Call for testing: netmap on 20.7

Started by mb, May 23, 2020, 02:32:10 AM

Previous topic - Next topic
Print
Go Down Pages 1 ... 4 5 6 7 8 ... 14
User actions
August 06, 2020, 04:25:14 PM #75
@sorano, it does not seem to be related.

Please follow below steps and see if this kernel is of help:

Code Select
[root@20gw /root]# cd /boot/
[root@20gw:/boot # fetch https://updates.sunnyvalley.io/opnsense/updates/netmap-kernel/kernel-12.1-0805-2.tar.gz
kernel-12.1-0805-2.tar.gz                           45 MB 4980 kBps    10s
[root@20gw /boot]# mv kernel kernel.stock.save
[root@20gw /boot]# tar zxf kernel-12.1-0805-2.tar.gz 
[root@20gw /boot]# reboot

After the reboot, you should be able to see this kernel information:

Code Select
root@20gw:~ # uname -a
FreeBSD 20gw.local 12.1-RELEASE-p7-HBSD FreeBSD 12.1-RELEASE-p7-HBSD #2  5742b25c4(master)-dirty: Wed Aug  5 22:20:24 PDT 2020     root@sunnyvalley12.localdomain:/usr/obj/usr/src/amd64.amd64/sys/SMP  amd64
root@20gw:~ #


To restore stock OPNsense kernel:

Code Select
# cd /boot
# rm -rf kernel
# mv kernel.stock.save kernel
# reboot
August 06, 2020, 07:52:26 PM #76
@mb before 20.7 enabling ips mode with suricata/sensei crashed the kvm virtio opnsense with a kernel panic within 5 seconds, now i can enable it without any issues everything is working, also disabling/enabling.
August 06, 2020, 08:14:49 PM #77
@Voodoo, that's great to hear, thanks for sharing.
August 07, 2020, 09:40:21 PM #78
Is the kernel above the test kernel that includes the PPPoE fixes, or should we still PM?
August 07, 2020, 10:56:22 PM #79
Hi @madj42, yes. Can you test and provide feedback?

You can also use a newer kernel: https://updates.sunnyvalley.io/opnsense/updates/netmap-kernel/kernel-12.1-0806-1.tar.gz
August 07, 2020, 11:37:53 PM #80 Last Edit: August 08, 2020, 12:26:54 AM by bunchofreeds
I have run up the latest two kernels offered here but cannot enable either IPS or Sensei on my LAN vtnet0 interface.

Setup is Proxmox
PPPoE on vtnet1 for WAN (VLAN 10 on Host Proxmox interface)
vtnet0 for LAN

I reset the logs from System>Settings>Logging to reset Intrusion Detection logs as the button within that view does not work for the 'stats' logs that are displayed.

When I enable IPS on LAN I get cycling of the log within Services>Intrusion Detection>Log File. Cycles every few seconds so am assuming it is the application of IPS failing? This is the' stats' log, not the older detailed log.

I cannot enable Sensei as the LAN interface is not available for selection. Only the underlying vtnet1 of the WAN PPPoE is available.


August 07, 2020, 11:49:20 PM #81 Last Edit: August 07, 2020, 11:50:59 PM by mb
Quote from: bunchofreeds on August 07, 2020, 11:37:53 PM
I cannot enable Sensei as the LAN interface is not available for selection. Only the underlying vtnet1 of the WAN PPPoE is available.

@buchoffreeds, you can use this hack to have Sensei on vtnet1:

https://forum.opnsense.org/index.php?topic=9521.msg84199#msg84199

Your feedback is much appreciated.

NOTE: We'll remove this check once we have the test kernel in production.

August 08, 2020, 12:20:17 AM #82
Thanks @mb

That allowed me to select my LAN interface within Sensei.
Sensei is now running successfully on my Proxmox vtnet0 LAN Interface!

It first alerted that Suricata was in use on the LAN Interface, so I moved Suricata to WAN Interface to resolve this.
Just Disabling Intrusion Detection was not enough.


August 08, 2020, 01:05:15 AM #83 Last Edit: August 08, 2020, 01:07:15 AM by FullyBorked
I'm on chip=0x150e8086 and my graphs don't work with IPS enabled.  Also having some very poor throughput with or without IPS.  If this helps at all.

Edit: intel nic using the igb (i think that designates the drivers being used?)
August 08, 2020, 02:29:48 AM #84
Hi @bunchofreeds, thanks for the feedback. Glad to hear that vtnet is now fine.

QuoteIt first alerted that Suricata was in use on the LAN Interface, so I moved Suricata to WAN Interface to resolve this.
Just Disabling Intrusion Detection was not enough.

Yes, this is done on purpose, since people might enable Suricata on LAN in a future time forgetting that Sensei is running there.
August 08, 2020, 02:33:16 AM #85
Hi @FullyBorked, yours might be related to a different issue. Generally netmap problems generally appear in cases where you have total packet flow problems.
August 09, 2020, 08:10:46 AM #86
I see there is progress on PPPoE when looking at the google drive sheet.

Let me know if you want this tested.

I am running Proxmox and vtnet drivers.
Have Sensei successfully running on the LAN interface currently.
August 09, 2020, 11:42:49 AM #87
Quote from: mb on August 06, 2020, 03:37:43 AM
Quote from: binaryanomaly on August 05, 2020, 12:40:58 PM
Quote from: Voodoo on August 03, 2020, 12:34:13 PM
netmap with 20.7 release for vnet driver (virtio) is working, the kernel panic is gone.

I still do observe pagefaults with virtio vtnet interfaces...

Yes, this is expected as of now. Fix is on upstream.

That seems to have massively improved or even be fixed completely with the new test kernel. 👍🏻
August 09, 2020, 12:39:11 PM #88 Last Edit: August 09, 2020, 12:41:44 PM by lewald
Thanks to the new test kernel, I now have almost the max. over OpenVPN what I can transmit with my line. Instead of 25 Mbit it is now 45 MBit. :) I run the opnsense on both sides as VM within Proxmox. Network in Proxmox virtio with 8 queues.

PS: Sensei and Suricata enabled. And Suricata works now in VM :)
August 10, 2020, 06:25:02 PM #89
@bunchofreeds, yes that'd be perfect if you can have Suricata on WAN (pppoe) and see how it goes. Our early tests showed good results with our test tools.

@binaryanomaly, thanks for the feedback. vtnet seems to be doing even better than 20.1.

@lewald, that's great to hear, though I wouldn't expect netmap work might have contributed to the vpn speed. It could be virtio that you can use it with 8 queues.
Print
Go Up Pages 1 ... 4 5 6 7 8 ... 14
User actions