Messages

[...]This is what you are advising me to check, correct?

Essentially. Not the capture (at this point), but what was learned on each device. Normally proxies are pretty easy to spot... once you look. More of an issue on bridges because of the (potentially) larger L2 domain.

Have you checked the MAC addresses learned from ARP on each device? Actual values, not just presence. Looking for a problem proxy.

I may not be following your precise configuration. Is the AP in bridge mode?

Context: I have a similar setup: multiple bridges on an OPNsense firewall, with a Linksys MX8500 running OpenWRT connected to one bridge. The MX8500 is also in bridge mode - that is, the wireless radios are attached to a bridge which contains the Ethernet interface connected to the firewall; it (the radio bridge on the AP) has no IP address assigned and no DHCP client (or server, of course) running. (For completeness I have a second bridge on the MX8500 for management which is not accessible from the client/radio bridge, which is a DHCP client, connected to a different bridge on the firewall.)

I hadn't thought of differences in utilities - how does it look in top, for instance?

Code Select Expand

[...]
Mem: 101M Active, 363M Inact, 2732M Wired, 104K Buf, 27G Free
ARC: 1357M Total, 767M MFU, 407M MRU, 9081K Anon, 23M Header, 149M Other
    1047M Compressed, 3182M Uncompressed, 3.04:1 Ratio
[...]

The ARC allocation (generally) grows from boot to a stable level. Some memory utilization reports neglect/subtract ARC (e.g. the percentage reported in the dashboard widget), so memory usage may appear more stable. So yes, a characteristic of FreeBSD (with ZFS, at least).

That is an 10G Base-SR type SFP+ transceiver, which is way less power-consuming than RJ45 ones. For DAC cables, you do not even get a temp reading, because they are the least power hungry of the three types.

I was just demonstrating the command to read the temp, if supported. Slipped my mind earlier. Heh - as for DAC cables, the only active component they have is the ID chippie. It might be interesting to read the ambient temperature of the cage, but I don't know that I'd want to pay extra for it.

[...]SFPs have often a MON[...]

Grr. Good point:

Code Select Expand

root@fw:/home/user # ifconfig -v ixl3
ixl3: flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        description: x710p3 (opt4)
        options=4800028<VLAN_MTU,JUMBO_MTU,HWSTATS,MEXTPG>
        ether 3c:fd:fe:e7:2d:8b
        media: Ethernet autoselect (10Gbase-SR <full-duplex>)
        status: active
        nd6 options=9<PERFORMNUD,IFDISABLED>
        drivername: ixl3
        plugged: SFP/SFP+/SFP28 10G Base-SR (LC)
        vendor: Intel Corp PN: AFBR-709DMZ-IN3 SN: AA202830LM3 DATE: 2020-07-11
        module temperature: 27.90 C voltage: 3.35 Volts
        lane 1: RX power: 0.51 mW (-2.92 dBm) TX bias: 5.46 mA
root@fw:/home/user #

[...]If appliance is powered down for 5 minutes or so, full PPPOE speeds return[...]

That does sound like it's cooling off, but if that's the case, it should be consistent. Do you have any other connectivity options? e.g. a DAC cable and a switch with 10GBASE-T and SFP+ ports.

[...]It would appear that the program doesn't know what to do with a negative temperature reading. It certainly isn't overheating in my -28 degree C garage in the middle of winter.

Impressive. I'd really worry about thermal shock.

Sheesh. It's about to freeze here. I have a cheap house, so I'd be in a bad way if it got down that low. And now I'm off to try to keep the ice buildup on my porch to a minimum.

[...]IMHO mainly the Samsung "Pro" Series NVMe SSD's have that issue and the rest not as much.[...]

Overall, it's just a matter of:

• power targets
• thermal mass
• radiative area
• convection/airflow

I get "enterprise" or "data center" devices (a stretch for M.2, but hey), which tend to nail themselves at maximum power (~8W for M.2) for maximum performance. Keeping such devices in the M.2 form factor cool is a challenge, especially where radiative area is constrained. Consumer-type devices keep cool(er) mainly through low power targets (which hurt performance) and PSLC caching (which greatly improves performance, but has a limited endurance). Same old tradeoffs.

Has anyone found TDR (available on many switches) to be worth anything? It's been about 20 years since I looked at it. (Edit: vague memories... it was only good for estimating length, and not much good for that. Sorry about the noise.)

"None/ACPI" may be worth a try. I have a Gigabyte board that exports a bunch of sensors via ACPI, including some from add-in cards; my Asrock boards do not.

What sensor source are you using? "System: Settings: Miscellaneous" -> "Thermal Sensors". Sensors under FreeBSD are pretty limited; some devices export good ACPI data, some don't.

[...]
Destination/Invert - Checked (Use this option to invert the sense of the match)
Destination - PIHOLE_DNS (An alias I set up that contains the IPv4 and IPv6 addresses of my two PiHole instances)
[...]

I may be off here, but in my experience the inversion operator does not work as (may be) expected on multiple-entry IP aliases. You could try creating (and using) an alias that has individual inverted elements... but that construct is a bit vague, too. I avoid the inversion operator because of that; for this type of scenario I use two rules (pass what I want, block everything else). YMMV.

[...]From what I see on GitHub and the forum and from my own experience, hostwatch is still in the development phase.[...]

Seeing "This release brings the new host discovery service..." in the release announcement I upgraded, then immediately hunted down the service and killed it, as I did not see a need for it. (After looking at its output, of course - you never can tell, it could be exciting.) I suppose that puts me in the

Development = alpha, Community = beta, Business = stable

group, not that I would consider any software to be "stable".

[...]Stress-ng[...]

Does stress-ng generate enough load? I use good old mprime, but I boot Linux to run it (more CPU/sensor info). Even it will not load all CPUs effectively (e.g. low-turbo non-SMT Skylakes, and earlier version did not detect AVX support in Ryzens).