46
23.7 Legacy Series / Re: Traffic shaping rules not being applied (23.7.9)
« on: December 01, 2023, 09:04:20 am »
Up Pipe
This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.
em0: Watchdog timeout Queue[0]-- resetting
em0: Watchdog timeout Queue[0]-- resetting
em0: Watchdog timeout Queue[0]-- resetting
em0: Watchdog timeout Queue[0]-- resetting
em0: Watchdog timeout Queue[0]-- resetting
em0: Watchdog timeout Queue[0]-- resetting
em0: Watchdog timeout Queue[0]-- resetting
em0: Watchdog timeout Queue[0]-- resetting
em0: Watchdog timeout Queue[0]-- resetting
em0: Watchdog timeout Queue[0]-- resetting
em0: Watchdog timeout Queue[0]-- resetting
em0: Watchdog timeout Queue[0]-- resetting
em0: Watchdog timeout Queue[0]-- resetting
em0: Watchdog timeout Queue[0]-- resetting
em0: Watchdog timeout Queue[0]-- resetting
em0: Watchdog timeout Queue[0]-- resetting
hw.pci.enable_msix="0"
hw.pci.enable_msi="0"
WARNING: attempt to domain_add(netgraph) after domainfinalize()
ng0: changing name to 'pppoe0'
hw.em.max_interrupt_rate: 32000
hw.em.rx_process_limit: -1
# Some suggestions this should be equal to at least maximum sessions/states, i.e flows, I believe.
# Firewall regularly has at least 2000 sessions/state entries, so to allow for bursting
net.inet.ip.dummynet.fqcodel.flows: 8192
# The default hard size limit (in unit of packet) of all queues managed by an instance of the scheduler.
# This is the absolute upper limit permitted
net.inet.ip.dummynet.fqcodel.limit: 20480
net.inet.ip.intr_queue_maxlen: 2048
net.isr.defaultqlimit: 2048
net.link.ifqmaxlen: 2048 # Set to sum of RX/TX NIC descriptors; default 1024 descriptors
net.route.netisr_maxqlen: 2048
net.inet.tcp.tso: 0
net.isr.bindthreads: 1
net.isr.maxthreads: -1
"The trick part is that after PPPoE session is established, mpd5 does not process its traffic as it goes completely in-kernel"
<30>1 2023-11-28T07:50:25+00:00 Firewall.localdomain ppp 75232 - [meta sequenceId="12"] [wan_link0] PPPoE: Connecting to ''
<30>1 2023-11-28T07:50:31+00:00 Firewall.localdomain ppp 75232 - [meta sequenceId="1"] PPPoE: rec'd ACNAME "XXXXX-XXX-C1"
.......
<30>1 2023-11-28T07:50:32+00:00 Firewall.localdomain ppp 75232 - [meta sequenceId="70"] [wan] IFACE: Rename interface ng0 to pppoe0
If RSS is enabled with the 'enabled' sysctl, the packet dispatching policy will move from ‘direct’ to ‘hybrid’.
> I still suggest that your best bet for understanding what is going on is to get a capture from a monitoring switch between the ONT and your OPNsense.
*ensure that tunables net.isr.dispatch=deferred and net.isr.maxthreads=<number of cores> (and rebooted)
*assign your own MAC to underWAN (and NOT to the interface to the pppoe device)
But why didn't it come up again? From the pppoe logs I only see that the pppoe connection attempt timed out after around 10 seconds.
set link keep-alive seconds max
This command enables the sending of LCP echo packets on the link. The first echo packet is sent after seconds seconds of quiet time (i.e., no frames received from the peer on that link). After seconds more seconds, another echo request is sent. If after max seconds of doing this no echo reply has been received yet, the link is brought down.