SG1100 memory starvation - Unbound not restarting

SteveITS

@michmoor I don’t see that in the docs. Is there an ISP modem that booted? pfSense would see that as a disconnect.

michmoor

@SteveITS no ISP modem that booted. Two link down events from what appears to be two ports but nothing on the WAN or LAN side was restarted. Maybe these are internal ports as the 1100 has a switch? I dunno

stephenw10

Port3 is WAN port2 is LAN. By default at least.

Screenshot from 2024-10-12 14-03-03.png

michmoor

@stephenw10

So based on my syslog, both WAN and LAN went down?

stephenw10

Yes, that's what's logged there. Since it's actually the switch driver reporting that it pretty much has to have happened.

michmoor

@stephenw10 hmm than i suspect something is wrong with the unit.

One port directly connects to a cable modem.
The other port directly connects to a switch.
They both go down at the same time?

Is there anything else I can check to monitor hardware health?

stephenw10

I assume both those things didn't reboot?

It could have been pfSense driving the switch ports to re-link of course. A change to the internal switch config perhaps.

michmoor

@stephenw10
The modem , pfsense and switch are on the same PDU. So it wasn't a loss of power. By some sort of freak act there could be a fault on two outlets but highly unlikely.
No configuration changes have taken place on this unit since 10/6 according to Configuration History.
Im back to thinking its perhaps a faulty unit. Replacement here would be a real PITA. Hoping there are some other diagnostics i can perform.

stephenw10

Is there anything logged running up to that? Some interface change etc?

michmoor

@stephenw10

This is the only thing i see prior

Oct 11 20:16:00 nyc-fw1-inet sshguard[69504]: Exiting on signal.
Oct 11 20:16:00 nyc-fw1-inet sshguard[77474]: Now monitoring attacks.
Oct 11 20:35:30 nyc-fw1-inet check_reload_status[666]: Linkup starting $e6000sw0port3
Oct 11 20:35:30 nyc-fw1-inet kernel: e6000sw0port3: link state changed to DOWN
Oct 11 20:35:31 nyc-fw1-inet php-fpm[20159]: /rc.linkup: Hotplug event detected for WAN(wan) dynamic IP address (4: dhcp)
Oct 11 20:35:31 nyc-fw1-inet php-fpm[20159]: /rc.linkup: DEVD Ethernet detached event for wan
Oct 11 20:35:33 nyc-fw1-inet syslogd: sendto: Network is down
Oct 11 20:35:33 nyc-fw1-inet syslogd: sendto: Network is down
Oct 11 20:35:33 nyc-fw1-inet syslogd: sendto: Network is down
Oct 11 20:35:33 nyc-fw1-inet syslogd: sendto: Network is down
Oct 11 20:35:33 nyc-fw1-inet syslogd: sendto: Network is down
Oct 11 20:35:33 nyc-fw1-inet syslogd: sendto: Network is down
Oct 11 20:35:33 nyc-fw1-inet syslogd: sendto: Network is down
Oct 11 20:35:33 nyc-fw1-inet syslogd: sendto: Network is down
Oct 11 20:35:33 nyc-fw1-inet syslogd: sendto: Network is down
Oct 11 20:35:33 nyc-fw1-inet syslogd: sendto: Network is down

I do see that the LAN side had a Hotplug event as well. Looking at the timestamps the LAN side event happened more or less at the same time as the WAN side.
To me this indicates either

As part of any link-status event, pfSense restarts the internal switch ports
There was some weird failure on both LAN and WAN side which i honestly don't see happening.
Other cause not yet known.

][admin@nyc-fw1-inet.moore.lan]/var/log: cat system.log | grep "Hotplug"
Oct 11 20:35:31 nyc-fw1-inet php-fpm[20159]: /rc.linkup: Hotplug event detected for WAN(wan) dynamic IP address (4: dhcp)
Oct 11 20:35:38 nyc-fw1-inet php-fpm[55571]: /rc.linkup: Hotplug event detected for LAN(lan) dynamic IP address (4: 192.168.70.254, 6: track6)
Oct 11 20:35:39 nyc-fw1-inet php-fpm[17116]: /rc.linkup: Hotplug event detected for WAN(wan) dynamic IP address (4: dhcp)
Oct 11 20:35:54 nyc-fw1-inet php-fpm[20159]: /rc.linkup: Hotplug event detected for LAN(lan) dynamic IP address (4: 192.168.70.254, 6: track6)