Recent posts

#1

25.7, 25.10 Series / Re: Time based Shaper?

Last post by Seimus - Today at 06:24:15 PM

The config looks reasonable,

So if I understand it properly you have 3 Pipes per Direction
1. VOIP 10Mbit > based on WFQ (Queues with weight and/or MASK)
2. Min > based on FQ_C
3. Max > based on FQ_C

And for each of these Pipes per direction you have Queues.

Keep in mind the weights are applied per Queue. So if you have all VOIP traffic in one Queue it doesn't do anything.
FQ_C based Schedulers + its Queues on the other hand ignore any weight set to the Queues.

The rule seems okay, the directions are properly set, but keep in mind that specific rule you are showing is any any so all the traffic will by matched by this rule. That is under the condition its above all other rules.

As soon as I activate the rule on the WAN interface my traffic to any internet host drops completely.
But my traffic through Wireguard-VPN works pretty fine, but not limited to the above 365Mbit/s....

I have no clue what I am doing wrong...anyone an idea?
I think the bug is not related- as far as I understand it the bandwidth calculation is wrong and offers only half of configured values. But through Wireshark I do not have any limits (why not???) and to Internet all is blocked....

Actually you are hitting the BUG. This is exactly the behavior  I described in the ticket. You have set a BW in a Pipe, so the shaper tries to push to that BW however due to the BUG you are capped at half which causes a back pressure. You need to set the BW in your Pipes x2 (if your original or tuned BW is 750Mbit you need to set it to twice the value for the Pipe that is in the flow for the reverse direction)

Regards,
S.

#2

25.7, 25.10 Series / Re: Dnsmasq stops after swap_p...

Last post by Patrick M. Hausen - Today at 06:16:29 PM

Elasticsearch is a known memory hog and probably the culprit. The default configuration is 32 G fixed allocation. I don't know if ZA changes anything about the ES setup.

#3

General Discussion / Re: Micron exits consumer mark...

Last post by Greg_E - Today at 06:03:22 PM

Different company. Microchip's market overlaps little with Micron (or TSMC). As far as Arizona water, agriculture far exceeds any other use, and it's mostly for cotton, I believe. They have management issues beyond semiconductor manufacturing.

Oops, you are right.

One thing people are not factoring in when they throw money at the plants that are going to hire "many" local workers is the cost of power, we don't have enough as it is, and these fabs and more importantly these AI datacenters are going to cause problems. When datacenters are no longer rated in compute or storage power, now they are rated in megawatts of power used, and gigawatts are being discussed. We don't have the surplus to operate these systems, and no one is building nuclear fast enough to accommodate the construction. Also I generally do not see drawings of these new datacenters with the roof covered in solar panels.

#4

General Discussion / Re: Port Forwarding issue insi...

Last post by Land_Strider - Today at 06:02:22 PM

Possibly the services don't accept access from outside of their local subnet.

Jellyfin has an related option (I think) for this, but setting my router LAN subnet for it doesn't change anything, either.

You cannot view this attachment.

Another possible reason is that the containers are missing a default gateway.

DHCP ip binding and default gateways for the containers look usual:

Code Select Expand

root@Jellyfin:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host noprefixroute
       valid_lft forever preferred_lft forever
2: eth0@if29: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether bc:24:11:cb:07:b7 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet 192.168.20.90/24 brd 192.168.20.255 scope global dynamic eth0
       valid_lft 61862sec preferred_lft 61862sec
    inet6 fe80::be24:11ff:fecb:7b7/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever

root@Jellyfin:~# ip route show
default via 192.168.20.1 dev eth0
192.168.20.0/24 dev eth0 proto kernel scope link src 192.168.20.90

#5

25.7, 25.10 Series / Re: Dnsmasq stops after swap_p...

Last post by hina - Today at 05:55:53 PM

Yes, I'm running elasticsearch locally

#6

25.7, 25.10 Series / Re: Dnsmasq stops after swap_p...

Last post by Patrick M. Hausen - Today at 05:50:33 PM

java

Are you running Elasticsearch locally on your OPNsense?

#7

25.7, 25.10 Series / Re: Dnsmasq stops after swap_p...

Last post by hina - Today at 05:49:29 PM

I'll try going to 25.7.9 too

#8

25.7, 25.10 Series / Re: Dnsmasq stops after swap_p...

Last post by hina - Today at 05:47:13 PM

Looks like eastpect (zenarmour) and java, currently the ram is sitting at 51.16% usage (8GB used, 3GB ARC)

#9

General Discussion / Re: Micron exits consumer mark...

Last post by qarkhs - Today at 05:43:07 PM

When the bubble bursts we will have all the cheap enterprise grade RAM we need. "Yay".  ;)

Ha! It's taking it's time to burst despite the economics of data centers stuffed with GPUs being utterly insane. They are in something like a trillion dollar hole and no one has figured out how to turn providing AI compute into a business that doesn't lose tens to hundreds of billions. At some point the Wile E. Coyote look down moment will happen.

#10

General Discussion / Re: how to connect to two subn...

Last post by Gautier - Today at 04:55:51 PM

Ok,
He won't be posssible. I will push to change subnet.

Thanks