Standby WAN interface generates traffic

clementine · October 19, 2020, 5:54am

Hello community,

New to Balance (here a 310X), I see traffic going out from WAN2 interface while it is in standby state.

One oddity: among ICMP probes, the Balance tries to open a SSL session with second DNS server in settings.

While I can understand the ICMP probes, I am puzzled about SYN packets on port 443 sent to, in this case, 8.8.8.8.

A take on this to ask if there is a way to completely disable probes while the WAN interface is in standby. Is that possible ?

Thanks

jmpfas · October 19, 2020, 7:35am

Do you have “health check” enabled (default). If so, the unit is checking to see if the connection is functional.
Alternatively, set wan to cold-standby/disabled.

Remember - cold-standby is “down/off”. Standby is “Up, but not being used”. It is this state that allows the unit to snap traffic over to a different wan quickly.

clementine · October 19, 2020, 8:38am

Thanks for the suggestions.

Within our context, WAN2 is p3 backup link. Unless I am wrong, “pepOS” doesn’t have a mechanism that shuts backup WAN ports not in use. Being a backup WAN, I can’t manually set it off but, fortunately, I can tweak the probes sent and I did.

Health probes put aside, I was expecting no traffic unless the port is active. Not sure about TCP/443 packets directed towards google server, is it DoH traffic ?

The less traffic is generated, the better we get: the WAN link is some satellite path with data allowance, like a SIM but much more expensive

Jonathan_Pitts · October 19, 2020, 4:04pm

I share your concern and have a similar thread here:

I’d recommend you change the standby state to disconnected to limit your usage until a better solution is available.

If applicable you can also do what I am doing which is to turn it off during non-peak time. Keep in mind the current challenge is that it will be completely down regardless of the health of the other wan;s
On BR series it’s called Standby state that you want to change.
On Balance series it’s called “Connection Priority”
Change from Always-on (Priority 1) to Backup
You may also want to consider checking “Independent from Backup WANs”

clementine · October 20, 2020, 12:11am

Unfortunately, we need to keep it in standby because we never know when main antenna will be out of primary satellite beam (maritime). It is actually priority 3 backup.

clementine · October 22, 2020, 7:40am

Little update:

I still don’t know what are these SYN packets sent to first google public DNS server. It happens on all ethernet WAN ports using 3111 as source port.

The good news: TTL is 1 !

Jonathan_Pitts · October 23, 2020, 10:54am

It is probably healthchecks I would bet.

clementine · October 26, 2020, 12:50am

With a TTL set to 1 it is useless. All these packets will end with ttl exceeded icmp reply at 2nd hop.