Project

General

Profile

Actions

Bug #12607

closed

Instability with Snort Inline with AWS Instances

Added by Kris Phillips over 2 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Category:
Hardware / Drivers
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:
Release Notes:
Default
Affected Plus Version:
Affected Architecture:
amd64

Description

The ena driver seems to have instability when enabling inline snort. Because AWS is behind NAT Legacy mode is not viable, so utilizing inline is necessary. The ena driver recently added support for inline mode, but it appears that when you enable it the interface flaps up and down.

Nov 29 08:36:14 pfSense kernel: ena0: device is going DOWN
Nov 29 08:36:14 pfSense kernel: ena0: device is going UP
Nov 29 08:36:14 pfSense kernel: ena0: Creating 2 IO queues. Rx queue size: 1024, Tx queue size: 1024, LLQ is DISABLED
Nov 29 08:36:14 pfSense kernel: ena0: device is going DOWN
Nov 29 08:36:14 pfSense kernel: ena0: device is going UP

As soon as you put snort into IDS mode and disable blocking the issues go away.

Actions #1

Updated by Viktor Gurov about 2 years ago

Need to test with the latest 22.01/2.6 snapshot - ena(4) updated from 2.2.0 to 2.4.1 in FreeBSD 12.3
see https://www.freebsd.org/releases/12.3R/relnotes/

Actions #2

Updated by Marcos M about 2 years ago

https://github.com/pfsense/FreeBSD-src/commit/7dbcef9536b410426e8b391e721e5800f5d503b5

* Netmap support for ENAv3.

I wonder if this means that previous ENA versions do not support it, and if that's the case what AWS instance types support ENAv3?

Actions #3

Updated by Kris Phillips over 1 year ago

This can likely be closed as I've seen zero complaints on newer Plus releases for Snort Inline in AWS. Likely these issues were fixed in FreeBSD upstream.

Actions #4

Updated by Jim Pingle over 1 year ago

  • Status changed from New to Closed
  • Priority changed from High to Normal
Actions

Also available in: Atom PDF