Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 9 Jul 2015 16:48:50 +0200
From:      Milan Obuch <freebsd-pf@dino.sk>
To:        Ian FREISLICH <ian.freislich@capeaugusta.com>
Cc:        Daniel Hartmeier <daniel@benzedrine.ch>, freebsd-pf@freebsd.org
Subject:   Re: Large scale NAT with PF - some weird problem
Message-ID:  <20150709164850.334058c6@zeta.dino.sk>
In-Reply-To: <20150706163358.11a67ecf@zeta.dino.sk>
References:  <20150629114506.1cfd6f1b@zeta.dino.sk> <14e119e8fa8.2755.abfb21602af57f30a7457738c46ad3ae@capeaugusta.com> <E1Z6dHz-0000uu-D8@clue.co.za> <E1Z6eVg-0000yz-Ar@clue.co.za> <20150621195753.7b162633@zeta.dino.sk> <E1Z7Ixx-0006K1-5p@clue.co.za> <E1Z7K1Y-0006Ph-ON@clue.co.za> <20150623112331.668395d1@zeta.dino.sk> <20150628100609.635544e0@zeta.dino.sk> <20150629082654.GA22693@insomnia.benzedrine.ch> <20150629105201.7ee24e38@zeta.dino.sk> <20150629092932.GC22693@insomnia.benzedrine.ch> <E1Z9WW6-000PzF-PO@clue.co.za> <20150629125432.7aff9e66@zeta.dino.sk> <20150706163358.11a67ecf@zeta.dino.sk>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Mon, 6 Jul 2015 16:33:58 +0200
Milan Obuch <freebsd-pf@dino.sk> wrote:

> On Mon, 29 Jun 2015 12:54:32 +0200
> Milan Obuch <freebsd-pf@dino.sk> wrote:
> 
> > On Mon, 29 Jun 2015 12:42:22 +0200
> > Ian FREISLICH <ian.freislich@capeaugusta.com> wrote:

[ snip ]

> > > If the round-robin works with a smaller pool, then I suspect
> > > Glebius will be interested.
> > > 
> > 
> > Well, if he chimes in, I would only welcome that. Currently I am
> > waiting for any signs of troubles with shrinked pool, if there will
> > be any.
> > 
> 
> For about a week, I did not receive any complaints, so I think it
> works for now.
>

I did a small experiment, after working some time with no troubles with
pool x.y.26.0/24, I tried with x.y.27.0/24, and it troubled again. IP
in question is x.y.27.152, as soon as it gets used, affected
customer/device has no access to internet. Really weird.

So it is not sheer pool size leading to troubles, it is the inclusion
of this one IP (maybe some more, but not frequently) in pool which does
result in trouble. I am baffled.

Regards,
Milan

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20150709164850.334058c6>