Zenarmor + igb interfaces

[DocGonzo74]

Upgraded to 22.1 and really want to put this package into blocking mode.  So far all I've been able to get working is passive mode.  Every time I switch to emulated or native routed mode, my throughput tanks.  I get a warning about moving to the netmap kernel. 

Is there a netmap kernel I should be using with 22.1? 

[sy]

Hi,

Normally, Netmap is compatible with igb drivers. Do you have VLAN(s)? or please send a bug report and then look into the error. Please select all checkboxes.

[DocGonzo74]

I'm using igb in the raw for my WAN interfaces.  I have LAGG w/ VLAN set up for my internal networks. 

[sy]

Hi,

Do you protect the parent LAGG interface or individual VLAN interface(s)? And is your switch configured to send all packets of a session to the same interface?

[DocGonzo74]

I have sticky connections configured..  At the moment, I'm only able to protect the underlying interfaces (igb0,1,2,3) without an error.  When I try to stick the VLAN or the LAGG_VLAN interface (my LAN interface) I get an error from Zenarmor telling me to move to the netmap emulated driver. 

The link in the error points me to an older kernel.. I thought I read that the netmap kernel was integrated but I may be dreaming that bit :)

[mb]

@DocGonzo74,

Yes, we sponsored an effort on the lagg interface driver's netmap compatibility. This is currently in effect.

Having said that, we're getting mixed feedback about lagg + vlans. Some feedback says it's working perfectly, while some people have experienced problems.

We're not done here, and exploring new methodologies; and will keep the forum updated about developments.

Our advise - for now : if you have lagg + vlans, better to protect individual physical interfaces and configure the switch so that it distributes the packets for a single connection to the same lagg port.

[DocGonzo74]

Got it.  Will keep an eye out for updates. 

Many thanks for the fast replies!