Messages

1

General Discussion / Re: VLAN Trunk Help

« on: November 15, 2024, 05:31:22 pm »

The interface names are already identical, as they need to be to make the rest of the HA look clean.
The VLAN names will be identical too before I start down HA, because I am OCD like that anyway.
Thanks for the input!

I just want to get this trunk to work.  I am very close.

2

General Discussion / Re: VLAN Trunk Help

« on: November 15, 2024, 05:20:13 pm »

Correct, I have very carefully made sure that both firewalls are mapped opt1 to opt1, opt2 to opt 2 and so on.
I ran into that in the config iteration before this one.  HA started mapping vlans all over the place.  It was a mess.

3

General Discussion / Re: VLAN Trunk Help

« on: November 15, 2024, 05:06:23 pm »

Passthrough doesn't work with migration which is a key component of what I am trying to accomplish.
This seems straight forward.  I have watched hours and hours of videos on this, it seems like I am missing something really dumb.

I do know that I can stop the trunk at proxmox, and make an interface per vlan.  Which I had done many times before....  But this seems like it should work, and has challenged me to a duel.

Edit: Oh wait, does OPNSense have to see native VLAN1 for the trunk to come up?  I did try to set native vlan 999, but saw no provision for defining a native vlan on OPNSense.  I assumed it didn't matter, but ...  WHAT IF...  The Native VLAN is static and not able to be changed....

4

General Discussion / VLAN Trunk Help

« on: November 15, 2024, 04:58:57 pm »

Quick Description:
I have a DEC740 that I have set up two trunk ports.  This setup works fine.
I am trying to add another firewall for an HA setup.  It is virtual via Proxmox.  I am having issues getting traffic to pass the trunk here.

Details:
Each firewall will have 3 connections, Outside, Inside, and Opt1.
I will use Opt1 here for the rest of the descriptions.
The layout is pretty flat.  Outside ----  Firewalls --- L2 Switch
No fancy routing on any of the firewalls, except for Outside.
Opt1 on both firewalls is physically connected to a UniFi Layer 2 switch. (Virtual connected to E0/8, DEC740 connected to e0/9)
Both are using the same port profile that allows vlan 28, 29, 35, and 38.  No untagged vlan is defined.
VLAN 28 Example: On the DEC, I have vlan28 (Interfaces, Other, VLAN, named vlan0.2.28 and attached to igb1 interface)
This works  IP is set to 192.168.28.2 (And has a carp address of .1)

Beautiful

For the virtual, the interface is defined in proxmox at the host level enp2s0f0np0.  I have a bridge (vmbr2) that has vlan aware checked.  I attached vmbr2 to the guest, as "net2/vtnet2", VIRTIO, no vlan tag, and I edited the interface to be "trunks=28;29;35;38"
I have vlan28 (Interfaces, Other, VLAN, named vlan0.2.28 and attached to vtnet2 interface)
IP is set to 192.168.28.3, and I have not defined carp yet.

In the firewall ruleset for the interface for vlan 28, I have IP Any Any > Pass defined.

I cannot get arp across the interface.  Can anyone tell me what I am missing?

5

Hardware and Performance / Re: DEC 740 Performance Guide

« on: March 15, 2022, 10:12:38 pm »

So far I have enabled:
hardware checksum offload
hardware TCP segmentation offload
hardware UDP segmentation offload
I also enabled multi queue.

6

Hardware and Performance / DEC 740 Performance Guide

« on: March 15, 2022, 09:40:46 pm »

Hi, is there a document to read that helps one understand the settings that can be enabled for performance on a DEC 740?

System > Tunables
 Anything here really
System > Miscellaneous
 Swap file    Add a 2 GB swap file to the system
Interfaces > Settings
 Hardware CRC    Disable hardware checksum offload
 Hardware TSO    Disable hardware TCP segmentation offload
 Hardware LRO    Disable hardware large receive offload
 VLAN Hardware Filtering