From owner-freebsd-net@FreeBSD.ORG Fri Feb 16 10:36:32 2007 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 1C47816A400 for ; Fri, 16 Feb 2007 10:36:32 +0000 (UTC) (envelope-from ml.diespammer@netfence.it) Received: from parrot.aev.net (parrot.aev.net [212.31.247.179]) by mx1.freebsd.org (Postfix) with ESMTP id 8E13B13C46B for ; Fri, 16 Feb 2007 10:36:31 +0000 (UTC) (envelope-from ml.diespammer@netfence.it) Received: from soth.ventu (adsl-ull-235-229.51-151.net24.it [151.51.229.235]) (authenticated bits=128) by parrot.aev.net (8.13.8/8.13.8) with ESMTP id l1GAgwPT066816 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Fri, 16 Feb 2007 11:43:04 +0100 (CET) (envelope-from ml.diespammer@netfence.it) Received: from [10.1.2.18] (alamar.ventu [10.1.2.18]) by soth.ventu (8.13.8/8.13.8) with ESMTP id l1GAabAr067339; Fri, 16 Feb 2007 11:36:37 +0100 (CET) (envelope-from ml.diespammer@netfence.it) Message-ID: <45D58923.1000803@netfence.it> Date: Fri, 16 Feb 2007 11:36:19 +0100 From: Andrea Venturoli User-Agent: Thunderbird 1.5.0.9 (X11/20070119) MIME-Version: 1.0 To: "Bruce M. Simpson" References: <45D33663.9040902@netfence.it> <45D3B13A.5080700@FreeBSD.org> In-Reply-To: <45D3B13A.5080700@FreeBSD.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Scanned-By: MIMEDefang 2.57 on 212.31.247.179 Cc: freebsd-net@freebsd.org Subject: Re: Gateway slowed down to barely usable X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: freebsd-net@freebsd.org List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 16 Feb 2007 10:36:32 -0000 Bruce M. Simpson wrote: >> Now the question is: in case this happens again, how do I find out >> what's wrong? >> CPU usage was under 2% and so was swap usage... what else could I check? >> What tools should I use? > Points for further investigation: > How long was the machine up for? A couple of days. > Exactly which network components in FreeBSD are you using? Here's my ifconfig's output: rl0: flags=8943 mtu 1500 options=8 inet 192.168.99.1 netmask 0xffffff00 broadcast 192.168.99.255 ether 00:00:e8:63:d1:25 media: Ethernet autoselect (100baseTX) status: active rl1: flags=8943 mtu 1500 options=8 inet xxx.xxx.xxx.xxx netmask 0xfffffff8 broadcast 212.31.247.183 ether 00:00:e8:63:d1:10 media: Ethernet autoselect (100baseTX ) status: active fxp0: flags=8943 mtu 1500 options=8 inet 192.168.100.201 netmask 0xffffff00 broadcast 192.168.100.255 ether 00:a0:c9:d5:33:5d media: Ethernet autoselect (100baseTX ) status: active xl0: flags=8943 mtu 1500 options=9 ether 00:50:04:0c:60:03 media: Ethernet autoselect (100baseTX ) status: active lo0: flags=8049 mtu 16384 inet 127.0.0.1 netmask 0xff000000 rl1 is connected to an HDSL router with a public IP; xl0 is bridged to rl1; fxp0 and rl0 are private nets which require NAT. It's working as a firewall with ipfw/natd/inetd and snort. This box is also running squid, named and DHCP server for the internal nets. > Do you have any figures on what kind of network load the machine was > dealing with? Yes, I use cacti to graph that, so what I can say is: _ most traffic goes from fxp0 through squid or natd to internet; _ the HDSL is 1Mb/s and it is frequently saturated; _ the other day, we had virtually constant 1Mb/s for about 6 hours, then the sudden performance drop. > Can you rule out problems with an intermediate switch? I don't understand; what do you mean? > Based on what you've said I can only speculate that the possible causes > are either mbuf memory fragmentation or a driver problem; both are a > total stab in the dark. WRT driver, xl0 was added at the beginning of this week, so it could be that. Is that driver known to be problematic? I've always used it on several other boxes without any problem. As for mbuf, how do I check this? (BTW I only have a rough idea of what mbufs are. Any good doc pointer?) bye av.