Joseph Noonan wrote:
I have a really weird networking issue on my firewall box. The
machine in question has an ethernet facing a cisco facing the
Internet and an ethernet facing the LAN plugged into a 3com
100Mbit switch. My LAN has all of the servers and most of the
workstations sitting in the /24 that I've had for 10 years. Some
of the newer workstations are now sitting on a /24 that I got from
one of my providers when I filled up the old space.
On xl0, the LAN ether, I simply added one of the new /24's to the
interface with an ifconfig -alias and thought everything was good.
And it was for users that only use the LAN for e-mail and www.
But when I added some users that started messing around with 25MB
pppts or 100MB .docs, the performance became pathetic, like in the
single or low double digit kbps. The very same computer, can
download a 100MB file from the 'net over a T1 faster than it can
get a 50MB file off of my Samba based BSD file server. If I
change the machines IP to one in the old /24 everything is fine
again.
Now it gets really weird. Today, one of my associates was
investigating this problem and doing the experiments that document
the above facts on two different machine. He called me and told
me what he found. I logged into the firewall and started running
tcpdump against the one address and also looking at the firewall
logs to make sure I wasn't firewalling my own network. A few
minutes later one of the users afflicted by this issue called to
thank me for fixing the problem. I said eh? I haven't done
anything other than look at the problem and I'm stumped. He says
whatever, works great now! My associate confirmed this on another
machine.
Well, it is true, I *did* do something: I put xl0 into promiscuous
mode. But why oh why is that fixing what should not even be a
problem to begin with?
Any klews cheerfully accepted (including hitting me with a
clue-by-4 if I'm missing something obvious).
Somewhat of a shot in the dark, but ...
Is the routing possibly messed up such that an attempt to connect to
the aliased IP is being routed through the machine to the other IP on
the same interface? I don't see why this would cause such terrible
performance, but it's the best guess I have with the information you
provide.
Perhaps some output form 'netstat -rn' and 'ifconfig' might provoke
some more useful answers.
--
Bill Moran
Potential Technologies
http://www.potentialtech.com
To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-questions" in the body of the message
