From owner-freebsd-sparc64@FreeBSD.ORG Tue Dec 21 19:46:33 2004 Return-Path: Delivered-To: freebsd-sparc64@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 5B3D916A4CE for ; Tue, 21 Dec 2004 19:46:33 +0000 (GMT) Received: from mail2.speakeasy.net (mail2.speakeasy.net [216.254.0.202]) by mx1.FreeBSD.org (Postfix) with ESMTP id 177E543D53 for ; Tue, 21 Dec 2004 19:46:33 +0000 (GMT) (envelope-from jmg@hydrogen.funkthat.com) Received: (qmail 11819 invoked from network); 21 Dec 2004 19:46:32 -0000 Received: from gate.funkthat.com (HELO hydrogen.funkthat.com) ([69.17.45.168]) (envelope-sender ) by mail2.speakeasy.net (qmail-ldap-1.03) with SMTP for ; 21 Dec 2004 19:46:32 -0000 Received: from hydrogen.funkthat.com (nmrgri@localhost.funkthat.com [127.0.0.1])iBLJkVGH082984; Tue, 21 Dec 2004 11:46:31 -0800 (PST) (envelope-from jmg@hydrogen.funkthat.com) Received: (from jmg@localhost) by hydrogen.funkthat.com (8.12.10/8.12.10/Submit) id iBLJkTXI082983; Tue, 21 Dec 2004 11:46:29 -0800 (PST) Date: Tue, 21 Dec 2004 11:46:28 -0800 From: John-Mark Gurney To: Andrew Thomson Message-ID: <20041221194628.GB19624@funkthat.com> Mail-Followup-To: Andrew Thomson , freebsd-sparc64@freebsd.org References: <1103610454.38458.13.camel@itouch-1011.prv.au.itouchnet.net> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <1103610454.38458.13.camel@itouch-1011.prv.au.itouchnet.net> User-Agent: Mutt/1.4.1i X-Operating-System: FreeBSD 4.2-RELEASE i386 X-PGP-Fingerprint: B7 EC EF F8 AE ED A7 31 96 7A 22 B3 D8 56 36 F4 X-Files: The truth is out there X-URL: http://resnet.uoregon.edu/~gurney_j/ X-Resume: http://resnet.uoregon.edu/~gurney_j/resume.html cc: freebsd-sparc64@freebsd.org Subject: Re: netra t1 as a firewall X-BeenThere: freebsd-sparc64@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: John-Mark Gurney List-Id: Porting FreeBSD to the Sparc List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 21 Dec 2004 19:46:33 -0000 Andrew Thomson wrote this message on Tue, Dec 21, 2004 at 17:27 +1100: > All, > > This may be kind of a loose comment but I thought I'd float it as most > of my experience is with i386 freebsd not sparc. > > Basically at a site I have installed a Netra T1 as a firewall - worked > out well as it had a lot of nics in it, hme[0-5]. > > I originally installed 5.2.1 on it but soon discovered that the hme > driver in 5.2.1 didn't allocate different mac addresses! Upgraded to 5.3 > and that problem disappeared. > > This firewall runs a simple office network providing internet access and > has a couple of IPSEC VPNs to other sites. > > After the initial install, the network seemed to be "hanging" when > running simple commands on remote boxes, top, ls -al etc.. The MTU was > changed was to 1492 which seemed to resolve the problem. > > However now when we try to transfer files across the VPN, the transfers > just stall. If the mtu is changed back to 1500, the transfers across the > VPN work but then the network hang returns until the mtu is dropped to > 1492 again - it's pretty weird. > > Basically I just thought I'd float the problem here just to make sure > I'm not running into any known sparc related issues.. > > My /var/log/messages is filled with these... > > hme2: discard oversize frame (ether type 800 flags 3 len 1514 > max > 1506) > hme2: discard oversize frame (ether type 800 flags 3 len 1514 > max > 1506) > hme2: discard oversize frame (ether type 800 flags 3 len 1514 > max > 1506) > hme2: discard oversize frame (ether type 800 flags 3 len 1514 > max > 1506) > > Any thoughts appreciated. Well, this is obviously from where the mtu is dropped to 1492, there is a 14 byte ethernet header that is in addition to the 1500 byte payload.. so 1492 + 14 == 1506... Connections hanging are probably due to ICMP packets being dropped that are preventing path mtu discovery from working... changing the mtu to 1492 was probably a work around for path mtu discovery working... try bumping the mtu back to 1500 (so that you don't get the warnings about oversized frames), and make sure icmp packets are getting through.. The problems you've described are general networking issues, not specific to sparc... -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not."