From owner-freebsd-net@FreeBSD.ORG Tue Mar 19 20:31:07 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id 6A8BB276 for ; Tue, 19 Mar 2013 20:31:07 +0000 (UTC) (envelope-from emz@norma.perm.ru) Received: from elf.hq.norma.perm.ru (unknown [IPv6:2001:470:1f09:14c0::2]) by mx1.freebsd.org (Postfix) with ESMTP id 1A0A937A for ; Tue, 19 Mar 2013 20:31:06 +0000 (UTC) Received: from [192.168.248.32] ([192.168.248.32]) by elf.hq.norma.perm.ru (8.14.5/8.14.5) with ESMTP id r2JKV2nc087450 (version=TLSv1/SSLv3 cipher=DHE-RSA-CAMELLIA256-SHA bits=256 verify=NO) for ; Wed, 20 Mar 2013 02:31:03 +0600 (YEKT) (envelope-from emz@norma.perm.ru) Message-ID: <5148CB00.9060908@norma.perm.ru> Date: Wed, 20 Mar 2013 02:30:56 +0600 From: "Eugene M. Zheganin" User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:17.0) Gecko/20130307 Thunderbird/17.0.4 MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: Re: Troubleshooting network issue in 9.1 References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.2.7 (elf.hq.norma.perm.ru [192.168.3.10]); Wed, 20 Mar 2013 02:31:04 +0600 (YEKT) X-Spam-Status: No hits=-101.0 bayes=0.5 testhits ALL_TRUSTED=-1, USER_IN_WHITELIST=-100 autolearn=unavailable version=3.3.2 X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on elf.hq.norma.perm.ru X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Mar 2013 20:31:07 -0000 Hi. On 19.03.2013 20:27, Thomas Johnson wrote: > Does anyone have any suggestions on what I should look for, when this > happens again? Could this be related to reported CARP issues in 9.1, as > discussed on this list recently? So, in other words, you upgraded from pf 4.4 to pf 4.5 and problems arised immidiately. Looks familiar. I switched to th 10.x in the same case. And I wait for the situation to resolve, and I'm not upgrading my others productions running 8.x and pf. But I didn't see complains about packet losses or connection drops (I saw once, but it was related only to the max states limit). All that I saw were panics (after applying some particular sets of rules), LORs and freezes (still not sure whether the freezes were about zfs or pf). So, in my case, there were some definitely diagnoseable problems with pf. I've also seen a horrible performance degradation when using route-to/reply-to rules, but this was fixed somewhere between 9.0-RELEASE and 9.1-STABLE. Eugene.