Date: Thu, 18 Oct 2007 12:50:19 +0200 From: Max Laier <max@love2party.net> To: freebsd-net@freebsd.org Cc: Klavs Klavsen <kl@vsen.dk> Subject: Re: packet loss with carp on 6.2 Message-ID: <200710181250.26291.max@love2party.net> In-Reply-To: <3981.62.242.232.132.1192703560.squirrel@www.enableit.dk> References: <2385.62.242.232.132.1192696439.squirrel@www.enableit.dk> <3981.62.242.232.132.1192703560.squirrel@www.enableit.dk>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart1688753.eWIBPyFThY Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 18 October 2007, Klavs Klavsen wrote: > I tried to just disable carp on the new machine (simply comment out > carp config from /etc/rc.conf.local) and now the packet loss is gone - > and hasn't been there for half an hour, so far. I supposed you also had to change your firewall rules? Otherwise your=20 ruleset might not be ready to deal with carp and that could be the reason=20 why you get the bad results? Start debugging by looking at "netstat -ssp=20 carp" on either machine and take a careful look at your pf.conf. I also=20 suggest that you add "log" to all you block rules and watch tcpdump on=20 pflog0 while pinging. > Seems the carp network interfaces has bugs. That's a pretty bold assertion given the limited debugging you have=20 done ;) > On Thu, October 18, 2007 10:33, Klavs Klavsen said: > > Hi guys, > > > > I have had a FreeBSD 6.2 (-p1 - yes I know :) firewall running for a > > while, with pf fw rules. It has worked fine, and was a replacement > > for a fbsd 4.x ipfw firewall. > > > > Now I just replaced the 6.2 pf firewall, with a 6.2 (-p7) and carp > > interfaces enabled. It's using the same cables and the same type of > > network cards (bge and em). The new one, is a HP dl385 (amd) where > > the old one, was a HP dl380 (Intel). > > > > On the new one, fping (and ping -f) pinging through the firewall, > > gives me a packet loss. fping in nagios, reports up to 55% packet > > loss :( - a ping -f gives me 1-3%, but bad enough :( > > > > pinging from the firewall itself, to one of the hosts, that packets > > are lost to (when pinging from other networks) does not give any > > packet loss. > > > > The old 6.2, had polling enabled - and I've tried to disable polling > > on the new, but to no effect. > > > > Any ideas what else to try? > > > > -- > > Regards, > > Klavs Klavsen, GSEC - kl@vsen.dk - http://www.vsen.dk > > PGP: 7E063C62/2873 188C 968E 600D D8F8 B8DA 3D3A 0B79 7E06 3C62 > > > > "Those who do not understand Unix are condemned to reinvent it, > > poorly." --Henry Spencer > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to > > "freebsd-net-unsubscribe@freebsd.org" =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart1688753.eWIBPyFThY Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBHFzpyXyyEoT62BG0RAnynAJ9AJU2IfjatloBSRfG+XUO3HtOTMgCePXaE FMY5cI2/cbOu0rPt7/aWLMo= =hkZc -----END PGP SIGNATURE----- --nextPart1688753.eWIBPyFThY--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200710181250.26291.max>