Messages

5HP gain, easy.

What would be the benefit of running memtest86+ if it cannot test all of the installed memory?  Only testing a portion of your memory does not give you any conclusive result.  And avoiding memory used by the system/OS is even less valuable, for this would be the area which you would really wish to know if there is an issue.

I also recently replaced my ISP's cable modem /w a Netgear CM2000 which meets and exceeds the specs of the ISP's modem.

I would start here.  Plug your modem directly into a known good computer and test.

When troubleshooting, I have always been from the school of "What was the last thing changed?"

I'll chime in here as well.  Earlier today I updated from 25.7.10 to 16.1.2_5.  For a long time I've been an advocate of never updating "critical" infrastructure or services with any software that ends in ".0" (or ".1" with OPNsense's revision formatting).  While it is just my home network, there are a number of homelab servers and services, and need to support several users needing it for school and WFH situations.  We all have become very dependent on things working properly in the past half decade.

Kudos to the OPNsense team for a seamless and pain free release.  Also want to recognize and offer a big "Thank you!" to the regulars here on the forum for your willingness to offer you advice and support.

Perhaps :) I read it as "You can accept the baseline so that we don't have to troubleshoot your network."

My post was tongue in cheek.  You are correct, initial troubleshooting should disable any shaping and packet inspection to determine if they are impacting the situation.

[Packet shapers.]

Saw a note under the section "Technologies that aren't recommended with Microsoft Teams":

Packet shapers. Any kind of packet snipper, packet inspection, or packet shaper devices aren't recommended for Teams media traffic and may degrade quality significantly.

Interesting.

You could also read that as Microsoft saying "Don't do anything that prevents us from having complete control of your system..."

os-isc-dhcp. It will auto-install on the actual upgrade to 26.1 when it's out.

Quick follow up question, for clarification: When updating to 26.1, does the os-isc-dhcp plugin auto-install also automatically configure from one's 25.x.x ISC settings?

Really love the WAF

Had to look that up.  The only thing that my mind came up with is "Wife Acceptance Factor".  A very important metric in my home.

It is early.  Time for some more coffee.

Or perhaps today's Cloudflare issue?

Not the original question, but the heat transfer of the china boxes are often abysmal and because of bad quality control, differs much from one specimen to the next.

See this for an example (in german, but with telling pictures). When the temps are really bad, I always change the thermal paste. Sometimes, there is not enough pressure between the board and the case.

I +1 for the poor thermal interface of the Chinese boxer.  I have a N5105 I picked up a few years ago.  A Topton, but they pretty much all come from the same manufacturers/suppliers.  Do almost anything and the CPU temps shot to 100C+.

I took it apart (I wasn't shipping back to China).  The heatsink pad where the die makes contact was scratched up, there were burrs around the mounting screw holes, and whatever compound they used was questionable.  I deburred the screw holes, carefully sanded/lapped the heatsink, added a very thin copper shim and put some fresh quality thermal compound on it.  Temps imediately got much better.

I do have a cheap USB powered 120mm fan I sit on top of it, blowing down onto the fins.  Plugs into a USB port for power, and has a switch for the fan speed.  I set it to low, and you can't even hear it.  I don't work the box very hard (home network) but sometime it gets put through its paces (1Gb WAN/2.5 Gb LAN) and temps never get much over 45C.

As others have said or implied, it depends on your use case.
Is this a mission critical network or your personal at home plaything?
A few users or many dozens of users?
Traffic from a few internal users or services for many external users?

The devil is always in the details.

With that said, I have been using a Topton N5105 with 4 2.5Gbe Intel nics for about 2 years.  I needed to clean, smooth and re-paste the heat sink on it, and still have a slow USB fan to keep it cool.  (May be overkill, as they will run hot without issues, but I prefer it cool.)  Network is my home and lab playground, move a lot of data around, a number of services running, several VLAN in network, cameras and home automation stuff, etc.  OPNsense runs on it bare metal, and I haven't had any issues and the system never seems to be overworked by what I ask of it.

If a needed to support it for someone else, I probably would use it in a home or few person office.  But for a larger or more mission critical application, I would step up to something better.

EricPerl is correct.  First thing I noticed in your post is that it looks as one of the devices has their NIC negotiating at 100Mb speed.  Check the cabling and reboot (power off/on) both devices.

Do you mean this?  It is in the Gateway config.

Interesting.  Nearly the same combination I've been running my server for the past 18 months without a single issue.

Without seeing the actual MCA errors it is impossible to start issuing blame.  Hardware not working as expected could have many root causes - CPU, motherboard, RAM, BIOS settings or BIOS code itself, the list could go on.

But sometimes it is best to move on to different hardware, especially if you don't have a compelling reason to stick with the one giving issues.

Early Ryzen CPUs (ZEN/ZEN+) had some issues running Linux OS, though it typically manifests as system lock up vs rebooting.  Later CPUs seem to work much better, as there are many data centers running the same processor die (EPYC).

Some immediately say "Disable C-States" but that is a very drastic solution, one of last resort.  It basically disables one of the best features of modern AMD CPUs - its power management.  Unless you have hundreds of active clients being routed on your bare metal system, you will appreciate the power savings over time.

The two things I've found to be effective on my Ryzen based servers (my OPNSense is on a Intel N5105) are:

-- In the BIOS, set Power Supply Idle Control to Typical Current Idle (or some equivalent wording in your particular BIOS)
--Don't use XMP or any overclocking timing for your DRAM.  Your 2400G is a 1st gen ZEN processor, so your memory speeds should be set to a much lower timing than the marketing "DDR4 3200" would make you think.  (See below)

I initially had issues running a 1st gen Ryzen 1500X in an Unraid server.  After changing these two parameters in my BIOS, that system has run flawlessly for a couple of years.