I was looking at stats for my opnsense 26.1.2 router and writes are bout 3 GB per 24-hour period. Seems high since I am running a stock opnsense install, DDNS plug-in, Adguard Home plug-n, and oscasionally connect remotely via Wireguard or OpenVPN.
Hey @pigr8 you mentioned that you upgraded an i225 - what config file did you use? I am tempted to upgrade my NICs on the older N5105 with 1.57 on them.
winraid.level1techs.com
nah i failed to update that i225, it's on an asus strix board and after some attempts i gave up.. i just managed to do the i226 boxes
my opnsense sits around 1gb a day on writes. so even at 500gb per year a drive with 60tbw can get what 30 years out of it?
Given the low price of the drive, I'm not too worried about wearing it out although I still haven't been able to figure out what's causing 3 GB of writes per 24 hours.
Do share if you find a way to determine what processes are still logging to disk. I'm not too concerned about my system, but like you I'm using a pretty large Ramdisk with writes to NVMe every 24 hrs, so I'm curious what adds up besides that.
Check opnsense forums. Iv posted in there and they have the commands to run to bring up the live monitor that shows what's writing to diskDo share if you find a way to determine what processes are still logging to disk. I'm not too concerned about my system, but like you I'm using a pretty large Ramdisk with writes to NVMe every 24 hrs, so I'm curious what adds up besides that.
My system log is pretty clean, besides some MAC motions (I can't seem to find a way to disable that, despite trying a few tunables) I have maybe 20 entries per day from pfblockerng updates and dyndns.
It should be <20MB but it's over and ONLY after I reinstalled on the Optane M10.
I started poking around using info /commands from this thread. It's an academic exercise in my case
How do I find out what write continuously on my pfSense SSD
My SSD show very high write values for an two year old pfSense CE system. Available Spare: 100% Available Spare Threshold: 10% Pe...forum.netgate.com
) that seems to be agreed upon by ZFS crowd.See my additions to the post above your reply....actually Intel quietly fixes vulnerability attacks in these updates - and they don't advertise it much because of the messy update process.
found this setting in tunables section in gui of opnsenseThis would be a good start to stop ZFS to grind away your disk on pfSense :
vfs.zfs.txg.timeout=120 (or more...it's how often ZFS writes the cached info. Default is 5 seconds). This can be set as a Tunables to be persistent.
zfs set sync=disabled pfSense/tmp
zfs set sync=disabled pfSense/var
Apparently these 2 commands survive a reboot.
There's also another tunable recommended by Gemini (
vfs.zfs.atime=0
This is getting exciting
Oh...that's interesting. I run pfSense and it had NO ZFS related tunable. I was at the default 5 sec.
I've never seen a SMART option and I've been running OPNsense since version 21. I always used SSH to see it and definitely didn't see it before 26.1.3.
Iv got some time off work next week so will take a look at updating the i226v firmware on my cwwk box. Is it best done through windows?Hey @pigr8 you mentioned that you upgraded an i225 - what config file did you use? I am tempted to upgrade my NICs on the older N5105 with 1.57 on them.
The config requires the device name (I assume it has to match 100%), the device ID (also matching) and of course the bin file name and EEPID.
To be clear, the config is only used to verify that you are using the right firmware...right? It doesn't program any of the other info in NVRAM.
Correct?
PS I think I found the answer
How to update NVM firmware for Intel i225 and i226 Ethernet controllers?
A step-by-step guide on updating the NVM firmware for Intel i225 and i226 Ethernet controllers to ensure optimal performance and compatibility.hungvu.tech
PPS. Holy cr@p, learned the hard way : i225 folder doesn't contain a FreeBSD binary and I don't have Windoze on that machine. I tried to use another FreeBSD updater (despite advice to the contrary from Gemini) and it generated an error on one port, I got scared and read some more.
Gemini recommended UEFI shell (I'm not at all familiar with it) and that was a fiasco even following instructions.
Ended up putting necessary files on a HirenBootCD and used the Windoze executable which ALSO exited with an error but apparently did the job.
"dmesg | grep igc" reports now 1.89 but I'm still cautiously optimistic about success.
Moral of the story....stop scratching that itch, it will bleed in the end.
Also for those entrusting their lives to AI : so many mistakes under the appearance of a documented answer. If I didn't experiment before I would have bricked the NICS.
Caveat emptor.
PPPS. I forgot to mention that surprisingly enough (for a novice like me) there are security updates against attacks in the firmware releases (both i225v and i226v) that are definitely of interest for someone running a firewall connected to the Internet.
Find some details for each version here:
[Problem] How to flash upgraded Intel I225-V Firmware?
Hi, I have an I225-V chip on an MSI X670E motherboard. The problem is that this 2.5G network adapter is junk and has a history all over the internet with others and myself experiencing disconnects on and off. So this forces me to use the 10G Realtek network adapter but was wondering is there a...
