WAN Flapping Addressed with 22.7?

Started by firewall, August 02, 2022, 11:29:34 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
August 02, 2022, 11:29:34 PM Last Edit: August 02, 2022, 11:47:42 PM by firewall
The upgrade to 22.x earlier this year was accompanied by rather severe WAN connectivity issues experienced by many forum users and often echoed by others. These are unique posts from 22.x.

Though admittedly a few of the links above are only possibly related to the underlying issue I'm sure I didn't track down 100% of the threads that were.

Given the extent of my digging I trust it's evident that this has been a major thorn. Regardless, I've stuck with OPNsense with the hopes that a fix would arrive eventually.

Question: noting the handful of interface and dhcpd items in the changelog for 22.7, were any of them intended to address this issue? If not, did the 22.7 release unwind any related changes that may have been introduced with 22.1?
August 03, 2022, 09:32:02 AM #1
To be frank, clustering loosely related reports, answered and unanswered threads for 22.1 and 22.7 and solved issues with 22.7 I'm not sure what I should be looking at.

Wait for 22.7.1 and upgrade. It's going to be ok.


Cheers,
Franco
August 04, 2022, 11:32:21 PM #2 Last Edit: August 04, 2022, 11:34:31 PM by Dantichrist
The issue with MAC spoofing that's in this thread https://forum.opnsense.org/index.php?topic=27299.0 still persists with an IGB/Intel 82576 NIC.

I haven't looked into it much yet. The strange part is that the Intel NIC driver that's included in this ver is the current driver, and compiling/using the same driver (2.5.24) as described on page 6 in that thread will fix it.
September 20, 2022, 07:52:08 AM #3
Quote from: franco on August 03, 2022, 09:32:02 AM
To be frank, clustering loosely related reports, answered and unanswered threads for 22.1 and 22.7 and solved issues with 22.7 I'm not sure what I should be looking at.

"loosely related" reports that all point to a common issue with wan connectivity; likely pertaining to intel nics. never acknowledged as a common issue and apparently one which users continued to experience for the duration of 22.1 series despite numerous purported workarounds.

i'm on 22.7.4 now and i still have the issue.

i don't know what to tell you that i haven't already besides "it's not working the way it's supposed to".
September 26, 2022, 10:36:38 AM #4
> i'm on 22.7.4 now and i still have the issue.

That's interesting, because the main issue from 22.1 was fixed in this release so it may be some issue, but not most of what you quote.


Cheers,
Franco
September 26, 2022, 10:47:26 PM #5
I have this issue as of last week, and its causing us (all the tenants) alot of pain - its flapping very regularly, and interupting alot of our sessions.

https://pastebin.com/rTyajzcD

Why is this happening?

I disabled Maltrail, incase it has something to do with putting the Lan port in promiscuous mode (saw it on the display output).
September 27, 2022, 11:29:36 AM #6
All I can see is the NIC is ordered to shut down:

/usr/local/etc/rc.linkup: DEVD: Ethernet detached event for dynamic wan(igc2)

So it goes into a cycle. Whether this is a permanent driver issue (igc is pretty new and unsupported by Intel on FreeBSD) or an issue in conjunction with netmap(4) use I do not know.

netmap(4) behaviour will improve in the mid-term, but I'm not authorised to say more ;)


Cheers,
Franco
September 27, 2022, 03:10:52 PM #7
Disabling Maltrail deffinitely helped....

I dont understand - i had sensei/zenconsole (LAN IDS/IPS) working before (pre 22.7), and now i cant use any IDS/IPS now, as it causes this issue to resurface - whether it be Maltrail or Sensei/Zenconsole.

Perhaps this is related to how it puts the port in promiscuous mode?
September 27, 2022, 10:20:34 PM #8
welp it happened a couple of times today again, even after disabling Maltrail - looks like i was wrong in my theory of it being the IDS stuff...

https://pastebin.com/jm0MuA8H
September 28, 2022, 08:45:39 AM #9 Last Edit: September 28, 2022, 08:48:19 AM by franco
Well, this is the NIC decision to shut down:

2022-09-26T16:37:20-04:00   Error   opnsense    /usr/local/etc/rc.linkup: The command '/sbin/dhclient -c '/var/etc/dhclient_wan.conf' -p '/var/run/dhclient.igc2.pid' 'igc2'' returned exit code '1', the output was 'igc2: no link .............. giving up'

Can you post dmesg output please?

FWIW, as soon as you use Zenarmor or IPS mode Suricata this can happen, but external switch issues, overload, etc. can cause this too. WAN flapping is especially serious as it recycles all connectivity on the box although it is what it is when it occurs. Finding the reason for it is not as easy as posting logs here. Sometimes ISP routers also overload and cause this. So the reaction to an issue is recorded by logs, but it's not the cause.


Cheers,
Frnaco
Print
Go Up Pages1
User actions