{"type":"doc","content":[{"type":"extension","attrs":{"layout":"default","extensionType":"com.atlassian.confluence.macro.core","extensionKey":"toc","parameters":{"macroParams":{"minLevel":{"value":"1"},"maxLevel":{"value":"7"}},"macroMetadata":{"macroId":{"value":"89f53cacdc86ead9c5e30381b622a17d"},"schemaVersion":{"value":"1"},"title":"Inhalt"}},"localId":"03706617-993e-4290-953e-f947f1e43893"}},{"type":"heading","attrs":{"level":2},"content":[{"text":"Ziel","type":"text"}]},{"type":"paragraph","content":[{"text":"Beschreibung der ","type":"text"},{"text":"Systemvariable Internetverbindung","type":"text","marks":[{"type":"code"}]},{"text":" aus Netzwerksicht","type":"text","marks":[{"type":"strong"}]},{"text":" über die Loxone-eigene Dokumentation hinaus.","type":"text"}]},{"type":"panel","attrs":{"panelType":"note"},"content":[{"type":"paragraph","content":[{"text":"Internet-Monitoring-Möglichkeiten","type":"text","marks":[{"type":"strong"}]}]},{"type":"paragraph","content":[{"text":"TCP","type":"text","marks":[{"type":"code"}]},{"text":"-Handshake: Miniserver baut eine TCP-Verbindung mit einem Zielport zu einem Server auf. Für das Monitoring gut geeignet, da die Anforderung zum Betrieb der App und weitere Funktionen ebenfalls einen TCP-Handshake voraussetzten.","type":"text"}]},{"type":"paragraph","content":[{"text":"ICMP-Ping","type":"text","marks":[{"type":"code"}]},{"text":": Standard-Monitoring-Funktion, kann jedoch gezielt oder \"beiläufig\" gefiltert oder blockiert werden. Hat im Internet niedrigere Priorität.","type":"text"}]},{"type":"paragraph","content":[{"text":"IP vs DNS: DNS beschreibt eine Möglichkeit, Namen zu verwenden und diese “im Hintergrund” auf IP-Adressen aufzulösen. Aus Nutzersicht ist das heutige Internet überwiegend bereits ","type":"text"},{"text":"nicht mehr funktional","type":"text","marks":[{"type":"strong"}]},{"text":", wenn die DNS-Auflösung nicht funktioniert, auch wenn öffentliche IP-Adressen weiterhin erreichbar sein sollten.","type":"text"}]},{"type":"paragraph","content":[{"text":"Für ein umfassendes Monitoring aus Nutzer-Sicht wäre also ein Monitoring der DNS-Auflösung per ","type":"text","marks":[{"type":"strong"}]},{"text":"TCP","type":"text","marks":[{"type":"code"}]},{"text":"-Handshake eine gute Kontrolle.","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"panel","attrs":{"panelType":"success"},"content":[{"type":"paragraph","content":[{"text":"Die ","type":"text"},{"text":"Systemvariable Internetverbindung","type":"text","marks":[{"type":"code"}]},{"text":" prüft den Zugriff auf das Internet per DNS-aufgelöster IPv4-Adressen aus einem Hetzner-Rechenzentrum über einen ","type":"text"},{"text":"TCP","type":"text","marks":[{"type":"code"}]},{"text":"-Handshake.","type":"text"}]},{"type":"paragraph","content":[{"text":"Dabei muss ","type":"text"},{"text":"Remote Connect","type":"text","marks":[{"type":"code"}]},{"text":" für den zuverlässigen Betrieb ","type":"text"},{"text":"aktiviert","type":"text","marks":[{"type":"strong"}]},{"text":" sein, außerdem wird der Verlust der Internetverbindung erst nach ","type":"text"},{"text":"5 - 8 Minuten","type":"text","marks":[{"type":"strong"}]},{"text":" erkannt.","type":"text"}]}]},{"type":"panel","attrs":{"panelType":"info"},"content":[{"type":"paragraph","content":[{"text":"Die vorliegenden Tests sollen dem persönlichen grundsätzlichen Verständnis dienen. Die Versuche wurden nur kurzzeitig sowie stichprobenartig durchgeführt.","type":"text"}]},{"type":"paragraph","content":[{"text":"Es liegt in der Natur des Loxone-Konzepts, dass der Hersteller mit jeder Firmware-Aktualisierung den Mechanismus oder einzelne IP-Adressen ändern kann.","type":"text"}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Hersteller-Dokumentation","type":"text"}]},{"type":"paragraph","content":[{"text":"Firmware ","type":"text"},{"text":"12.2.11.5","type":"text","marks":[{"type":"code"}]},{"text":", ","type":"text"},{"text":"Loxone Config","type":"text","marks":[{"type":"code"}]},{"text":" > ","type":"text"},{"text":"Systemvariablen","type":"text","marks":[{"type":"code"}]},{"text":" > ","type":"text"},{"text":"Internetverbindung","type":"text","marks":[{"type":"code"}]}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":65.0},"content":[{"type":"media","attrs":{"width":1104,"id":"0cbcac9d-c96c-478d-8b0e-c889123bf374","collection":"contentId-1779171343","type":"file","height":836}}]},{"type":"paragraph","content":[{"text":"Die ","type":"text"},{"text":"Systemvariable Internetverbindung","type":"text","marks":[{"type":"code"}]},{"text":" kann nicht direkt umbenannt werden, ist jedoch eine ","type":"text"},{"text":"Beschreibung","type":"text","marks":[{"type":"em"}]},{"text":" vorhanden, wird diese als Name in der Visualisierung angezeigt.","type":"text"},{"type":"hardBreak"},{"text":"Die ","type":"text"},{"text":"Systemvariable Internetverbindung","type":"text","marks":[{"type":"code"}]},{"text":" kann in der Visualisierung sichtbar gemacht werden und der Statustext verändert.","type":"text"}]},{"type":"paragraph","content":[{"text":"Beispielsweise sehen diese Einstellungen inkl. Beschreibung ","type":"text"},{"text":"Internet Hausanschluss","type":"text","marks":[{"type":"em"}]},{"text":"…","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start"},"content":[{"type":"media","attrs":{"width":346,"id":"85455c42-b01f-454b-812c-878674336de9","collection":"contentId-1779171343","type":"file","height":135}}]},{"type":"paragraph","content":[{"text":" …dann wie folgt aus:","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":50.0},"content":[{"type":"media","attrs":{"width":587,"id":"b2746fbe-3faa-46ec-9512-a28659867d90","collection":"contentId-1779171343","type":"file","height":92}}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":50.0},"content":[{"type":"media","attrs":{"width":593,"id":"6b03015b-9f6f-48b1-9d51-0ab021feb6f9","collection":"contentId-1779171343","type":"file","height":93}}]},{"type":"paragraph","content":[{"text":"Setzt man ","type":"text"},{"text":"nur","type":"text","marks":[{"type":"em"}]},{"text":" die Eigenschaft der ","type":"text"},{"text":"Systemvariable Internetverbindung","type":"text","marks":[{"type":"code"}]},{"text":" auf ","type":"text"},{"text":"Offline","type":"text","marks":[{"type":"code"}]},{"text":", so wird das Icon nicht eingefärbt, und das Ausrufungszeichen rechts fehlt ","type":"text"},{"type":"emoji","attrs":{"id":"1f9d0","text":"🧐","shortName":":face_with_monocle:"}},{"text":" ","type":"text"}]},{"type":"mediaSingle","attrs":{"layout":"align-start","width":50.0},"content":[{"type":"media","attrs":{"width":581,"id":"6cdc31cf-c301-4f85-b42e-fa322259d170","collection":"contentId-1779171343","type":"file","height":91}}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Funktionsweise ","type":"text"},{"text":"Systemvariable Internetverbindung","type":"text","marks":[{"type":"code"}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Übersicht aufgelöste DNS-Namen","type":"text"}]},{"type":"codeBlock","content":[{"text":"nslookup example.org 8.8.8.8","type":"text"}]},{"type":"table","attrs":{"layout":"default","localId":"6f91c2f1-d272-41d4-8a8e-f5af077b3fd3"},"content":[{"type":"tableRow","content":[{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[304.0]},"content":[{"type":"paragraph","content":[{"text":"DNS lt. tcpdump","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[156.0]},"content":[{"type":"paragraph","content":[{"text":"IP","type":"text","marks":[{"type":"strong"}]}]}]},{"type":"tableHeader","attrs":{"colspan":1,"rowspan":1,"colwidth":[299.0]},"content":[{"type":"paragraph","content":[{"text":"AS","type":"text","marks":[{"type":"strong"}]}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[304.0]},"content":[{"type":"paragraph","content":[{"text":"updatefiles.loxone.com","type":"text","marks":[{"type":"code"}]},{"text":" > ","type":"text"},{"text":"d3opwsj31yuxtx.cloudfront.net","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[156.0]},"content":[{"type":"paragraph","content":[{"text":"ping: 108.138.7.10","type":"text","marks":[{"type":"code"}]}]},{"type":"paragraph","content":[{"text":"nslookup: 13.226.153.103","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"13.226.153.67","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"13.226.153.57","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"13.226.153.82","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[299.0]},"content":[{"type":"paragraph","content":[{"text":"Amazon.com","type":"text","marks":[{"type":"link","attrs":{"href":"http://Amazon.com"}}]},{"text":", Inc. (AS16509)","type":"text"},{"type":"hardBreak"}]},{"type":"paragraph","content":[{"text":"Amazon.com","type":"text","marks":[{"type":"link","attrs":{"href":"http://Amazon.com"}}]},{"text":", Inc. (AS16509)","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[304.0]},"content":[{"type":"paragraph","content":[{"text":"update.loxone.com","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[156.0]},"content":[{"type":"paragraph","content":[{"text":"62.138.179.37","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[299.0]},"content":[{"type":"paragraph","content":[{"type":"emoji","attrs":{"id":"atlassian-cross_mark","text":":cross_mark:","shortName":":cross_mark:"}},{"text":" DNS Record Published / Host Europe","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"background":"#e3fcef","rowspan":1,"colwidth":[304.0]},"content":[{"type":"paragraph","content":[{"text":"eu.ccbroker.loxonecloud.com","type":"text","marks":[{"type":"code"}]},{"text":" > ","type":"text"},{"text":"cluster-c.loxonecloud.com","type":"text","marks":[{"type":"code"}]}]},{"type":"paragraph","content":[{"text":"Systemvariable Internetverbindung","type":"text","marks":[{"type":"code"}]},{"text":" / ","type":"text"},{"text":"Remote Connect","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"background":"#e3fcef","rowspan":1,"colwidth":[156.0]},"content":[{"type":"paragraph","content":[{"text":"159.69.44.112","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"162.55.40.117","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"background":"#e3fcef","rowspan":1,"colwidth":[299.0]},"content":[{"type":"paragraph","content":[{"text":"Hetzner Online GmbH (AS24940)","type":"text"},{"type":"hardBreak"},{"text":"Hetzner Online GmbH (AS24940)","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"background":"#e3fcef","rowspan":1,"colwidth":[304.0]},"content":[{"type":"paragraph","content":[{"text":"api.loxonecloud.com","type":"text","marks":[{"type":"code"}]},{"text":" > ","type":"text"},{"text":"cluster-a.loxonecloud.com","type":"text","marks":[{"type":"code"}]}]},{"type":"paragraph","content":[{"text":"dns.loxonecloud.com","type":"text","marks":[{"type":"code"}]},{"text":" > ","type":"text"},{"text":"cluster-a.loxonecloud.com","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"background":"#e3fcef","rowspan":1,"colwidth":[156.0]},"content":[{"type":"paragraph","content":[{"text":"159.69.36.131","type":"text","marks":[{"type":"code"}]},{"type":"hardBreak"},{"text":"188.34.183.236","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"background":"#e3fcef","rowspan":1,"colwidth":[299.0]},"content":[{"type":"paragraph","content":[{"text":"Hetzner Online GmbH (AS24940)","type":"text"},{"type":"hardBreak"},{"text":"Hetzner Online GmbH (AS24940)","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[304.0]},"content":[{"type":"paragraph","content":[{"text":"weather.loxone.com","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[156.0]},"content":[{"type":"paragraph","content":[{"text":"49.12.16.137","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[299.0]},"content":[{"type":"paragraph","content":[{"text":"Hetzner Online GmbH (AS24940)","type":"text"}]}]}]},{"type":"tableRow","content":[{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[304.0]},"content":[{"type":"paragraph","content":[{"text":"eu.ccd2.loxonecloud.com","type":"text","marks":[{"type":"code"}]},{"text":" > ","type":"text"},{"text":"cluster-d2.loxonecloud.com","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[156.0]},"content":[{"type":"paragraph","content":[{"text":"195.201.222.243","type":"text","marks":[{"type":"code"}]}]}]},{"type":"tableCell","attrs":{"colspan":1,"rowspan":1,"colwidth":[299.0]},"content":[{"type":"paragraph","content":[{"text":"Hetzner Online GmbH (AS24940)","type":"text"}]}]}]}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Erreichbar","type":"text"}]},{"type":"paragraph","content":[{"text":"Exakt alle 60 Sekunden erfolgt eine Anfrage per ","type":"text"},{"text":"TCP","type":"text","marks":[{"type":"code"}]},{"text":" Zielport ","type":"text"},{"text":"8443","type":"text","marks":[{"type":"code"}]},{"text":" gegen DNS ","type":"text"},{"text":"eu.ccbroker.loxonecloud.com","type":"text","marks":[{"type":"code"}]},{"text":" (Stand ","type":"text"},{"type":"date","attrs":{"timestamp":"1673136000000"}},{"text":", Firmware ","type":"text"},{"text":"12.2.11.5","type":"text","marks":[{"type":"code"}]},{"text":") und wird von diesem auch beantwortet. In den Logs erfolgen die DNS-Anfragen im Bereich von einigen Minuten (nicht bei jeder Anfrage).","type":"text"}]},{"type":"paragraph","content":[{"text":"Somit wird die Erreichbarkeit eines Zieles im Internet per ","type":"text"},{"text":"TCP","type":"text","marks":[{"type":"code"}]},{"text":"-Handshake geprüft inkl. der Funktion des DNS-Servers aus Sicht des lokalen Netzes.","type":"text"}]},{"type":"panel","attrs":{"panelType":"note"},"content":[{"type":"paragraph","content":[{"text":"Alle im Rahmen des Testaufbaus gefundenen öffentliche IPs, mit denen der Miniserver Kontakt aufnehmen möchte, können der ","type":"text"},{"text":"Hetzner Online GmbH","type":"text","marks":[{"type":"strong"}]},{"text":" (AS24940) ","type":"text"},{"text":"zugeordnet","type":"text","marks":[{"type":"link","attrs":{"href":"https://mxtoolbox.com/SuperTool.aspx?action=ptr%3a117.40.55.162&run=toolpage"}}]},{"text":" werden (siehe vorherige Tabelle, grüne Zeilen).","type":"text"}]},{"type":"paragraph","content":[{"text":"Allgemein scheinen die Loxone-eigenen Überwachungsfunktionen die einwandfreie Funktion eines Hetzner-Rechenzentrums vorauszusetzen. Dies sollte bei der Nutzung dieser Verbindungsüberwachung berücksichtigt werden. ","type":"text"}]}]},{"type":"codeBlock","content":[{"text":"22:11:38.797240 IP .55018 > 162.55.40.117.8443: tcp 31\n22:11:38.828163 IP 162.55.40.117.8443 > .55018: tcp 31\n22:11:38.829029 IP .55018 > 162.55.40.117.8443: tcp 0","type":"text"}]},{"type":"paragraph","content":[{"text":"Der Quellport (in diesem Beispiel ","type":"text"},{"text":"55018","type":"text","marks":[{"type":"code"}]},{"text":") war auch über mehrere Neustarts des Miniservers hinaus identisch.","type":"text"}]},{"type":"codeBlock","content":[{"text":"00:02:23.690866 IP .60588 > 162.55.40.117.8443: tcp 98\n00:02:23.728757 IP 162.55.40.117.8443 > .60588: tcp 33\n00:02:23.729619 IP .60588 > 162.55.40.117.8443: tcp 0","type":"text"}]},{"type":"paragraph","content":[{"text":"Nach dem Deaktivieren und wieder Aktivieren von ","type":"text"},{"text":"Remote Connect","type":"text","marks":[{"type":"code"}]},{"text":" wurde eine neue Quell-Port-Nummer verwendet - in diesem Beispiel ","type":"text"},{"text":"60588","type":"text","marks":[{"type":"code"}]},{"text":". Die Portnummer scheint also entweder pro ","type":"text"},{"text":"Remote Connect","type":"text","marks":[{"type":"code"}]},{"text":"-Aktivierung oder in mehrstündigen Zeiträumen (länger als der Versuch) generiert zu werden.","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Nicht erreichbar","type":"text"}]},{"type":"paragraph","content":[{"text":"Erreicht der Miniserver sein Ziel, so führt er die oben beschriebene Abfrage alle 60s durch. Ist dies nicht der Fall (Internetzugriff über die Firewall vollständig blockiert und bestehende ","type":"text"},{"text":"TCP","type":"text","marks":[{"type":"code"}]},{"text":"-Verbindung gelöscht), so versucht er weiterhin und in erhöhter Frequenz die DNS-Auflösung gegen ","type":"text"},{"text":"eu.ccbroker.loxonecloud.com","type":"text","marks":[{"type":"code"}]},{"text":" durchzuführen und per ","type":"text"},{"text":"TCP","type":"text","marks":[{"type":"code"}]},{"text":" Zielport ","type":"text"},{"text":"8443","type":"text","marks":[{"type":"code"}]},{"text":" zu erreichen.","type":"text"}]},{"type":"paragraph","content":[{"text":"Pausen zwischen den ","type":"text"},{"text":"TCP","type":"text","marks":[{"type":"code"}]},{"text":"-Anfragen in Sekunden: ... 2 ... 4 ... 8 ... 15 ... 30 ... 2 ... 1 ... 2 ... 4 ... 8 ... 90 ... 1 ... 2 ... 4 ... 8 ... 60 ... 1 ... 2 ... 4 ... 8 ... 27 ... 1 ... 2 ... 4 ... 8 ....","type":"text"}]},{"type":"paragraph","content":[{"text":"Außerdem werden nach ca. 4 Minuten 4 ","type":"text"},{"text":"ICMP-Pings","type":"text","marks":[{"type":"code"}]},{"text":" im Abstand von 10s ausgesendet an die DNS-Adresse ","type":"text"},{"text":"dns.loxonecloud.com","type":"text","marks":[{"type":"code"}]},{"text":" (in dem Fall ","type":"text"},{"text":"159.69.36.131","type":"text","marks":[{"type":"code"}]},{"text":", siehe Tabelle oben).","type":"text"}]},{"type":"paragraph","content":[{"text":"Nach erst etwa ","type":"text"},{"text":"5 - 8 Minuten","type":"text","marks":[{"type":"strong"}]},{"text":" geht die ","type":"text"},{"text":"Systemvariable Internetverbindung","type":"text","marks":[{"type":"code"}]},{"text":" auf ","type":"text"},{"text":"0","type":"text","marks":[{"type":"code"}]},{"text":" und kann damit einen Alarm auslösen.","type":"text"}]},{"type":"codeBlock","content":[{"text":"00:34:29.118042 IP .60588 > 162.55.40.117.8443: tcp 31\n00:34:31.101952 IP .60588 > 162.55.40.117.8443: tcp 31\n00:34:35.005804 IP .60588 > 162.55.40.117.8443: tcp 31\n00:34:43.005517 IP .60588 > 162.55.40.117.8443: tcp 31\n00:34:58.876883 IP .60588 > 162.55.40.117.8443: tcp 31\n00:35:27.152922 IP .60588 > 162.55.40.117.8443: tcp 31\n00:35:30.107669 IP .60588 > 162.55.40.117.8443: tcp 62\n00:35:32.220380 IP .60604 > 162.55.40.117.8443: tcp 0\n00:35:33.243555 IP .60604 > 162.55.40.117.8443: tcp 0\n00:35:35.291484 IP .60604 > 162.55.40.117.8443: tcp 0\n00:35:39.323303 IP .60604 > 162.55.40.117.8443: tcp 0\n00:35:47.515044 IP .60604 > 162.55.40.117.8443: tcp 0\n00:37:17.623703 IP .60610 > 162.55.40.117.8443: tcp 0\n00:37:18.647499 IP .60610 > 162.55.40.117.8443: tcp 0\n00:37:20.695396 IP .60610 > 162.55.40.117.8443: tcp 0\n00:37:24.727278 IP .60610 > 162.55.40.117.8443: tcp 0\n00:37:32.982931 IP .60610 > 162.55.40.117.8443: tcp 0\n00:38:31.348869 IP .60614 > 162.55.40.117.8443: tcp 0\n00:38:32.372669 IP .60614 > 162.55.40.117.8443: tcp 0\n00:38:34.420566 IP .60614 > 162.55.40.117.8443: tcp 0\n00:38:38.379054 IP > 159.69.36.131: ICMP echo request, id 19979, seq 0, length 8\n00:38:38.452423 IP .60614 > 162.55.40.117.8443: tcp 0\n00:38:46.708115 IP .60614 > 162.55.40.117.8443: tcp 0\n00:38:48.375767 IP > 159.69.36.131: ICMP echo request, id 21259, seq 0, length 8\n00:38:58.385687 IP > 159.69.36.131: ICMP echo request, id 22539, seq 0, length 8\n00:39:08.387968 IP > 159.69.36.131: ICMP echo request, id 23819, seq 0, length 8\n00:39:13.094442 IP .60616 > 162.55.40.117.8443: tcp 0\n00:39:14.099037 IP .60616 > 162.55.40.117.8443: tcp 0\n00:39:16.146957 IP .60616 > 162.55.40.117.8443: tcp 0\n00:39:20.178815 IP .60616 > 162.55.40.117.8443: tcp 0\n00:39:28.690498 IP .60616 > 162.55.40.117.8443: tcp 0","type":"text"}]},{"type":"paragraph","content":[{"text":"Sofern gewünscht kann diese Alarmierungszeit kann über einen Baustein ","type":"text"},{"text":"Ping","type":"text","marks":[{"type":"code"}]},{"text":" auf wenige Sekunden verkürzt werden, jedoch steht dann nur die Überprüfung per ","type":"text"},{"text":"ICMP-Ping","type":"text","marks":[{"type":"code"}]},{"text":" zur Verfügung, und nicht per ","type":"text"},{"text":"TCP","type":"text","marks":[{"type":"code"}]},{"text":"-Handshake.","type":"text"}]},{"type":"paragraph","content":[{"text":"Wird der Miniserver ","type":"text"},{"text":"ohne Internetverbindung neu gestartet","type":"text","marks":[{"type":"strong"}]},{"text":", so versucht er eine Reihe von weiteres IP-Adressen aus dem Hetzner AS per ","type":"text"},{"text":"TCP","type":"text","marks":[{"type":"code"}]},{"text":" auf verschiedenen Zielports zu erreichen.","type":"text"}]},{"type":"codeBlock","content":[{"text":"23:30:27.014847 IP .56740 > 188.34.183.236.443: tcp 0 (api. / dns.loxonecloud.com)\n23:30:28.050202 IP .56740 > 188.34.183.236.443: tcp 0","type":"text"}]},{"type":"codeBlock","content":[{"text":"23:30:30.361681 IP .38672 > 159.69.36.131.443: tcp 0 (api. / dns.loxonecloud.com)\n23:30:31.378088 IP .38672 > 159.69.36.131.443: tcp 0","type":"text"}]},{"type":"codeBlock","content":[{"text":"23:30:33.707584 IP .56744 > 188.34.183.236.443: tcp 0 (wie 23:30:27)\n23:30:34.769972 IP .56744 > 188.34.183.236.443: tcp 0","type":"text"}]},{"type":"paragraph","content":[{"text":"weather.loxone.com","type":"text","marks":[{"type":"code"}]},{"text":" vermutlich unabhängig:","type":"text"}]},{"type":"codeBlock","content":[{"text":"23:31:09.020935 IP .33806 > 49.12.16.137.6066: tcp 0 (weather.loxone.com)\n23:31:10.032625 IP .33806 > 49.12.16.137.6066: tcp 0\n23:31:13.037975 IP .33808 > 49.12.16.137.6066: tcp 0\n23:31:14.064455 IP .33808 > 49.12.16.137.6066: tcp 0\n23:31:17.052412 IP .33810 > 49.12.16.137.6066: tcp 0\n23:31:18.096300 IP .33810 > 49.12.16.137.6066: tcp 0","type":"text"}]},{"type":"paragraph","content":[{"text":"Nach ca. 5 - 8 Minuten wird die ","type":"text"},{"text":"Systemvariable Internetverbindung","type":"text","marks":[{"type":"code"}]},{"text":" auf ","type":"text"},{"text":"0","type":"text","marks":[{"type":"code"}]},{"text":" gesetzt und eine entsprechende Systemwarnung ausgelöst. ","type":"text"}]},{"type":"heading","attrs":{"level":3},"content":[{"text":"Verknüpfung mit Remote Connect","type":"text"}]},{"type":"paragraph","content":[{"text":"Die Anzeige der ","type":"text"},{"text":"Systemvariable Internetverbindung","type":"text","marks":[{"type":"code"}]},{"text":" ist gekoppelt an die Aktivierung von ","type":"text"},{"text":"Remote Connect","type":"text","marks":[{"type":"code"}]},{"text":" in den Einstellungen des Miniservers. D.h. auch wenn die ","type":"text"},{"text":"Systemvariable Internetverbindung","type":"text","marks":[{"type":"code"}]},{"text":" in ihren Eigenschaften auf ","type":"text"},{"text":"Offline-Betrieb","type":"text","marks":[{"type":"code"}]},{"text":" und damit auf ","type":"text"},{"text":"0","type":"text","marks":[{"type":"code"}]},{"text":" gesetzt wird, so finden die minütlichen Abfragen weiterhin statt, da ","type":"text"},{"text":"Remote Connect","type":"text","marks":[{"type":"code"}]},{"text":" ja weiterhin aktiv ist.","type":"text"}]},{"type":"paragraph","content":[{"text":"Erst nach Deaktivierung von ","type":"text"},{"text":"Remote Connect","type":"text","marks":[{"type":"code"}]},{"text":" werden die minütlichen Abfragen nicht mehr ausgesendet.","type":"text"}]},{"type":"paragraph","content":[{"text":"Im umgekehrten Fall:","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Remote Connect deaktiviert","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Systemvariable Internetverbindung","type":"text","marks":[{"type":"code"}]},{"text":" aktiv (NICHT Offline)","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":"… ist das Verhalten leider uneinheitlich. ","type":"text"},{"text":"Häufig bleibt die ","type":"text","marks":[{"type":"strong"}]},{"text":"Systemvariable Internetverbindung","type":"text","marks":[{"type":"code"}]},{"text":" auch für >15 min auf Wert ","type":"text","marks":[{"type":"strong"}]},{"text":"1","type":"text","marks":[{"type":"code"}]},{"text":" und ist somit falsch / irreführend.","type":"text","marks":[{"type":"strong"}]},{"type":"hardBreak"},{"text":"Ein anderes mal benötigt die Systemvariable Internetverbindung nur etwa 5 Minuten auf den Wert ","type":"text"},{"text":"0","type":"text","marks":[{"type":"code"}]},{"text":".","type":"text"}]},{"type":"panel","attrs":{"panelType":"error"},"content":[{"type":"paragraph","content":[{"text":"Systemvariable Internetverbindung","type":"text","marks":[{"type":"code"}]},{"text":" ","type":"text"},{"text":"ohne","type":"text","marks":[{"type":"strong"}]},{"text":" ","type":"text"},{"text":"Remote Connect","type":"text","marks":[{"type":"code"}]},{"text":" scheint in der Firmware ","type":"text"},{"text":"12.2.11.5","type":"text","marks":[{"type":"code"}]},{"text":" nicht zuverlässig zu funktionieren.","type":"text"}]},{"type":"paragraph","content":[{"text":"Als Alternative bei deaktiviertem ","type":"text"},{"text":"Remote Connect","type":"text","marks":[{"type":"code"}]},{"text":" bietet sich der Baustein ","type":"text"},{"text":"Ping","type":"text","marks":[{"type":"code"}]},{"text":" an; zur Unterscheidung ","type":"text"},{"text":"Ping","type":"text","marks":[{"type":"code"}]},{"text":" vs. ","type":"text"},{"text":"TCP","type":"text","marks":[{"type":"code"}]},{"text":" siehe erster Absatz.","type":"text"}]}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Versuchsaufbau","type":"text"}]},{"type":"paragraph","content":[{"text":"pfSense","type":"text","marks":[{"type":"code"}]},{"text":" als ","type":"text"},{"text":"Router/Gateway","type":"text","marks":[{"type":"strong"}]},{"text":" erzeugt auf dem Interface, auf dem der Loxone Miniserver angeschlossen ist, ein ","type":"text"},{"text":"Paket-Capture","type":"text","marks":[{"type":"strong"}]},{"text":" mit allen Paketen, die als Quelle oder Ziel die IP des Miniservers beinhalten (","type":"text"},{"text":"pfSense","type":"text","marks":[{"type":"code"}]},{"text":" > ","type":"text"},{"text":"Diagnostics","type":"text","marks":[{"type":"code"}]},{"text":" > ","type":"text"},{"text":"Packet Capture","type":"text","marks":[{"type":"code"}]},{"text":"). Die Technik ist identisch mit einem PC mit der Software ","type":"text"},{"text":"Wireshark","type":"text","marks":[{"type":"code"}]},{"text":", der an richtiger Stelle im Netzwerk positioniert ist.","type":"text"}]},{"type":"paragraph","content":[{"text":"Da sämtliche Internet-Prüfungen an eine öffentliche IP gesendet werden und damit per Definition geroutet, werden auch alle Prüfungen des Miniservers über seine Internet-Anbindung hier gecaptured.","type":"text"}]},{"type":"paragraph","content":[{"text":"Über einen Aufzeichnungszeitraum von mehreren Minuten waren die o.g. IP-Adressen die einzigen sog. öffentlichen IPs, d.h. sie waren IPs aus dem Internet. Alle anderen Pakete waren für/von private IPs, was zwingend eine Kommunikation in dem lokalen Netzwerk (beispielsweise zu Modbus-TCP-Geräten) bedeutet, die hier nicht weiter von Bedeutung ist.","type":"text"}]},{"type":"paragraph","content":[{"text":"Der Router ","type":"text"},{"text":"pfSense","type":"text","marks":[{"type":"code"}]},{"text":" ist außerdem als ","type":"text"},{"text":"Namensserver","type":"text","marks":[{"type":"strong"}]},{"text":" in dem Miniserver eingetragen, sodass DNS-Anfragen an den Router hätten gerichtet werden müssen, oder zumindest von ihm weitergeleitet.","type":"text"},{"type":"hardBreak"},{"text":"Die Anfragen können auf der ","type":"text"},{"text":"pfSense","type":"text","marks":[{"type":"code"}]},{"text":" in Echtzeit wie folgt dargestellt werden:","type":"text"}]},{"type":"codeBlock","content":[{"text":"sudo tcpdump -i igb1 -nvv dst port 53","type":"text"}]},{"type":"heading","attrs":{"level":2},"content":[{"text":"Hinweise und Fazit","type":"text"}]},{"type":"bulletList","content":[{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Die ","type":"text"},{"text":"Systemvariable Internetverbindung","type":"text","marks":[{"type":"code"}]},{"text":" ist relativ träge und prüft per ","type":"text"},{"text":"TCP","type":"text","marks":[{"type":"code"}]},{"text":" Zielport ","type":"text"},{"text":"8443","type":"text","marks":[{"type":"code"}]},{"text":" gegen Hetzner-Server (ca. 3-8 Minuten Verzögerung bei Störung, ca. 5 s - 3 Minuten bei der Wiederherstellung). Falls hier eine schnellere Reaktion gewünscht ist, sollte der Baustein ","type":"text"},{"text":"Ping","type":"text","marks":[{"type":"code"}]},{"text":" eingebunden werden (","type":"text"},{"text":"Ping","type":"text","marks":[{"type":"code"}]},{"text":" vs. ","type":"text"},{"text":"TCP","type":"text","marks":[{"type":"code"}]},{"text":" siehe erstes Kapitel).","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Das Monitoring der DNS-Auflösung aus Sicht des Miniservers kann über den Baustein ","type":"text"},{"text":"Ping","type":"text","marks":[{"type":"code"}]},{"text":" ergänzt werden, da der Baustein alle 5 Minuten eine erneute DNS-Auflösung durchführt. Die ","type":"text"},{"text":"Systemvariable Internetverbindung","type":"text","marks":[{"type":"code"}]},{"text":" löst im Betrieb mit erreichbarer IP nur deutlich seltener auf.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Systemvariable Internetverbindung","type":"text","marks":[{"type":"code"}]},{"text":" ohne ","type":"text"},{"text":"Remote Connect","type":"text","marks":[{"type":"code"}]},{"text":" scheint in der Firmware ","type":"text"},{"text":"12.2.11.5","type":"text","marks":[{"type":"code"}]},{"text":" nicht zuverlässig zu funktionieren.","type":"text"}]},{"type":"paragraph","content":[{"text":"Als Alternative bei deaktiviertem ","type":"text"},{"text":"Remote Connect","type":"text","marks":[{"type":"code"}]},{"text":" bietet sich der Baustein ","type":"text"},{"text":"Ping","type":"text","marks":[{"type":"code"}]},{"text":" an; zur Unterscheidung ","type":"text"},{"text":"Ping","type":"text","marks":[{"type":"code"}]},{"text":" vs. ","type":"text"},{"text":"TCP","type":"text","marks":[{"type":"code"}]},{"text":" siehe erster Absatz.","type":"text"}]}]},{"type":"listItem","content":[{"type":"paragraph","content":[{"text":"Nur der Vollständigkeit halber:","type":"text","marks":[{"type":"em"}]},{"text":" Falls Benutzer / Verwalter außerhalb des Miniserver-Netzwerkes von einem Internet-Ausfall informiert werden sollen, so sollten geeignete Alarmierungswege gewählt werden, die ggf. nicht auf der ausgefallenen Internet-Anbindung angewiesen sind (SMS-Gateway mit Digitalem Input etc.).","type":"text"}]}]}]},{"type":"paragraph","content":[{"text":" ","type":"text"}]},{"type":"paragraph"}],"version":1}

Browser nicht unterstützt