TrueNAS 12.0-U8 Released

[Patrick M. Hausen]

Sorry ... confusing your words are ...

If you are referring to the fact that you need to disable hardware offloading for the physical interface that you use to connect your jails/VMs - yes, that is totally expected and well documented. TCP checksum (and other features) in hardware only make sense if the host in question is the final recipient of that TCP stream. If your TrueNAS is acting as a bridge to VMs/jails there is nothing gained and actually it hurts network performance if the interface hardware messes with frames that are destined for completely different targets - e.g. VNET jails or VMs.

Nothing pathetic about that but probably a lack of understanding of networking fundamentals on your part.

I am in no way "fixed in the BSD camp" but since 1993 FreeBSD has delivered superior services and performance than any variant of Linux FOR ME. As always your mileage may vary.

 

[Juan Manuel Palacios]

@Patrick M. Hausen You have any articles/discussions/references I could read on the problems hardware offloading may have on interfaces that bridge to your jails and/or VMs? My NAS has one igb NIC and, as far as I can tell, it has hardware offloading enabled:

Code:

igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    description: igb0
    options=a520b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6>
    ether XX:XX:XX:XX:XX:XX
    inet 10.0.0.5 netmask 0xffffff00 broadcast 10.0.0.255
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    nd6 options=9<PERFORMNUD,IFDISABLED>

And that NIC bridges to 6 VNET jails which, as far as I can tell, function just fine. One of those is a FAMP jail, another a Plex server, another my UniFi Controller host, another a ZoneMinder host, etc., and none of them seem to be suffering from any networking problems. My Plex library responds just fine, just as ZoneMinder and my FAMP deployments, and, for example, from my UniFi Controller jail I routinely get +700Mbs speed tests results on my Fios gigabit connection.

But, if I'm doing something wrong, and I can improve upon what I already have, I'd love to know about it!

Thanks,

 

[Patrick M. Hausen]

All the TCP offloading instructs the network hardware to perform some functions on behalf of the TCP stack of the host for which the packets are intended. Now, if the host acts only as a bridge or router, that is a gross layer violation and can lead to all sorts of problems. Most frequently observed is abysmal performance of networking for the VMs or jails affected.

 

[Juan Manuel Palacios]

@Patrick M. Hausen right, I understand your point. But what I'm wondering is, if my NIC is bridging to my jails, and it has hardware offloading enabled, why my jails seem to not be experiencing any of those problems that you're describing?

 

[Patrick M. Hausen]

Because with your combination of hardware and driver it accidentally works ...

 

[Juan Manuel Palacios]

OK, so, if I turn off hardware offloading on my NIC, for the sake of testing, should I expect any problems and/or networking performance degradation on the NAS itself, i.e. on the host of the jails? (mostly SMB shares and zfs send to a remote host).

 

[Patrick M. Hausen]

No, not at all. We are talking single digit percentage more work for the main CPU without offloading to the network hardware.

 

[Juan Manuel Palacios]

Alright, I'll give it a shot. Thanks for the insight!

 

[Juan Manuel Palacios]

Hardware offloading disabled on my bridged NIC, jails restarted, and networking seems to be just as fine, as if nothing had changed. Speed tests on my unifi-controller jail still yielding +700Mbps results, and everything else also working as expected so far.

Let's see how this goes over a longer period of time!

 

[Hendrixx]

Hi,

Since the 12.08U update (from 12.6.1) my webgui login for the S3 service no longer works.
I get error message when i try to login at: https://<my-server-hostname>:9001

Code:

Invalid Login
Post "https://<my-server-hostname>:9000/": dial tcp [::1]:9000: connect: connection refused.

I can see it is using a totally new webgui compared to the old.
So i looks like some major update.

The S3 service itself, used with our Veeam backup software, is working fine.
It is just the webgui i cannot access anymore.

Only when i disable the SSL certificate and use the HTTP url i can login to the webgui.
But i need the SSL secure connection.

Any idea's?

 

[PatrickSchneider]

TrueNAS Community,

TrueNAS 12.0-U8 has been released! 12.0-u8 and includes several fixes, improvements, and features. These include OpenZFS 2.0, New “Console Port” and “TLS Server URI” input fields in the S3 service configuration form, Direct link to the TrueNAS Upgrades article from the update screen.

If you use S3 and use a secure Connection, please don't enter the URI (https://truenas.domain.tld:9000 or https://truenas.domain.tld ) in the "TLS Server URI" Field. Please enter only the Hostname (truenas.domain.tld) instead. It took me a while to figure this out because there was no understandable Error Message and no Example what to enter in this Field.
An URI always needs a "Scheme" part (https:// http:// ftp://), see https://datatracker.ietf.org/doc/html/rfc3986#section-1.1.1
I already filed an issue:

https://jira.ixsystems.com/browse/NAS-114750

Best Regards,
Patrick

 

[PatrickSchneider]

Hi,

Since the 12.08U update (from 12.6.1) my webgui login for the S3 service no longer works.
I get error message when i try to login at: https://<my-server-hostname>:9001

Code:

Invalid Login
Post "https://<my-server-hostname>:9000/": dial tcp [::1]:9000: connect: connection refused.

I can see it is using a totally new webgui compared to the old.
So i looks like some major update.

Same thing happens here (Updated from 12.0-U6) when accessing the TLS enabled MinIO Console AND if you select an IP-Address in the S3 Configuration Options

The Error Message shows that MinIO Console is trying to connect to the IPv6 localhost [::1] Port 9000.
But according to

Code:

sockstat -6n

Port 9000 is not open on [::1], only on the selected IP-Address.

My solution was to select "0.0.0.0" as IP-Address in the S3 Configuration Options.
Issue filed: https://jira.ixsystems.com/browse/NAS-114764

 

[Hendrixx]

My solution was to select "0.0.0.0" as IP-Address in the S3 Configuration Options.
Issue filed: https://jira.ixsystems.com/browse/NAS-114764

This is working for me also now, thx!

 

[Krautmaster]

sadly the first release since years which seems to be not buggy for me, maybe Kernel related but in freezes during boot using my LSI SAS 2116 controller attached.

Truenas 12.0 U8 stuck on Boot loading my LSI HBA

After my Upgrade to 12.0 U8, the truenas instance seems not to be able to boot - it seems to stuck forever mounting the LSI with 1-2 Cores maxed out. Any ideas? Already dismounted the PCIe device and Truenas loaded like it should. This release seem to have a critical bug. Help would be...

www.truenas.com

I can only fall back to an elder U7 boot environment and then it boots up fine

 

[Ericloewe]

What firmware are you running? 20.0.00.07 plus/minus a few zeros?

 

[NASbox]

Upgrade from 12.0-U6 to 12.0U8 seemed to go smoothly. Does this:

[TANK]: SMB share of /mnt/TANK is writable via NFS protocol and therefore susceptible to CVE 2021-20316.​

apply when SMB1 / NTLMv1 Auth are turned off? There were on when the alert was generated.

I turned both off after the upgrade (used to be needed for old Windows box) but I'm having trouble accessing smb shares with Nemo under Linux Mint 20.3 (Ubuntu 20.04LTS Fossa base). Does anyone know if this can be worked around without enabling SMB1? (Browsing the share works with SMB1 / NTLMv1 enabled.) SMB1 is well past it's best before date, so I'd like to see it gone. Any input would be much appreciated.