if_pppoe problems with php-fpm causing loops. (resolved)

chrcoluk

A retry delay, might be an idea? With the timing issue on ipv6 as well, I wonder if things just move too fast.
Because I dont understand how the new PPP works, from what I can tell it doesnt even have a config file, the parameters are just supplied directly, its hard for me to try and patch something myself to find a solution, I am hoping netgate are looking into it as its just me and ajtuk from one ISP.
Just in case it might be relevant, the WAN connection does go through a WAN side VLAN, a requirement from CityFibre.

This is also confirmed on the command output here.

# pppcfg pppoe2
        dev: igc1.911 state: session
        sid: 0x44a8 PADI retries: 0 PADR retries: 0 time: 02:13:26
        sppp: phase network authproto auto authname "x@x" peerproto auto 
        dns: 217.x 217.x

I will of course do as you said stephen, the incident is now closed, but if needed I will try to emulate it with a cable pull test, but I have someone relying on the uplink almost around the clock, so might be a little bit of time to get a chance to do it.

I am also prepared to have a conversation with AAISP to see if they can assist from their side, maybe they can notice something wrong in their logs.

stephenw10

Mmm, the VLAN should not have any effect. Many ISPs require that..

Can you replicate this manually by just reconnecting the WAN? That at least would be something we could try to replicate locally.

chrcoluk

@stephenw10 I thought about how I would do the test, I think best way is cutting power to the ONT, s the box will detect the carrier link going down if I pull the ethernet, I will try to do this test as soon as I can, but to try and mimic the conditions, I will probably need to keep at down for at least 15 minutes.

I will do this in about 5 hours or so, I think either killing the ONT power or removing the cable, will make the cable register as disconnected, I am not prepared to remove the fibre cable, as it leaves it exposed to dirt.

AAISP offer a kill switch for the PPP, and the last outage was caused by them doing a "admin reset" it was logged as that on their logs. I guess to kick me of the LNS for rebalancing purposes, so I will get online via my phone and use the PPP kill switch for the test, this leaves the ONT powered up and ethernet cable in a connected state to mimic the failure conditions.

chrcoluk

@stephenw10 Ok here is an update, good news, remote kill of ppp triggers it so easy debug. Bad news cycling the interface removes the debug flag so successful connect lacks debug.

I can confirm the following, interface is "not" going down, no counters reset, checking it often in both cli and interfaces UI shows outbound packets accruing with no other changes.
The UI during this stuck state, shows it online with no ip's.
The CLI during this stuck state shows it online and the ip's still bound.

snapshot of debug log below, is from what I can see just 4 lines repeating, and looking at timestamps, there seems to be no pauses going on. Only thing I censored was what I think is remote mac from ISP, playing safe on that.

Since I can do the test quickly, I am a bit more open to repeating it in future.

I have also snapshotted another bit of logging with it debug enabled whilst I kill PPP, so info before the loop starts, but its a lot to post on this thread, is there somewhere else I can post more privately? If not, I might attach it somewhere.

Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp nak opts:
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp input(ack-sent): <conf-nak id=0x63 len=10
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2 (8864) state=3, session=0x580 output -> 9c:<blah>, len=30
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp output <conf-req id=0x63 len=22
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp nak opts:
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp input(ack-sent): <conf-nak id=0x62 len=10
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2 (8864) state=3, session=0x580 output -> 9c:<blah>, len=30
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp output <conf-req id=0x62 len=22
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp nak opts:
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp input(ack-sent): <conf-nak id=0x61 len=10
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2 (8864) state=3, session=0x580 output -> 9c:<blah>, len=30
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp output <conf-req id=0x61 len=22
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp nak opts:
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp input(ack-sent): <conf-nak id=0x60 len=10
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2 (8864) state=3, session=0x580 output -> 9c:<blah>, len=30
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp output <conf-req id=0x60 len=22
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp nak opts:
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp input(ack-sent): <conf-nak id=0x5f len=10
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2 (8864) state=3, session=0x580 output -> 9c:<blah>, len=30
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp output <conf-req id=0x5f len=22
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp nak opts:
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp input(ack-sent): <conf-nak id=0x5e len=10
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2 (8864) state=3, session=0x580 output -> 9c:<blah>, len=30
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp output <conf-req id=0x5e len=22
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp nak opts:
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp input(ack-sent): <conf-nak id=0x5d len=10
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2 (8864) state=3, session=0x580 output -> 9c:<blah>, len=30
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp output <conf-req id=0x5d len=22
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp nak opts:
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp input(ack-sent): <conf-nak id=0x5c len=10
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2 (8864) state=3, session=0x580 output -> 9c:<blah>, len=30
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp output <conf-req id=0x5c len=22
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp nak opts:
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp input(ack-sent): <conf-nak id=0x5b len=10
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2 (8864) state=3, session=0x580 output -> 9c:<blah>, len=30
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp output <conf-req id=0x5b len=22
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp nak opts:
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp input(ack-sent): <conf-nak id=0x5a len=10
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2 (8864) state=3, session=0x580 output -> 9c:<blah>, len=30
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp output <conf-req id=0x5a len=22
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp nak opts:
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp input(ack-sent): <conf-nak id=0x59 len=10
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2 (8864) state=3, session=0x580 output -> 9c:<blah>, len=30
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp output <conf-req id=0x59 len=22
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp nak opts:
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp input(ack-sent): <conf-nak id=0x58 len=10
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2 (8864) state=3, session=0x580 output -> 9c:<blah>, len=30
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp output <conf-req id=0x58 len=22
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp nak opts:
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp input(ack-sent): <conf-nak id=0x57 len=10
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2 (8864) state=3, session=0x580 output -> 9c:<blah>, len=30
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp output <conf-req id=0x57 len=22
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp nak opts:
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp input(ack-sent): <conf-nak id=0x56 len=10
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2 (8864) state=3, session=0x580 output -> 9c:<blah>, len=30
Jul 29 07:29:01 	kernel 	486498 	if_pppoe: pppoe2: ipcp output <conf-req id=0x56 len=22
Jul 29 07:29:01 	kern
```el 	486498 	if_pppoe: pppoe2: ipcp nak opts:

chrcoluk

@ajtuk Hi, I reported this to AAISP now, it makes sense to try and get them to work with pfSense dev's, if you can, you can contact them as well. As I mentioned there was another customer affected by the lack of auto reconnection.

ajtuk

@chrcoluk said in if_pppoe problems with php-fpm causing loops. (resolved):

@ajtuk Hi, I reported this to AAISP now, it makes sense to try and get them to work with pfSense dev's, if you can, you can contact them as well. As I mentioned there was another customer affected by the lack of auto reconnection.

Will do. I can also do some more testing next week and see if I get the same results. It's been "stable" the last few days, but no maintenance or issues on the AAISP end to cause it to drop.

stephenw10

Yup you can upload here: https://nc.netgate.com/nextcloud/s/isZqc6dRLsXfqYg

How exactly are you killing PPP?

chrcoluk

@stephenw10 There should be 2 logs there, I am not sure it worked as it says uploading, but please let me know.

On your question, AAISP on their control panel has a button that you can click which will kill the PPP session from their side, so basically a server side kill, not client side kill. I was logged in with my mobile phone connection to ensure I didnt lose access to the control panel as it happened.

stephenw10

Yup I see the files there, thanks.

ajtuk

@stephenw10 My connection dropped tonight. ISP logged it as a "Planned PPP restart". I uploaded a log to the link here. Maybe it's helpful?

It was only my CityFibre connection which did not reconnect. FTTC reconnected OK. Both use PPPoE and both are with A&A.

Rebooting the appliance brought it back up.

chrcoluk

@stephenw10 Thank you for providing these commands, and confirmation more logging is coming as well. The ISP is still investigating, I did setup an auto recovery mechanism which involved rebooting pfSense after 3 failed responses from the gateway in a 3 minute period, but now with the down up commands this will be a quicker and cleaner process, and since cycling the ppp is far less of an interruption than rebooting, I can do it without waiting 3 minutes as well.

https://forum.netgate.com/post/1223518