On 2009-08-04, Ivo Chutkin <open...@bgone.net> wrote: > Hello misc, > > I have strange problem when I use PF for traffic shaping. > No such problem with PF disabled. > It is OpenBSD 4.5 stable. Here is dmesg: http://paste.lisp.org/display/84738
look for queue drops. pfctl -vvsq. > > The problem is that the router start to generate losses. > It generates losses even to directly connected hosts. Here is an example: > > r...@core1.bg > ~ # ping a.a.a.230 > PING a.a.a.230 (a.a.a.230): 56 data bytes > ping: sendto: No route to host > ping: wrote a.a.a.230 64 chars, ret=-1 > ping: sendto: No route to host > ping: wrote a.a.a.230 64 chars, ret=-1 > ping: sendto: No route to host > ping: wrote a.a.a.230 64 chars, ret=-1 > ping: sendto: No route to host > ping: wrote a.a.a.230 64 chars, ret=-1 > 64 bytes from a.a.a.230: icmp_seq=4 ttl=255 time=0.954 ms > 64 bytes from a.a.a.230: icmp_seq=5 ttl=255 time=1.363 ms > 64 bytes from a.a.a.230: icmp_seq=6 ttl=255 time=1.288 ms > 64 bytes from a.a.a.230: icmp_seq=7 ttl=255 time=1.213 ms > 64 bytes from a.a.a.230: icmp_seq=8 ttl=255 time=1.136 ms > 64 bytes from a.a.a.230: icmp_seq=9 ttl=255 time=1.214 ms > 64 bytes from a.a.a.230: icmp_seq=10 ttl=255 time=1.022 ms > 64 bytes from a.a.a.230: icmp_seq=11 ttl=255 time=1.409 ms > 64 bytes from a.a.a.230: icmp_seq=12 ttl=255 time=1.334 ms > 64 bytes from a.a.a.230: icmp_seq=13 ttl=255 time=1.741 ms > 64 bytes from a.a.a.230: icmp_seq=14 ttl=255 time=1.183 ms > > a.a.a.230 is on the other and of vlan600, my ip is a.a.a.229 > It just happens to all directly connected hosts. > > And also mtr to ibm.com: > > http://paste.lisp.org/display/84728 > > Firs packets get lost and then the losses disappear. > Next time I issue ping or mtr command it starts with losses. > It also happen to web traffic and it is annoying for the users. > > It does not happen with pf disabled. > > There is no more than 10 to 15 Mbit per second load and maximum total > pps I have seen according to systat ifstat is 8000, average 4000. > > Here is my pf.conf: > > http://paste.lisp.org/display/84727 > > I really appreciate your help. > If you need more info I did not provide or explain correctly just let me > know. If the links are broken I will paste the configs to the list. > > Thank you, > Ivo > > > __________ Information from ESET NOD32 Antivirus, version of virus signature > database 4304 (20090804) __________ > > The message was checked by ESET NOD32 Antivirus. > > http://www.eset.com
