Re: packet loss

rik Tue, 29 Nov 2011 10:49:15 -0800

Sorry, I've mised the top 2 rows of the dmesg:
OpenBSD 3.9 (FIREWALL) #0: Sun Sep 17 15:49:07 CEST 2006
    [email protected]:/usr/src/sys/arch/i386/compile/FIREWALL


Firewall is just the generic.mp with a device (cpu temp monitor) removed
because not working.
This is my netstat -i from the master

Name    Mtu   Network     Address              Ipkts Ierrs    Opkts Oerrs
Colls
lo0     33224 <Link>                            2170     0     2170
0     0
lo0     33224 loopback    localhost             2170     0     2170
0     0
lo0     33224 localhost.n ::1                   2170     0     2170
0     0
fxp0    1500  <Link>      xx:xx:xx:xx:xx:xx 4080602979  5814 3643673264
0     0
fxp1    1500  <Link>      xx:xx:xx:xx:xx:xx 3990056491   256 4226316164
0     0
fxp1    1500  x.x.x.0 fw1           3990056491   256 4226316164     0     0
rl0     1500  <Link>      xx:xx:xx:xx:xx:xx  4757956     0 16291765
0     0
rl0     1500  10.1.0/24   10.1.0.3           4757956     0 16291765
0     0
pflog0  33224 <Link>                               0     0        0
0     0
pfsync0 1460  <Link>                               0     0        0
0     0
enc0*   1536  <Link>                               0     0        0
0     0
carp0   1500  <Link>      xx:xx:xx:xx:xx:xx 4077521045     0  4450639
0     0
carp0   1500  xx.xx.ww.2 xx.xx.ww.30      4077521045     0  4450639
0     0
carp1   1500  <Link>      xx:xx:xx:xx:xx:xx 3978337099    35  4450637
2     0
carp1   1500  xx.xx.xx.0 xx.xx.xx.1       3978337099    35  4450637
2     0
carp1   1500  xx.xx.xx.1 xx.xx.xx.17      3978337099    35  4450637
2     0
carp1   1500  xx.xx.xx.3 xx.xx.xx.33      3978337099    35  4450637
2     0
carp1   1500  xx.xx.xx.4 xx.xx.xx.49      3978337099    35  4450637
2     0
carp1   1500  xx.xx.zz.1 xx.xx.zz.129     3978337099    35  4450637
2     0
carp1   1500  xx.xx.zz.1 xx.xx.zz.145     3978337099    35  4450637
2     0
carp1   1500  xx.xx.zz.1 xx.xx.zz.161     3978337099    35  4450637
2     0
carp1   1500  xx.xx.zz.1 xx.xx.zz.177     3978337099    35  4450637
2     0
carp1   1500  xx.xx.yy.1 xx.xx.yy.129     3978337099    35  4450637
2     0

I've tried to switch on the basckup with no difference. It has also been
changed the cable and the port on the switch
Thanks!
alessandro


On Mon, Nov 28, 2011 at 8:58 PM, James Shupe <[email protected]> wrote:

> Your dmesg doesn't show the version you're running. Can you provide
> that, along with ifconfig output from both machines? You may want to
> check the physical connectivity (cable/ NIC/ switch) for the internal
> interface of the carp master... Or just fail over to the secondary box
> to see if the issue goes away.
>
> Also, provide the netstat -i output.
>
> On 11/28/11 1:37 PM, rik wrote:
> > Hi James,
> > both carp on the master firewall are in master status (one on the
> external
> > side, one on the internal side), but as much as I know they've always
> been
> > like this; on the backup firewall they both are in backup status (and the
> > backup, using the phisical interface, can ping without any packet loss).
> > Thanks
> > Alessandro
> >
> >
> > On Mon, Nov 28, 2011 at 8:08 PM, James Shupe <[email protected]> wrote:
> >
> >> Run
> >>
> >> ifconfig carp | grep status
> >>
> >> on both machines... If they're pre 4.8, do:
> >>
> >> ifconfig carp | grep 'carp: '
> >>
> >> .....
> >>
> >> If both think they're masters, they'll do what you're seeing.
> >>
> >> Thank you,
> >> James Shupe
> >>
> >> On 11/28/11 12:53 PM, Stuart Henderson wrote:
> >>> dmesg?
> >>>
> >>> On 2011-11-28, rik <[email protected]> wrote:
> >>>> Good day,
> >>>> I'm using 2 openbsd boxes as router firewall with carp in a colo-like
> >> setup.
> >>>> In the last few days we saw the packet loss percentuale increase up to
> >>>> 8-10% and it doesn't look like a problem for outside.  If I ping from
> >> the
> >>>> master firewall one of the server inside I can see something like
> this:
> >>>>
> >>>> 64 bytes from xx.xx.xx.12: icmp_seq=4 ttl=64 time=-3.-656 ms
> >>>> 64 bytes from xx.xx.xx.12: icmp_seq=5 ttl=64 time=0.794 ms
> >>>> 64 bytes from xx.xx.xx.12: icmp_seq=6 ttl=64 time=0.-491 ms
> >>>> ping: sendto: No route to host
> >>>> ping: wrote xx.xx.xx.12 64 chars, ret=-1
> >>>> ping: sendto: No route to host
> >>>> ping: wrote xx.xx.xx.12 64 chars, ret=-1
> >>>> 64 bytes from xx.xx.xx.12: icmp_seq=9 ttl=64 time=0.526 ms
> >>>> 64 bytes from xx.xx.xx.12: icmp_seq=10 ttl=64 time=1.415 ms
> >>>>
> >>>> No errors in syslog.
> >>>> Any idea?
> >>>> Thanks
> >>>> Alessandro
> >>>
> >>
> >>
> >> --
> >> James Shupe, OSRE
> >> developer/ engineer
> >> BSD/ Linux support & hosting
> >> [email protected] | www.osre.org
> >> O 9032530140 | F 9032530150 | M 9035223425
> >
>
>
> --
> James Shupe, OSRE
> developer/ engineer
> BSD/ Linux support & hosting
> [email protected] | www.osre.org
> O 9032530140 | F 9032530150 | M 9035223425

Re: packet loss

Reply via email to