Date: Thu, 30 Nov 2006 20:44:56 -0400 From: "D G Teed" <donald.teed@gmail.com> To: "Ian FREISLICH" <if@hetzner.co.za> Cc: freebsd-ipfw@freebsd.org, AT Matik <asstec@matik.com.br> Subject: RESOLVED: how to go about diagnosing cause of packet loss Message-ID: <dd4da0390611301644s1f8948bo3855a9d3e68afbbe@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
OK, today we resolved the problems with the freebsd firewall. First there was more packet loss than normal. I killed the running ipaudit which usually helped. Packet loss continued. Watching the bandwidth with nload comparing the in of em0 (70 Mbps) with the out of em1 (28Mbps), it was clear there were packets not getting processed. Then I did a 'ipfw disable firewall', and the bandwidth outbound doubled in nload. It exceeded our Internet pipe by 2x. For the first time packet loss was also noticed by the outside of the firewall. Then the network guys put a packet sniffer on our internal traffic and found one notebook which was shooting out the majority of our traffic - mostly mangled packets which did not even register in the bandwidth noted by ipaudit. Only about .5 Gbytes per 30 minutes on udp port 7000 was showing up in ipaudit from this notebook as legit traffic. We blocked that notebook in the router, and ran ipfw and ipaudit as normal. Bandwidth returned to normal levels, input on internal equalled output on external and packet loss went to .5% from 40 to 50%. The fire is out. Thanks for the help here... Regards, --Donald On 11/29/06, D G Teed <donald.teed@gmail.com> wrote: > > Hi, > > With some further experimentation, I've concluded > that the real problem is ipaudit. It cannot keep up > with the bandwidth we have. When it is off, there > is next to no packet loss. Thanks for the reply... > > --Donald > > On 11/29/06, Ian FREISLICH <if@hetzner.co.za> wrote: > > > > "D G Teed" wrote: > > > Hi, > > > > > > OK, I think you've helped us prove that ipfw isn't the issue. > > > The packet loss remained with rule 01 of allow ip from any > > > to any. We'll need to measure our bandwidth > > > processed on the box. Thanks for the help. > > > > What version of FreeBSD are you running. I've been experiencing > > wierd packet loss recently, which I suspect is a result of arp > > wierdness or routing table largness. It's a CURRENT box, ~1000 > > hosts behind it, ~1900 routes - not large by any stretch of the > > imagination. Packet loss doesn't seem related to bandwidth. > > > > Ian > > > > -- > > Ian Freislich > > > >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?dd4da0390611301644s1f8948bo3855a9d3e68afbbe>