Is there an API to trigger pfsense reboot?

left4apple

I'm using Xfinity right now, and occasionally I'm experiencing high latency issue, e.g., ping 8.8.8.8 is more than 500ms.

Even though I'm sure it's not the problem of pfSense as I can get full 2.5Gb from my desktop tp pfSense via iPerf3, restarting the router does solve the problem and make the latency back normal again.

And this all happened after my neighbor starts using Xfinity. It might be an interference issue but even xfinity technician doesn't know what's going on and how to solve it.

I guess all I can do now is to restart pfSense when the latency is too high. For that I'm running a monitoring service on my homelab server. Just wonder if there's an pfSense API that I can use to trigger the restart? For my own reason I cannot use SSH to do that.

Thanks!

Gertjan

@left4apple

Restarting the entire system for a latency problem ?

If the system goes to a "100 %" load for 'some reason, then resolve that problem !

If it's the uplink connection, the the monitoring can take care of that just fine, and the functionality is already there.

Go to System > Routing > Gateways > Edit and then to the bottom of the page.
Hit the Advanced button.
Now you can set up the values you need.

The main goal is : when the number of lost packets is "to much", the the action "Gateway Action" is triggered : it brings the connection (WAN) down, and then up again, thus re initializing the uplink (WAN).

Btw : 8.8.8.8 is a well known DNS and used by millions if not billions.
What will happen if the load on 8.8.8.8 starts to rise ? What will 'they' do ? Well, they would do what you would do : they start to remove tasks that are not needed for DNS handling.
Like "not replying to useless ICMP (ping) requests".
So, maybe 8.8.8.8 isn't the best ping motoring destination ;)

The best monitoring IP is some (your) ISP router, so rather close by.
Do a trace route, and pick the second or third IP it found. Try that one out for some time.

@left4apple said in Is there an API to trigger pfsense reboot?:

And this all happened after my neighbor starts using Xfinity.

I presume you don't have a 'fibre' connection, but something else ?

ISPs tend to share connection resources among their clients.
( because : If "I was an ISP, I would do the same ting")
I don't quiet understand why re initializing the connection would makeit any better : if the issue is upstream, like nearby, or even the link bewteen the ISP and Google services, then you, on your side, can do thing nothings about it.

edit : actually : you can do something : when you have a good working connection with some ISP, don't tell anyone about. And when they ask you : "just complain" (yep, I admit : create your own fake news). They will chose another one ISP, leaving you with the good connection ^^

@left4apple said in Is there an API to trigger pfsense reboot?:

Just wonder if there's an pfSense API

Noop, that the other firewall, like TNSR. pfSense is GUI based.

Still, you could write, find, borrow, adapt :
A shell script that :
pings also an upstream IP.
Calculates the reply time over the last 10 or so.
If the average is bigger then 500 ms then
check the "rebooted file" : and if not rebooted for the last hours :
create the "rebooted file" - and execute a reboot.

This shell script can be fired by a 5 minutes cron task (install the cron pfsense package)

The very fact that such a solution isn't really known just means : it's not the right approach to handle things.

left4apple

@Gertjan Hi thanks for the reply. I understand it's overkill to fix the latency problem, but before Xfinity finds out what's wrong, this is the only thing I can think of. But I'll try the gateway solution you mentioned.

The CPU load is always below 10% at any moment so I honestly don't think that's the problem.

I understand 8.8.8.8 is a public service backed by anycast, but I've been using it for 2 years to monitor the network latency and nothing was wrong, until last week my neighbor also installed Xfinity service at their home. I also used the gateway IP as the monitor IP, with the same result.

I have zero idea why restarting pfSense fixes the high latency issue, but it is the case. Maybe next time I'll just try to release IP and re-acquire one via ISP DHCP.

I don't have the luxury of having fiber at my home. The new Coax diagram is attached below. I think it's the newly added splitter1 that is causing the problem. I asked my neighbor but they didn't had such issue.

Gertjan

@left4apple said in Is there an API to trigger pfsense reboot?:

I understand 8.8.8.8 is a public service backed by anycast, but I've been using it for 2 years to monitor the network latency and nothing was wrong, until last week my neighbor also installed Xfinity service at their home. I also used the gateway IP as the monitor IP, with the same result.

Ok, so it looks like that the issue is "close" to you, like between your central ISP equipment and your pfSense.

@left4apple said in Is there an API to trigger pfsense reboot?:

next time I'll just try to release IP and re-acquire one via ISP DHCP.

Exact.
If you are using DHCP on you WAN, you'll have a disconnect button here : Status > Interfaces.
Just disconnect, and then re connect.

Btw : do you get a new WAN IP at that movement ?

@left4apple said in Is there an API to trigger pfsense reboot?:

The new Coax diagram is attached below. I think it's the newly added splitter1 that is causing the problem. I asked my neighbor but they didn't had such issue.

I'm just thinking out loud here.
Go to splitter One.
It has an "input" and two "outputs".
Swap the two outputs.
And now wait and see

If the situation persists : check interconnections at splitter2.
Also : pay yourself a visit to the not references other - right side - location.

More serious : re creating a new purely non physical connection (it's just a stream of bits - splitters don't deal with bits, they deal with electric signals so a splitter handles frequencies, tension and current).
pfSense isn't connected to the splitters, your coax modem is.
=> when you reboot the modem, does that change the quality of your connection ?
I still find it strange that "doing something with pfSense" impacts the quality of the connection.

left4apple

@Gertjan said in Is there an API to trigger pfsense reboot?:

Btw : do you get a new WAN IP at that movement ?

No. For some mysterious reasons I've been getting the same WAN IP since I started on Xfinity(2 yrs ago?) even though static IP isn't in the contract. I guess I just have really short down time.

@Gertjan said in Is there an API to trigger pfsense reboot?:

Swap the two outputs.

It's on the roof but I'll see if my ladder is high enough. However, 98% of the time the network works just fine(8ms) in my home, so I'm not sure where the high latency could even come from. The splitter seems high quality though. Splitter2 also seems snug.

@Gertjan said in Is there an API to trigger pfsense reboot?:

pay yourself a visit to the not references other - right side - location.

My 2nd neighbor is a lovely elderly couple and they know nothing about network, except Netflix and Amazon Prime. But I did manage to physically connect to their router and the latency is the same(8ms) at the time I tested it.

@Gertjan said in Is there an API to trigger pfsense reboot?:

I still find it strange that "doing something with pfSense" impacts the quality of the connection.

Exactly. That's why I'm clueless. I never ever restarted the modem, not even once. Only pfSense.

viragomann

@left4apple
For sure you should find out the real reason for the high latency. But for the time being, why don't want you use SSH to access and reboot pfSense if this helps? It's simply to script this and the reboot via SSH goes with a single line.

stephenw10

Yup this would be trivial via SSH and much more complex via any other method.

Try to determine if you actually need to reboot though. It may be sufficient to just renew the DHCP lease or to logically DOWN/UP the WAN interface.