Messages

If there were no specific sysctl settings that may have got wipes during updates, then things are most likely still all the same, which then leans an issue on the modem side.

But, iperf will be the goto tool to verify.
I will also note, with some recent work not related to OPNsense, PPS and Throughput are two very different things, so testing net load from those two angles is a better view of things.

Recommended Sysctl Offloading Settings for i226 NIC on FreeBSD

To optimize the performance of the i226 NIC on FreeBSD, you can adjust several sysctl settings. Below are the recommended configurations:
Key Sysctl Settings
Setting   Value                             Description
net.isr.dispatch   "deferred"   Improves performance by allowing deferred processing of interrupts.
hw.ix.flow_control   "0"           Disables flow control to enhance throughput.
hw.ix.max_interrupt_rate            Increase to 20000   Raises the maximum interrupt rate for better performance.

I read a few posts back from here.
1) the name of the cfg file can be anything, as long as you call the file by name in the update util.
2) if the i226 is write protected, then you need to unset(set) the correct register to unlock it.
3) post #195, ETrackId  80000290, refers to 1MB NVM, but you were trying to flash a 2MB NVM

#2 is a whole other thread. But if its truly locked I would demand from the vendor or maker of the card to provide the util and steps to unlock it, or provide a util that can do the NVM update.

Guys,

Any update on the tunables for igc?  Which among them are still relevant?

I had posted some time ago my set of sysctl settings that were applied, taken from various sources listed in the post. No formal testing was done though. Suggested settings are just that. True-tried is cumbersome but has more weight relevant to "suggested".

IIRC, most of my settings are router relevant because my FW does very little host stuff.

Requires onsite visit? Do you mean to be able to do "reboot" from the console, or recycle the power?
If that's the type of remote location it is, then maybe some form of out-of-band console access should be there?

Or, set that option to 0, and still evaluate OOB access.

Yes, DMZ's make sense.
If you have IoT , Wifi, etc, you dump them off into the DMZ network so that they dont have open access to your more private/sensitive stuff internally, and, you can create specific outbound rules for each device as needed. This is the safer approach.

A 2nd DMZ is also good when say you want to stand up a VPN server for remote access. Park the VPN server/device there.

The general model is to have anything that has a connection to internet (public) do so from a DMZ. Meaning your internal network stuff should use a proxy in the DMZ, this way the proxy is doing the actual connecting to public and not your internal stuff.

Seeing routable IP in a "netstat -na" is cringe-worthy. But, since vendors like to market things as easy P&P UTM etc they do not properly convey a good secure configuration.

Just need one OPNsense fw with multiple nics to make the secure setup work. WAN DMZ1 DMZ2 LAN.

Does the "reliability" of a dedicated server PSU actually outweigh the benefits of a modern, silent, low-wattage DC adapter in the long run for a home setup?

Is it a ATX PSU or just a simple single supply?

You have more factors in there.
1st, the server PSU you describe, is used.
2nd, the small dc-dc warts are mostly junk made. If you get a decent brand name (MeanWell or other), just buy two, keep one as spare.

There's also other external options, like just use a MeanWell RS-75-xx, you can simply house it with venting, silent and durable.

But you have a server unit, that has a PSU, so what would be the goto if you dont use the PSU that came with it?

The issue with i226 was the nvram. Drivers work a-ok.

4x 226 + 1 or 2 sfp+ ports , seems good for doing some expansion.

N355 is about 2x the N150 on all fronts (more threads, more power, and price).

More concise, it the project itself
https://tristan-project.eu/

FPGA --> risc-v. Sounds flexible.

Who will be the one to create the FPGA blueprint by which the OPNsense port compiles against? Getting to a GNU linux is likely magnitudes easier.

Another find, good read
https://edc.intel.com/content/www/us/en/design/products/ethernet/adapters-and-devices-user-guide/intel-ethernet-nvm-update-tool/

???

reboot, or

To manually renew a DHCP lease on FreeBSD, you can delete the lease file with the command rm /var/db/dhclient.leases.[interfacename] and then restart the DHCP client with service 'dhclient restart interface'

iostat should be good.

Has anyone upgraded the firmware in Proxmox? Nothing is being displayed in nvmupdate64e.

From which OS directory from the Intel bundle did you get "nvmupdate64e"?

The bsd/linux/win64 driver code for ix 82599 is in the Intel bundle download, but you download the latest bundle (31 or 31.x)
I have the 30.6 bundle here, so the path in bundle zip is \Release_30.6.zip\PROXGB\

Driver code typically covers a family of NIC, but NVM is more specific to actual NIC chip.
NVM bin file for 82599 is MIA, you need to hunt that down.
Here's a NVM update package from Dell, but looks like you would need to do it from Windows OS, and I am not sure how old this version is.
https://www.dell.com/support/home/en-us/drivers/driversdetails?driverid=n01kv

If after doing the NVM update and the iface still experiences something odd that seems related to ASPM, then I suspect an issue not related to NVM.

For a Aliexpress 226 pcie card, I might suspect there's a pcie issue between card and host mobo and/or OS. I would start looking there (log messages, etc).

I am using this model for some other linux project, but I can say its a nifty quiet device.
N150, 16G ram, 500G nvme ssd, dual i226v, built-in wifi/bt, hdmi, USBs, and built-in psu.
Came with the latest Megatrends BIOS that has a ton of tweaks you can do.
The i226's needed updating.
Perhaps a smidge more money than others, but its nice, should be excellent fit for small office and home use OPNsense where it's just WAN/LAN or WAN/LAN.1q or LAN.1q/LAN.1q, obviously limited to 226 speeds.