From owner-freebsd-net Wed Oct 4 18: 3:25 2000 Delivered-To: freebsd-net@freebsd.org Received: from bastuba.partitur.se (bastuba.partitur.se [212.209.169.194]) by hub.freebsd.org (Postfix) with ESMTP id D1C1737B502; Wed, 4 Oct 2000 18:03:18 -0700 (PDT) Received: from palle.girgensohn.se (c193.150.250.87.cm-upc.chello.se [193.150.250.87]) by bastuba.partitur.se (8.9.3/8.9.3) with ESMTP id DAA74398; Thu, 5 Oct 2000 03:03:17 +0200 (CEST) (envelope-from girgen@partitur.se) Received: (from girgen@localhost) by palle.girgensohn.se (8.11.0/8.11.0) id e9513G256238; Thu, 5 Oct 2000 03:03:16 +0200 (CEST) (envelope-from girgen@partitur.se) X-Authentication-Warning: palle.girgensohn.se: girgen set sender to girgen@partitur.se using -f To: freebsd-net@freebsd.org Cc: freebsd-emulation@freebsd.org Subject: bridged vmnet make NIS go berzerk killing servers with icmp msgs From: Palle Girgensohn Date: 05 Oct 2000 03:03:15 +0200 Message-ID: <87aeck14mk.fsf@palle.girgensohn.se> Lines: 60 User-Agent: Gnus/5.0807 (Gnus v5.8.7) XEmacs/21.1 (Channel Islands) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Sender: owner-freebsd-net@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi! Sorry for crossposting, but I'm not certain wheather this is -net or -emulation; probably both... We use NIS/YP for passwords, group, netgroup and amd lists, and have about ten workstations and three servers. One of the three is the master NIS server, the other two slaves tied to themselves. Nothing strange, it has worked splendid for years. Hubbed ethernet 100TX network. All systems involved are FreeBSD, all workstations are 4.1.1-release, the servers 3.5-release, 4.0-stable (july 2), 4.1-stable [the master] (september 13). The master server also acts as NFS server for the workstations, serving /usr/local, /usr/X11R6 and /home. Hence, workstations are more or useless without this server... I have set up vmware (from fresh port) to use bridged networking on some of the workstations, and it works just fine, dhcp and everything - for a while. After some time, maybe caused by something, I don't yet know what, all workstations using a vmnet and having a bridge between the NIC and the vmnet interface starts sending enormous amounts of ICMP "Host unreachable" (about the other servers, I think, and for every port) to all NIS servers, actually *killing* them if I don't pull the ethernet cord from the workstations within minutes. At least once, I've had a server reboot this way (the 3.5 system), giving up under the pressure from the ICMP flood. On all NIS servers, the portmap goes to top, eating all CPU cycles it can find, and more, and within seconds all [pt]ty's are locked, and all I can do on the console is switch tty (ctrl-alt-FN), the console is quite locked apart from that and does not react to any other keys. After resting for a while when the flood icmp is stopped (due to my pulling the cord), all is back to normal. I can usually ping the server interface during the hang, but that is about it... When it comes back, the server complains about "/kernel: icmp-response bandwidth limit 243/200 pps". no surprise... :-) I've tried finddling with the max setting, but there's really no difference. The workstations sending all icmp messages are also hung, and will also come back when pulling the cord, albiet in a rather useless condition due to all missing NIS and NFS services. They also get the icmp-response bandwith stuff. I've tried using netgraph instead of old-fashion bridge, by replacing the BRIDGE kernel option with NETGRAPH, according to the posting here (-net) by Nick Sayer around September 16th. I does not help. Same thing happens again after a few hours of uptime... What gives? /Palle PS. If you need, I will try to retrieve more specific log files and tcpdumps, but I'm not at the office right now, so I can't force any more info. DS. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-net" in the body of the message