Routing problem

Nicholas von Waltsleben nicvw at korbi.net
Tue Apr 18 11:24:40 UTC 2006 

Hi,

I am running a 5.4 box as a gateway server / firewall / mail relay at
our company.  Previously we had a 4.3-beta server which although
horribly outdated hardly ever gave us any problems.  Since replacing it
with a Dell 850 and installing 5.4 I have experienced intermittent
routing issues. The box will stop routing traffic correctly (I have
included the output of a ping below).  I initially thought that the box
was just dropping the packets but after running a trafshow I saw that
this was not the case.

The server has four interfaces (2 X fxp (dual Intel card), 2 X onboard
bge), bge0 connects directly to out hosted infrastructure, bge1 connects
to our internal LAN, fxp0 connects to our ISP and, fxp1 is our old DMZ
network.  The routing issue affects all interfaces except bge1 which is
also the only interface running at 1Gbit.  Most of the traffic routed
through any other interfaces is lost and this seriously impacts on the
performance experienced by my users.

We have two other identical servers in front of our commercially hosted
infrastructure and neither of them is displaying this behavior.  I was
wondering whether anyone had any ideas as to what could be causing this
or what I should be checking when next this occurs?

Regards,
Nicholas

Uname -a output:

FreeBSD cptgw01.korbitec.com 5.4-RELEASE-p11 FreeBSD 5.4-RELEASE-p11 #1:
Mon Feb 27 09:03:21 SAST 2006     nicvw@:/usr/obj/usr/src/sys/KORBI
i386


Ifconfig output:

fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet 196.31.9.186 netmask 0xfffffffc broadcast 196.31.9.187
        ether 00:90:27:c3:ba:c0
        media: Ethernet 10baseT/UTP
        status: active
fxp1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet 192.96.88.225 netmask 0xffffffe0 broadcast 192.96.88.255
        ether 00:90:27:c3:ba:c1
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=1a<TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
        inet 196.31.10.14 netmask 0xfffffff0 broadcast 196.31.10.15
        ether 00:13:72:3b:d9:c5
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active
bge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        options=1a<TXCSUM,VLAN_MTU,VLAN_HWTAGGING>
        inet 10.0.0.1 netmask 0xfffffffc broadcast 10.0.0.3
        ether 00:13:72:3b:d9:c6
        media: Ethernet autoselect (1000baseTX <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
        inet 127.0.0.1 netmask 0xff000000

Example of a ping to another 5.4 box connected directly to one of the
bge interfaces:

ping: sendto: No route to host
ping: sendto: No route to host
ping: sendto: No route to host
ping: sendto: No route to host
ping: sendto: No route to host
64 bytes from 196.31.10.2: icmp_seq=5 ttl=64 time=0.383 ms

Output of trafshow:

fw.in.company.com,ssh                              10.4.3.2,2278
tcp                       22K                       742
10.4.3.2,echo-reqst                                fw.in.company.com
icmp                      1680                      60
10.4.3.2,echo-reqst                                196.31.10.2
icmp                      1680                      60
fw.in.company.com,echo-reply                       10.4.3.2
icmp                      1680                      60
196.31.10.2,echo-reply                             10.4.3.2
icmp                      900                       20
fw.in.company.com,unrch-host                       10.4.3.2
icmp                      784                       56

Output of netstat -rn:

default            196.31.9.185       UGS         0    89193   fxp0
10/30              link#4             UC          0        0   bge1
10.0.0.2           00:16:35:32:1c:00  UHLW        6    39818   bge1
631
10.2/16            10.0.0.2           UGS         0      108   bge1
10.3/16            10.0.0.2           UGS         0        0   bge1
10.4/16            10.0.0.2           UGS         0    68268   bge1
10.4.13/24         192.96.88.247      UGS         0      138   fxp1
10.5/16            10.0.0.2           UGS         0       96   bge1
127.0.0.1          127.0.0.1          UH          0 10456566    lo0
172.16             10.0.0.2           UGS         0        4   bge1
192.96.88.64/26    10.0.0.2           UGS         0        1   bge1
192.96.88.128/26   196.31.10.2        UGS         0     4791   bge0
192.96.88.224/27   link#2             UC          0        0   fxp1
192.96.88.227      00:02:b3:c2:59:2a  UHLW        0 33447909   fxp1
1010
192.96.88.229      00:02:b3:b4:bb:2d  UHLW        0   113042   fxp1
524
192.96.88.245      00:02:55:54:cb:81  UHLW        0       92   fxp1
333
192.96.88.246      00:90:27:8b:3c:80  UHLW        0  1615758   fxp1
1121
192.96.88.247      00:d0:b7:5e:79:7c  UHLW        1   868677   fxp1
828
192.96.88.249      00:90:27:8a:f6:82  UHLW        0       13   fxp1
650
192.96.88.254      00:10:83:ef:2a:c0  UHLW        0   192331   fxp1
371
196.7.154/27       196.31.10.2        UGS         0     1664   bge0
196.7.156.144/28   196.31.10.3        UGS         0    36538   bge0
196.31.9.184/30    link#1             UC          0        0   fxp0
196.31.9.185       00:e0:a3:13:79:25  UHLW        1        9   fxp0
106
196.31.10/28       link#3             UC          0        0   bge0
196.31.10.2        00:13:72:3b:e0:16  UHLW        2   385625   bge0
227
196.31.10.3        00:03:47:81:cc:8a  UHLW        1   430667   bge0
208
196.31.10.5        00:13:72:3b:e0:16  UHLW        0    51731   bge0
507
196.31.10.8        00:13:72:3b:e0:16  UHLW        0      452   bge0
1016
196.31.10.15       ff:ff:ff:ff:ff:ff  UHLWb       0        9   bge0

More information about the freebsd-questions mailing list