unRAID OS version 6.4.0-rc14 available


Recommended Posts

Sorry.  Yes it is on.  I don't know anything about it.  Does it need to be  on?


It prevents loops in the network and is on per default on almost any switch. A network port that becomes active first goes to blocking state and exchanges only probe frames. The switches then calculate a loop free tree. All ports on the tree change to forwarding. All ports that would create a loop remain blocking. This way you can build redundancy at the Ethernet layer without any routers. Years ago this wasn’t a problem. Current hosts however sometimes boot faster than the time spanning tree needs to probe and set the access port on the switch to forwarding. This can lead to DHCP requests getting lost and the host not getting a an IP address. Current manageable switches therefore usually allow a setting called Spanning Tree Fast Start or Edge. A port configured that way works the other way around: It starts in forwarding state and goes to blocking, if necessary.

For a typical unRAID server the initialization of the disk controller will take long enough that it is not necessary to worry about Spanning Tree settings. If you have other devices that sometimes don’t get an address from the DHCP server after boot, it might be worth a look at the switch settings.


unRAID 6.4rc14
Link to comment

Yeah, I was just thinking if his boot time was too quick for the 30second timeout of standard STP, that it would be worth checking if RSTP is available as that’s a “near instant” initialisation of the port and ensures the DHCP packets can actually pass through without issues.

There are still times when you’d want RSTP disables in favor or STP, predominately WAN links and other links where a link flap could be devastating


Sent from my iPhone using Tapatalk

Link to comment
9 hours ago, tstor said:

RSTP = Rapid Spanning Tree Protocol

 

Enabling or disabling of RSTP happens automatically when the bridge function of an interface is activated.

With a single interface as member of the bridge RSTP is disabled, while it becomes enabled when two or more members are present in the bridge and prevents a layer 2 loop can occur.

In general it is recommended to use bonding when two or more interfaces are used.

Link to comment
 
Enabling or disabling of RSTP happens automatically when the bridge function of an interface is activated.
With a single interface as member of the bridge RSTP is disabled, while it becomes enabled when two or more members are present in the bridge and prevents a layer 2 loop can occur.
In general it is recommended to use bonding when two or more interfaces are used.

Yeah, I’m more wondering if it’s his switching that might be only running STP and that’s causing the delay in getting an IP ready


Sent from my iPhone using Tapatalk
Link to comment
6 minutes ago, miniwalks said:


Yeah, I’m more wondering if it’s his switching that might be only running STP and that’s causing the delay in getting an IP ready

 

True, when spanning trree is enabled on a switch it will introduce a (programmable) delay before the link is up/active and may affect services such as DHCP.

 

Link to comment

Timers for a switch port connected to a port that does not use STP (typical host):

Legacy STP: 50s until a switch port starts forwarding

RSTP: 3s until a switch port auto-changes to edge port, then it starts forwarding

Manually configured Edge port (STP and RSTP): switch forwards immediately

 

STP is mainly for creating redundancy in the network (e.g. interconnect three switches in a triangle), bonding increases bandwidth and availability between two devices (switch-switch or switch-host).

 

 

unRAID 6.4rc14

 

Link to comment

Close,
Industry standard for STP is 30 seconds, but yes may be up to 50 on legacy hardware.
RSTP is between 1 and 3.

STP in general is for protecting against loops or “spanning tree storms” where packets continue to forward forever. Common symptoms are all links flooding at 50% of line rate.

Later evolutions of STP includes pvRSTP whereby it can be used to guide packets down certain links on a per vlan basis essentially forming a quality of service scheme. This is especially useful when 802.3ad cannot be employed due to hardware limitations or design limitations.

Bonding otherwise known as PortChanneling or EtherChannel is the combination of up to 8 links in a group to provide higher bandwidth, however a single client-server connection cannot use more than 1 link at a time. Commonly known as the multi-lane freeway. 802.3ad was brought in during the 100mbps days when 1gbps was considered expensive and is still used today until 40 and 100g-base becomes cheap enough for mass adoption.


Sent from my iPhone using Tapatalk

Link to comment
Close,Industry standard for STP is 30 seconds, but yes may be up to 50 on legacy hardware.

RSTP is between 1 and 3.

 

At home most people will probably just use the default values. For legacy STP these are 20s blocking, 15s listening, 15 learning for a total of 50s before forwarding. For RSTP those default timers have not changed (see IEEE802.1D-2004 page 153), however the protocol is much more interactive and rarely needs to wait for the timers to expire. An edge port (unless manually configured as such) will still start in blocking state. If the switch supports auto-edge detection, which is an optional feature of the standard (page 192), it will start forwarding after 3s.

Link to comment
On 11/24/2017 at 8:33 AM, tstor said:

Similarly I always boot into unRAID with stopped array, because often I will want to change something first and otherwise would have to wait for starting to finish and then stopping again.

 

When encryption is used it is recommended to set array auto start to enabled. This allows a missing key detection upon system reboot. In this case the array can only start when the key is entered first.

Link to comment
 
When encryption is used it is recommended to set array auto start to enabled.


I will probably do that, once the final 6.4 is out, because it is the way the devs intend it to be done. I still have a somewhat uneasy feeling to rely on a missing key in order to not start the array instead of the auto-start setting.
Link to comment
2 hours ago, bonienl said:

 

When encryption is used it is recommended to set array auto start to enabled. This allows a missing key detection upon system reboot. In this case the array can only start when the key is entered first.

 

Actually, not strictly true anymore 9_9

Link to comment
On 11/24/2017 at 11:52 AM, dlandon said:

It's a plugin I don't intend to make public.  I just did it to do a little testing.

 

Personally I would never trust a plugin that accesses anything on the 'net upon boot.  Must only be by demand by a user who accepts the risk.  Remember a plugin has root access.

  • Like 1
Link to comment
4 minutes ago, limetech said:

 

Personally I would never trust a plugin that accesses anything on the 'net upon boot.  Must only be by demand by a user who accepts the risk.  Remember a plugin has root access.

@limetech it'd be great though for me if something could be done please to better accommodate pfsense VMs in the boot sequence - there are online checks that take forever to complete before the VM actually boots so they fail and delay by over 10 minutes reboots

 

 

  • Like 1
Link to comment
1 hour ago, limetech said:

 

Personally I would never trust a plugin that accesses anything on the 'net upon boot.  Must only be by demand by a user who accepts the risk.  Remember a plugin has root access.

I'll try and not take that personally. :D  (Although its Dynamix System Temp that's actually downloading code during boot).  FCP accesses upon array start (pings github, and downloads 2 json files to determine if the plugins installed during boot (including itself and any docker containers already installed in the image) are actually safe to run.  That I think is an acceptable risk

Edited by Squid
  • Like 1
Link to comment
12 minutes ago, limetech said:

 

Personally I would never trust a plugin that accesses anything on the 'net upon boot.  Must only be by demand by a user who accepts the risk.  Remember a plugin has root access.

Two examples of "untrusted" plugins:

- Dynamix Temperature.

- Fix Common Problems.

 

I would bet there are more.

 

EDIT: When a plugin is installed, doesn't it need net access to download its files?  This applies when initially installing and not on boot up.

Edited by dlandon
  • Like 1
Link to comment
10 minutes ago, dlandon said:

When a plugin is installed, doesn't it need net access to download its files? 

All depends.  I try and keep a strict no dependencies rule, and when I require one I tend to include it in the main txz.  Of course that won't work for other plugins (NerdPack automatically springs to mind)  But I always thought that any additional txz's referenced in the plg file were supposed to be saved on the flashdrive automatically by pluginMan so that they didn't need to be redownloaded at boot time.

 

All of this discussion actually reminded me of another missing feature from pluginMan - When installing a plugin, any txz's downloaded and if the md5 entry is present then it is checked and an error if applicable will be thrown.  But, if the txz already exists on the flash drive, then pluginMan doesn't bother checking if the md5 is actually correct when it installs.

  • Like 1
Link to comment
4 minutes ago, Squid said:

All depends.  I try and keep a strict no dependencies rule, and when I require one I tend to include it in the main txz.  Of course that won't work for other plugins (NerdPack automatically springs to mind)  But I always thought that any additional txz's referenced in the plg file were supposed to be saved on the flashdrive automatically by pluginMan so that they didn't need to be redownloaded at boot time.

 

All of this discussion actually reminded me of another missing feature from pluginMan - When installing a plugin, any txz's downloaded and if the md5 entry is present then it is checked and an error if applicable will be thrown.  But, if the txz already exists on the flash drive, then pluginMan doesn't bother checking if the md5 is actually correct when it installs.

You missed my point.  When a plugin is installed from CA, it has to have net access to download its files initially - txz, png, etc and store those on the flash.  When there is no net access, the plugin fails in a very ungraceful manner and its difficult to tell if its a failed download or lack of net access.

Link to comment
1 hour ago, Squid said:

I'll try and not take that personally. :D  (Although its Dynamix System Temp that's actually downloading code during boot).  FCP accesses upon array start (pings github, and downloads 2 json files to determine if the plugins installed during boot (including itself and any docker containers already installed in the image) are actually safe to run.  That I think is an acceptable risk

Does it also check for docker container updates?  If so, this is what really slows my boot as I have no connection until my pfsense vm has started.  Any way to disable the docker check as this is the biggie?

Link to comment

Let me summarize the issues discussed here about Internet access when a plugin installs:

- When installed from CA or from the install plugin dialog, the plugin needs net access to download its files and store them on the flash.  Currently a failure of either the net or a download issue is not clear to the user.  A message that there is no Internet access and that's why the plugin failed would be clear to the user and ease support.

- When a plugin is installed on boot up, it needs to access the Internet to potentially re-download any missing files on the flash.  If there is no Internet access, the plugin fails to install creating issues for the user in order to sort out what happened.

- It appears for valid reasons some plugins need Internet access when booting to update information - i.e. Dynamix Temperature and FCP.

- A plugin can access the Internet at any time and wreak havoc.  Boot up is not the only time this is a concern.

Edited by dlandon
  • Like 1
Link to comment
44 minutes ago, DZMM said:

Does it also check for docker container updates?  If so, this is what really slows my boot as I have no connection until my pfsense vm has started.  Any way to disable the docker check as this is the biggie?

Nope.  The checks for docker updates are performed automatically by dockerMan at array start, and since your network isn't running until the VM starts, the cumulative timeouts on the containers add up to quite a bit of time.

 

EDIT: When I was simulating download failures for CA to have it fail gracefully, the start up time for me (without any VMs running and only 5-6 containers) was ~10 minutes with no internet access IIRC.  

Edited by Squid
  • Like 1
Link to comment

I posted this in the rc13, but didn't have diagnostics file.. In this case, after 4 days, this happens:    

Currently on rc14

 

Hello all.

 

Ive been having an issue, that after the server has been running for some time, (more than a week?, undetermined)  That parts of the web UI no longer function.   No issues with non-beta  6.3.5

Examples:

 

Update OS, check for updates, doesnt actually check, and status reports "need check"

Starting and stopping the array is impossible, it prompts for are you sure, but it never stops when you hit OK.

on the Main tab, the stats for the drives no longer update.

Clicking on the check parity button, sends request to server, but browser just sits there "waiting for data"

Probably more.?

 

Tested with windows browser (win10)

OSX safari

OSX firefox

 

Rebooting resolves the issue for a while, that button works, but when server restarts, it reports unclean shutdown detected.

 

attached diagnostics.

tower-diagnostics-20171127-1706.zip

Edited by Inssomniak
Link to comment
  • limetech unpinned and locked this topic
Guest
This topic is now closed to further replies.