Question(s) about trying out TrueNAS Scale alongside existing OS

[avggeek]

Hello,

I currently have a whitebox server build that's running Ubuntu 20.04 acting as a NAS and Media Server. I've been waiting to switch over to TrueNAS SCALE since the announcement and with the RC release, I'm thinking the time is right.

However, the current Ubuntu install has been running for many years and I don't want to try and wipe it straightaway and move to SCALE. So I'm thinking I'll try to install SCALE on a USB drive for a few days as a dual boot to test out things and then switch over. However, I'm a little unsure about some things and would appreciate any advice people can share:

• I've seen the documentation on importing pools, which states that this can import pools created on another system. My question is whether this is a one-way process? When importing the pool into SCALE, will it change the metadata in some way such that I cannot mount it under the Ubuntu install anymore? I've looked at the ZFS feature flag list and it seems like edonr encryption is the one thing one my pool that CORE cannot import, but I'm assuming that won't be an issue with SCALE.
• Is there some documentation on the Console Setup CLI? Specifically around the parameters for creating LAGG & VLAN interfaces as this seems to be the recommended way to do it per the docs.
  • My current install has a couple of bonded interfaces setup in 802.3ad mode - is this the default used for SCALE as well?
  • How do I specify the route metric for an interface? In Ubuntu using netplan I can specify a "metric" parameter, but I'm not how to configure this via the Console Setup
  • How do I define that these interfaces should get their IP addresses via DHCP?

 

[Arwen]

No, simply importing a ZFS pool is not one way. Do not upgrade any pool features.

No, the default networking is not bonded. You would specify that at install time.

Why don't you create a VM and install TrueNAS SCALE on the VM?

Then you can experiment with various features.

 

[avggeek]

No, simply importing a ZFS pool is not one way. Do not upgrade any pool features.

No, the default networking is not bonded. You would specify that at install time.

Why don't you create a VM and install TrueNAS SCALE on the VM?

Then you can experiment with various features.

Thanks for the confirmation on the ZFS pool import. Standing up SCALE in a VM is a great idea - will give this a shot.

 

[brando56894]

To double confirm:

point 1: everything will be fine as long as you don't upgrade the feature flags on the pool when you have it imported into SCALE. If you do happen to do so, just upgrade ZFS On Linux in Ubuntu so that both modules are at the same version and then you should really have no issues. You can switch back and forth easily, I was doing this for a few months between Arch and the SCALE Nightlies before I switched to the RC.

point 2: do it in the GUI. Everything in TrueNAS is meant to be done in the GUI, changes that are done in the console (without using the TrueNAS console) are lost upon reboot and will potentially break things.

 

[avggeek]

To double confirm:

point 1: everything will be fine as long as you don't upgrade the feature flags on the pool when you have it imported into SCALE. If you do happen to do so, just upgrade ZFS On Linux in Ubuntu so that both modules are at the same version and then you should really have no issues. You can switch back and forth easily, I was doing this for a few months between Arch and the SCALE Nightlies before I switched to the RC.

point 2: do it in the GUI. Everything in TrueNAS is meant to be done in the GUI, changes that are done in the console (without using the TrueNAS console) are lost upon reboot and will potentially break things.

@brando56894 I was referring to the TrueNAS console when I mentioned the Console Setup CLI. That's what it's called in the docs so I was using the same name.

So I installed TrueNAS SCALE in a VM on a virtualization host I have and attached 4 different interfaces to it. Once SCALE was installed, I used the TrueNAS Console to create two bond interfaces. However both in the Console and in the UI, I don't see an option to set the route metric for the interface

Which is reflected in the output of "ip route" as well:

I'm not sure if I'm supposed to just rely on the interface names to ensure correct routing but that strikes me as a very unreliable approach.

 

[sretalla]

I'm not sure if I'm supposed to just rely on the interface names to ensure correct routing but that strikes me as a very unreliable approach.

Just to be clear... LACP is not for routing... shouldn't you rely on the protocol selected to determine the behavior of the bond?

If you want to control routing, do that from the Static Routes section of the network config.

 

[avggeek]

Just to be clear... LACP is not for routing... shouldn't you rely on the protocol selected to determine the behavior of the bond?

If you want to control routing, do that from the Static Routes section of the network config.

Yes I do understand that LACP is not for routing, it's for fault tolerance and (depending on the setup type) load balancing. I also guess that I can control the routes through static routing but it feels like I'd lose the flexibility to change things from my central DHCP server if I'm setting routes in TrueNAS.

Perhaps my understanding of linux networking is wrong (god knows I found out how messed up my understanding of mikrotik architecture was when I posted on the mikrotik forums) but here is my understanding:

• When I connect to a host in the 192.168.20.0/24 subnet, that traffic will default to using the interface in the same subnet, even if it has a lower priority than others.
• When trying to connect to a host in another subnet that the machine is not on (say 192.168.100.0/24) or an internet IP (say 8.8.8.8), this traffic will go over the default route.
• However, when I don't manually specify interface priorities I can't guarantee which interface will be selected as the default route every time.

Why do I want to do this? Well the hosts on the 192.168.20.0/24 subnet will all have 10Gbe connections so I might want to set the MTU on this interface to 9000 as I know all these hosts are connected to the same switch and thus the interface for this subnet traffic can be safely set to use MTU 9000. However hosts on other subnets are on a diff. Switch and that traffic (plus internet traffic) should be limited to MTU 1500.

If I can set an interface priority, I can achieve that Goal and still have most other things handled from my DHCP server. Indeed this is how it's currently setup in my existing Ubuntu install.

 

[jgreco]

Yes I do understand that LACP is not for routing, it's for fault tolerance and (depending on the setup type) load balancing. I also guess that I can control the routes through static routing but it feels like I'd lose the flexibility to change things from my central DHCP server if I'm setting routes in TrueNAS.

Perhaps my understanding of linux networking is wrong (god knows I found out how messed up my understanding of mikrotik architecture was when I posted on the mikrotik forums) but here is my understanding:

• When I connect to a host in the 192.168.20.0/24 subnet, that traffic will default to using the interface in the same subnet, even if it has a lower priority than others.
• When trying to connect to a host in another subnet that the machine is not on (say 192.168.100.0/24) or an internet IP (say 8.8.8.8), this traffic will go over the default route.
• However, when I don't manually specify interface priorities I can't guarantee which interface will be selected as the default route every time.

Why do I want to do this? Well the hosts on the 192.168.20.0/24 subnet will all have 10Gbe connections so I might want to set the MTU on this interface to 9000 as I know all these hosts are connected to the same switch and thus the interface for this subnet traffic can be safely set to use MTU 9000. However hosts on other subnets are on a diff. Switch and that traffic (plus internet traffic) should be limited to MTU 1500.

If I can set an interface priority, I can achieve that Goal and still have most other things handled from my DHCP server. Indeed this is how it's currently setup in my existing Ubuntu install.

This isn't even "Linux" networking. It generally applies to IP stacks with a BSD heritage, which is most modern UNIX systems, OS X, even Windows.

Traffic egress (that is, traffic flowing outward) from a host is normally controlled by the routing table. While there ARE embellishments such as ipfw forward rules or alternate routing tables, let's stick with a typical host design like what you find for TrueNAS.

The routing table on a UNIX system has several elements, including things like the ARP table, which operates at a lower level, and the routing/forwarding engine itself, and then any routing protocols, which operate at a higher level.

The routing engine is responsible for figuring out what to do with a packet. To do this, it looks at the destination IP of the packet, looks it up in the routing table (see "netstat -rn"), and then dispatches the packet appropriately. Modern routing operates primarily on a longest-prefix basis, which means that a route of 10.0.0.0/8 is less specific than 10.123.0.0/16 is less specific than 10.123.45.0/24.

You previously mentioned route metrics. Route metrics are primarily an abstraction from the 1980's that never found wide acceptance at the routing engine level. They can be used as tiebreakers, but for the most part, metrics are handled by upper level routing protocols such as RIP or OSPF, and should not exist at the routing engine level.

The question I usually ask people who are insistent that "metrics are important" is which of these routes should a kernel select:

10.123.0.0/16 metric 10
10.123.45.0/24 metric 20

if handed a packet destined for 10.123.45.67

"well that's confusing!" Metrics may be helpful as a tie-breaker between two identical routes when the kernel is aware of the availability status of the next hop (such as whether or not there is ethernet link or an ARP entry), but in most cases, metrics as part of the basic IP configuration of a system haven't been relevant for years.

So the rest of the time, you should design for longest-prefix, and forget about metrics.

Here's how that works.

When you create an IP interface on your NAS, this implicitly creates a route in your routing table. On FreeBSD, this would look like

Code:

# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default             10.123.40.1        UGS        vmx7
10.123.40.0/24      link#1             U          vmx7
10.123.40.140       link#1             UHS         lo0
10.123.50.0/24      link#2             U          vmx8
10.123.50.140       link#2             UHS         lo0
127.0.0.1           link#3             UH          lo0

Now what this is saying is that the preferred route to hosts on 10.123.40.0 is out via vmx7, and 10.123.50.0 is via vmx8, except that if the host is itself (10.123.40.140 or 10.123.50.140) then use localhost. All other traffic gets punted to 10.123.40.1 via vmx7.

So here's a few points I wanted to make in response to your post:

I can't guarantee which interface will be selected as the default route every time

Of course you can. The thing listed in the "default" line is what's going to be used when there is not a more specific choice for the forwarding engine. I don't know where people get these weird ideas about each interface having its "own" default route.

I'd lose the flexibility to change things from my central DHCP server if I'm setting routes in TrueNAS.

Two points:

1) If you are reliant on this fileserver for any sort of important thing, it should be set to a static IP address. DHCP is unreliable. The DHCP server can be down, its disk can be full, it can run out of leases. I had someone who DESPERATELY wanted to use DHCP in this sort of role, and then one day the hypervisor couldn't renew its lease, and the NAS was offline too, and ... was the DHCP server a VM? I can't remember anymore, but you can get really hosed real quick if you give into the temptation to outclever yourself and make stupid dependencies. Infrastructure should be assigned static IP's. If it's only your Plex library, then, fine, who cares.

2) You can push additional routes via DHCP if you need to ... not that I'm seeing a need here.

will all have 10Gbe connections so I might want to set the MTU on this interface to 9000

May not be a good idea. Jumbo frames are fickle. The theory sounds great, but modern cards and switchgear should be able to do a really good job at 1500, and you avoid a bunch of problems such as outlined in this article.

Perhaps my understanding of linux networking is wrong

Well, it's not bad to be wrong. I hope you can find some new and interesting bits to digest in this thread. Most of the posters here enjoy helping broaden horizons.

 

[avggeek]

"well that's confusing!" Metrics may be helpful as a tie-breaker between two identical routes when the kernel is aware of the availability status of the next hop (such as whether or not there is ethernet link or an ARP entry), but in most cases, metrics as part of the basic IP configuration of a system haven't been relevant for years.

So the rest of the time, you should design for longest-prefix, and forget about metrics.

Thank you for the detailed explanation but the point about metrics being a tie breaker between two identical routes ties back in a way to my original problem:

Of course you can. The thing listed in the "default" line is what's going to be used when there is not a more specific choice for the forwarding engine. I don't know where people get these weird ideas about each interface having its "own" default route.

I have two interfaces - bond0 and bond1. Both of them get a route of 0.0.0.0/0 but with different gateway IP(s) from the router. So how does one interface get selected to be the default? And how do I ensure it's always one interface and not the other?

1) If you are reliant on this fileserver for any sort of important thing, it should be set to a static IP address. DHCP is unreliable. The DHCP server can be down, its disk can be full, it can run out of leases. I had someone who DESPERATELY wanted to use DHCP in this sort of role, and then one day the hypervisor couldn't renew its lease, and the NAS was offline too, and ... was the DHCP server a VM? I can't remember anymore, but you can get really hosed real quick if you give into the temptation to outclever yourself and make stupid dependencies. Infrastructure should be assigned static IP's. If it's only your Plex library, then, fine, who cares.

Fair point. OTOH I have bad memories of clients knocking each other off the network as both were mistakenly assigned the same static IP on the client end and this wasn't immediately obvious. Of course you can avoid that by adding a reservation on the router for the client but at that point, it seems like the DHCP could just hand out the fixed IP? I've tried to overcome the problem of router failures by running two in VRRP mode, but at end of the day this stuff isn't mission critical so that convenience trade off is okay for me.

May not be a good idea. Jumbo frames are fickle. The theory sounds great, but modern cards and switchgear should be able to do a really good job at 1500, and you avoid a bunch of problems such as outlined in this article.

Yeah that's a good point. I see speeds of 9.5 gbps on iperf3 (crystal disk mark test pending ) with regular 1500 MTU so I think it would be silly to be greedy for that last 5%.

 

[jgreco]

I have two interfaces - bond0 and bond1. Both of them get a route of 0.0.0.0/0 but with different gateway IP(s) from the router. So how does one interface get selected to be the default? And how do I ensure it's always one interface and not the other?

That's sorta broken. What's happening is that if one of those routes isn't reachable, then the other will be used, but you're not likely to be getting a deterministic result. The thing that people IMAGINE to be happening, which is that traffic addressed to 192.168.1.11 has return traffic sent to 192.168.1.1, and traffic addressed to 10.123.45.67 gets sent to 10.123.45.1, does not actually happen. The IP stack just picks one.

I can see why you might think adding a metric to the mix might be a fix, but perhaps the better fix is to create a host stanza in the DHCP server that only sets a default for the NAS host interface where you want it.

Alternatively, it may help to realize that there's a point at which IP networks grow, where you simply need to deal with traffic flows that might be counterintuitive, because when you deal with a multiple interface host, it nevertheless really only has a single "default" route, and even if you try to bludgeon compliance with some alternative worldview (which has happened a few times already in the last few months), it may be best if your router is willing to accept NAS egress traffic on the ""wrong"" interface, and design accordingly.

 

[avggeek]

I can see why you might think adding a metric to the mix might be a fix, but perhaps the better fix is to create a host stanza in the DHCP server that only sets a default for the NAS host interface where you want it.

I guess by host stanza you are referring to configuration in dhcpd? With Mikrotik DHCP servers, the only option I have is to specify DHCP options and unfortunately there does not seem to be a pre-defined field to set interface metrics via DHCP options.

What's a bit frustrating to me is that in TrueNAS CORE, the UI does provide an additional "options" field as documented here and that accepts standard ifconfig parameters. I appreciate that freeBSD and Debian are very different but ifconfig is pretty standard so it's odd that this field didn't get migrated to SCALE.

Alternatively, it may help to realize that there's a point at which IP networks grow, where you simply need to deal with traffic flows that might be counterintuitive, because when you deal with a multiple interface host, it nevertheless really only has a single "default" route, and even if you try to bludgeon compliance with some alternative worldview (which has happened a few times already in the last few months), it may be best if your router is willing to accept NAS egress traffic on the ""wrong"" interface, and design accordingly.

The router does accept egress traffic from the NAS on the "'wrong" interface, but there's an odd problem with Mikrotik routers - they do not seem like routing between clients where one client is on 10Gbe and the other client is on 1Gbe. Transfer speeds between the clients tend to be in the 200-400 Mbps range. One way that I can avoid this is to have VLAN interfaces in the subnets on top of a 1Gbe interface on the NAS and I will be configuring this. But ensuring the 10Gbe interface does not get selected except in very limited circumstances seemed like it would be a good idea as well.

 

[avggeek]

So in playing around with TrueNAS Scale in a VM, I came across some "interesting" behavior - with a fresh install of TrueNAS SCALE, one can set multiple interfaces to get an IP address via DHCP. The process is:

• Login to the TrueNAS Console and select the "Configure network" option
• Start creating interfaces using the "network interface create" syntax.
• Do not type "network interface commit" until you have finished creating all the interfaces. While the interfaces are not committed, the flag ipv4_dhcp can be set to true for multiple interfaces.
• This persists across reboots and reflects in the TrueNAS UI as well. However, it does mean that these interfaces can only be modified after the initial creation by disabling the DHCP flag.

 

[jgreco]

You could probably file a Jira ticket on that.