Date: Fri, 19 Oct 2007 05:08:43 +0200 From: Max Laier <max@love2party.net> To: freebsd-net@freebsd.org Cc: Milan Obuch <freebsd-net@dino.sk> Subject: Re: packet loss with carp on 6.2 Message-ID: <200710190508.50040.max@love2party.net> In-Reply-To: <200710182255.48379.freebsd-net@dino.sk> References: <2385.62.242.232.132.1192696439.squirrel@www.enableit.dk> <200710181432.14461.freebsd-net@dino.sk> <200710182255.48379.freebsd-net@dino.sk>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart2443098.GNIvYS6fbv Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Thursday 18 October 2007, Milan Obuch wrote: > On Thursday 18 October 2007 14:32:13 Milan Obuch wrote: > > On Thursday 18 October 2007 12:50:19 Max Laier wrote: > > > On Thursday 18 October 2007, Klavs Klavsen wrote: > > > > I tried to just disable carp on the new machine (simply comment > > > > out carp config from /etc/rc.conf.local) and now the packet loss > > > > is gone - and hasn't been there for half an hour, so far. > > > > > > I supposed you also had to change your firewall rules? Otherwise > > > your ruleset might not be ready to deal with carp and that could be > > > the reason why you get the bad results? Start debugging by looking > > > at "netstat -ssp carp" on either machine and take a careful look at > > > your pf.conf. I also suggest that you add "log" to all you block > > > rules and watch tcpdump on pflog0 while pinging. > > > > > > > Seems the carp network interfaces has bugs. > > > > > > That's a pretty bold assertion given the limited debugging you have > > > done ;) > > > > I am experiencing something similar. I am trying to put together two > > PC firewall with failover. My rc.conf has following lines > > [ snip ] > > I did even simpler test: one firewall with one switch. > > ifconfig fxp0 10.0.0.1/26 > ifconfig carp0 create > ifconfig carp0 10.0.0.2/26 vhid ... pass ... > > switch has IP 10.0.0.3 > > ping -S 10.0.0.1 10.0.0.3 works, no loss. > ping -S 10.0.0.2 10.0.0.3 does not work well, ~ 80 % packet loss. > > This seems unusable to me. I see no simpler test right now... Can you do a tcpdump on fxp0 during this test and analyse if the loss is=20 in received or send packets. It is possible that the switch is the=20 culprit here. Maybe you can provide me with the pcap of this off list. Make sure to=20 start dumpping *before* bringing up carp. i.e. tcpdump -s 0 -i fxp0 -w carp_ping.pcap & ifconfig carp0 vhid ... ping ... fg ^C Thanks. =2D-=20 /"\ Best regards, | mlaier@freebsd.org \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | mlaier@EFnet / \ ASCII Ribbon Campaign | Against HTML Mail and News --nextPart2443098.GNIvYS6fbv Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.4 (FreeBSD) iD8DBQBHGB/CXyyEoT62BG0RAnkAAJ98e0GqxfZ3g1c0kP/35drReUSpNQCcDjaB +O0zY9GDq05qA7Cg8ifHHqU= =tKNb -----END PGP SIGNATURE----- --nextPart2443098.GNIvYS6fbv--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200710190508.50040.max>