On Thursday 18 October 2007, Klavs Klavsen wrote: > I tried to just disable carp on the new machine (simply comment out > carp config from /etc/rc.conf.local) and now the packet loss is gone - > and hasn't been there for half an hour, so far.
I supposed you also had to change your firewall rules? Otherwise your ruleset might not be ready to deal with carp and that could be the reason why you get the bad results? Start debugging by looking at "netstat -ssp carp" on either machine and take a careful look at your pf.conf. I also suggest that you add "log" to all you block rules and watch tcpdump on pflog0 while pinging. > Seems the carp network interfaces has bugs. That's a pretty bold assertion given the limited debugging you have done ;) > On Thu, October 18, 2007 10:33, Klavs Klavsen said: > > Hi guys, > > > > I have had a FreeBSD 6.2 (-p1 - yes I know :) firewall running for a > > while, with pf fw rules. It has worked fine, and was a replacement > > for a fbsd 4.x ipfw firewall. > > > > Now I just replaced the 6.2 pf firewall, with a 6.2 (-p7) and carp > > interfaces enabled. It's using the same cables and the same type of > > network cards (bge and em). The new one, is a HP dl385 (amd) where > > the old one, was a HP dl380 (Intel). > > > > On the new one, fping (and ping -f) pinging through the firewall, > > gives me a packet loss. fping in nagios, reports up to 55% packet > > loss :( - a ping -f gives me 1-3%, but bad enough :( > > > > pinging from the firewall itself, to one of the hosts, that packets > > are lost to (when pinging from other networks) does not give any > > packet loss. > > > > The old 6.2, had polling enabled - and I've tried to disable polling > > on the new, but to no effect. > > > > Any ideas what else to try? > > > > -- > > Regards, > > Klavs Klavsen, GSEC - [EMAIL PROTECTED] - http://www.vsen.dk > > PGP: 7E063C62/2873 188C 968E 600D D8F8 B8DA 3D3A 0B79 7E06 3C62 > > > > "Those who do not understand Unix are condemned to reinvent it, > > poorly." --Henry Spencer > > > > _______________________________________________ > > freebsd-net@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-net > > To unsubscribe, send any mail to > > "[EMAIL PROTECTED]" -- /"\ Best regards, | [EMAIL PROTECTED] \ / Max Laier | ICQ #67774661 X http://pf4freebsd.love2party.net/ | [EMAIL PROTECTED] / \ ASCII Ribbon Campaign | Against HTML Mail and News
signature.asc
Description: This is a digitally signed message part.
