Before I get into this, I want to start with everything works fine. It’s just odd. I’m running my Roon Core on a Synology 1520+ with 20GB of RAM. Never have any issues with functionality. Even with 2 VMs, a few containers, and Roon playing, my memory usage is < 50% and CPU runs 10-30%. No issues with pausing or anything like that. ARC works fine.
The 1520+ has 4 network ports. I have 2 bonded to get the most bandwidth to my disks, and the other two are mapped to the two VMs I have running on the NAS. Here is where the strangeness happens. Since Roon is running as a DSM7 package, it should be on the bonded interface (x.x.1.2 in my case). However, the IP shown in a Roon client varies based on how you look.
Settings → General: Roon server is x.x.1.170
Settings → Roon ARC: Roon server is x.x.1.2
Settings → Displays: urls switches between x.x.30.y, x.x.1.170, and x.x.1.2
x.x.1.170 is the IP of VM1’s network interface and x.x.30.y is the IP of VM2’s network interface.
The really fun part is that at least for Roon Displays, all 3 urls work. Like I said, it is odd. Even more odd is that the x.x.30.y VLAN is isolated and locked down. I can only get to it from one, specific machine on my network. Somehow, the Synology maps all network interface ports to Packages, regardless of firewall rules. Fun! Also, it seems to be random when the Roon Core asks for its IP address. You get one of the 3 network IP addresses available.
This is expected behavior on a multi-NIC Synology and not a Roon bug.
Roon Core (when installed as a DSM package) binds to 0.0.0.0, meaning it listens on all IP addresses the NAS owns, not just the bonded interface. Because the NAS is multi-homed (Bond + VM NICs + VLANs), Roon is reachable via every one of those IPs.
When Roon needs to display its server address (General / ARC / Displays), it simply asks DSM for available interfaces and picks one. DSM does not guarantee ordering, so different Roon subsystems may show different IPs at different times. That’s why it looks random.
The VLAN behavior is also expected: VLAN isolation at the router/switch level does not apply once the NAS itself has an IP in that VLAN. DSM packages run in the host network namespace, so they are exposed on every interface unless restricted by the Synology host firewall.
If you want to control this:
DSM Firewall: Use the Synology firewall to allow Roon ports only on the bonded interface.
Docker: Run Roon in Docker and bind it to a single IP, which avoids this entirely.
Everything “working” is normal here, it’s just how multi-homed hosts behave.
Also, I now see it’s not really odd. It’s just how it works. It was just strange seeing different IPs.
One more thing, I found the reason why I could get to the x.x.30.y (isolated) network. For some reason, that zone did not have a block all firewall rule. It now does, so my DMZ is actually locked down except for my one desktop that can get there.
Thank for the info. I always like learning something. Explains why I tinker with this stuff. I had Roon on a NUC Rock for a long while, but that poor little box was getting tired (10+ years old and on on its 3rd or 4th mission). I figure I try the NAS while I work out a new Rock or Core solution to build.
One thing I find interesting. I had Roon ROCK on an old i3 NUC. It was beginning to act up, but it had a 10+ year run so I wasn’t surprised. The interesting part is that Roon running on my Synology 1520+ (Celeron CPU) is actually zippier with Roon even though my Synology also runs 2 VMs (Home Assistant and a Blog) along with several containers, including Plex.
I knew the newer Celerons were faster than the old i3s, but I didn’t expect it to be that noticeable. I guess that is why the Roon Nucleus can get away with a Celeron.
I take it back. After a week or two of steady listening (40-50hrs per week), Roon on my NAS started to slow down quite a bit. It was taking 5-10 seconds to load the main screen, and adding new albums from Tidal took many seconds. For giggles, I cleaned and resurrected my i3 and moved Roon back there. Now, that ROCK is far faster than it was before.
Software Eng me thinks there must be some degradation over time, and I should look into clearing cache and restarting periodically.
That’s why I started this off “everything works fine.” Engineer me was mostly curious.