Menu

Show posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.

Show posts Menu

Topics - CleBoatGuy

Pages1
#1
General Discussion / LAGGs and Load
March 07, 2021, 02:01:07 AM
I'm hoping someone can help me understand what's going on.  When there is more than 1 interface member of the LAG, and start to put even a little bit of traffic through the firewall (around 40Mb/s), ping times skyrocket, and then eventually all pings to the firewall timeout (around 60Mb/s) and the web interface is unreachable.  As soon as the traffic stops (<1Mb/s), ping times drop to a reasonable 1.5ms, and I can access the web interface again.

My LAN interface is set up as a LAG.  The above behavior only happens if is more than one member of the LAG.  I've tried both LACP and loadbalancing configs, and get the same behavior with both.
The switch is a Netgear GS324TP (I know, Netgear, no jokes, please), but it does support both LACP and static LAG configs.

I tested single interface LACP and Loadbalancing LAG settings for each of the physical interfaces individually, and can push +800Mb/s through without any issue.  It's only when I have multiple members of the LAG that issues arise with even the smallest amount of traffic.

Setup:

  • OPNSesne: Qotom i5-7200U, 16GB RAM, 250GB SSD - all latest patches
  • Switch: Netgear GS724TP with the latest firmware
  • The LAG is a member of 2 VLANS (1, and 30).  All test traffic is using VLAN 1.
I've Fluke tested the CAT6 network cables, all good.
Any ideas?
#2
Web Proxy Filtering and Caching / C-ICAP not installing correctly
February 13, 2021, 04:01:15 PM
Hi All,
I'm trying to get the webproxy configured with C-ICAP, but C-ICAP isn't installing correctly.  When I add the plugin, the install looks like everything is ok, but the service doesn't start and I don't see C-ICAP in the list of services.  I've uninstalled and reinstalled a bunch of times with reboots in between.  I've gone into the shell and removed all the ICAP dirs I could find, including clearing the package cache.  Still no luck.

Here's the output from the plugin install:
Code Select
***GOT REQUEST TO INSTALL: os-c-icap***
Updating OPNsense repository catalogue...
OPNsense repository is up to date.
All repositories are up to date.
The following 3 package(s) will be affected (of 0 checked):

New packages to be INSTALLED:
c-icap: 0.5.7,2
c-icap-modules: 0.5.4
os-c-icap: 1.7

Number of packages to be installed: 3

The process will require 1 MiB more space.
317 KiB to be downloaded.
[1/3] Fetching os-c-icap-1.7.txz: .. done
[2/3] Fetching c-icap-modules-0.5.4.txz: .......... done
[3/3] Fetching c-icap-0.5.7,2.txz: .......... done
Checking integrity... done (0 conflicting)
[1/3] Installing c-icap-0.5.7,2...
===> Creating groups.
Creating group 'c_icap' with gid '959'.
===> Creating users
Creating user 'c_icap' with uid '959'.
[1/3] Extracting c-icap-0.5.7,2: .......... done
[2/3] Installing c-icap-modules-0.5.4...
[2/3] Extracting c-icap-modules-0.5.4: .......... done
[3/3] Installing os-c-icap-1.7...
[3/3] Extracting os-c-icap-1.7: .......... done
Stopping configd...done
Starting configd.
Keep version OPNsense\CICAP\General (1.0.1)
Keep version OPNsense\CICAP\Antivirus (1.0.0)
Reloading plugin configuration
Configuring system logging...done.
Reloading template OPNsense/CICAP: OK
Checking integrity... done (0 conflicting)
Nothing to do.
***DONE***


Looking at /etc/rc.conf.d/c_icap shows
Code Select
c_icap_enable="NO"

I'm new to OPNSense.  Any ideas where to start?
Pages1