From owner-freebsd-questions@FreeBSD.ORG Thu Aug 18 16:14:42 2005 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5618A16A41F for ; Thu, 18 Aug 2005 16:14:42 +0000 (GMT) (envelope-from durham@jcdurham.com) Received: from smtp03.nauticom.net (smtp03-pix.nauticom.net [209.195.133.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 725CC43D48 for ; Thu, 18 Aug 2005 16:14:41 +0000 (GMT) (envelope-from durham@jcdurham.com) Received: from 18.gibs5.xdsl.nauticom.net (18.gibs5.xdsl.nauticom.net [209.195.184.19]) by smtp03.nauticom.net (8.13.1/8.13.1) with ESMTP id j7IGEdps093962 for ; Thu, 18 Aug 2005 12:14:39 -0400 (EDT) Received: from dhcp18.eng.nepinc.com (pgh.nepinc.com [66.207.129.50]) by 18.gibs5.xdsl.nauticom.net (8.13.1/8.12.11) with ESMTP id j7IGEvvn041804 for ; Thu, 18 Aug 2005 12:14:57 -0400 (EDT) (envelope-from durham@jcdurham.com) From: Jim Durham To: freebsd-questions@freebsd.org Date: Thu, 18 Aug 2005 12:14:30 -0400 User-Agent: KMail/1.8 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200508181214.30511.durham@jcdurham.com> Subject: Network Interface 'overload' in 4.11 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: durham@jcdurham.com List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 18 Aug 2005 16:14:42 -0000 Hi, This is the 2nd or 3rd time I have seen this and wondered if there is a solution. Recently, one of our 4.11 servers that we had just installed at one of our offices with about 50 users got extremely slow and non-responsive after a few hours of operation. I was unable to do an ssh login to this box, but it stayed up according to people on the scene. This box is running natd with the usual setup, an outside interface hooked to a T1 with the outside IP and the local LAN hooked up through switches to the inside interface with a class C private network with 192.168.x.x addresses, handing out DHCP over that interface. My assistant was on scene and got on the phone with me when this happened and confirmed that the box was up and responsive to console commands. I asked him to pull the ethernet to the inside interface. Instantly, I was able to ssh in to the outside address and the web server on the box became responsive again. Then we put the cable back and I tried tcpdump to see where the 'overload' was coming from. tcpdump showed virtually no traffic on the inside interface. We resorted to going through the switches and looked for a link light that was flickering the most, pulled out that cable, which went to only one Windows box and the whole network returned to normal. Now, this box was somehow spewing packets at a high enough rate (it's a 1ghz inside network) to 'shut down' the 4.11 server's networking. This is obviously not a good situation. It looks like the interface was dropping almost all packets at that point. I had this same problem a year or two ago with a 4.x box. At that time I tried playing with various sysctls. I had no real luck. Does anyone have any experience with this phenomenum and can you suggest a cure? Thanks very much, -- -Jim