Date: Tue, 19 Mar 2013 09:27:14 -0500 From: Thomas Johnson <tom@claimlynx.com> To: freebsd-net@freebsd.org Cc: root <root@claimlynx.com> Subject: Troubleshooting network issue in 9.1 Message-ID: <CAFevjstac3vUxAiUvqkZXKN1cdF-zno=nCg1JsT4Zdn1hQFL7w@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
I am looking for suggestions on how to troubleshoot a recurring issue we have seen on a pair of firewalls. Twice in the past month, we have rebooted the pair in response to reports of lost connections (an effective, albeit unhelpful solution). In both cases, we have observed that most connections seem to work correctly, but some connections seem to be dropped. Rebooting does resolve the issue. I have attempted to confirm packet loss using tcpdump, but I have not been successful, due to the seemingly inconsistent nature of the drops. The pair of hosts is not under any substantial load. generally (max ~12k states in pf, 1.3k pps on the WAN, over the week). The firewall pair runs FreeBSD i386. They were upgraded from 8.2 to 9.1-RC3 in early December, and the first connection drop event (and resulting reboot) occurred on February 12. In the days preceeding the first event (Feb. 11th), we added a VLAN, CARP interface, and IPv6 configuration to the hosts. We considered that something in this new configuration may have been responsible for the event, though these firewalls already had a number of VLANs and CARP interfaces. On February 14th, both firewalls were upgraded to 9.1-RELEASE. Since then, we have re-added the VLAN and CARP configurations. The firewalls were stable until March 14, when we began receiving reports of the same behavior. After a quick investigation yielded nothing, we rebooted the firewalls again, in the interest of keeping things running normally. Does anyone have any suggestions on what I should look for, when this happens again? Could this be related to reported CARP issues in 9.1, as discussed on this list recently? Thanks! -- Thomas Johnson -- This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient or the individual responsible for delivering the e-mail to the intended recipient, please be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you have received this communication in error, please return it to the sender immediately and delete the original message and any copy of it from your computer system. If you have any questions concerning this message, please contact the sender or call ClaimLynx at (952) 593-5969.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAFevjstac3vUxAiUvqkZXKN1cdF-zno=nCg1JsT4Zdn1hQFL7w>