Hi Jon, Great questions and something I should have included in my original post. The Linux firewall is still in place (it is VYOS, and running on similar hardware). It is connected to a Brocade ICX-6450 switch trunked with various VLANs. In order to do a “hot swap” I wanted to initially configure OpenBSD and then switch them out. So my Internet interface (em0) on OpenBSD is connected to one VLAN (172.31.1.0/24 subnet) and what will become my transit VLAN is on em1 (I’m moving all my inter vlan routing to the switch). All connections are wired, copper, and gigabit.
Whether I ping the switch virtual interface (10.255.255.2) or another wired client in VLAN 10 from OpenBSD, I see varying ping times. I also see the same results going in the other direction (pinging OpenBSD from the switch or other wired clients). If I ping any other wired host on my VLAN 10 network from the router or any other host, I do not see this issue. My pings are routinely sub millisecond. That is why this through me off guard. I was not expecting to see this kind of variability on my local network with this kind of hardware. Here is an example ping from a wired Linux box on my networking pinging the router: $ ping 172.31.1.1 PING 172.31.1.1 (172.31.1.1) 56(84) bytes of data. 64 bytes from 172.31.1.1: icmp_seq=1 ttl=64 time=0.219 ms 64 bytes from 172.31.1.1: icmp_seq=2 ttl=64 time=0.213 ms 64 bytes from 172.31.1.1: icmp_seq=3 ttl=64 time=0.168 ms 64 bytes from 172.31.1.1: icmp_seq=4 ttl=64 time=0.228 ms 64 bytes from 172.31.1.1: icmp_seq=5 ttl=64 time=0.216 ms 64 bytes from 172.31.1.1: icmp_seq=6 ttl=64 time=0.292 ms 64 bytes from 172.31.1.1: icmp_seq=7 ttl=64 time=0.217 ms 64 bytes from 172.31.1.1: icmp_seq=8 ttl=64 time=0.227 ms 64 bytes from 172.31.1.1: icmp_seq=9 ttl=64 time=0.222 ms ^C --- 172.31.1.1 ping statistics --- 9 packets transmitted, 9 received, 0% packet loss, time 8179ms rtt min/avg/max/mdev = 0.168/0.222/0.292/0.029 ms And the same ping from OpenBSD: bsd# ping 172.31.1.1 PING 172.31.1.1 (172.31.1.1): 56 data bytes 64 bytes from 172.31.1.1: icmp_seq=0 ttl=64 time=3.744 ms 64 bytes from 172.31.1.1: icmp_seq=1 ttl=64 time=3.585 ms 64 bytes from 172.31.1.1: icmp_seq=2 ttl=64 time=4.743 ms 64 bytes from 172.31.1.1: icmp_seq=3 ttl=64 time=0.978 ms 64 bytes from 172.31.1.1: icmp_seq=4 ttl=64 time=4.548 ms Thanks, Jarod > On Jun 7, 2025, at 6:14 PM, H. Hartzer <h...@hartzer.sh> wrote: > > >> >> Hello, >> Trying to replace my existing Linux firewall with OpenBSD and PF and noticed >> that I am seeing random ping spikes to anything on my existing network: >> >> # ping 10.255.255.2 >> PING 10.255.255.2 (10.255.255.2): 56 data bytes >> 64 bytes from 10.255.255.2: icmp_seq=0 ttl=64 time=13.024 ms >> 64 bytes from 10.255.255.2: icmp_seq=1 ttl=64 time=8.367 ms >> 64 bytes from 10.255.255.2: icmp_seq=2 ttl=64 time=3.442 ms >> 64 bytes from 10.255.255.2: icmp_seq=3 ttl=64 time=0.873 ms >> 64 bytes from 10.255.255.2: icmp_seq=4 ttl=64 time=0.796 ms >> 64 bytes from 10.255.255.2: icmp_seq=5 ttl=64 time=0.752 ms >> 64 bytes from 10.255.255.2: icmp_seq=6 ttl=64 time=4.074 ms >> 64 bytes from 10.255.255.2: icmp_seq=7 ttl=64 time=0.661 ms >> 64 bytes from 10.255.255.2: icmp_seq=8 ttl=64 time=0.698 ms >> 64 bytes from 10.255.255.2: icmp_seq=9 ttl=64 time=1.002 ms >> >> Doing some light research it seems that some hardware has an issue with the >> inteldrm driver, especially when it is headless[1], however my hardware does >> not use this. My hardware is as follows: >> >> Motherboard: Supermicro X10SDV-4C-TLN2F >> CPU: Intel Xeon processor D-1521 >> NIC: em0/1 (the devices I’m using) Intel I350 >> Graphics: Aspeed AST2400 BMC >> >> This board does have integrated graphics with its BMC from ASPEED. I also >> tried hooking up a VGA monitor to the port but the issues still occur. Is >> there something else I should be looking at here? Is the graphics driver a >> red herring in my case? Any one else using a Supermicro XeonD based system >> without issues? >> >> Thanks, >> Jarod >> >> [1]: >> https://www.reddit.com/r/openbsd/comments/105c0zk/issues_with_openbsd_72_on_protectli/jg4aq13/ > > Hi Jarod, > > This is interesting. > > The Reddit posting had much more substantial spikes than what you are > seeing. > > "random pikes to anything on my existing network" -- Are you saying that > from your OpenBSD host, to other hosts, you have this higher latency? > Is other traffic going on at the same time? > > Do you not have this latency from other hosts? > > Is it all on one ethernet switch? Is wifi involved? > > Do you still have the Linux firewall in place? Can you have a third > machine ping both and see what the latency differences are? > > -Henrich
