packet loss with carp on 6.2

Max Laier max at love2party.net
Thu Oct 18 20:09:27 PDT 2007 

On Thursday 18 October 2007, Milan Obuch wrote:
> On Thursday 18 October 2007 14:32:13 Milan Obuch wrote:
> > On Thursday 18 October 2007 12:50:19 Max Laier wrote:
> > > On Thursday 18 October 2007, Klavs Klavsen wrote:
> > > > I tried to just disable carp on the new machine (simply comment
> > > > out carp config from /etc/rc.conf.local) and now the packet loss
> > > > is gone - and hasn't been there for half an hour, so far.
> > >
> > > I supposed you also had to change your firewall rules?  Otherwise
> > > your ruleset might not be ready to deal with carp and that could be
> > > the reason why you get the bad results?  Start debugging by looking
> > > at "netstat -ssp carp" on either machine and take a careful look at
> > > your pf.conf.  I also suggest that you add "log" to all you block
> > > rules and watch tcpdump on pflog0 while pinging.
> > >
> > > > Seems the carp network interfaces has bugs.
> > >
> > > That's a pretty bold assertion given the limited debugging you have
> > > done ;)
> >
> > I am experiencing something similar. I am trying to put together two
> > PC firewall with failover. My rc.conf has following lines
>
> [ snip ]
>
> I did even simpler test: one firewall with one switch.
>
> ifconfig fxp0 10.0.0.1/26
> ifconfig carp0 create
> ifconfig carp0 10.0.0.2/26 vhid ... pass ...
>
> switch has IP 10.0.0.3
>
> ping -S 10.0.0.1 10.0.0.3 works, no loss.
> ping -S 10.0.0.2 10.0.0.3 does not work well, ~ 80 % packet loss.
>
> This seems unusable to me. I see no simpler test right now...

Can you do a tcpdump on fxp0 during this test and analyse if the loss is 
in received or send packets.  It is possible that the switch is the 
culprit here.

Maybe you can provide me with the pcap of this off list.  Make sure to 
start dumpping *before* bringing up carp. i.e.

  tcpdump -s 0 -i fxp0 -w carp_ping.pcap &
  ifconfig carp0 vhid ...

  ping ...

  fg ^C

Thanks.

-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20071019/a794e7ca/attachment.pgp

More information about the freebsd-net mailing list