Re: [Shorewall-users] high packet loss when using multi-provider on shorewall6

Mon, 05 Mar 2018 05:20:21 -0800 

Hello Tom,

thanks for the quick reply:

Be sure that your Kernel is fully patched. This sounds like a problem
> that I, along with a number of others, have experienced; it was
> corrected in a subsequent kernel update. The problem is that the kernel
> ignores NDP who-has requests, which will kills the link. The constant
> pinging keeps the upstream router from issuing those requests. I
> employed that same workaround until the problem was finally resolved.


The Kernel is 4.4.0-112-generic. I was wondering, why the problem does not
occour, when I don't use Shorewall6's providers file. That's why I believe,
that it is not only the kernels fault. So here is the other solution I just
found: Replace the upstream routers gateway address with the link local one
of the router:

This is how I did it
- Find out the link local address of upstream router on eth0, where
2001:abcd:1234::1: is the providers gateway:

# ip -6 neigh sjow dev eth0
fe80::1ae7:28ff:fe65:fcf2 lladdr 18:e7:28:65:fc:f2 router STALE
2001:abcd:1234::1 lladdr 18:e7:28:65:fc:f2 router STALE

- Then in the providers file replace the gateway address with the link
local:

#NAME   NUMBER  MARK    DUPLICATE INTERFACE       GATEWAY          OPTIONS
    COPY
#mkn    1       -       -               eth0
2001:abcd:1234::1 track,primary
 -
mkn     1       -       -               eth0
fe80::1ae7:28ff:fe65:fcf2 track,primary   -
htp     2       -       -               eth1
fe80::464e:6dff:fe15:789a track,fallback  -

Now it works almost perfect, packet loss is almost 0 over > 1000 pings.
It's no longer needed to continuosly ping the gateway.

Hth
Udo
-- 
Udo Schacht-Wiegand
cantamen support team
-- 
cantamen :: Am Hohen Ufer 3A :: 30159 Hannover :: GERMANY
Phone: +49-511-270424-20 :: Fax: +49-511-5902-6264
http://www.cantamen.de

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to