From owner-freebsd-stable@FreeBSD.ORG Sun Jan 15 18:16:10 2012 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A1A8F10656DF for ; Sun, 15 Jan 2012 18:16:10 +0000 (UTC) (envelope-from ltning@anduin.net) Received: from mail.modirum.com (mail.modirum.com [31.185.27.10]) by mx1.freebsd.org (Postfix) with ESMTP id 5CD2E8FC12 for ; Sun, 15 Jan 2012 18:16:09 +0000 (UTC) Received: from [84.38.152.7] (helo=ranger.home.anduin.net) by mail.modirum.com with esmtpsa (TLSv1:AES128-SHA:128) (Exim 4.77 (FreeBSD)) (envelope-from ) id 1RmU8K-0003mN-1R for freebsd-stable@freebsd.org; Sun, 15 Jan 2012 17:44:44 +0000 From: =?iso-8859-1?Q?Eirik_=D8verby?= Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Date: Sun, 15 Jan 2012 18:44:42 +0100 Message-Id: <8F42B72B-7D3F-42DA-B195-9C919CE66C02@anduin.net> To: freebsd-stable@freebsd.org Mime-Version: 1.0 (Apple Message framework v1251.1) X-Mailer: Apple Mail (2.1251.1) X-SA-Authenticated: Yes X-SA-Exim-Connect-IP: 84.38.152.7 X-SA-Exim-Rcpt-To: freebsd-stable@freebsd.org X-SA-Exim-Mail-From: ltning@anduin.net X-SA-Exim-Scanned: No (on mail.modirum.com); SAEximRunCond expanded to false Subject: Random 'Connection reset' issues between jails on same host X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 15 Jan 2012 18:16:10 -0000 Hi all, We're trying to implement our puppet infrastructure, and have discovered = something strange about TCP connections between jails on the same host. = As our jails haven't generally been doing a lot of connections between = each other, this issue hasn't popped up before.=20 We have two 100% equal host systems, on FreeBSD 8.2-RELEASE-p4. These = are 8-core Intel systems, with 16GB RAM each. I have just upgraded one = of the two systems to 9.0-RELEASE, and it shows the same problem. When the puppetmaster jail is running on the same host as the jail = running puppet agent, connections from the puppet agent randomly fails = with 'Connection reset by peer'. This happens at random stages of = configuration sync. Now if either of the jails are moved to another = system (jail stop, zfs snaphot, zfs send/recv, jail start) on the same = physical network, there are no such problems. It is not a hardware = issue, as this happens no matter which of the two hosts we use. If both = puppetmaster and puppet agent reside on the same physical box, the = errors will show up. There used to be a somewhat similar problem with FTP between jails on = the same host, but this was taken care of some time after 8.0-RELEASE = IIRC. That problem manifested itself in a combination of random = connection failures (had to try 2-3 times to establish a connection) and = very slow transfer rates (at most 150kbyte/s between jails on the same = host, but >50mbyte/s between jails on different hosts on the same = network). Has anyone seen this before? Is there anything I have missed, sysctls I = should set/adjust? The /etc/rc.conf settings for the jails are very simple - the following = differing from the default: jail_sysvipc_allow=3D"YES" jail_mount_enable=3D"YES" jail_devfs_enable=3D"YES" /etc/sysctl.conf contains the following jail-related: security.jail.enforce_statfs=3D0 security.jail.mount_allowed=3D1 security.jail.allow_raw_sockets=3D1 Thanks, /Eirik=