I’ve been running a stack of 34 Ikea devices with Home Assistant through the Tradfri hub for several years. Sometimes, devices will blip off the network EXACTLY every 5 minutes to the second for less than one second and then return.
So, this brings up a few questions: Is the blipping and recent outage the fault of the Home Assistant integration, network (all are on wired network), Tradfri hub starting to die, or something else?
The blipping seems incredibly specific and precise, which makes me feel like it’s on the HA side. But, the long outages make me feel like it’s either the network or the Tradfri hub itself.
Another odd thing is the network traffic has suddenly spiked for no apparent reason.
I’m not sure why the hub would be hammering Amazon all of a sudden.
Is this normal? Should I block Amazon from the hub? Is my Tradfri hub about to die? If so, would migrating to my regular Zigbee controller retain the controlled devices’ identities, or would I need to rewrite/recreate my automations?
Amazon might be AWS as well, so it might be the IKEA servers it is trying to reach. Did you patch your Unifi network by any chance, it happens that Unifi changes some settings in new releases.
The Unifi did update recently. I have no idea why IKEA would be hammering AWS all of a sudden (it’s not like it needs to check for updates ALL DAY or anything like that).
I also just noticed that HA started burning up the CPU starting at 1am for no known reason and hasn’t stopped since.
It might be trying to connect to check for updates, the total amount of traffic is 9.5MB, not that much either.
Mdns settings probably, and they have new firewalling options, maybe those?
The CPU ‘only’ jumped 20% but your temperature is way higher…
Did you reboot the HA instance yet by any chance? If not try that as well, can’t hurt.
Yeah, I rebooted HA a few times today hoping it would clear up the IKEA connection issue. Going from from a consistent 3-5% CPU utilization to 25% CPU starting a 1am with no configuration changes is… concerning.
I have been dealing with AI bot web scrapers hitting my internal site and blocking them brute-force with firewall rules. Would the UniFi CyberSecure Enhanced subscription automatically take care of AI bot threat or is CyberSecure more of a “home grade” of security package that doesn’t screen for that kind of traffic? I’d hate to spend $99 on something that won’t fix the problem, but it would be worth the cash if it did work.
No the cyber secure won’t help, that will try to detect patterns of attacks, what you have are ‘dumb’ devices trying to connect and do requests.
What you can try is ensure you start out with turning off all incoming traffic, see if that stabilizes it (probably won’t).
Then turn off all the add-ons you have and see if that makes a difference.
Check out the troubleshooting steps
Somehow, the connectivity has gotten worse this morning from yesterday. Now HA will see the IKEA hub for 5 minutes, disappear for 5 minutes, then reappear for 5 minutes. The strangeness is the EXACTNESS of the blips down to the second, on the second, nearly every time.
I have the same problem. Some time after resetting the hub pingtime got to 1000ms with massive packet drops. Eventually the device stops responding to ping.
Looking in Insights in UniFi Network I noticed the hub was blocked by Ad Blocking
I think updating UniFi OS to 4.4.7 yesterday added webhook.logentries.com to Ad Blocking.
So you’re telling me that Ikea pays to send information of ALL their hubs to rapid7, a SIEM solution and if it isn’t able to do so, the hub is far less usable?
Check if you can disable reporting-like features and the issue persists?
Also try blocking all trafic for the hub to the internet and see what this gives?
I would contact Ikea over this, this would mean you need a 247 internet connection for your stuff to work.
Well, this sucks. The device has no option to disable report-like features.
If I make a rule to block Internet to the device, same thing. High pingtime, packets drop and disconnect.
Ikea has ended support for the device. Most likely it’s a bug in the firmware. I’m guessing some memory leak when webhook.logentries.com can’t be reached. Maybe for updates or reporting stats.
If you have a ZigBee dongle (or chip built in), the ZigBee devices of Ikea will work just as well in ZHA as through the hub.
If the device is EoL according to Ikea, it stands to reasons they will have revoked the key with which it sends information to the SIEM provider. From a business perspective it is I logical to continue paying for devices you no longer support.
If this is the case, it seems there is some kind of loop happening on the hub which insists you need to connect to send the logs.
Are you on the latest firmware of the hub? There is a (very small) chance they disabled it in the last release before the EoL.
I have Ad Block enabled on my UDM and added that domain to the “allow” list, but the funkiness remains. Is there a way to more closely monitor the net traffic to confirm where it is trying to go? (I am a Unifi n00b)
Yup, the hub and connected devices state they are on the latest firmware.
This might be it. The hub is the old original Tradfri hub from when they first started offering smart devices. Now they have a new version (supports Thread, etc) and they no longer sell the old one.
Is there a way to confirm the hub is EOL and no longer hitting a correct endpoint? Would it be safe and solve the problem to just block internet access for the hub and keep it local only? (I just use it locally anyways.)
Yes, I do have a few IKEA devices connected to my regular Zigbee connector. However, with the large number of devices I have, migrating them all and updating every automation would be a hefty task.
Would moving the IKEA devices to my Zigbee hub retain the devices’ identifiers so that I don’t have to recreate/update the automation?
On top of all that, I have a new symptom: log entries are doubling up. The “Was opened” and “Became unavailable” are posting twice on the exact second.
