The same sort of thing happened to me with me PCI cards, but it was
another edge case. I had two identical 2-port NIC's representing em0-em3.
The card with em0 and em1 died and brought the syste down with a kernel
panic. Upon rebooting the card that had been em2 and em3 was now em0 and
em1. The server could have still functioned on half the ports but now the
configuration was wrong for the surviving ports so the server was
unreachable.
This would likely happen on most OS's so the real moral of the story is
don't use multiple, identical NIC's in your systems. There are probably
other good reasons why this is a bad idea anyways.
And Theo's hint was spot on. I'm experimenting with arm64 on an RPI 4.
Stability is not one of my expectations. This is the normally standby
half of the fw pair of my home network. Even if it bursts into flames, it
will still be a learning experience.
On Tue, 20 Oct 2020, Theo de Raadt wrote:
Stuart Longland <stua...@longlandclan.id.au> wrote:
On 21/10/20 9:55 am, Lee Nelson wrote:
Alternatively use a single nic with vlans, and break out to separate
ports on a managed switch.
Yes, that could work too, but this is one side of a pfsync/carp
redundant firewall setup, so I want to keep it as simple as possible.
Silly question, what hardware are the USB NICs plugging into?
USB trades off determinism for hot-pluggability, and it seems a
firewall, you absolutely do want an interface to appear in a specific
location. I'd be looking at something that plugs into the system
peripheral bus somehow (PCIe, PCI, ISA, … etc).
Oh come on, you know the answer before you ask it.
Using cheap hardware and expecting free software developers to
pull magic out of their ass to make it solve unsolveable problems, and
produce a result as too as state of the art expensive hardware --- or
even cheaper hardware --- with DEDICATED PORTS -- it is madness. We
can't do it. And we said so.
And Lee gets it. But do the rest of the thread participants?
I think it's fine for us as a community to humour the attempt for a bit,
but THEN THE DISCUSSION MIGHT AS WELL END, as the consequences of the
choice ARE WHAT THEY ARE.
You get what you paid for. And we (OpenBSD) played no part in the
decision or the consequences, hotplug is what it is.
Can we end this discussion?
