Date: Tue, 10 Jun 2008 12:55:17 +1200 From: "Mark Pagulayan" <m.pagulayan@auckland.ac.nz> To: <freebsd-pf@freebsd.org> Subject: PF: See packet errors on external interface Message-ID: <C65291A68BAF57499B18564A1EE4A761403090@UXCHANGE1.UoA.auckland.ac.nz>
next in thread | raw e-mail | index | archive | help
Hi Guys,=20 =20 I was just wondering if you could help me with my problem.=20 =20 Before going to the details here is my setup: =20 OS: FreeBSD 7.0-RELEASE i386 Firewall:PF Interface: em1(external interface) and em0(internal interface) Setup: The 2 interfaces above are setup as a bridge so we are using PF as a layer2 FW.=20 Use altq to define queues on em1 and em0 ( default, unlimited, sponsored, premium, standard) =20 =20 Doing a netstat -d -I em1. I can see that there incoming packet errors but no outgoing packet errors. A number of drops but no collision. =20 Doing a netstat -d -I em0. I can see that there are no errors on the incoming and outgoing packets. A number of drops but no collision. =20 Doing a netstat -d -l bridge0. don't see any errors on the incoming and outgoing packets. No drops and collision. =20 Looking at my ruleset I can see that I have=20 =20 scrub in on em1=20 =20 Does this rule cause the packet errors? Or presumably because of the speed of the network? We are running at around 8000 packet/s for incoming and outgoing traffic.=20 There was plan of removing this rule? If we do that? What would the implications be?=20 =20 Also using the tool pftop, the default queue has packet drops and suspensions QUEUE BW SCH PRIO PKTS BYTES DROP_P DROP_B QLEN BORROW SUSPEN P/S B/S default 134M cbq 1326370 775902K 138 102128 0 0 2798 8182 4340435 =20 Do you think the scrub rule is the causing pf to suspend some packets? I also wish to understand how pftop works to be able to debug the problem.=20 =20 The reason that I am asking this questions is that we get connectivity issues with some external sites that we connect to. It might be the uplink that has problems but I hope I could gather information on what might be causing this, or things might be or not related to this issue.=20 =20 Your help would be greatly appreciated. =20 Thanks =20 Mark Pagulayan University of Auckland
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?C65291A68BAF57499B18564A1EE4A761403090>