Debian - 启动缓慢等待网络

Question

我有一个 Debian 10 服务器，我认为它可以/应该启动得更快，但我不知道问题是什么。

我A start job is running for Raise network interfaces在启动时看到，看起来systemd-analyze blame花费了很多时间networking.service （我忽略了 50 毫秒以下的服务）。

         50.846s networking.service
          1.872s smb.mount
           717ms nftables.service
           560ms ifupdown-pre.service
           544ms systemd-logind.service
           205ms systemd-journald.service
           194ms dev-nvme0n1p2.device
            88ms systemd-udev-trigger.service
            83ms smbd.service
            66ms libvirtd.service
            61ms lvm2-monitor.service
            60ms chrony.service
            57ms user@0.service
            50ms nmbd.service

不过，执行 asystemctl stop networking.service和 只systemctl start networking.service需要不到 2 秒的时间。

这是我的 /etc/network/interfaces 供参考（br0 用于虚拟机）：

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).

source /etc/network/interfaces.d/*

# The loopback network interface
auto lo
iface lo inet loopback

auto enp5s0
iface enp5s0 inet static
        address 192.168.1.190
        netmask 255.255.255.0
        gateway 192.168.1.1 

auto enp9s0
iface enp9s0 inet manual

auto enp8s0
iface enp8s0 inet static
        address 10.36.14.242
        netmask 255.255.255.0
        post-up ip route add 10.0.0.0/8 via 10.36.14.1 dev enp8s0
        pre-down ip route del 10.0.0.0/8 via 10.36.14.1 dev enp8s0

auto br0
iface br0 inet static
        address 10.36.15.11
        netmask 255.255.255.0
        bridge_ports enp9s0
        bridge_stp off
        bridge_fd 0

auto wg-p2p
iface wg-p2p inet static
        address 10.88.88.1
        netmask 255.255.255.0
        pre-up ip link add $IFACE type wireguard
        pre-up wg setconf $IFACE /etc/wireguard/$IFACE.conf
        post-down ip link del $IFACE

我确实看到了一些关于更改auto为 的帖子allow-hotplug，但这些解释听起来像是它只是启动接口而不阻止启动，即到达网络的时间是相同的。然而，将 enp* 接口更改为至少可以缩短启动路由的时间。启动服务器后从另一台设备 ping 另一个网络大约需要 1 分钟和auto大约 32 秒allow-hotplug（可能是因为接口是并行启动的？），我立即得到一个控制台，但没有消息A start job is running。将 br0 更改为它会使该界面不会自动启动，所以我保留了它。

此外，仅当 auto 在 enp* 接口上处于活动状态时，我才得到A stop job is running for Raise network interfaces关闭，这大约需要 50 秒才能完成。

所以我想知道是否可以保留接口allow-hotplug（也许某些服务可能存在接口绑定问题？），以及是否有任何其他问题我可以修复以缩短启动时间。

编辑：

相关输出为dmesg -T：

[Mo Jun 24 13:16:48 2019] IPv6: ADDRCONF(NETDEV_UP): enp5s0: link is not ready
[Mo Jun 24 13:16:51 2019] igb 0000:05:00.0 enp5s0: igb: enp5s0 NIC Link is Up 1000 Mbps Full Duplex, Flow Control: RX
[Mo Jun 24 13:16:51 2019] IPv6: ADDRCONF(NETDEV_CHANGE): enp5s0: link becomes ready
[Mo Jun 24 13:16:58 2019] r8169 0000:09:00.0: firmware: direct-loading firmware rtl_nic/rtl8168e-3.fw
[Mo Jun 24 13:16:58 2019] RTL8211E Gigabit Ethernet r8169-900:00: attached PHY driver [RTL8211E Gigabit Ethernet] (mii_bus:phy_addr=r8169-900:00, irq=IGNORE)
[Mo Jun 24 13:16:58 2019] r8169 0000:09:00.0 enp9s0: No native access to PCI extended config space, falling back to CSI
[Mo Jun 24 13:16:58 2019] IPv6: ADDRCONF(NETDEV_UP): enp9s0: link is not ready
[Mo Jun 24 13:17:01 2019] r8169 0000:09:00.0 enp9s0: Link is Up - 1Gbps/Full - flow control off
[Mo Jun 24 13:17:01 2019] IPv6: ADDRCONF(NETDEV_CHANGE): enp9s0: link becomes ready
[Mo Jun 24 13:17:08 2019] RTL8211E Gigabit Ethernet r8169-800:00: attached PHY driver [RTL8211E Gigabit Ethernet] (mii_bus:phy_addr=r8169-800:00, irq=IGNORE)
[Mo Jun 24 13:17:08 2019] IPv6: ADDRCONF(NETDEV_UP): enp8s0: link is not ready
[Mo Jun 24 13:17:11 2019] r8169 0000:08:00.0 enp8s0: Link is Up - 1Gbps/Full - flow control off
[Mo Jun 24 13:17:11 2019] IPv6: ADDRCONF(NETDEV_CHANGE): enp8s0: link becomes ready
[Mo Jun 24 13:17:18 2019] bridge: filtering via arp/ip/ip6tables is no longer available by default. Update your scripts to load br_netfilter if you need this.
[Mo Jun 24 13:17:18 2019] br0: port 1(enp9s0) entered blocking state
[Mo Jun 24 13:17:18 2019] br0: port 1(enp9s0) entered disabled state
[Mo Jun 24 13:17:18 2019] device enp9s0 entered promiscuous mode
[Mo Jun 24 13:17:18 2019] br0: port 1(enp9s0) entered blocking state
[Mo Jun 24 13:17:18 2019] br0: port 1(enp9s0) entered forwarding state
[Mo Jun 24 13:17:18 2019] IPv6: ADDRCONF(NETDEV_UP): br0: link is not ready
[Mo Jun 24 13:17:19 2019] IPv6: ADDRCONF(NETDEV_CHANGE): br0: link becomes ready
[Mo Jun 24 13:17:28 2019] wireguard: loading out-of-tree module taints kernel.
[Mo Jun 24 13:17:28 2019] wireguard: module verification failed: signature and/or required key missing - tainting kernel
[Mo Jun 24 13:17:28 2019] wireguard: WireGuard 0.0.20190406 loaded. See www.wireguard.com for information.
[Mo Jun 24 13:17:28 2019] wireguard: Copyright (C) 2015-2019 Jason A. Donenfeld <Jason@zx2c4.com>. All Rights Reserved.

禁用任何接口似乎可以为每个接口节省大约 10 秒的时间

Answer 1

您是否检查了 systemd-networkd-wait-online.service 是否被禁用？

"""systemd-networkd-wait-online 是一个一次性系统服务（请参阅 systemd.service(5)），它等待网络配置。默认情况下，它将等待它知道的所有链接，这些链接是由 systemd-networkd.service(8) 管理以完全配置或失败，并至少有一个链接获得运营商。""" https://manpages.debian.org/testing/systemd/systemd-networkd-wait -online.service.8.en.html

还要首先确保您的网络没有恶意服务器。可能是具有无效租约的广播 DHCP 服务器？