Date: Wed, 22 Feb 2017 18:02:28 -0800 From: Patrick Mahan <mahan@mahan.org> To: Doug Hardie <bc979@lafn.org>, "freebsd-questions@freebsd.org Questions" <freebsd-questions@freebsd.org> Subject: Re: netstat interface output Message-ID: <7d3d9c46-a6e7-0fbe-49b3-e04912d833bc@mahan.org> In-Reply-To: <C4194CE3-F38A-48E6-8318-D3676C14F991@lafn.org> References: <C4194CE3-F38A-48E6-8318-D3676C14F991@lafn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 2/22/17 3:38 PM, Doug Hardie wrote: > I am starting to develop a nagios check for errors on interfaces. However, there are some issues with the entries in netstat that I don't understand. Each interface has multiple entries: one for each address and one for the link. It would seem to me that the link counts would be the sum of the other address entries, but it is not. Often it is way off. At first I thought it was possibly caused by overflows of the counters since most systems have been running for months. However, checking one system that was only up for one day, the ip4 count was considerably larger than the link count. This is shown in one of the examples below. > > The other issue is one system seems to lose addresses. The address quits responding, although one address remains and does work. That interface has a DHPC assigned address along with several fixed addresses. For the first few days, all addresses work fine. Then all the fixed addresses disappear and no longer work. The netstat output for this is shown below. The first is approximately 1 day after the system was booted and all addresses are working. The second is the next day and only the DHCP assigned address remains. Unfortunately that system is remote and without the fixed addresses I can't access it to get to the messages file. > > Network interface status: > Name Mtu Network Address Ipkts Ierrs Idrop Opkts Oerrs Coll Drop > bge0 1500 <Link#1> 68:5b:35:ab:96:52 3703649 0 0 1911094 0 0 0 > bge0 - 192.168.1.205 192.168.1.205 0 - - 0 - - - > bge0 - 10.0.1.205/32 10.0.1.205 0 - - 0 - - - > bge0 - 192.168.0.205 192.168.0.205 498 - - 0 - - - > bge0 - 192.168.0.0/2 192.168.0.7 3700267 - - 1912398 - - - > lo0 16384 <Link#2> lo0 0 0 0 0 0 0 0 > lo0 - localhost localhost 0 - - 0 - - - > lo0 - fe80::%lo0/64 fe80::1%lo0 0 - - 0 - - - > lo0 - your-net localhost 0 - - 0 - - - > > Local system status: > 3:01AM up 1 day, 8:08, 0 users, load averages: 0.18, 0.16, 0.11 > Okay, I must admit I am confused by your configuration. I am assuming that due to space constraints the .205 are all /32? It might be helpful to give the output 'ifconfig bge0'. And is the DHCP given /24? I hope your DHCP avoids giving out the .205 address. That being said, why a bunch of point-to-point style addresses? > > > Network interface status: > Name Mtu Network Address Ipkts Ierrs Idrop Opkts Oerrs Coll Drop > bge0 1500 <Link#1> 68:5b:35:ab:96:52 6420868 0 0 3313113 0 0 0 > bge0 - 192.168.0.0/2 192.168.0.7 1809545 - - 934183 - - - > lo0 16384 <Link#2> lo0 0 0 0 0 0 0 0 > lo0 - localhost localhost 0 - - 0 - - - > lo0 - fe80::%lo0/64 fe80::1%lo0 0 - - 0 - - - > lo0 - your-net localhost 0 - - 0 - - - > > Local system status: > 3:01AM up 2 days, 8:08, 0 users, load averages: 0.04, 0.11, 0.08 > > > Any ideas what could cause this? > Do you have any network background processes? routed? On the counters not lining up, I believe this is due to the counts only being incremented for the correct protocol. So where you show IPv4 addresses, those counts are only for IPv4 packets. You are still getting non-IPv4 addresses (ARP for example) so the total packet count for the link is usually larger than the cumlative of the columns. Patrick > — Doug > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7d3d9c46-a6e7-0fbe-49b3-e04912d833bc>