packet loss with carp on 6.2

Max Laier max at love2party.net
Thu Oct 18 03:50:31 PDT 2007 

On Thursday 18 October 2007, Klavs Klavsen wrote:
> I tried to just disable carp on the new machine (simply comment out
> carp config from /etc/rc.conf.local) and now the packet loss is gone -
> and hasn't been there for half an hour, so far.

I supposed you also had to change your firewall rules?  Otherwise your 
ruleset might not be ready to deal with carp and that could be the reason 
why you get the bad results?  Start debugging by looking at "netstat -ssp 
carp" on either machine and take a careful look at your pf.conf.  I also 
suggest that you add "log" to all you block rules and watch tcpdump on 
pflog0 while pinging.

> Seems the carp network interfaces has bugs.

That's a pretty bold assertion given the limited debugging you have 
done ;)

> On Thu, October 18, 2007 10:33, Klavs Klavsen said:
> > Hi guys,
> >
> > I have had a FreeBSD 6.2 (-p1 - yes I know :) firewall running for a
> > while, with pf fw rules. It has worked fine, and was a replacement
> > for a fbsd 4.x ipfw firewall.
> >
> > Now I just replaced the 6.2 pf firewall, with a 6.2 (-p7) and carp
> > interfaces enabled. It's using the same cables and the same type of
> > network cards (bge and em). The new one, is a HP dl385 (amd) where
> > the old one, was a HP dl380 (Intel).
> >
> > On the new one, fping (and ping -f) pinging through the firewall,
> > gives me a packet loss. fping in nagios, reports up to 55% packet
> > loss :( - a ping -f gives me 1-3%, but bad enough :(
> >
> > pinging from the firewall itself, to one of the hosts, that packets
> > are lost to (when pinging from other networks) does not give any
> > packet loss.
> >
> > The old 6.2, had polling enabled - and I've tried to disable polling
> > on the new, but to no effect.
> >
> > Any ideas what else to try?
> >
> > --
> > Regards,
> > Klavs Klavsen, GSEC - kl at vsen.dk - http://www.vsen.dk
> > PGP: 7E063C62/2873 188C 968E 600D D8F8  B8DA 3D3A 0B79 7E06 3C62
> >
> > "Those who do not understand Unix are condemned to reinvent it,
> > poorly." --Henry Spencer
> >
> > _______________________________________________
> > freebsd-net at freebsd.org mailing list
> > http://lists.freebsd.org/mailman/listinfo/freebsd-net
> > To unsubscribe, send any mail to
> > "freebsd-net-unsubscribe at freebsd.org"



-- 
/"\  Best regards,                      | mlaier at freebsd.org
\ /  Max Laier                          | ICQ #67774661
 X   http://pf4freebsd.love2party.net/  | mlaier at EFnet
/ \  ASCII Ribbon Campaign              | Against HTML Mail and News
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: This is a digitally signed message part.
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20071018/b7c32f38/attachment.pgp

More information about the freebsd-net mailing list