Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 21 Dec 2004 11:46:28 -0800
From:      John-Mark Gurney <gurney_j@resnet.uoregon.edu>
To:        Andrew Thomson <andrewjt@applecomm.net>
Cc:        freebsd-sparc64@freebsd.org
Subject:   Re: netra t1 as a firewall
Message-ID:  <20041221194628.GB19624@funkthat.com>
In-Reply-To: <1103610454.38458.13.camel@itouch-1011.prv.au.itouchnet.net>
References:  <1103610454.38458.13.camel@itouch-1011.prv.au.itouchnet.net>

next in thread | previous in thread | raw e-mail | index | archive | help
Andrew Thomson wrote this message on Tue, Dec 21, 2004 at 17:27 +1100:
> All,
> 
> This may be kind of a loose comment but I thought I'd float it as most
> of my experience is with i386 freebsd not sparc.
> 
> Basically at a site I have installed a Netra T1 as a firewall - worked
> out well as it had a lot of nics in it, hme[0-5].
> 
> I originally installed 5.2.1 on it but soon discovered that the hme
> driver in 5.2.1 didn't allocate different mac addresses! Upgraded to 5.3
> and that problem disappeared.
> 
> This firewall runs a simple office network providing internet access and
> has a couple of IPSEC VPNs to other sites.
> 
> After the initial install, the network seemed to be "hanging" when
> running simple commands on remote boxes, top, ls -al etc.. The MTU was
> changed was to 1492 which seemed to resolve the problem.
> 
> However now when we try to transfer files across the VPN, the transfers
> just stall. If the mtu is changed back to 1500, the transfers across the
> VPN work but then the network hang returns until the mtu is dropped to
> 1492 again - it's pretty weird.
> 
> Basically I just thought I'd float the problem here just to make sure
> I'm not running into any known sparc related issues..
> 
> My /var/log/messages is filled with these...
> 
> hme2: discard oversize frame (ether type 800 flags 3 len 1514 > max
> 1506)
> hme2: discard oversize frame (ether type 800 flags 3 len 1514 > max
> 1506)
> hme2: discard oversize frame (ether type 800 flags 3 len 1514 > max
> 1506)
> hme2: discard oversize frame (ether type 800 flags 3 len 1514 > max
> 1506)
> 
> Any thoughts appreciated.

Well, this is obviously from where the mtu is dropped to 1492, there is a
14 byte ethernet header that is in addition to the 1500 byte payload..
so 1492 + 14 == 1506...

Connections hanging are probably due to ICMP packets being dropped that
are preventing path mtu discovery from working...  changing the mtu to
1492 was probably a work around for path mtu discovery working...

try bumping the mtu back to 1500 (so that you don't get the warnings
about oversized frames), and make sure icmp packets are getting through..

The problems you've described are general networking issues, not specific
to sparc...

-- 
  John-Mark Gurney				Voice: +1 415 225 5579

     "All that I will do, has been done, All that I have, has not."



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041221194628.GB19624>