Date: Wed, 17 Mar 2010 10:41:38 -0400 From: "kevin" <k@kevinkevin.com> To: "'kevin'" <k@kevinkevin.com>, "'Daniel Hartmeier'" <daniel@benzedrine.cx> Cc: freebsd-net@freebsd.org, freebsd-pf@freebsd.org Subject: RE: PF + BRIDGE + PFSYNC causes system freezing Message-ID: <013701cac5df$f4c3ec20$de4bc460$@com> In-Reply-To: <012501cac5d9$748d68c0$5da83a40$@com> References: <4B8E4850.1060104@zirakzigil.org> <4B9EA5A2.4010900@zirakzigil.org> <00bc01cac53d$a92f0b70$fb8d2250$@com> <20100317081256.GA21633@insomnia.benzedrine.cx> <012501cac5d9$748d68c0$5da83a40$@com>
next in thread | previous in thread | raw e-mail | index | archive | help
>>What are your settings for
>>
>> $ sysctl -a | grep bridge.pfil
>#bridge options
>net.link.bridge.pfil_onlyip=1
>net.link.bridge.pfil_member=1
>net.link.bridge.pfil_bridge=0
>> Have you tried filtering only on one of the physical bridge interfaces,
>> with net.link.bridge.pfil_bridge=0 and set skip on { lo0, bridge0, em1}?
>I've only been filtering on one of the bridge interfaces , however I have
>not 'set skip on' the other interfaces. I will try that.
I have 'set skip' all interfaces except one of the bridged ones (em0) , in
pf.conf.
Interesting symptom currently is that the load on both servers is quite high
considering they are just virtual machines that aren't actually doing
anything :
[server1]
last pid: 1176; load averages: 2.66, 3.01, 2.87 up 0+00:36:26
10:34:24
22 processes: 1 running, 21 sleeping
CPU: % user, % nice, % system, % interrupt, % idle
Mem: 8140K Active, 9400K Inact, 27M Wired, 34M Buf, 195M Free
Swap: 120M Total, 120M Free
[server2]
last pid: 1116; load averages: 8.50, 10.11, 8.66 up 0+00:39:35
10:37:46
22 processes: 2 running, 20 sleeping
CPU: 0.0% user, 0.0% nice, 95.2% system, 4.8% interrupt, 0.0% idle
Mem: 8116K Active, 9560K Inact, 16M Wired, 8K Cache, 34M Buf, 205M Free
Swap: 120M Total, 120M Free
I decided to ping the pfsync0 interface from server 1 > server 2 :
# ping 10.0.0.11
PING 10.0.0.11 (10.0.0.11): 56 data bytes
64 bytes from 10.0.0.11: icmp_seq=3 ttl=64 time=91.159 ms
64 bytes from 10.0.0.11: icmp_seq=3 ttl=64 time=114.017 ms (DUP!)
64 bytes from 10.0.0.11: icmp_seq=4 ttl=64 time=206.446 ms
64 bytes from 10.0.0.11: icmp_seq=5 ttl=64 time=92.209 ms
64 bytes from 10.0.0.11: icmp_seq=5 ttl=64 time=181.774 ms (DUP!)
64 bytes from 10.0.0.11: icmp_seq=5 ttl=64 time=363.855 ms (DUP!)
^C
--- 10.0.0.11 ping statistics ---
9 packets transmitted, 3 packets received, +3 duplicates, 66.7% packet loss
round-trip min/avg/max/stddev = 91.159/174.910/363.855/95.135 ms
If theres anything else I could check , suggestions are welcome.
Thanks,
Kevin K.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?013701cac5df$f4c3ec20$de4bc460$>