From owner-freebsd-questions@freebsd.org Thu Feb 23 02:26:44 2017 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id ECD7ECE9BD3 for ; Thu, 23 Feb 2017 02:26:44 +0000 (UTC) (envelope-from mahan@mahan.org) Received: from ns.mahan.org (23-24-207-145-static.hfc.comcastbusiness.net [23.24.207.145]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DC7F01325 for ; Thu, 23 Feb 2017 02:26:44 +0000 (UTC) (envelope-from mahan@mahan.org) Received: from Cone-of-Silence.local (localhost [127.0.0.1]) by ns.mahan.org (8.14.9/8.14.9) with ESMTP id v1N22VLh084817; Wed, 22 Feb 2017 18:02:33 -0800 (PST) (envelope-from mahan@mahan.org) Subject: Re: netstat interface output To: Doug Hardie , "freebsd-questions@freebsd.org Questions" References: From: Patrick Mahan Message-ID: <7d3d9c46-a6e7-0fbe-49b3-e04912d833bc@mahan.org> Date: Wed, 22 Feb 2017 18:02:28 -0800 User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:45.0) Gecko/20100101 Thunderbird/45.7.1 MIME-Version: 1.0 In-Reply-To: Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 23 Feb 2017 02:26:45 -0000 On 2/22/17 3:38 PM, Doug Hardie wrote: > I am starting to develop a nagios check for errors on interfaces. However, there are some issues with the entries in netstat that I don't understand. Each interface has multiple entries: one for each address and one for the link. It would seem to me that the link counts would be the sum of the other address entries, but it is not. Often it is way off. At first I thought it was possibly caused by overflows of the counters since most systems have been running for months. However, checking one system that was only up for one day, the ip4 count was considerably larger than the link count. This is shown in one of the examples below. > > The other issue is one system seems to lose addresses. The address quits responding, although one address remains and does work. That interface has a DHPC assigned address along with several fixed addresses. For the first few days, all addresses work fine. Then all the fixed addresses disappear and no longer work. The netstat output for this is shown below. The first is approximately 1 day after the system was booted and all addresses are working. The second is the next day and only the DHCP assigned address remains. Unfortunately that system is remote and without the fixed addresses I can't access it to get to the messages file. > > Network interface status: > Name Mtu Network Address Ipkts Ierrs Idrop Opkts Oerrs Coll Drop > bge0 1500 68:5b:35:ab:96:52 3703649 0 0 1911094 0 0 0 > bge0 - 192.168.1.205 192.168.1.205 0 - - 0 - - - > bge0 - 10.0.1.205/32 10.0.1.205 0 - - 0 - - - > bge0 - 192.168.0.205 192.168.0.205 498 - - 0 - - - > bge0 - 192.168.0.0/2 192.168.0.7 3700267 - - 1912398 - - - > lo0 16384 lo0 0 0 0 0 0 0 0 > lo0 - localhost localhost 0 - - 0 - - - > lo0 - fe80::%lo0/64 fe80::1%lo0 0 - - 0 - - - > lo0 - your-net localhost 0 - - 0 - - - > > Local system status: > 3:01AM up 1 day, 8:08, 0 users, load averages: 0.18, 0.16, 0.11 > Okay, I must admit I am confused by your configuration. I am assuming that due to space constraints the .205 are all /32? It might be helpful to give the output 'ifconfig bge0'. And is the DHCP given /24? I hope your DHCP avoids giving out the .205 address. That being said, why a bunch of point-to-point style addresses? > > > Network interface status: > Name Mtu Network Address Ipkts Ierrs Idrop Opkts Oerrs Coll Drop > bge0 1500 68:5b:35:ab:96:52 6420868 0 0 3313113 0 0 0 > bge0 - 192.168.0.0/2 192.168.0.7 1809545 - - 934183 - - - > lo0 16384 lo0 0 0 0 0 0 0 0 > lo0 - localhost localhost 0 - - 0 - - - > lo0 - fe80::%lo0/64 fe80::1%lo0 0 - - 0 - - - > lo0 - your-net localhost 0 - - 0 - - - > > Local system status: > 3:01AM up 2 days, 8:08, 0 users, load averages: 0.04, 0.11, 0.08 > > > Any ideas what could cause this? > Do you have any network background processes? routed? On the counters not lining up, I believe this is due to the counts only being incremented for the correct protocol. So where you show IPv4 addresses, those counts are only for IPv4 packets. You are still getting non-IPv4 addresses (ARP for example) so the total packet count for the link is usually larger than the cumlative of the columns. Patrick > — Doug > > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" >