller'
class = serial bus
subclass = USB
uhci3@pci0:0:29:1: class=0x0c0300 rev=0x02 hdr=0x00 vendor=0x8086 device=0x2935 subvendor=0x1028 subdevice=0x0235
vendor = 'Intel Corporation'
device = '82801I (ICH9 Family) USB UHCI Controller'
class = serial bus
subclass = USB
ehci1@pci0:0:29:7: class=0x0c0320 rev=0x02 hdr=0x00 vendor=0x8086 device=0x293a subvendor=0x1028 subdevice=0x0235
vendor = 'Intel Corporation'
device = '82801I (ICH9 Family) USB2 EHCI Controller'
class = serial bus
subclass = USB
pcib11@pci0:0:30:0: class=0x060401 rev=0x92 hdr=0x01 vendor=0x8086 device=0x244e subvendor=0x1028 subdevice=0x0235
vendor = 'Intel Corporation'
device = '82801 PCI Bridge'
class = bridge
subclass = PCI-PCI
isab0@pci0:0:31:0: class=0x060100 rev=0x02 hdr=0x00 vendor=0x8086 device=0x2918 subvendor=0x1028 subdevice=0x0235
vendor = 'Intel Corporation'
device = '82801IB (ICH9) LPC Interface Controller'
class = bridge
subclass = PCI-ISA
atapci0@pci0:0:31:2: class=0x01018f rev=0x02 hdr=0x00 vendor=0x8086 device=0x2921 subvendor=0x1028 subdevice=0x0235
vendor = 'Intel Corporation'
device = '82801IB (ICH9) 2 port SATA Controller [IDE mode]'
class = mass storage
subclass = ATA
bce0@pci0:1:0:0: class=0x020000 rev=0x20 hdr=0x00 vendor=0x14e4 device=0x1639 subvendor=0x1028 subdevice=0x0235
vendor = 'Broadcom Inc. and subsidiaries'
device = 'NetXtreme II BCM5709 Gigabit Ethernet'
class = network
subclass = ethernet
bce1@pci0:1:0:1: class=0x020000 rev=0x20 hdr=0x00 vendor=0x14e4 device=0x1639 subvendor=0x1028 subdevice=0x0235
vendor = 'Broadcom Inc. and subsidiaries'
device = 'NetXtreme II BCM5709 Gigabit Ethernet'
class = network
subclass = ethernet
bce2@pci0:2:0:0: class=0x020000 rev=0x20 hdr=0x00 vendor=0x14e4 device=0x1639 subvendor=0x1028 subdevice=0x0235
vendor = 'Broadcom Inc. and subsidiaries'
device = 'NetXtreme II BCM5709 Gigabit Ethernet'
class = network
subclass = ethernet
bce3@pci0:2:0:1: class=0x020000 rev=0x20 hdr=0x00 vendor=0x14e4 device=0x1639 subvendor=0x1028 subdevice=0x0235
vendor = 'Broadcom Inc. and subsidiaries'
device = 'NetXtreme II BCM5709 Gigabit Ethernet'
class = network
subclass = ethernet
mfi0@pci0:3:0:0: class=0x010400 rev=0x05 hdr=0x00 vendor=0x1000 device=0x0079 subvendor=0x1028 subdevice=0x1f17
vendor = 'Broadcom / LSI'
device = 'MegaRAID SAS 2108 [Liberator]'
class = mass storage
subclass = RAID
pcib6@pci0:5:0:0: class=0x060400 rev=0x0e hdr=0x01 vendor=0x111d device=0x8018 subvendor=0x0000 subdevice=0x0000
vendor = 'Microsemi / PMC / IDT'
device = 'PES12N3A 12-lane 3-Port PCI Express Switch'
class = bridge
subclass = PCI-PCI
pcib7@pci0:6:2:0: class=0x060400 rev=0x0e hdr=0x01 vendor=0x111d device=0x8018 subvendor=0x0000 subdevice=0x0000
vendor = 'Microsemi / PMC / IDT'
device = 'PES12N3A 12-lane 3-Port PCI Express Switch'
class = bridge
subclass = PCI-PCI
pcib8@pci0:6:4:0: class=0x060400 rev=0x0e hdr=0x01 vendor=0x111d device=0x8018 subvendor=0x0000 subdevice=0x0000
vendor = 'Microsemi / PMC / IDT'
device = 'PES12N3A 12-lane 3-Port PCI Express Switch'
class = bridge
subclass = PCI-PCI
igb0@pci0:7:0:0: class=0x020000 rev=0x02 hdr=0x00 vendor=0x8086 device=0x10d6 subvendor=0x8086 subdevice=0x145a
vendor = 'Intel Corporation'
device = '82575GB Gigabit Network Connection'
class = network
subclass = ethernet
igb1@pci0:7:0:1: class=0x020000 rev=0x02 hdr=0x00 vendor=0x8086 device=0x10d6 subvendor=0x8086 subdevice=0x145a
vendor = 'Intel Corporation'
device = '82575GB Gigabit Network Connection'
class = network
subclass = ethernet
igb2@pci0:8:0:0: class=0x020000 rev=0x02 hdr=0x00 vendor=0x8086 device=0x10d6 subvendor=0x8086 subdevice=0x145a
vendor = 'Intel Corporation'
device = '82575GB Gigabit Network Connection'
class = network
subclass = ethernet
igb3@pci0:8:0:1: class=0x020000 rev=0x02 hdr=0x00 vendor=0x8086 device=0x10d6 subvendor=0x8086 subdevice=0x145a
vendor = 'Intel Corporation'
device = '82575GB Gigabit Network Connection'
class = network
subclass = ethernet
vgapci0@pci0:11:3:0: class=0x030000 rev=0x0a hdr=0x00 vendor=0x102b device=0x0532 subvendor=0x1028 subdevice=0x0235
vendor = 'Matrox Electronics Systems Ltd.'
device = 'MGA G200eW WPCM450'
class = display
subclass = VGA
root@OPNsense:~ #

I'm currently using these two (bce0 is the WAN, bce1 is LAN (with 3 tagged VLANs on it)

bce0@pci0:1:0:0: class=0x020000 rev=0x20 hdr=0x00 vendor=0x14e4 device=0x1639 subvendor=0x1028 subdevice=0x0235
vendor = 'Broadcom Inc. and subsidiaries'
device = 'NetXtreme II BCM5709 Gigabit Ethernet'
class = network
subclass = ethernet
bce1@pci0:1:0:1: class=0x020000 rev=0x20 hdr=0x00 vendor=0x14e4 device=0x1639 subvendor=0x1028 subdevice=0x0235
vendor = 'Broadcom Inc. and subsidiaries'
device = 'NetXtreme II BCM5709 Gigabit Ethernet'
class = network
subclass = ethernet

Hardware offloading is disabled in settings (checksum, TCP segmentation, large receive and VLAN hardware filtering).

Any ideas?

Thank you!

Bruce

Official comment

SVN Support Team

March 03, 2023 09:33

Hi Bruce,

It seems a netmap issue. Netmap has a known issue with VLAN interfaces. Do you have VLAN(s) on the protected interface?

Bruce Tenison

March 03, 2023 10:12

Yes. The protected networks are vlan networks. It works for a period of time then fails.

Would emulated work? At least until I can adjust my physical networking to move the vlans to separate interfaces?

March 03, 2023 10:16

Please install patched kernel withe the following command, and then try with emulated driver.

opnsense-update -zkr 23.1.1-netmap2 && opnsense-shell reboot (it will restart after installation)

More detail for the kernel is in the following forum topic

https://forum.opnsense.org/index.php?topic=32114.45

March 03, 2023 10:57

Thank you!! Will do. I’ll let you know how it goes.

March 03, 2023 11:01

Once this is complete and I switch to physical connections for all my VLANS (remove the single physical interface for my vlans) should I switch back to the non emulated driver?

March 03, 2023 13:14

Please keep it in the emulated driver.

March 03, 2023 14:06

Will do. One more question. I will be switching hardware soon. The current setup is a Dell R710 that I had around (had to replace a failed Protectli). The new one is a bit smaller but has an Intel EXPI9404PTL PRO/1000 PT Quad Port Server Adapter in it. When I provision that box, should I go native, or keep the emulated?

March 03, 2023 15:00

The team fixes the issue for emulated driver. So, if you will have VLAN interface(s) on new hardware, keep to use emulated driver.

March 03, 2023 16:01

OK. My plan is to, when I transition to the new hardware, I will be splitting the VLAN interface to untagged (no VLAN tag) interfaces so that this issue will (hopefully) go away. If that's the case, then can I / should I change back the non-emulated driver?

Since I am CURRENTLY using tagged VLANs on one interface, I will remain on the emulated driver.

Is that all correct?

March 04, 2023 06:53

Yes, that is correct.

Occasionally need a restart of the ZenArmor service

Comments

Didn't find what you were looking for?