Stuart Henderson wrote:
On 2007/12/06 11:48, Josh wrote:
I will investigate what Stuart Henderson mentioned.
If it's that, tcpdump on the parent iface will show proto 112 IPv6
packets every few seconds, and "ifconfig carpXX destroy && sh /etc/netstart
carpXX" should clear things out.
It does not happen all the time, just seems to happen when I put some
network load on the secondary firewall.
In that case, also check sysctl net.inet.ip.ifq.drops. If any are present,
bump net.inet.ip.ifq.maxlen (256 is a good starting point, used by default
in 4.2).
Hmmm,
sysctl net.inet.ip.ifq.drops
net.inet.ip.ifq.drops=7895040
Will make the changes you suggest... But what does net.inet.ip.ifq.drops
mean?
Thanks,
Josh
