VLAN problems

Tom Judge tom at tomjudge.com
Tue Jan 29 09:06:08 PST 2008 

Alexandre Biancalana wrote:
> Hi Tom ! Thanks for your help!
> 
> I had to step back the chance an put the "old" gateway back, the
> performance was unacceptable  :-(

Where these 2 systems connected to the same switch port and cabling? 
Could you post the interface error counters from the switch port?


> 
> Looking closer I see that still have the problem using the old gateway
> too, in a small scale because I only use vlan to external links.
> 
> This old gateway is running 6.2-STABLE and have 4 network interfaces:
> fxp0, fxp1, sk0 and sk1.
> 
> fxp0, sk0 and sk1 are no parent of any vlans, are connected to
> internal networks and work without problems, follow the ifconfig
> ouput:
> 
> fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         options=8<VLAN_MTU>
>         inet 10.11.0.1 netmask 0xffff0000 broadcast 10.11.255.255
>         ether 00:02:a5:41:c6:b2
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
> sk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         options=b<RXCSUM,TXCSUM,VLAN_MTU>
>         inet 10.2.0.36 netmask 0xffff0000 broadcast 10.2.255.255
>         ether 00:0a:5e:5c:9e:2e
>         media: Ethernet autoselect (1000baseTX <full-duplex,flag0,flag1>)
>         status: active
> sk1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         options=b<RXCSUM,TXCSUM,VLAN_MTU>
>         inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
>         ether 00:0a:5e:5c:27:ef
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
> 
> fxp1 is parent of 7 vlan interfaces: vlan16, vlan20, vlan200, vlan201,
> vlan202 and vlan205 that connect my internal network to some external
> links, follow the ifconfig output:
> 
> vlan16: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         inet 10.16.0.1 netmask 0xffffff00 broadcast 10.16.0.255
>         ether 00:0c:f1:ac:91:09
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
>         vlan: 16 parent interface: fxp1
> vlan20: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         inet 10.20.0.1 netmask 0xffffff00 broadcast 10.20.0.255
>         ether 00:0c:f1:ac:91:09
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
>         vlan: 20 parent interface: fxp1
> vlan200: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         inet 10.200.0.1 netmask 0xfffffffc broadcast 10.200.0.3
>         ether 00:0c:f1:ac:91:09
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
>         vlan: 200 parent interface: fxp1
> vlan201: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         inet 10.200.0.5 netmask 0xfffffffc broadcast 10.200.0.7
>         ether 00:0c:f1:ac:91:09
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
>         vlan: 201 parent interface: fxp1
> vlan202: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         inet 10.200.0.9 netmask 0xfffffffc broadcast 10.200.0.11
>         ether 00:0c:f1:ac:91:09
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
>         vlan: 202 parent interface: fxp1
> vlan204: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>         inet 10.0.0.85 netmask 0xfffffffc broadcast 10.0.0.87
>         ether 00:0c:f1:ac:91:09
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
>         vlan: 204 parent interface: fxp1
> vlan205: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
>         inet 10.0.0.9 netmask 0xfffffffc broadcast 10.0.0.11
>         ether 00:0c:f1:ac:91:09
>         media: Ethernet autoselect (100baseTX <full-duplex>)
>         status: active
> 
> Like seen before netstat -niW show output errors in vlan interfaces
> 
> # netstat -niW
> Name      Mtu Network       Address              Ipkts Ierrs    Opkts
> Oerrs  Coll
> fxp0     1500 <Link#1>      00:02:a5:41:c6:b2 80737726     0 93763586
>    0     0
> fxp0     1500 10.11/16      10.11.0.1            39361     -   781153
>    -     -
> sk0      1500 <Link#2>      00:0a:5e:5c:9e:2e 95954343     3 85444921
>    0     0
> sk0      1500 10.2/16       10.2.0.36          1504482     -  2626656
>    -     -
> sk1      1500 <Link#3>      00:0a:5e:5c:27:ef  7852065     0  5623251
>    0     0
> sk1      1500 192.168.0     192.168.0.1          22824     -    16590
>    -     -
> fxp1     1500 <Link#4>      00:0c:f1:ac:91:09  9790593     0  9423268
>    1     0
> lo0     16384 <Link#5>                            2519     0     2519
>    0     0
> lo0     16384 127           127.0.0.1          1592519     -     2519
>    -     -
> vlan2*   1500 <Link#6>      00:00:00:00:00:00        0     0        0
>    0     0
> vlan11*  1500 <Link#7>      00:00:00:00:00:00        0     0        0
>    0     0
> vlan16   1500 <Link#8>      00:0c:f1:ac:91:09     1369     0        1
>    0     0
> vlan16   1500 10.16/24      10.16.0.1                0     -        0
>    -     -
> vlan20   1500 <Link#9>      00:0c:f1:ac:91:09        0     0        1
>    0     0
> vlan20   1500 10.20/24      10.20.0.1                0     -        0
>    -     -
> vlan200  1500 <Link#10>     00:0c:f1:ac:91:09     1373     0        1
>    0     0
> vlan200  1500 10.200/30     10.200.0.1               0     -        0
>    -     -
> vlan201  1500 <Link#11>     00:0c:f1:ac:91:09    53524     0    52234
>   63     0
> vlan201  1500 10.200.0.4/30 10.200.0.5               0     -        0
>    -     -
> vlan202  1500 <Link#12>     00:0c:f1:ac:91:09     5907     0     4421
>    4     0
> vlan202  1500 10.200.0.8/30 10.200.0.9               0     -        0
>    -     -
> vlan203  1500 <Link#13>     00:00:00:00:00:00        0     0        0
>    0     0
> vlan204  1500 <Link#14>     00:0c:f1:ac:91:09     1459     0        1
>    0     0
> vlan204  1500 10.0.0.84/30  10.0.0.85                0     -        0
>    -     -
> vlan205  1500 <Link#15>     00:0c:f1:ac:91:09  9728659     0  9373148
> 87025     0
> vlan205  1500 10.0.0.8/30   10.0.0.9           2453956     -  2417754
>    -     -
> tun0     1450 <Link#16>                              0     0        0
>    0     0
> tun0     1450 10            10.169.1.2               0     -        0
>    -     -
> 
> (the vlan205 is the most used and the output error is increasing...)
> 
> Trying to ping with no fragmentation flag a packet bigger than 1472
> bytes  throught vlan205 give me the message "Message too long"
> 
> # ping -D -s 1472 10.0.0.10
> PING 10.0.0.10 (10.0.0.10): 1472 data bytes
> 1480 bytes from 10.0.0.10: icmp_seq=0 ttl=255 time=5.199 ms
> 1480 bytes from 10.0.0.10: icmp_seq=1 ttl=255 time=4.905 ms
> 1480 bytes from 10.0.0.10: icmp_seq=2 ttl=255 time=5.036 ms
> ^C
> --- 10.0.0.10 ping statistics ---
> 3 packets transmitted, 3 packets received, 0% packet loss
> round-trip min/avg/max/stddev = 4.905/5.047/5.199/0.120 ms
> # ping -D -s 1473 10.0.0.10
> PING 10.0.0.10 (10.0.0.10): 1473 data bytes
> ping: sendto: Message too long
> ping: sendto: Message too long
> ping: sendto: Message too long
> ^C
> --- 10.0.0.10 ping statistics ---
> 3 packets transmitted, 0 packets received, 100% packet loss
> 

This error is because 1473 bytes as a pay load makes your icmp packet 
1501 bytes long and you have set the do not fragment bit in the IP 
header so with an interface mtu of 1500 bytes this will not work.

Tom

More information about the freebsd-net mailing list