From owner-freebsd-net@FreeBSD.ORG Tue Mar 19 14:27:16 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by hub.freebsd.org (Postfix) with ESMTP id C7D83A52 for ; Tue, 19 Mar 2013 14:27:16 +0000 (UTC) (envelope-from tom@claimlynx.com) Received: from mail-bk0-x232.google.com (mail-bk0-x232.google.com [IPv6:2a00:1450:4008:c01::232]) by mx1.freebsd.org (Postfix) with ESMTP id 529F9A3F for ; Tue, 19 Mar 2013 14:27:16 +0000 (UTC) Received: by mail-bk0-f50.google.com with SMTP id jg9so256278bkc.23 for ; Tue, 19 Mar 2013 07:27:15 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=mime-version:x-received:date:message-id:subject:from:to:cc :content-type:x-gm-message-state; bh=9rsAlmc1UnoYIU3XehZa09H8EEMD57HuHmxsxOYlJO8=; b=cjDYBS8Vn26bG7puIzslor572/RGv0mlEmzS+Ca5CMHXpV7jAm/Ipv9UxLvAncTgE9 WOvqR3twoVoSGDu1BjIJu62K+7B6ytMf41ZE9wDaRZhnYm6Lxes5Y/8lcXGDi8iXtXxJ OJFmW0LY5StK+E630Ct0nUVkG6HQ4MxsmimqFAkKi25dSx0pSBT8X31oLx3TeuR+mUvy b0qkJMo7r6vqj9O8iOw/qsflZFu9JjwTFvnFu6LfyhpnoG8X9XEG9vqjNt1wTCjlH0FV Yg1Mgal7b3GnwKYU43ShxV0J0nzzSOLpw7iVp4syzMBepNibMnI1XuZ9+RbqnlvjUIvc wusQ== MIME-Version: 1.0 X-Received: by 10.204.244.196 with SMTP id lr4mr8894443bkb.80.1363703235037; Tue, 19 Mar 2013 07:27:15 -0700 (PDT) Received: by 10.204.153.15 with HTTP; Tue, 19 Mar 2013 07:27:14 -0700 (PDT) Date: Tue, 19 Mar 2013 09:27:14 -0500 Message-ID: Subject: Troubleshooting network issue in 9.1 From: Thomas Johnson To: freebsd-net@freebsd.org X-Gm-Message-State: ALoCoQlyUdHfzQnohrD3VsczS9WgRlnzkDdVyHR6j8gFLfXTwZD9/4JVAs9a4qhoJndK70oWS1+migrOYUtJwxcQ2huQcBJZNG+yJ/3Wpn6ZnnlZOsObUX0= Content-Type: text/plain; charset=US-ASCII X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: root X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Mar 2013 14:27:16 -0000 I am looking for suggestions on how to troubleshoot a recurring issue we have seen on a pair of firewalls. Twice in the past month, we have rebooted the pair in response to reports of lost connections (an effective, albeit unhelpful solution). In both cases, we have observed that most connections seem to work correctly, but some connections seem to be dropped. Rebooting does resolve the issue. I have attempted to confirm packet loss using tcpdump, but I have not been successful, due to the seemingly inconsistent nature of the drops. The pair of hosts is not under any substantial load. generally (max ~12k states in pf, 1.3k pps on the WAN, over the week). The firewall pair runs FreeBSD i386. They were upgraded from 8.2 to 9.1-RC3 in early December, and the first connection drop event (and resulting reboot) occurred on February 12. In the days preceeding the first event (Feb. 11th), we added a VLAN, CARP interface, and IPv6 configuration to the hosts. We considered that something in this new configuration may have been responsible for the event, though these firewalls already had a number of VLANs and CARP interfaces. On February 14th, both firewalls were upgraded to 9.1-RELEASE. Since then, we have re-added the VLAN and CARP configurations. The firewalls were stable until March 14, when we began receiving reports of the same behavior. After a quick investigation yielded nothing, we rebooted the firewalls again, in the interest of keeping things running normally. Does anyone have any suggestions on what I should look for, when this happens again? Could this be related to reported CARP issues in 9.1, as discussed on this list recently? Thanks! -- Thomas Johnson -- This e-mail and any files transmitted with it are confidential and are intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient or the individual responsible for delivering the e-mail to the intended recipient, please be advised that you have received this e-mail in error and that any use, dissemination, forwarding, printing, or copying of this e-mail is strictly prohibited. If you have received this communication in error, please return it to the sender immediately and delete the original message and any copy of it from your computer system. If you have any questions concerning this message, please contact the sender or call ClaimLynx at (952) 593-5969.