Hotplug event on backup interface resets connections
-
hi there, i am having issue with my pfsense 2.5.2 when for example my backup internet has issue with cable or if i restart the router of backup internet than it resets all connections, i also checked Disable Gateway Monitoring Action on backup interface but it still resets all connections, here is the logs:
Nov 10 07:49:55 check_reload_status 378 Reloading filter
Nov 10 07:49:55 php-fpm 65700 /rc.newwanip: rc.newwanip: on (IP address: 192.168.0.251) (interface: A1[opt2]) (real interface: igb2).
Nov 10 07:49:55 php-fpm 65700 /rc.newwanip: rc.newwanip: Info: starting on igb2.
Nov 10 07:49:54 check_reload_status 378 Reloading filter
Nov 10 07:49:54 check_reload_status 378 rc.newwanip starting igb2
Nov 10 07:49:54 php-fpm 65700 /rc.linkup: Hotplug event detected for A1(opt2) static IP (192.168.0.251 )
Nov 10 07:49:53 kernel igb2: link state changed to UP
Nov 10 07:49:53 check_reload_status 378 Linkup starting igb2
Nov 10 07:49:30 check_reload_status 378 Reloading filter
Nov 10 07:49:30 php-fpm 79198 /rc.linkup: Hotplug event detected for A1(opt2) static IP (192.168.0.251 )
Nov 10 07:49:29 kernel igb2: link state changed to DOWN
Nov 10 07:49:29 check_reload_status 378 Linkup starting igb2 -
@edmond
Fast and shot solution : have the device on the other side of the OPT2 (IGB2) cable also connected on the UPS. Or : don't have it going down.
The LINK UP event activates the interface. On a de activated interface, there are no firewall, no routing tables, nothing, it's just not activated and logically not present in the 'routing' system.
When it comes active, firewall rules have to be loaded, and routing might chance.
So, yeah, other process, pfSense packages etc are being signalled of this event.
If this didn't happen you could have a huge security issue in your firewall/router ... -
@gertjan i know that my backup router is not working very good i need to replace it and the only solution for now is that i also need to check mark the Disable Gateway Monitoring so this way i dont have any issue, but i used to have cisco router and with cisco i did not have this issue even if i unplugged the backup internet cable, because this way its not right if one of my backup devices to go down and all my connection to reset.
-
@edmond
Check / consider also this one :
-
@gertjan its unchecked
-
Reloading the filter does not reset states.
Disconnecting an interface should not do that either unless there's an IP conflict or some sort or gateway failover event.
Does it do it for both gateways? Or if you manually reload the filter?
Is it actually resetting all states? Do you lose connection to the gui temporarily?
Steve
-
@stephenw10 the Disable Gateway Monitoring and
Disable Gateway Monitoring Action is enable but still i am having issue when i receive event hotplug and when that happen i dont have internet at that moment because it resets all Connection States so i dont know where is the issue, it should not do that -
@edmond said in Hotplug event on backup interface resets connections:
i receive event hotplug
These events are hardware events. The electrical connection when down, or there were just to many transmission / reception errors. The NIC resets itself to renegotiate a connection.
Change cable and/or NIC's on both sides will take care of the issue. -
@gertjan but that is my backup internet that is doing that hotplug i know that the router is not working good but i dont know why it affects my primary connection, than what is the point of failover if we have this kind of issue,
-
@edmond said in Hotplug event on backup interface resets connections:
that is my backup internet that is doing that hotplug
You mean : a 'backup' WAN interface that resets, and it influences states on the other interfaces ( primary WAN) ?
-
@gertjan yes, even if i check mark the Disable Gateway Monitoring and Disable Gateway Monitoring Action on Backup interface it still reset the connections on Primary Interface
-
The only time you see that caused by software is if you;re running Snort/Suricata in in-line mode and it restarts. Are running either?
It still shouldn't reset states though.Steve
-
@stephenw10 no, i dont have any packege installed not sure why is doing that, is it beacuse i changed the interface name?
-
If you changed the interface name it would do that because it would reapply all the interface properties including the link speed/type. But it would only do it once when you actually made the change.
Steve
-
@stephenw10 its doing every time that my backup router keeps rebooting by itself. I am waiting for my service provider to change the router but i want to see if there is a bug somewhere in the pfsense, because it doesnt make sense to me to reset all connection because of something that is doing my backup interface, no sure if you guys can test in your enviroment
-
Ah, OK so it really is loosing link on that interface. That explains the logs you're seeing.
But we still wouldn't expect it to lose states on other interfaces when that happens.
Does it actually reset the states? If you look at the Status > Monitoring graphs for states use do you see them drop to zero?
Steve
-
@stephenw10 i just restarted the router that is on the backup interface and i got ping timeout also the phone calls droped and i did not have internet for like 10 seconds, the time that i did reboot was 15:28:00 ,here is the screenshot
-
Hmm, well it's certainly loosing some states. The averaging is probably hiding the exact number.
How many states do you have using the backup WAN normally? Before you rebooted it?
Steve
-
@stephenw10 i did restart the pfsense and now i dont have that issue anymore, maybe i had to restart pfsense after i did change the interface name of the backup internet i am not sure. I also tried now to uncheck the Disable Gateway Monitoring because i want to receive notification if my backup internet has issue but if i uncheck it will reset all connections if my backup internet has issue, i think it should not do that because the Disable Gateway Monitoring Action is checked but if check mark the Disable Gateway Monitoring i dont have issue now.
-
Hmm, weird!
Take the win and move on....
Steve
