Strange behavior with gateway

dond

After I updated pfSense to version 2.8, I've noticed strange behavior in the gateways. I have 3 links and a failover like this:
ENERGY --> Tier 1
DNET --> Tier 2
STARLINK --> Tier 3

What happens is that out of nowhere, pfSense changes the gateway to Tier 3. I disabled the interface and the gateway, and today, to my surprise, it was setting Tier 3 as the default.

As you can see in the image, the Starlink gateway is disabled and just now it was set as default, whereas the default link was set to ENERGY.

dond

I think this may have been the factor for this behavior.

These options in the gateways all had the same weight of 1.
Weight - Weight for this gateway when used in a Gateway Group.

So I left it like this:
ENERGY - 3
D_NET - 2
STARLINK - 1

dond

Nothing doneEven though I set the default gateway as ENERGY, pfSense takes STARLINKEven changing parameters, even setting priorities

stephenw10

How are you checking that? You see it in the gateway group status?

Is the pfSense default IPv4 gateway set to the failover group? Or Automatic?

In automatic mode the default gateway will simply move to the next gateway if the existing one goes down.

dond

@stephenw10

I have 3 links.

LINK1 - TIER1
LINK2 - TIER2
LINK3 - TIER3

Then everything works. When we go to TIER3, it assumes it's STARLINK.

I understand why external services break, and also, on Route, the default globe is TIER3, even though the other two links are working normally. So, I have to take down the STARLINK interface to get back to TIER1.

dond

@stephenw10

Another thing I noticed is that if I define the Monirotin IP with 8.8.8.8 or 1.1.1.1 it gives a DPINGER error, so I even left the gateway itself and created a static route, the errors disappeared but this instability in the gateways returned.

DNET_PPPOE 8.8.8.8: sendto error: 13
Jul 24 17:22:44 dpinger 38309 DNET_PPPOE 8.8.8.8: sendto error: 13
Jul 24 17:22:45 dpinger 38309 DNET_PPPOE 8.8.8.8: sendto error: 13
Jul 24 17:22:45 dpinger 38309 DNET_PPPOE 8.8.8.8: sendto error: 13

dond

@stephenw10

How are you checking that? You see it in the gateway group status? - Yes

Is the pfSense default IPv4 gateway set to the failover group? Or Automatic?
failover group

In automatic mode the default gateway will simply move to the next gateway if the existing one goes down.

This pfSense works perfectly and has been running for over years. It started showing this after the upgrade.

stephenw10

@dond said in Strange behavior with gateway:

When we go to TIER3, it assumes it's STARLINK.

Hmm, what exactly do you mean by that? How are you 'going to tier 3'?

But importantly where are you using that gateway group? Is it set as the system default IPv4 gateway?

Here?

dond

@stephenw10

When I refer to tier 3, I mean the position of this link in the gateway group when configuring FailOver.

I created the group and set the link to TIER 3.

My default group is FailOver, the group of gateways I created.

chpalmer

@dond Some information that you might run into on yootoob is either outdated or just plain wrong in case you have referred to that service when originally setting your system up..

This is my setting for comparison-

What I do not know is how IPv6 affects this as I do not use it here.

dond

@chpalmer

I removed STARLINK so as not to interrupt the night crew.

But if I enable it and put it in the gateway group, after a few minutes it becomes the default.

chpalmer

@dond and with that big Starlink outage today I can see why.. LOL.

I am trying to figure out what I can do to replicate your setup here..

(starlink outage is what Elon gets for insinuating that a robot could take over as a rollerskate wearing carhop waitress) x. com thing..

dond

@chpalmer LOL...

In short, what happens is that if the starlink link is enabled, I don't know why pfsesnne assumes it as the main one even though it is not defined in the gateway group.

chpalmer

@dond Im curious if it has to do with monitoring the addresses your first two links are in your first graphic. I know that in the past some have had issues using Googles IP there but cannot remember specifics.

Will your actual gateways answer to a ping? or are they to close in the scope of things to let it work?

dond

@chpalmer

In a way, yes.

What I expect is that when I define the gateway group, it will assume the tier I defined.

In IP Monitorin, I defined it this way and saw an error in my logs with dpinger.
Jul 24 18:29:19 dpinger 54194 DNET_PPPOE 8.8.8.8: sendto error: 13
Jul 24 18:29:20 dpinger 54194 DNET_PPPOE 8.8.8.8: sendto error: 13
Jul 24 18:29:20 dpinger 54194 DNET_PPPOE 8.8.8.8: sendto error: 13

chpalmer

@dond Do you have the "Gateways" widget on your dashboard? Does it show any loss to any of the gateways?

Here since my secondary is just that I simply use the actual modem address to monitor which will never go down unless it loses power just because I expect that my tier1 gateway will take back over when it comes back up and it always does.

Should be true on the highest numerical tier (in your case) 3.. you should not have to ping very far out at all if it is working correctly.

Just trying to rule things out.. and thinking out loud.

dond

@chpalmer

This is what is strangest in my dashboard, the two normal likes visually

chpalmer

@dond

Set your weight for all of them to one. See if that does not work...

dond

@chpalmer said in Strange behavior with gateway:

Set your weight for all of them to one. See if that does not work...

By default it was 1, I changed it in an attempt to fix this, but I'm back now.

I'm waiting for the staff to finalize the billing. I'll leave everything as it was and do a new check. I'll highlight everything and come back here.

chpalmer

@dond

Good luck. Be monitoring from the sidelines.