From owner-freebsd-questions@FreeBSD.ORG Wed Jun 15 17:47:58 2011 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 1352F106564A for ; Wed, 15 Jun 2011 17:47:58 +0000 (UTC) (envelope-from markham_breitbach@ssimicro.com) Received: from mail.ssimicro.com (mail.ssimicro.com [64.247.129.10]) by mx1.freebsd.org (Postfix) with ESMTP id D5C6C8FC1A for ; Wed, 15 Jun 2011 17:47:57 +0000 (UTC) Received: from markhams-macbook-pro-113.local (markham.ssimicro.com [64.247.130.99]) (authenticated bits=0) by mail.ssimicro.com (8.14.4/8.14.4) with ESMTP id p5FHa9xS070990 (version=TLSv1/SSLv3 cipher=AES256-SHA bits=256 verify=NOT) for ; Wed, 15 Jun 2011 11:36:09 -0600 (MDT) X-Virus-Status: Clean X-Virus-Scanned: clamav-milter 0.96.1 at mail.ssimicro.com Message-ID: <4DF8ED8E.6010809@ssimicro.com> Date: Wed, 15 Jun 2011 11:36:14 -0600 From: markham breitbach User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.17) Gecko/20110414 Lightning/1.0b2 Thunderbird/3.1.10 MIME-Version: 1.0 To: freebsd-questions@freebsd.org X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: 8.1 broken inter-jail IP communication X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 15 Jun 2011 17:47:58 -0000 Good Day, I am encountering an occassional problem under FreeBSD 8.1 where two jails on the same server cannot reach each other after a reboot. The Jails are running a mail server and ldap server, respectively and each has it's own IP address. The problem manifests itself after a reboot of the server. After both jails have started the mail server is unable to communicate with the ldap server. From inside the jail, a host unreachable is returned when trying to connect to the ldap server. I have tried clearing the arp-cache and route-cache from the host and restarting both jails, but the problem persists. The arp table from the host server (outside the jail) shows an "(incomplete)" entry for the mail server when this is happening. I was able to ping the mail IP address from the host server and the incomplete entry disappeared and, as expected, there was no longer an arp entry for the mail server and communications between the two jails was restored. Unfortunately I have had difficulty recreating this scenario in a test environment and it only pops up occasionally in the field. And while this workaround is suitable, it is a bit of a PITA and I would like to know if this problem can be resolved. So, I am wondering if anyone has some insights into what might be at the root of this problem and what might be useful data to collect when this problem is happening to help pin down the source of it. Unfortunately, when service fails, I don't have a lot of time to poke around at things as I need to do whatever I can to get it back up a quickly as possible, although I am continuing to try and recreate this scenario in a test environment. Best Regards, Markham Breitbach