/usr/local/etc/bogonsv6 too big

phoenix · February 08, 2018, 08:11:39 AM

Quote from: franco on February 07, 2018, 08:58:47 PM
Hmm, and do you set "block bogons" anywhere in your interfaces?

Also in your system log do you see "Not saving IPv6 bogons table (IPv6 Allow is off and table-entries limit is potentially too low" ?

Franco

Just an update on this. I'd set-up a test server on a separate VM. It's a clean install of 18.1and "Block bogon networks" is enabled on the WAN link but the file hasn't been updated:

Code Select

ll /usr/local/etc/bogonsv6
860 Feb  1 11:58 /usr/local/etc/bogonsv6

There's nothing in the logs until I do the update and the file updates correctly.

franco · February 08, 2018, 08:36:48 AM

Hmmm, okay. Let's leave it as is then. :)

Cheers,
Franco

cardins2u · April 06, 2018, 05:50:33 AM

I'm getting this same errors .

anyone found a fix yet?

@franco

franco · April 07, 2018, 05:46:07 PM

It doesn't appear to be a real bug. The bogons size seems to fluctuate via http://www.team-cymru.org/Services/Bogons and that's causing this long known issue in the state table where IPv6 is said to be too large, but up until now we never observed it in OPNsense.

Here's a recent pfSense ticket observing / addressing the same:

https://redmine.pfsense.org/issues/8417

I'm not sure what the best approach is for us yet.

Cheers,
Franco

marjohn56 · April 07, 2018, 06:35:22 PM

Is it not just a case of increasing the maximum table entries?

I have never seen this issue, but one of the first things I needed to do when setting up Opnsense was to increase the max table entries.

Reiter der OPNsense · April 07, 2018, 08:39:08 PM

I agree with marjohn56. In my opinion this is not a bug, but you shouldn't just ignore it. The bogonsv6 seems to be simply too big and will probably not be processed correctly. I got this error message during my IPv6 experiments on two boxes. The obvious thing would be to increase the corresponding standard value from 200,000 to a reasonable size. In my case, the value of 500,000 makes the error message disappear.

NOYB · April 07, 2018, 10:11:20 PM

Not setting the maximum table entries to an appropriate size when bogons v6 is enabled is a bug in my opinion. Whether or not some other product does is irrelevant.

Been running maximum table entries at 1,000,000 "forever" precisely for this reason. But it should be set to an appropriate size automatically when/if bogons v6 is enabled.

marjohn56 · April 07, 2018, 11:15:13 PM

I go with NOYB, 200K for V4 only and bounce it to 500K if bogons v6 is enabled.

I also run 1,000,000 as it happens but then my proc can cope with it. I have a feeling I was running 500K when I used an APU2.

@Franco - would you be happy with that?

I'm happy to look at doing a PR for it if no-one else wants to.

elektroinside · April 08, 2018, 12:17:47 AM

It's not a bug, it's a feature :D It's just missing, so the actual bug would be that it is missing this feature :D

franco · April 08, 2018, 11:55:18 AM

Bug or feature, all contributions are welcome ;)

...or try this then...

https://github.com/opnsense/core/commit/fc0c66e8
https://github.com/opnsense/core/commit/5dd172e

Cheers,
Franco

marjohn56 · April 08, 2018, 12:55:31 PM

Nice one...

elektroinside · April 09, 2018, 09:11:19 AM

There you go, this is what i call support :)
Thank you Franco!

/usr/local/etc/bogonsv6 too big

phoenix

February 08, 2018, 08:11:39 AM #15

franco

February 08, 2018, 08:36:48 AM #16

cardins2u

April 06, 2018, 05:50:33 AM #17

franco

April 07, 2018, 05:46:07 PM #18

marjohn56

April 07, 2018, 06:35:22 PM #19

Reiter der OPNsense

April 07, 2018, 08:39:08 PM #20 Last Edit: April 07, 2018, 08:40:56 PM by Reiter der OPNsense

NOYB

April 07, 2018, 10:11:20 PM #21

marjohn56

April 07, 2018, 11:15:13 PM #22 Last Edit: April 07, 2018, 11:16:56 PM by marjohn56

elektroinside

April 08, 2018, 12:17:47 AM #23

franco

April 08, 2018, 11:55:18 AM #24

marjohn56

April 08, 2018, 12:55:31 PM #25

elektroinside

April 09, 2018, 09:11:19 AM #26