From owner-freebsd-isp Wed Nov 20 19:30:21 2002 Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CFDD437B401; Wed, 20 Nov 2002 19:30:14 -0800 (PST) Received: from aaz.links.ru (aaz.links.ru [193.125.152.37]) by mx1.FreeBSD.org (Postfix) with ESMTP id CC5C043E42; Wed, 20 Nov 2002 19:30:13 -0800 (PST) (envelope-from babolo@aaz.links.ru) Received: from aaz.links.ru (aaz.links.ru [193.125.152.37]) by aaz.links.ru (8.12.6/8.12.6) with ESMTP id gAL3WODh043684; Thu, 21 Nov 2002 06:32:24 +0300 (MSK) (envelope-from babolo@aaz.links.ru) Received: (from babolo@localhost) by aaz.links.ru (8.12.6/8.12.6/Submit) id gAL3WO9N043683; Thu, 21 Nov 2002 06:32:24 +0300 (MSK) Message-Id: <200211210332.gAL3WO9N043683@aaz.links.ru> Subject: Re: Slow network response with FreeBSD 4.6.2 and ipfilter X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1 In-Reply-To: To: Vincent Goupil Date: Thu, 21 Nov 2002 06:32:24 +0300 (MSK) From: "."@babolo.ru Cc: freebsd-isp@FreeBSD.ORG, freebsd-net@FreeBSD.ORG X-Mailer: ELM [version 2.4ME+ PL99b (25)] MIME-Version: 1.0 Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org other questions was: - what is "Slow network response"? - does ifconfig down/up helps? tcpdump buffers output so usful bits are some time after trouble. In my case slowdown triggered by arp scans > My network is composed with Windows 2000 servers and pro. > 192.168.20.2 <- w2k srv > 192.168.20.3 <- w2k srv > 192.168.20.7 <- w2k srv > 192.168.20.8 <- w2k srv > 192.168.20.9 <- w2k srv > 192.168.20.10 <- another freebsd box > 192.168.20.210 <- the firewall > > 23:58:43.356569 arp who-has 192.168.20.99 tell 192.168.20.8 > 23:58:46.471284 arp who-has 192.168.20.127 tell 192.168.20.3 > 23:58:46.472257 arp who-has 192.168.20.127 tell 192.168.20.8 > 23:59:04.543497 arp who-has 192.168.20.2 tell 192.168.20.3 > 23:59:10.352106 arp who-has 192.168.20.7 tell 192.168.20.200 > 23:59:15.827551 arp who-has 192.168.20.251 tell 192.168.20.7 > 23:59:17.082626 arp who-has 192.168.20.201 tell 192.168.20.8 > 23:59:20.245406 arp who-has 192.168.20.201 tell 192.168.20.112 > 23:59:22.723713 arp who-has 192.168.20.104 tell 192.168.20.3 > 23:59:26.517132 arp who-has 192.168.20.6 tell 192.168.20.8 > 23:59:28.824120 arp who-has 192.168.20.7 tell 192.168.20.99 > 23:59:29.801078 arp who-has 192.168.20.6 tell 192.168.20.7 > 23:59:48.762973 arp who-has 192.168.20.165 tell 192.168.20.8 > 23:59:55.203905 arp who-has 192.168.20.75 tell 192.168.20.3 > 23:59:55.688710 arp who-has 192.168.20.114 tell 192.168.20.8 > 23:59:55.861042 arp who-has 192.168.20.77 tell 192.168.20.8 > 00:00:00.192659 arp who-has 192.168.20.106 tell 192.168.20.201 > 00:00:04.337994 arp who-has 192.168.20.10 tell 192.168.20.8 > 00:00:04.538035 arp who-has 192.168.20.10 tell 192.168.20.2 > 00:00:04.775959 arp who-has 192.168.20.10 tell 192.168.20.3 > 00:00:05.022385 arp who-has 192.168.20.10 tell 192.168.20.9 > 00:00:05.066194 arp who-has 192.168.20.10 tell 192.168.20.7 > 00:00:05.209935 arp who-has 192.168.20.10 tell 192.168.20.6 > 00:00:20.085908 arp who-has 192.168.20.9 tell 192.168.20.3 > 00:00:20.116177 arp who-has 192.168.20.9 tell 192.168.20.8 > 00:00:22.235535 arp who-has 192.168.20.101 tell 192.168.20.8 > 00:00:22.236614 arp who-has 192.168.20.101 tell 192.168.20.3 > 00:00:23.118443 arp who-has 192.168.20.54 tell 192.168.20.3 > 00:00:25.075679 arp who-has 192.168.20.7 tell 192.168.20.201 > 00:00:29.815522 arp who-has 192.168.20.166 tell 192.168.20.7 > 00:00:30.587208 arp who-has 192.168.20.157 (2f:69:70:63:68:65) tell > 192.168.20.201 > 00:00:31.810270 arp who-has 192.168.20.166 tell 192.168.20.7 > 00:00:45.473558 arp who-has 192.168.20.177 tell 192.168.20.201 > > > >From: "."@babolo.ru > >To: Vincent Goupil > >CC: freebsd-isp@FreeBSD.ORG, freebsd-net@FreeBSD.ORG > >Subject: Re: Slow network response with FreeBSD 4.6.2 and ipfilter > >Date: Wed, 20 Nov 2002 06:10:40 +0300 (MSK) > >MIME-Version: 1.0 > >Received: from aaz.links.ru ([193.125.152.37]) by mc6-f36.law1.hotmail.com > >with Microsoft SMTPSVC(5.0.2195.5600); Tue, 19 Nov 2002 19:08:36 -0800 > >Received: from aaz.links.ru (aaz.links.ru [193.125.152.37])by aaz.links.ru > >(8.12.6/8.12.6) with ESMTP id gAK3AfDh006526;Wed, 20 Nov 2002 06:10:41 > >+0300 (MSK)(envelope-from babolo@aaz.links.ru) > >Received: (from babolo@localhost)by aaz.links.ru (8.12.6/8.12.6/Submit) id > >gAK3AeSv006525;Wed, 20 Nov 2002 06:10:40 +0300 (MSK) > >Message-Id: <200211200310.gAK3AeSv006525@aaz.links.ru> > >X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1 > >In-Reply-To: > >X-Mailer: ELM [version 2.4ME+ PL99b (25)] > >Return-Path: babolo@aaz.links.ru > >X-OriginalArrivalTime: 20 Nov 2002 03:08:36.0969 (UTC) > >FILETIME=[1E422D90:01C29042] > > > > > I have a system running FreeBSD 4.6.2-RELEASE-p5 #0 with ipfilter > >v3.4.27. > > > This system act as a firewall for an enterprise. They need high > > > availability. I have 5 network card, all 3C905 (3*3c905B-TX and > >2*905C-TX). > > > I made this setup in july and it run fine until 3 weeks ago. The > >first > > > and second card are for the internet link (primary and backup). The > >third > > > is for DMZ and the fourth is for local network. The fifth is unused > >(marked > > > as down). Each card as is own IRQ (except the fifth that is shared with > >the > > > first). The high availability is provided by the two internet link, if > >one > > > goes down, the second take the load (change default route, ipf rules, > >ipnat > > > rules and DNS records). This is done by a script running by cron. We > >can > > > also do that manually. We have two /29 network for the first link and > >one > > > /28 network for the second (we use alias on internet interfaces). There > >is > > > only 3 services that run on the firewall: SSH (but only accessible from > >3 > > > subnets), ftpproxy (jftpgw 0.13.1) and snmp (only accessible by one > >subnet) > > > > > > We begin to have problem 3 weeks ago. The firewall begin to have a slow > > > response. I begin to have this arp message error (many times): > > > arplookup 255.255.255.0 failed: host is not on local network > > > arpresolve: can't allocate llinfo for 255.255.255.0rt > > > We reboot the server and the network fast as earlier. I finally find > > > something: when we use alias, we need to have at least one regular > >netmask > > > (instead of 255.255.255.255) for each network/subnetwork. My error was > >on > > > the first link, my second sub-network was not configured properly. I > > > changed it and it stop to have these errors about arp but the problem > >wasn't > > > resolved. The network continue to be slow until we reboot the server. > >This > > > happen during the day. Now, it happen everytime. > > > > > > What I've done: > > > - I changed the netmask (as said earlier) > > > - I upgraded from 4.6-RELEASE #0 to 4.6.2-RELEASE-p5 #0. > > > - I look for IRQ conflict > > > - I configure all interface with media and mediaopt. They not using > > > autodetect anymore. > > > - I chkrootkit and nothing found > > > > > > What I suspect: > > > - I read in a forum that the driver (xl) of 3C905 is not the best for > > > FreeBSD. I don't know if this apply to 4.6.2. > > > - Ethernet cables (I need to change it) > > > - We run SSL (with a lot of users) in one of our web servers in the dmz. > >As > > > I know, SSL run on top of TCP, it should not be a problem. > > > - When i run ifpromisc (in chkrootkit), it tell me that "xl0 is not > >promisc" > > > and "xl1 is not promisc". I have 5 interfaces, what about the others ? > > > > > > Can someone have an idea ? > >What you mean when say "Slow network response"? > >If that mean that packets trawel long > >from some host to host under question > >as reported by tcpdump, does ifconfig xlN down > >and then ifconfig xlN up repare situation > >for some time? > >What tcpdump -npi xlN ether broadcast and not ip > >say when slowdown hapens? > > > >-- > >@BABOLO http://links.ru/ > > > _________________________________________________________________ > Protect your PC - get McAfee.com VirusScan Online > http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-net" in the body of the message > -- @BABOLO http://links.ru/ To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message