Date: Wed, 20 Nov 2002 13:00:27 +0000 From: "Vincent Goupil" <spoug@hotmail.com> To: freebsd-isp@FreeBSD.ORG, freebsd-net@FreeBSD.ORG Subject: Re: Slow network response with FreeBSD 4.6.2 and ipfilter Message-ID: <F9881xeceG6G6bDwU2W0000560b@hotmail.com>
next in thread | raw e-mail | index | archive | help
My network is composed with Windows 2000 servers and pro. 192.168.20.2 <- w2k srv 192.168.20.3 <- w2k srv 192.168.20.7 <- w2k srv 192.168.20.8 <- w2k srv 192.168.20.9 <- w2k srv 192.168.20.10 <- another freebsd box 192.168.20.210 <- the firewall 23:58:43.356569 arp who-has 192.168.20.99 tell 192.168.20.8 23:58:46.471284 arp who-has 192.168.20.127 tell 192.168.20.3 23:58:46.472257 arp who-has 192.168.20.127 tell 192.168.20.8 23:59:04.543497 arp who-has 192.168.20.2 tell 192.168.20.3 23:59:10.352106 arp who-has 192.168.20.7 tell 192.168.20.200 23:59:15.827551 arp who-has 192.168.20.251 tell 192.168.20.7 23:59:17.082626 arp who-has 192.168.20.201 tell 192.168.20.8 23:59:20.245406 arp who-has 192.168.20.201 tell 192.168.20.112 23:59:22.723713 arp who-has 192.168.20.104 tell 192.168.20.3 23:59:26.517132 arp who-has 192.168.20.6 tell 192.168.20.8 23:59:28.824120 arp who-has 192.168.20.7 tell 192.168.20.99 23:59:29.801078 arp who-has 192.168.20.6 tell 192.168.20.7 23:59:48.762973 arp who-has 192.168.20.165 tell 192.168.20.8 23:59:55.203905 arp who-has 192.168.20.75 tell 192.168.20.3 23:59:55.688710 arp who-has 192.168.20.114 tell 192.168.20.8 23:59:55.861042 arp who-has 192.168.20.77 tell 192.168.20.8 00:00:00.192659 arp who-has 192.168.20.106 tell 192.168.20.201 00:00:04.337994 arp who-has 192.168.20.10 tell 192.168.20.8 00:00:04.538035 arp who-has 192.168.20.10 tell 192.168.20.2 00:00:04.775959 arp who-has 192.168.20.10 tell 192.168.20.3 00:00:05.022385 arp who-has 192.168.20.10 tell 192.168.20.9 00:00:05.066194 arp who-has 192.168.20.10 tell 192.168.20.7 00:00:05.209935 arp who-has 192.168.20.10 tell 192.168.20.6 00:00:20.085908 arp who-has 192.168.20.9 tell 192.168.20.3 00:00:20.116177 arp who-has 192.168.20.9 tell 192.168.20.8 00:00:22.235535 arp who-has 192.168.20.101 tell 192.168.20.8 00:00:22.236614 arp who-has 192.168.20.101 tell 192.168.20.3 00:00:23.118443 arp who-has 192.168.20.54 tell 192.168.20.3 00:00:25.075679 arp who-has 192.168.20.7 tell 192.168.20.201 00:00:29.815522 arp who-has 192.168.20.166 tell 192.168.20.7 00:00:30.587208 arp who-has 192.168.20.157 (2f:69:70:63:68:65) tell 192.168.20.201 00:00:31.810270 arp who-has 192.168.20.166 tell 192.168.20.7 00:00:45.473558 arp who-has 192.168.20.177 tell 192.168.20.201 >From: "."@babolo.ru >To: Vincent Goupil <spoug@hotmail.com> >CC: freebsd-isp@FreeBSD.ORG, freebsd-net@FreeBSD.ORG >Subject: Re: Slow network response with FreeBSD 4.6.2 and ipfilter >Date: Wed, 20 Nov 2002 06:10:40 +0300 (MSK) >MIME-Version: 1.0 >Received: from aaz.links.ru ([193.125.152.37]) by mc6-f36.law1.hotmail.com >with Microsoft SMTPSVC(5.0.2195.5600); Tue, 19 Nov 2002 19:08:36 -0800 >Received: from aaz.links.ru (aaz.links.ru [193.125.152.37])by aaz.links.ru >(8.12.6/8.12.6) with ESMTP id gAK3AfDh006526;Wed, 20 Nov 2002 06:10:41 >+0300 (MSK)(envelope-from babolo@aaz.links.ru) >Received: (from babolo@localhost)by aaz.links.ru (8.12.6/8.12.6/Submit) id >gAK3AeSv006525;Wed, 20 Nov 2002 06:10:40 +0300 (MSK) >Message-Id: <200211200310.gAK3AeSv006525@aaz.links.ru> >X-ELM-OSV: (Our standard violations) hdr-charset=KOI8-R; no-hdr-encoding=1 >In-Reply-To: <F147ETM21UUflZnex440000ddb2@hotmail.com> >X-Mailer: ELM [version 2.4ME+ PL99b (25)] >Return-Path: babolo@aaz.links.ru >X-OriginalArrivalTime: 20 Nov 2002 03:08:36.0969 (UTC) >FILETIME=[1E422D90:01C29042] > > > I have a system running FreeBSD 4.6.2-RELEASE-p5 #0 with ipfilter >v3.4.27. > > This system act as a firewall for an enterprise. They need high > > availability. I have 5 network card, all 3C905 (3*3c905B-TX and >2*905C-TX). > > I made this setup in july and it run fine until 3 weeks ago. The >first > > and second card are for the internet link (primary and backup). The >third > > is for DMZ and the fourth is for local network. The fifth is unused >(marked > > as down). Each card as is own IRQ (except the fifth that is shared with >the > > first). The high availability is provided by the two internet link, if >one > > goes down, the second take the load (change default route, ipf rules, >ipnat > > rules and DNS records). This is done by a script running by cron. We >can > > also do that manually. We have two /29 network for the first link and >one > > /28 network for the second (we use alias on internet interfaces). There >is > > only 3 services that run on the firewall: SSH (but only accessible from >3 > > subnets), ftpproxy (jftpgw 0.13.1) and snmp (only accessible by one >subnet) > > > > We begin to have problem 3 weeks ago. The firewall begin to have a slow > > response. I begin to have this arp message error (many times): > > arplookup 255.255.255.0 failed: host is not on local network > > arpresolve: can't allocate llinfo for 255.255.255.0rt > > We reboot the server and the network fast as earlier. I finally find > > something: when we use alias, we need to have at least one regular >netmask > > (instead of 255.255.255.255) for each network/subnetwork. My error was >on > > the first link, my second sub-network was not configured properly. I > > changed it and it stop to have these errors about arp but the problem >wasn't > > resolved. The network continue to be slow until we reboot the server. >This > > happen during the day. Now, it happen everytime. > > > > What I've done: > > - I changed the netmask (as said earlier) > > - I upgraded from 4.6-RELEASE #0 to 4.6.2-RELEASE-p5 #0. > > - I look for IRQ conflict > > - I configure all interface with media and mediaopt. They not using > > autodetect anymore. > > - I chkrootkit and nothing found > > > > What I suspect: > > - I read in a forum that the driver (xl) of 3C905 is not the best for > > FreeBSD. I don't know if this apply to 4.6.2. > > - Ethernet cables (I need to change it) > > - We run SSL (with a lot of users) in one of our web servers in the dmz. >As > > I know, SSL run on top of TCP, it should not be a problem. > > - When i run ifpromisc (in chkrootkit), it tell me that "xl0 is not >promisc" > > and "xl1 is not promisc". I have 5 interfaces, what about the others ? > > > > Can someone have an idea ? >What you mean when say "Slow network response"? >If that mean that packets trawel long >from some host to host under question >as reported by tcpdump, does ifconfig xlN down >and then ifconfig xlN up repare situation >for some time? >What tcpdump -npi xlN ether broadcast and not ip >say when slowdown hapens? > >-- >@BABOLO http://links.ru/ _________________________________________________________________ Protect your PC - get McAfee.com VirusScan Online http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F9881xeceG6G6bDwU2W0000560b>