Multicast overload?

Started by ittim, November 16, 2021, 03:48:05 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions
November 16, 2021, 03:48:05 AM
Hello - I am using a Protectli Vault with OPNsense for an industrial application.

OPT1 connects an instrument and OPT2 connects a control computer.

The instrument sends multicast traffic and I have created a rule so that the traffic only goes to OPT2. The rule works fine, but after about a minute and a half the network connections drop and the Protectli unit freezes. A hard reset will bring everything back to the operational state.

The instrument sends multicast traffic at about 5 Mbps. That doesn't seem high enough to overload the system, but something is and I have no clue what it might be.

Shooting in the dark I wonder if Enabling TCP Offload Engine and Enabling Hardware Checksum Offloading would remedy this.

Any ideas or insights are greatly appreciated.




November 16, 2021, 05:32:30 AM #1
Possibly flooding the state table. Hard to say.

It's possible it appears to be working because multicast traffic is leaking everywhere.

You might need to share the relevant rules. I presume a floating rule is in effect too...?

Did you configure IGMP Proxy as well?
November 16, 2021, 07:50:23 PM #2
Thanks Benyamin;

Using Wireshark I see multicast only between OPT1 and OPT2 - nothing on the other interfaces.

Relevant rules:
Floating - block - outgoing - IGMP  - source * - destination * (don't think this is actually needed)

OPT1 - block - incoming - IGMP - source * - destination ! OPT2 Net (inverse rule meaning * but OPT2 Net)
OPT1 - allow - incoming - IPV4 - source * - destination *

OPT2 - allow - incoming - IPV4 - source * - destination *

No IGMP Proxy
November 16, 2021, 09:45:46 PM #3
State table size is fine and stable.

MBUF usage looks to be a problem. With the instrument running this fills up rapidly and then cases the system to shut down. Increasing the size would buy some time, but it will no doubt fill up again.

now what?
November 16, 2021, 10:47:26 PM #4
I presume there's nothing obvious in the General log. Searching for "mbuf" or "kernel" might help.

Also, grabbing the output of a couple of goes of netstat -m or netstat -m | grep mbuf might help to see where the delta changes are occurring.

Having said all that, perhaps it would be a good idea to install the IGMP Proxy plugin. AFAIK, mrouted is not part of core - not that I would necessarily expect it to be - but I understand the IGMP Proxy plugin is at least based on mrouted, so maybe it will help...
Print
Go Up Pages1
User actions