After upgrading to 24.11 DHCP fails every 10-14 days

lohphat

@bmeeks
Sounds like we had similar facets to our careers. Started working in an integration house at 15 in 1980 then moved to ARC Net, Novell, then MSFT.

Now my final gig, retrofitting a TV studio with older SDI cabling ST2110 (video over IP) with a 100Gbit backbone.

Gertjan

@johnpoz
and @lohphat
These :

are all 'solved' when you use 24.11 ...

That is, I wouldn't want to wait for Remote DNS server registration (kea calls it D2) and as the binary is there, I've put it to work.
I don't need the HA part of kea, as Ive only one pfSense.
The rest : works for me.

I agree with what bmeeks said above about 32 bit arm code. That said, I don't have 'arm' (firewall) devices, I don't have '32 bit' device anymore. And testing these issues is pretty hard core.
Still, '32 bits' stuff was phased out more the a couple of years ago, and while Netgate promised to support, this 'kea' core dumping is scary.
Just keep in mind that even if ISC DHCP earned the "depreciated' tag, it is still rock solid for many moons to come.

Kea, right now, on a 4100 using 24.11 is pretty stable for me. I'll give it the title 'rock solid' in a month or two.
And, as stated above, I messing around with it.

@lohphat said in After upgrading to 24.11 DHCP fails every 10-14 days:

Given a new 4200 cost ($570) to replace the 3100, I might as well look at a PA-4xx series.

Remove 120 or so from to get bare metal costs. With a non Netgate device you would have to buy pfSense plus. 2.7.2 doesn't have the latest kea upgrades / GUI implementations yet, although that will change soon.
A '4200' will give you a 64 bits x86-64 device, and I haven't heard of the upcoming x86-128 yet ^^

lohphat

Redmine bug opened: https://redmine.pfsense.org/issues/15973

lohphat

@Gertjan said in After upgrading to 24.11 DHCP fails every 10-14 days:

With a non Netgate device you would have to buy pfSense plus.

If I get a PA-4xx unit it will be running PANOS (Palo Alto Networks), not pfSense.

lohphat

@Gertjan said in After upgrading to 24.11 DHCP fails every 10-14 days:

I agree with what bmeeks said above about 32 bit arm code.

Then don't release 24.11 for 32-arm and just EOL those platforms. Don't lead affected customers down an unstable path. Just end the support instead of introducing unstable code for the platform.

By telling customers that 24.11 is the preferred release that implies it works for your platform.

The conflicting messaging as to what's preferred, deprecated, supported, potentially unstable, etc. was not handled clearly.

electr1c0xyg3n

I too have an SG-3100.
Only since I updated the version to 24.11 from 24.08 has my network been flaking out.
All the devices, and I have like 50 wifi lamps, 40 IOT Switches, four Ubiquiti Wireless AP's + Cloud Key ... it's been infuriating not to have wifi to interrogate stuff...

The items with Static Mappings seem to keep their leases.

So my desktop, the router, manage to still talk to one another.

I've switched back to the depreciated ISC, and unticked "warn that that's it's depreciated".
Lets see if that fixes it.

I presumed I was on Kea before the software upgrade, but to be honest, I just can't remember, I don't seem to have full control of home configurations in my 40's with kids , like I used to when I was single in my 20's...

Time to upgrade to 64-bit you say... old thin machine or NUC with some 2.5Gbps interfaces you say...

DavidIr

@electr1c0xyg3n I have a 3100 too and have noted that in relation to Kea DHCP

• Logging is not the same as on 64bit devices, seems like the logs just don't get populated for some reason
• The DHCP service exits without warning occasionally (think it runs out of memory or something) so you MUST run the Service Watchdog ensure it restarts

I am planning on moving to a new router soon as the throughput of the 3100 is unlikely to keep up with my new 1Gb broadband soon to be installed. Most likely I will move to Ubiquiti due to the cost of Netgate hardware optinos.

Gertjan

Allow me to propose something else :
If kea fails with error 6, check RAM usage. Free up RAM if needed.
If it keeps failing, don't fight it. Go ISC.

After all, if '6' arrives, ditching the process and start it again ... the '6' point will come back.

DavidIr

@Gertjan said in After upgrading to 24.11 DHCP fails every 10-14 days:

If kea fails with error 6, check RAM usage. Free up RAM if needed.

Given the service could crash at any time (and every occurence I've seen it has been out of hours, overnight or at some other really inconvenient time) and the lack of working DHCP basically makes networks unusable I would rather the service recover itself.
Also given this is on Netgate hardware (rather than a VM or other system I can upgrade) there is little I can do about ram either usage or availability. Here is a snapshot of when the system is running normally:

The Kea service does work functionally most of the time, and as I am planning on ditching the box soon I don't intend to spend any time investigating what is now just a minor annoyance as the service auto-restarts on failure.

lohphat

@DavidIr

Those resource utilization numbers are typical for my installation running pfBLockerNGdev.

I've not seen an error 6, only error 11.

DavidIr

@lohphat Probably worth you being aware of this post which is about an 11 dump of KEA on a 3100 which I've been having...