From owner-freebsd-net Fri Nov 22 7:21:17 2002 Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D83AE37B401 for ; Fri, 22 Nov 2002 07:21:12 -0800 (PST) Received: from hotmail.com (f48.law3.hotmail.com [209.185.241.48]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6D7F443E88 for ; Fri, 22 Nov 2002 07:21:12 -0800 (PST) (envelope-from spoug@hotmail.com) Received: from mail pickup service by hotmail.com with Microsoft SMTPSVC; Fri, 22 Nov 2002 07:21:12 -0800 Received: from 199.84.165.3 by lw3fd.law3.hotmail.msn.com with HTTP; Fri, 22 Nov 2002 15:21:12 GMT X-Originating-IP: [199.84.165.3] From: "Vincent Goupil" To: freebsd-net@FreeBSD.ORG Subject: Re: Slow network response with FreeBSD 4.6.2 and ipfilter Date: Fri, 22 Nov 2002 15:21:12 +0000 Mime-Version: 1.0 Content-Type: text/plain; format=flowed Message-ID: X-OriginalArrivalTime: 22 Nov 2002 15:21:12.0377 (UTC) FILETIME=[CA8CAA90:01C2923A] Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.org I also notice that when I experiencing network slowdown, it also reject some (half) ping icmp. I just need to reboot and all came back to normal. >other questions was: > - what is "Slow network response"? > - does ifconfig down/up helps? >tcpdump buffers output so >usful bits are some time after trouble. >In my case slowdown triggered by >arp scans > > > My network is composed with Windows 2000 servers and pro. > > 192.168.20.2 <- w2k srv > > 192.168.20.3 <- w2k srv > > 192.168.20.7 <- w2k srv > > 192.168.20.8 <- w2k srv > > 192.168.20.9 <- w2k srv > > 192.168.20.10 <- another freebsd box > > 192.168.20.210 <- the firewall > > > > 23:58:43.356569 arp who-has 192.168.20.99 tell 192.168.20.8 > > 23:58:46.471284 arp who-has 192.168.20.127 tell 192.168.20.3 > > 23:58:46.472257 arp who-has 192.168.20.127 tell 192.168.20.8 > > 23:59:04.543497 arp who-has 192.168.20.2 tell 192.168.20.3 > > 23:59:10.352106 arp who-has 192.168.20.7 tell 192.168.20.200 > > 23:59:15.827551 arp who-has 192.168.20.251 tell 192.168.20.7 > > 23:59:17.082626 arp who-has 192.168.20.201 tell 192.168.20.8 > > 23:59:20.245406 arp who-has 192.168.20.201 tell 192.168.20.112 > > 23:59:22.723713 arp who-has 192.168.20.104 tell 192.168.20.3 > > 23:59:26.517132 arp who-has 192.168.20.6 tell 192.168.20.8 > > 23:59:28.824120 arp who-has 192.168.20.7 tell 192.168.20.99 > > 23:59:29.801078 arp who-has 192.168.20.6 tell 192.168.20.7 > > 23:59:48.762973 arp who-has 192.168.20.165 tell 192.168.20.8 > > 23:59:55.203905 arp who-has 192.168.20.75 tell 192.168.20.3 > > 23:59:55.688710 arp who-has 192.168.20.114 tell 192.168.20.8 > > 23:59:55.861042 arp who-has 192.168.20.77 tell 192.168.20.8 > > 00:00:00.192659 arp who-has 192.168.20.106 tell 192.168.20.201 > > 00:00:04.337994 arp who-has 192.168.20.10 tell 192.168.20.8 > > 00:00:04.538035 arp who-has 192.168.20.10 tell 192.168.20.2 > > 00:00:04.775959 arp who-has 192.168.20.10 tell 192.168.20.3 > > 00:00:05.022385 arp who-has 192.168.20.10 tell 192.168.20.9 > > 00:00:05.066194 arp who-has 192.168.20.10 tell 192.168.20.7 > > 00:00:05.209935 arp who-has 192.168.20.10 tell 192.168.20.6 > > 00:00:20.085908 arp who-has 192.168.20.9 tell 192.168.20.3 > > 00:00:20.116177 arp who-has 192.168.20.9 tell 192.168.20.8 > > 00:00:22.235535 arp who-has 192.168.20.101 tell 192.168.20.8 > > 00:00:22.236614 arp who-has 192.168.20.101 tell 192.168.20.3 > > 00:00:23.118443 arp who-has 192.168.20.54 tell 192.168.20.3 > > 00:00:25.075679 arp who-has 192.168.20.7 tell 192.168.20.201 > > 00:00:29.815522 arp who-has 192.168.20.166 tell 192.168.20.7 > > 00:00:30.587208 arp who-has 192.168.20.157 (2f:69:70:63:68:65) tell > > 192.168.20.201 > > 00:00:31.810270 arp who-has 192.168.20.166 tell 192.168.20.7 > > 00:00:45.473558 arp who-has 192.168.20.177 tell 192.168.20.201 > > > > > > >From: "."@babolo.ru > > >To: Vincent Goupil > > >CC: freebsd-isp@FreeBSD.ORG, freebsd-net@FreeBSD.ORG > > >Subject: Re: Slow network response with FreeBSD 4.6.2 and ipfilter > > >Date: Wed, 20 Nov 2002 06:10:40 +0300 (MSK) > > >MIME-Version: 1.0 > > >Received: from aaz.links.ru ([193.125.152.37]) by >mc6-f36.law1.hotmail.com > > >with Microsoft SMTPSVC(5.0.2195.5600); Tue, 19 Nov 2002 19:08:36 -0800 > > >Received: from aaz.links.ru (aaz.links.ru [193.125.152.37])by >aaz.links.ru > > >(8.12.6/8.12.6) with ESMTP id gAK3AfDh006526;Wed, 20 Nov 2002 06:10:41 > > >+0300 (MSK)(envelope-from babolo@aaz.links.ru) > > >Received: (from babolo@localhost)by aaz.links.ru (8.12.6/8.12.6/Submit) >id > > >gAK3AeSv006525;Wed, 20 Nov 2002 06:10:40 +0300 (MSK) > > >Message-Id: <200211200310.gAK3AeSv006525@aaz.links.ru> > > >X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; >no-hdr-encoding=1 > > >In-Reply-To: > > >X-Mailer: ELM [version 2.4ME+ PL99b (25)] > > >Return-Path: babolo@aaz.links.ru > > >X-OriginalArrivalTime: 20 Nov 2002 03:08:36.0969 (UTC) > > >FILETIME=[1E422D90:01C29042] > > > > > > > I have a system running FreeBSD 4.6.2-RELEASE-p5 #0 with ipfilter > > >v3.4.27. > > > > This system act as a firewall for an enterprise. They need high > > > > availability. I have 5 network card, all 3C905 (3*3c905B-TX and > > >2*905C-TX). > > > > I made this setup in july and it run fine until 3 weeks ago. The > > >first > > > > and second card are for the internet link (primary and backup). The > > >third > > > > is for DMZ and the fourth is for local network. The fifth is unused > > >(marked > > > > as down). Each card as is own IRQ (except the fifth that is shared >with > > >the > > > > first). The high availability is provided by the two internet link, >if > > >one > > > > goes down, the second take the load (change default route, ipf >rules, > > >ipnat > > > > rules and DNS records). This is done by a script running by cron. >We > > >can > > > > also do that manually. We have two /29 network for the first link >and > > >one > > > > /28 network for the second (we use alias on internet interfaces). >There > > >is > > > > only 3 services that run on the firewall: SSH (but only accessible >from > > >3 > > > > subnets), ftpproxy (jftpgw 0.13.1) and snmp (only accessible by one > > >subnet) > > > > > > > > We begin to have problem 3 weeks ago. The firewall begin to have a >slow > > > > response. I begin to have this arp message error (many times): > > > > arplookup 255.255.255.0 failed: host is not on local network > > > > arpresolve: can't allocate llinfo for 255.255.255.0rt > > > > We reboot the server and the network fast as earlier. I finally >find > > > > something: when we use alias, we need to have at least one regular > > >netmask > > > > (instead of 255.255.255.255) for each network/subnetwork. My error >was > > >on > > > > the first link, my second sub-network was not configured properly. >I > > > > changed it and it stop to have these errors about arp but the >problem > > >wasn't > > > > resolved. The network continue to be slow until we reboot the >server. > > >This > > > > happen during the day. Now, it happen everytime. > > > > > > > > What I've done: > > > > - I changed the netmask (as said earlier) > > > > - I upgraded from 4.6-RELEASE #0 to 4.6.2-RELEASE-p5 #0. > > > > - I look for IRQ conflict > > > > - I configure all interface with media and mediaopt. They not using > > > > autodetect anymore. > > > > - I chkrootkit and nothing found > > > > > > > > What I suspect: > > > > - I read in a forum that the driver (xl) of 3C905 is not the best >for > > > > FreeBSD. I don't know if this apply to 4.6.2. > > > > - Ethernet cables (I need to change it) > > > > - We run SSL (with a lot of users) in one of our web servers in the >dmz. > > >As > > > > I know, SSL run on top of TCP, it should not be a problem. > > > > - When i run ifpromisc (in chkrootkit), it tell me that "xl0 is not > > >promisc" > > > > and "xl1 is not promisc". I have 5 interfaces, what about the >others ? > > > > > > > > Can someone have an idea ? > > >What you mean when say "Slow network response"? > > >If that mean that packets trawel long > > >from some host to host under question > > >as reported by tcpdump, does ifconfig xlN down > > >and then ifconfig xlN up repare situation > > >for some time? > > >What tcpdump -npi xlN ether broadcast and not ip > > >say when slowdown hapens? > > > > > >-- > > >@BABOLO http://links.ru/ > > > > > > _________________________________________________________________ > > Protect your PC - get McAfee.com VirusScan Online > > http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 > > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > > with "unsubscribe freebsd-net" in the body of the message > > > >-- >@BABOLO http://links.ru/ > >To Unsubscribe: send mail to majordomo@FreeBSD.org >with "unsubscribe freebsd-isp" in the body of the message _________________________________________________________________ The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message