Enabling IPv6 on OPT1 causes high CPU load
-
Good day everyone,
I'm trying to add IPv6 to my 7100, but when I enable IPv6 on one of my sub networks, connected to OPT1 I get extreme CPU usage, from egrep and ubound.
Trying to figure out why I found this in the system log:
Nov 6 12:16:52 xinetd 87516 readjusting service 19366-tcp Nov 6 12:16:52 xinetd 87516 readjusting service 19368-tcp Nov 6 12:16:52 xinetd 87516 readjusting service 19371-tcp Nov 6 12:16:52 xinetd 87516 readjusting service 19373-tcp Nov 6 12:16:52 xinetd 87516 Reconfigured: new=0 old=374 dropped=0 (services) Nov 6 12:16:53 php-fpm 98075 /rc.newwanip: Netgate pfSense Plus package system has detected an IP change or dynamic WAN reconnection - 192.168.220.1 -> 192.168.220.1 - Restarting packages. Nov 6 12:16:53 check_reload_status 646 Starting packages Nov 6 12:16:54 check_reload_status 646 Reloading filter Nov 6 12:16:54 check_reload_status 646 Reloading filter Nov 6 12:16:55 php-fpm 18222 /rc.start_packages: Restarting/Starting all packages. Nov 6 12:16:55 xinetd 87516 Starting reconfiguration Nov 6 12:16:55 xinetd 87516 Swapping defaults Nov 6 12:16:55 xinetd 87516 readjusting service 19000-tcp Nov 6 12:16:55 xinetd 87516 readjusting service 19001-tcp Nov 6 12:16:55 xinetd 87516 readjusting service 19002-tcp Nov 6 12:16:55 xinetd 87516 readjusting service 19003-tcp Nov 6 12:16:55 xinetd 87516 readjusting service 19004-tcp Nov 6 12:16:55 xinetd 87516 readjusting service 19005-tcpI have set OPT1(renamed to NTP) to track the WAN interface's IPv6, using prefix 1(prefix 0 is used by LAN network).
That "WAN" ip that "changed" in the log is not the WAN ip, it is the static IP assigned to OPT1. There is also 6 virtual IPv4 IPs assigned to OPT1.
I have to disable IPv6 on OPT1 to get functionality back as DNS on the local network anymore.
Even with IPv6 disabled on OPT1, I see this in the system log:
Nov 6 12:17:16 php-fpm 43671 /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0. Nov 6 12:17:46 php-fpm 98075 /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0. Nov 6 12:18:16 php-fpm 98075 /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0. Nov 6 12:18:46 php-fpm 98075 /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0. Nov 6 12:19:16 php-fpm 18222 /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0. Nov 6 12:19:46 php-fpm 18222 /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0. Nov 6 12:20:16 php-fpm 18222 /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0. Nov 6 12:20:46 php-fpm 18222 /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0. Nov 6 12:21:16 php-fpm 44877 /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0. Nov 6 12:21:46 php-fpm 44877 /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0. Nov 6 12:22:16 php-fpm 44877 /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0. Nov 6 12:22:46 php-fpm 44877 /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0. Nov 6 12:23:16 php-fpm 44877 /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0.My IPv6 address is NOT changing every 30 seconds...
Did I configure something incorrectly?
Thank you,
Errol -
Hi all,
I also found this in the DHCP log:
Nov 6 14:33:50 dhcp6c 12930 Sending Renew Nov 6 14:33:50 dhcp6c 12930 dhcp6c Received INFO Nov 6 14:34:20 dhcp6c 12930 Sending Renew Nov 6 14:34:20 dhcp6c 12930 dhcp6c Received INFO Nov 6 14:34:50 dhcp6c 12930 Sending Renew Nov 6 14:34:50 dhcp6c 12930 dhcp6c Received INFO Nov 6 14:35:20 dhcp6c 12930 Sending Renew Nov 6 14:35:20 dhcp6c 12930 dhcp6c Received INFOWhy is my post being flagged as spam?
-
@errolt said in Enabling IPv6 on OPT1 causes high CPU load:
Nov 6 14:33:50 dhcp6c 12930 Sending Renew
Nov 6 14:33:50 dhcp6c 12930 dhcp6c Received INFONov 6 12:23:16 php-fpm 44877 /rc.newwanipv6: rc.newwanipv6: Info: starting on pppoe0.
You're using both dhcp6 and pppoe as a WAN access method ?
Or do you have two WAN interfaces, each with it's own "IPv6 Configuration Type" ? -
My WAN interface is PPPoE for IPv4 and DHCPv6 for IPv6
And, if it matters, I had to set "Use IPv4 connectivity as parent interface" on the IPv6 settings for the WAN interface to actually get an IPv6 IP.
-
Ok, then the logs seems to make sense (for me) :
As pppoe restarts every 'less then 60 seconds', the IPV6 connection method, dhcp6c, has to follow.You've activated a third interface, by default called OPT.
I presume you gave it an IPv4 "RFC1918 IPv4" - and used :
What happens when you remove all "6 virtual IPv4 IPs assigned to OPT1" ?
Imho, stopping pppoe to chain-gun your uplink WAN IPV4 connection is the priority.
-
@Gertjan said in Enabling IPv6 on OPT1 causes high CPU load:
As pppoe restarts every 'less then 60 seconds', the IPV6 connection method, dhcp6c, has to follow.
Why does pppoe restart so often? Is is always doing that and I never knew?
You've activated a third interface, by default called OPT.
I presume you gave it an IPv4 "RFC1918 IPv4" - and used :
Yes, that is the IP that shows up in the log for WAN, 192.168.220.1.
What happens when you remove all "6 virtual IPv4 IPs assigned to OPT1" ?
I'll have to remove myself from the NTP pool before I can do that. I don't know if this is related. I'm running an NTP appliance in the ntp.org pool. The NTP(OPT1) interface connects the firewall to the ntp appliance(each ethernet interface on the appliance can handle x amount of packets per second, and each ethernet interface has to be on it's own network. Hence 6 virtual IPs, each on it's own IP range), so there are around 200000 states on the firewall, possibly linked to the OTP1 port.
I'm trying to get IPv6 set up on my firewall so I can join my ntp server to the ntp.org pool on IPv6 in addition to IPv4.
Imho, stopping pppoe to chain-gun your uplink WAN IPV4 connection is the priority.
Sorry, I don't know what this means.
I have requested removal from the pool, but that will take a few hours...
-
I moved all NTP traffic to the non-virtual IP, 192.168.220.1/28, and deleted all the virtual interfaces.
When I enabled IPv6 on OPT1 the same happened. Log attached. It keeps "readjusting service xxxxx-tcp"
-
I removed the NAT rules that forward NTP traffic to my ntp appliance and I cleared the firewall states to remove all lingering connections.
Same still happens. Enabling IPv6 on OPT1 caused pfsense to go nuts in the same way as previous log.
-
I reassigned IX0 interface from OPT1 to OPT2 and moved all my configs over to OPT2.
Now enabling IPv6 does not cause the firewall to go nuts. Something is confused with OPT1, as if something thinks the IP on OPT1 should match the WAN IP. And when it doesn't it reloads everything every 30 seconds.
-
@errolt said in Enabling IPv6 on OPT1 causes high CPU load:
don't know what this means.
pppoe is WAN connection method, very popular in the past, and now, afaik, fading out.
Ok if an ISP wants the ISP box, or your own router, to re login every 24 hours (?), but surely not every 45 seconds. This will totally break your connection.
-
@Gertjan said in Enabling IPv6 on OPT1 causes high CPU load:
pppoe is WAN connection method, very popular in the past, and now, afaik, fading out.
I know what pppoe is, just not sure what "chain-gun your uplink" means...
I did a packet capture. This has nothing to do with my pppoe connection.
My 7100 firewall is, every 30 seconds, sending an IPv6 DHCP renew request, and getting a reply from my ISP.
The Valid Lifetime is "60". I really hope that isn't 60 seconds?
Also, although I enabled IPv6 interface tracking, the OTP2 interface didn't get an IPv6 address from my ISP pool, and is handing out addresses from it's "local" pool. Unlike the LAN interface which got an IPv6 address.
-
Ok, I don't know if it is the action of turning off "Use if_pppoe kernel module for PPPoE client", or the subsequent required reboot, but afterwards IPv6 is working as expected.
All my interface with enabled IPv6 are getting assigned IPv6 addresses and the "readjusting of services" only happens when I change a rule on the firewall or pfBlockerNG reloads on it's schedule.
