SG1100 to 24.11 issues

sgw

Just for the records: had a similar issue when upgrading from the RC to the release (only 7 packages upgraded).
Solved by removing one BE with ~1.4GB.

now on 24.11: thanks all for your work!

michmoor

@stephenw10

Removed pfblocker and frr but still the upgrade is failing
Not sure what pkg-static is but that seems problematic

marcosm

@michmoor pkg relies on dynamic libraries provided by the system whereas pkg-static does not. Usually that message indicates the system is running out of memory. There are some situations where 2GB is required for the upgrade to succeed. My suggestion in this case would be to create a BE with everything working, uninstall all packages, update, reinstall packages. then create a new BE.

stephenw10

Yes, looks like it's still exhausting the RAM. How much free RAM is shown before the upgrade starts?

michmoor

@stephenw10
Im in the process of removing packages.
How do I check the amount of memory prior to an upgrade?

stephenw10

The dashboard will give you a rough value. Otherwise check the output of top r in Diag > System Activity.

michmoor

@stephenw10

No packages installed.

stephenw10

Should be fine from there.

michmoor

@stephenw10

So close. Prior it kep stalling on the python install. It got pass that and now its failing here.

stephenw10

Ok, reboot to free up RAM then try upgrading from the CLI without the webgui open.

pfSense-upgrade -d

That will show you more error output if it fails again.

michmoor

@stephenw10 That last error pointed to bsnmpd. I disabled it and ran through the upgrade process.
That is successful and the system reboot into 24.11

Thanks @stephenw10 and @marcosm for the assist here. Appreciate yah.

One last question, help me understand the requirements for the SG1100 regarding packages. When purchasing the unit, I knew it would be limited in usage with heavier packages like Suricata. The thinking is that this location has a 300Mbps line and didn't need much in hardware.
I didn't feel that pfblocker or frr were heavy. Is there concern about running extra packages? Is FRR suitable for running on the unit?

stephenw10

It depends!

FRR could use a lot if you tried to load a bgp full routing table for example. Equally pfBlocker can use a lot of RAM if you load all the huge lists. But both will run on an 1100 given some limits.

But bsnmpd is interesting. It could have just been the last thing that tried to allocate RAM.

marcosm

@michmoor It ultimately depends on the usage. I run FRR on a lab with all devices at 1GB and haven't had issues with it. I don't think I'd run pfBlockerNG, Suricata/Snort, and FRR all on the same 1GB device, but that's not to say it can't work.

michmoor

@marcosm
FRR its for bgp and only for advertising less than 2 prefixes and receiving 10. Def not meant for edge routing in that way.

The unit was also up for over 100 days so could it be possible there was some memory not properly released?

In either case, successful upgrade and re-adding the packages is a snap. I will be thinking a bit more carefully about what packages will get installed at a future point.