The pfSense Store

Author Topic: Monitor Gateway  (Read 2711 times)

0 Members and 1 Guest are viewing this topic.

Offline ghkrauss

  • Full Member
  • ***
  • Posts: 137
  • Karma: +3/-1
    • View Profile
Monitor Gateway
« on: May 09, 2016, 08:51:46 am »
I am monitoring non-gateway IP's. It seems that the gateway IP's are not always that reliable. Any input on  this.

Offline Gertjan

  • Hero Member
  • *****
  • Posts: 2147
  • Karma: +165/-9
    • View Profile
Re: Monitor Gateway
« Reply #1 on: May 09, 2016, 10:32:26 am »
Like : they do not always reply on 'ping' .... ?  ;)

Offline ghkrauss

  • Full Member
  • ***
  • Posts: 137
  • Karma: +3/-1
    • View Profile
Re: Monitor Gateway
« Reply #2 on: May 09, 2016, 11:58:30 am »
Yes...your exactly correct.

Offline dennypage

  • Hero Member
  • *****
  • Posts: 697
  • Karma: +133/-0
    • View Profile
Re: Monitor Gateway
« Reply #3 on: May 09, 2016, 03:23:43 pm »
Yes. It's a good idea.

I am monitoring non-gateway IP's. It seems that the gateway IP's are not always that reliable. Any input on  this.

Offline ghkrauss

  • Full Member
  • ***
  • Posts: 137
  • Karma: +3/-1
    • View Profile
Re: Monitor Gateway
« Reply #4 on: May 09, 2016, 07:00:18 pm »
Thanks Denny

Offline phil.davis

  • Hero Member
  • *****
  • Posts: 4612
  • Karma: +550/-3
    • View Profile
    • International Nepal Fellowship
Re: Monitor Gateway
« Reply #5 on: May 09, 2016, 07:31:45 pm »
You want to monitor something that:
a) responds reliably to ping (at the rate you are going to ping - some things will throttle the rate they respond)
b) is far enough out on the real internet to be a fair indication that the general internet is reachable

If you just monitor the direct first-hop gateway, then it can be up but your ISP has other routing/connectivity issues through to the general internet. If you choose some other address further along the network hops, but still in your ISP network, then there is the same problem - it might be reachable but the general internet is not reachable.
As the Greek philosopher Isosceles used to say, "There are 3 sides to every triangle."
If I helped you, then help someone else - buy someone a gift from the INF catalog http://secure.inf.org/gifts/usd/

Offline ghkrauss

  • Full Member
  • ***
  • Posts: 137
  • Karma: +3/-1
    • View Profile
Re: Monitor Gateway
« Reply #6 on: May 11, 2016, 02:36:06 pm »
Phil:

Thanks for the analysis. I will follow your suggestions and choose an alternative IP location in the network.


Howard

Offline sinanc

  • Full Member
  • ***
  • Posts: 105
  • Karma: +0/-0
    • View Profile
Re: Monitor Gateway
« Reply #7 on: May 12, 2016, 09:38:11 am »
Is that solve the problem?

Offline ghkrauss

  • Full Member
  • ***
  • Posts: 137
  • Karma: +3/-1
    • View Profile
Re: Monitor Gateway
« Reply #8 on: May 12, 2016, 02:15:59 pm »
Yes the issue was solved by moving away from the ISP Gasteway.

Offline sinanc

  • Full Member
  • ***
  • Posts: 105
  • Karma: +0/-0
    • View Profile
Re: Monitor Gateway
« Reply #9 on: May 12, 2016, 04:21:07 pm »
Yes the issue was solved by moving away from the ISP Gasteway.


I have moved it too but still phaving the problem.
After restarting pfsense, at first 10 second it shows online but after that stays offlince and sends emails about it is offline all the time.

Offline dennypage

  • Hero Member
  • *****
  • Posts: 697
  • Karma: +133/-0
    • View Profile
Re: Monitor Gateway
« Reply #10 on: May 12, 2016, 04:27:10 pm »
What is shown on the gateway status page? (Status / Gateways)

What is the command line for dpinger? (ps -axuww | grep dpinger)

Offline sinanc

  • Full Member
  • ***
  • Posts: 105
  • Karma: +0/-0
    • View Profile
Re: Monitor Gateway
« Reply #11 on: May 13, 2016, 02:53:29 am »
What is shown on the gateway status page? (Status / Gateways)

What is the command line for dpinger? (ps -axuww | grep dpinger)


Hi,

ps -axuww | grep dpinger  status

Code: [Select]

[2.3-RELEASE][root@pfsense.XXXXXl]/root: ps -axuww | grep dpinger
root   72026   0.0  0.0 14724  1924  -  Ss    5:34PM    0:10.50 /usr/local/bin/dpinger -S -r 0 -i WANGW -B XXX.XXX.XXX.XXX -p /var/run/dpinger_WANGW_XXX.XXX.XXX.XXX_XXX.XXX.XXX.XXX.pid -u /var/run/dpinger_WANGW_XXX.XXX.XXX.XXX_XXX.XXX.XXX.XXX.sock -C /etc/rc.gateway_alarm -d 0 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 XXX.XXX.XXX.XXX
root   72501   0.0  0.0 14724  1920  -  Ss    5:34PM    0:11.47 /usr/local/bin/dpinger -S -r 0 -i KABLONET_DHCP -B XXX.XXX.XXX.XXXX -p /var/run/dpinger_KABLONET_DHCP_XXX.XXX.XXX.XXX_XXX.XXX.XXX.XXX.pid -u /var/run/dpinger_KABLONET_DHCP_XXX.XXX.XXX.XXX_XXX.XXX.XXX.XXX.sock -C /etc/rc.gateway_alarm -d 0 -s 500 -l 2000 -t 60000 -A 1000 -D 500 -L 20 XXX.XXX.XXX.XXX
root   31070   0.0  0.0 10260  1900  0  S+   10:20AM    0:00.00 grep dpinger
 

update and Restart pfsense  after  10 second it shows  gateway status online   screenshot  name gatewaystatus online. After gateway status offline  screenshot  name gatewaystatus offline.


Gateway monitoring ip adress clear last  status   screenshot name gatewaystatus last    and restart pfsense.

Status/Gateways logs
Code: [Select]
May 12 17:34:40 dpinger KABLONET_DHCP XXX.XXX.XXX.XXX: Alarm latency 0us stddev 0us loss 100%
May 12 17:34:39 dpinger WANGW XXX.XXX.XXX.XXX: Alarm latency 0us stddev 0us loss 100%
May 12 17:34:36 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr XXX.XXX.XXX.XXX bind_addr XXX.XXX.XXX.XXX0 identifier "KABLONET_DHCP "
May 12 17:34:36 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr XXX.XXX.XXX.XXX bind_addr XXX.XXX.XXX.XXX identifier "WANGW "
May 12 17:34:09 dpinger WANGW XXX.XXX.XXX.XXX: Alarm latency 0us stddev 0us loss 100%
May 12 17:34:06 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr XXX.XXX.XXX.XXX bind_addr XXX.XXX.XXX.XXX identifier "WANGW "
May 12 17:34:04 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr XXX.XXX.XXX.XXX bind_addr XXX.XXX.XXX.XXX identifier "WANGW "
May 12 17:28:13 dpinger WANGW XXX.XXX.XXX.XXX: Alarm latency 0us stddev 0us loss 100%
May 12 17:28:10 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr XXX.XXX.XXX.XXX bind_addr XXX.XXX.XXX.XXX identifier "WANGW "
May 12 17:23:05 dpinger WANGW XXX.XXX.XXX.XXX: Alarm latency 0us stddev 0us loss 100%
May 12 17:23:05 dpinger KABLONET_DHCP XXX.XXX.XXX.XXX: Alarm latency 0us stddev 0us loss 100%
May 12 17:23:02 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr XXX.XXX.XXX.XXX bind_addr XXX.XXX.XXX.XXX0 identifier "KABLONET_DHCP "
May 12 17:23:02 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr XXX.XXX.XXX.XXX bind_addr XXX.XXX.XXX.XXX identifier "WANGW "
May 12 17:22:25 dpinger KABLONET_DHCP XXX.XXX.XXX.XXX: Alarm latency 0us stddev 0us loss 100%
May 12 17:22:25 dpinger WANGW XXX.XXX.XXX.XXX: Alarm latency 0us stddev 0us loss 100%
May 12 17:22:22 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr XXX.XXX.XXX.XXX bind_addr XXX.XXX.XXX.XXX0 identifier "KABLONET_DHCP "
May 12 17:22:22 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr XXX.XXX.XXX.XXX bind_addr XXX.XXX.XXX.XXX identifier "WANGW "
May 12 12:51:39 dpinger KABLONET_DHCP XXX.XXX.XXX.XXX: Alarm latency 0us stddev 0us loss 100%
May 12 12:51:39 dpinger WANGW 8.8.8.8: Alarm latency 0us stddev 0us loss 100%
May 12 12:51:36 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr XXX.XXX.XXX.XXX bind_addr XXX.XXX.XXX.XXX0 identifier "KABLONET_DHCP "
May 12 12:51:36 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 8.8.8.8 bind_addr XXX.XXX.XXX.XXX identifier "WANGW "
May 12 12:51:35 dpinger KABLONET_DHCP XXX.XXX.XXX.XXX: Alarm latency 0us stddev 0us loss 100%
May 12 12:51:35 dpinger WANGW 8.8.8.8: Alarm latency 0us stddev 0us loss 100%
May 12 12:51:32 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr XXX.XXX.XXX.XXX bind_addr XXX.XXX.XXX.XXX0 identifier "KABLONET_DHCP "
May 12 12:51:32 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 8.8.8.8 bind_addr XXX.XXX.XXX.XXX identifier "WANGW "
May 12 12:46:08 dpinger WANGW 8.8.8.8: Alarm latency 0us stddev 0us loss 100%
May 12 12:46:05 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 8.8.8.8 bind_addr XXX.XXX.XXX.XXX identifier "WANGW "
May 12 11:05:24 dpinger KABLONET_DHCP XXX.XXX.XXX.XXX: Alarm latency 0us stddev 0us loss 100%
May 12 11:05:24 dpinger WANGW 8.8.8.8: Alarm latency 0us stddev 0us loss 100%
May 12 11:05:21 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr XXX.XXX.XXX.XXX bind_addr XXX.XXX.XXX.XXX0 identifier "KABLONET_DHCP "
May 12 11:05:21 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 8.8.8.8 bind_addr XXX.XXX.XXX.XXX identifier "WANGW "
May 12 11:05:19 dpinger WANGW 8.8.8.8: Alarm latency 0us stddev 0us loss 100%
May 12 11:05:19 dpinger KABLONET_DHCP XXX.XXX.XXX.XXX: Alarm latency 0us stddev 0us loss 100%
May 12 11:05:16 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr XXX.XXX.XXX.XXX bind_addr XXX.XXX.XXX.XXX0 identifier "KABLONET_DHCP "
May 12 11:05:16 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 8.8.8.8 bind_addr XXX.XXX.XXX.XXX identifier "WANGW "
May 12 09:01:08 dpinger WANGW 8.8.8.8: Alarm latency 0us stddev 0us loss 100%
May 12 09:01:05 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 8.8.8.8 bind_addr XXX.XXX.XXX.XXX identifier "WANGW "
May 12 01:49:48 dpinger WANGW 8.8.8.8: Alarm latency 0us stddev 0us loss 100%
May 12 01:49:48 dpinger KABLONET_DHCP XXX.XXX.XXX.XXX: Alarm latency 0us stddev 0us loss 100%
May 12 01:49:45 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr XXX.XXX.XXX.XXX bind_addr XXX.XXX.XXX.XXX0 identifier "KABLONET_DHCP "
May 12 01:49:45 dpinger send_interval 500ms loss_interval 2000ms time_period 60000ms report_interval 0ms data_len 0 alert_interval 1000ms latency_alarm 500ms loss_alarm 20% dest_addr 8.8.8.8 bind_addr XXX.XXX.XXX.XXX identifier "WANGW "

What should I do to solve the problem?



Offline dennypage

  • Hero Member
  • *****
  • Posts: 697
  • Karma: +133/-0
    • View Profile
Re: Monitor Gateway
« Reply #12 on: May 13, 2016, 02:55:55 pm »
Looking at the dpinger log, it is clear that there are no probes responses actually being received. The reason that it shows as "up" initially is because dpinger cannot declare any packets lost until the initial expiration of the loss interval (2 seconds). Beyond that, it's just how soon the page is refreshed.

So as to the source of the problem, something is dropping either the ICMP echo request or the ICMP echo reply. The first thing I would recommend is to try setting the dpinger Data Payload to 1 in the Advanced section of the Edit Gateway page (System / Routing / Gateways / Edit). If this fixes it, it means that some network element in the path simply has a defect in the handling of ICMP packets. It's not a problem to continue running with a small data payload.

If setting a Data Payload doesn't fix it, it likely means that some element along the path is actively suppressing ICMP echo packets. To determine where, you would need to start exploring with ping and traceroute. An example for ping would be:

  ping -S src_addr 8.8.8.8

For src_addr use the IP address of your firewall (same as the -B parameter to dpinger). If you want to mimic the behavior of dpinger, you can add a size parameter:

  ping -S src_addr -s 0 8.8.8.8

An example for traceroute would be:

  traceroute -s src_addr 8.8.8.8

By default traceroute uses UDP packets. To use ICMP packets instead, you would use:

  traceroute -s src_addr -I 8.8.8.8

Traceroute allows you to specify a packet size, but does not allow a zero size payload.

Additional options for ping and traceroute can be found in the FreeBSD man pages:

  https://www.freebsd.org/cgi/man.cgi