if_pppoe problems with php-fpm causing loops. (resolved)
-
@ajtuk Forgot to ask, do you have any additional IP's added as virtual IP's on your install?
-
@chrcoluk said in if_pppoe problems with php-fpm causing loops. (resolved):
Looks like VIP is the culprit, after I removed it, pppoe2 down worked, and up then brought it back up.
Hmm, that's good info. Let me see....
-
@chrcoluk Yes, I have 3 VIP's setup. Also not had any drops for a good few weeks, but could just be that both AAISP and City Fibre have been stable.
-
@ajtuk Yep I have not had any outages either, I updated to 2.8.1 then decided to test those commands as it was something I wanted to do to further diagnose.
I think we may have found the reason then. Hopefully Netgate can repeat this.
-
Yep. So to be clear you have IPAlias VIPs on the PPPoE interface?
-
@stephenw10 Yep IP alias for me.
-
@stephenw10 Hi again, is there any news on this? like has it being tested as confirmed or anything like that yet? Thanks.
-
Sorry not yet. Let me see what I can do....
-
@w0w said in if_pppoe problems with php-fpm causing loops. (resolved):
@chrcoluk said in if_pppoe problems with php-fpm causing loops. (resolved):
issue related to fragments
What issue?
A little bit more info now as to why if_pppoe fixed it.
I think mpd tcpmssfix wasnt working properly, if_pppoe uses scrub instead for same feature. I did a little bit of testing with iperf and that reports a weird mss value when using mpd combined with tcpmssfix.
I havent however confirmed on the cloudflare icmpcheck.popcount test yet as site seems to be down now.
-
Hmm, interesting. So with mpd5 you ended up with both mssfix methods and that created an unknown situation?
-
Ok we replicated this VIP loop scenario and are working on it....
-
Ok I think we have a fix for this, we are testing it internally. It should be in the next 25.11 build.
-
@stephenw10 said in if_pppoe problems with php-fpm causing loops. (resolved):
Ok I think we have a fix for this, we are testing it internally. It should be in the next 25.11 build.
BTW. Anything new in this matter?:
https://redmine.pfsense.org/issues/16229
-
Not yet. The issue is more complex that initially thought. Enabling the pppoe encapsulation there prevents it crashing out but it never matches any traffic.
-
@stephenw10 said in if_pppoe problems with php-fpm causing loops. (resolved):
Not yet. The issue is more complex that initially thought. Enabling the pppoe encapsulation there prevents it crashing out but it never matches any traffic.
Thanks for the Info & explanation!
-
@stephenw10 said in if_pppoe problems with php-fpm causing loops. (resolved):
Ok I think we have a fix for this, we are testing it internally. It should be in the next 25.11 build.
Thank you very much for this. Is there a possibility of a 2.8.2 for this?
I think j I found the patch here, so I can manually add to system patches I guess.
https://redmine.pfsense.org/projects/pfsense/repository/2/revisions/63566d0b473c6399376de6b97e0e06b9a6fb2550
Also on the MPD thing, it has its own build in tcpmssfix, which I learnt about when examining the scrub changes made for if_pppoe, as you guys replaced that feature with scrub for if_pppoe. From what I can tell it behaves absolutely fine on if_pppoe, but when doing some tests on iperf3, I was seeing some weird results with mpd on the negotiated mss whilst its tcpmssfix was enabled. Which I think is why if_pppoe fixed my fragmentation issues. This becomes irrelevant anyway as if_pppoe is the future. :)
Since its not a kernel change, perhaps it can be added to system patches package for CE? I have added patch manually, but it will be useful to others.
-
Yup might do that if the next CE release looks too far out.
