OPNsense Forum

Archive => 18.7 Legacy Series => Topic started by: nallar on July 11, 2018, 11:21:45 am

Title: Flapping WAN connection not handled well with Multi-WAN + unbound
Post by: nallar on July 11, 2018, 11:21:45 am

If a WAN connection is flapping, services restart repeatedly. This means that even if that connection is at a low tier in gateway groups and not in use it has an impact on services.

Unbound isn't very speedy to restart either, so the negative impact is high. It can be effectively down when a connection is flapping every 20 seconds.

Can we avoid restarting unbound in this case? (Is a reload sufficient?)

edit: Modified title as this seems to be an unbound specific issue

Title: Re: Flapping WAN connection not handled well with Multi-WAN
Post by: franco on July 11, 2018, 04:09:33 pm

Flapping WAN connection may kill a router. Not handling them well is an understatement and a situation that is best avoided by your ISP.

Under normal circumstances Unbound is not restarted on a WAN IP change. What is special about your setup?


Cheers,
Franco

Title: Re: Flapping WAN connection not handled well with Multi-WAN
Post by: nallar on July 11, 2018, 05:57:39 pm

I am not sure what was happening exactly.

Here's the system info and DHCP logs: https://gist.github.com/nallar/1102e6760820cb9963312803090f32bc

rc.linkup runs interface_configure with $reload = true, interface_configure then runs `plugins_configure('dns', $verbose);`.

the unbound plugin's unbound_configure_do then restarts unbound.

Title: Re: Flapping WAN connection not handled well with Multi-WAN
Post by: nallar on July 19, 2018, 02:32:49 pm

It happened again.

It's a shame that adding more WANs can actually make your connection less reliable with the current implementation.

I would like to try to fix this. You mentioned that changing IP should not cause unbound to restart, but it currently does, and I have mentioned the code responsible above.

It's probably not as simple as just removing the plugin_configure(dns) - it must be needed sometimes or it would not be there.

Do you know what the intended behaviour was here? Would it be reasonable for me to change it to reload the config if unbound is already running instead of restarting it?

Title: Re: Flapping WAN connection not handled well with Multi-WAN
Post by: marjohn56 on July 19, 2018, 03:35:39 pm

Tried a catch to HUP rather than kill and restart, semi-works, I need to look deeper.

Title: Re: Flapping WAN connection not handled well with Multi-WAN
Post by: nallar on July 19, 2018, 07:17:05 pm

Code: [Select]

  plugins_configure('dns', $verbose);
https://github.com/opnsense/core/blob/c6034f651cd27a377e475f850e098e764a37e6a4/src/etc/inc/interfaces.inc#L2529

This doesn't pass in the interface.

Code: [Select]

    if (!unbound_interface($interface)) {
        return;
    }
https://github.com/opnsense/core/blob/master/src/etc/inc/plugins.inc.d/unbound.inc#L423

This checks if the interface which changed is relevant to unbound - but $interface is always an empty string as above.

Unfortunately from the unbound docs it looks like unbound really does need to be restarted when an interface it's specifically bound to changes, a HUP isn't sufficient.

If unbound's set to use all interfaces in both listen/outbound it should be ok as it binds to :: or 0.0.0.0, but the check for whether the interface is relevant isn't working.

edit: Thanks for helping/trying marjohn, I saw your suggestion earlier with the HUP if it's still running - shame it didn't quite work out