E1000 and Proxmox 5.2-x issues

[TheGrandWazoo]

Seems to be an issue with the e1000 interaction with OPNsense 18.7.x (possibly 18.1.x) and Proxmox using the e1000 nic.

Within a 24 hour time span the nic will basically stop passing data and the gateway will go "RED". This has mostly been seen on the WAN interface. This seems to be due to high or heavy traffic causing the nic to stop responding. Going into console and issuing an 'ifconfig em1 down' and then an 'ifconfig em1 up' resolves the issue. Tried the unchecking and checking from the GUI on that interface does not seem to clear this symptom up. And of course rebooting the VM fixes the issue too. I can replicate this everyday except I just upgraded from pfSense to OPNsense and DO NOT want to go back. I believe that the 2.4.3-p1 using 11.0 and OPNsense uses 11.1 but I did not try pfSense with e1000 nics only virtio nics. I used the e1000 nics due to the recommendation of the IDS/IPS requirement.

I did have the LAN interface lock on me once and I could not get into the system to try the "ifconfig" command so I had to reboot the VM (forgot about the Proxmox VM console but customer was wondering what was going on...mass hysteria).

I originally thought it was a CARP/HA issue but I have had it happen on a standalone OPNsense VM (only once so far) using the e1000 drivers but does not have a heavy load on it (using it as an SBC...which I am trying to make into a plugin for OPNsense )

Using 'virtio' now and all seems to be fine but of course IDS/IPS does not work (Underlying FreeBSD issues with virtio or qemu not having netmap support...lot of discussion about this around the internet).

[bevigilant]

I am glad I am not alone in this. It was driving me crazy.

I too run opnsense in Prox. I have the virtual nics set as E1000. I also find that during high traffic scenarios such as Torrents or Newsgroup downloading the WAN gateway will just drop. It then take a reboot of the VM to bring them back up.

[phoenix]

Rest assured that you're not the only one suffering from this problem, it's also the same for PFsense users: https://forum.netgate.com/topic/129906/proxmox-5-1-and-hanging-pfsense/10 & (from PROXMOX): https://forum.proxmox.com/threads/4-15-based-test-kernel-for-pve-5-x-available.42097/page-5#post-211748

I don't use PROXMOX but isn't there a virtual driver in PROXMOX and can't you use that? Also, have you tried disabling GRO on the physical NIC as mention in the link?

[bevigilant]

some excellent reading here thank you.

I will swap the NICs to the virtio and see how I get on with that.

[TheGrandWazoo]

The reason for using the e1000 NICs was due to the IDS Suricata not playing well with VirtIO and NetMap. But, a recent post on "New netmap enabled kernel" seems to have fixed the issue with NetMap and VirtIO so then can work with Suricata.

Thank for your comments to let me know I am not the only one having issues with the e1000 nics under Proxmox VE.

I will be trying the new Kernel to see if the all the planets align to have a great Firewall with IPS/IDS.