On Saturday, August 11, 2018, 8:07:36 PM GMT+2, Tom Eastep 
<teas...@shorewall.net> wrote: 

> My suggestion for debugging this further is to use a packet sniffer to
> see what is happening on the wire during the period of loss:
>
> a) Are the echo-request packets being sent?
> b) If not, is there unsuccessful ARPing occurring?

The echo requests are being sent as seen below. 

# tcpdump -i enp9s6 host 8.8.8.8
dropped privs to tcpdump
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp9s6, link-type EN10MB (Ethernet), capture size 262144 bytes
08:12:18.603636 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 1, length 64
08:12:19.642887 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 2, length 64
08:12:20.682810 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 3, length 64
08:12:21.721237 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 4, length 64
08:12:22.762528 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 5, length 64
08:12:23.802597 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 6, length 64
08:12:24.841126 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 7, length 64
08:12:25.881195 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 8, length 64
08:12:26.922607 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 9, length 64
08:12:27.962655 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 10, length 64
08:12:29.001091 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 11, length 64
08:12:30.042569 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 12, length 64
08:12:31.082581 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 13, length 64
08:12:32.122591 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 14, length 64
08:12:33.162544 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 15, length 64
08:12:33.177647 IP google-public-dns-a.google.com > 192.168.101.2: ICMP echo 
reply, id 4825, seq 15, length 64
08:12:34.171027 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 16, length 64
08:12:34.186632 IP google-public-dns-a.google.com > 192.168.101.2: ICMP echo 
reply, id 4825, seq 16, length 64
08:12:35.180972 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 17, length 64
08:12:35.196782 IP google-public-dns-a.google.com > 192.168.101.2: ICMP echo 
reply, id 4825, seq 17, length 64
08:12:36.191086 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 18, length 64
08:12:36.206656 IP google-public-dns-a.google.com > 192.168.101.2: ICMP echo 
reply, id 4825, seq 18, length 64
08:12:37.201017 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 19, length 64
08:12:37.216632 IP google-public-dns-a.google.com > 192.168.101.2: ICMP echo 
reply, id 4825, seq 19, length 64
08:12:38.210990 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 20, length 64
08:12:38.226712 IP google-public-dns-a.google.com > 192.168.101.2: ICMP echo 
reply, id 4825, seq 20, length 64
08:12:39.219069 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 21, length 64
08:12:39.234713 IP google-public-dns-a.google.com > 192.168.101.2: ICMP echo 
reply, id 4825, seq 21, length 64
08:12:40.229018 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 22, length 64
08:12:40.244660 IP google-public-dns-a.google.com > 192.168.101.2: ICMP echo 
reply, id 4825, seq 22, length 64
08:12:41.230962 IP 192.168.101.2 > google-public-dns-a.google.com: ICMP echo 
request, id 4825, seq 23, length 64
08:12:41.246677 IP google-public-dns-a.google.com > 192.168.101.2: ICMP echo 
reply, id 4825, seq 23, length 64

The pattern of echo replies failing to arrive is variable. At times, there's no 
packet loss, but I frequently get a 10-20-40% packet loss (sometimes even as 
high as 65%).
I also noticed (but it's just an impression) that right after rebooting the 
modem/router I get no packet loss whatsoever for several hours.

The shorewall gateway's enp9s6 interface is 100Mbps full duplex, and is 
connected to the modem/router which has a built-in 4-port Gbps switch with an 
ethernet cable. If I connect a test laptop to that mini switch while I'm 
experiencing the packet loss issues on the shorewall box, I can see the same 
problems there too. Disconnecting the shorewall gateway ethernet cable from 
that 4-port switch, hence making my test laptopĀ  the only client device in the 
network makes the packet loss issue vanish. Reconnecting the Shorewall gateway 
restores the network issues. Again, I'd like to point out that rebooting the 
modem/router solves everything for SEVERAL hours (basically until the next 
day), no matter what I connect to that 4-port switch.

I'm wondering if there's a host within Shorewall's LAN that's generating some 
sort of traffic that could be directly or indirectly causing this issue (maybe 
it does so only on a daily basis and only at night, which would explain why 
rebooting the modem/router in the morning fixes my issue for about 24 hours).

A full tcpdump was taken on enp9s6 (no filters) while I was pinging 8.8.8.8 
(and noticed missing reply packets even though there were requests). It can be 
found here:

https://drive.google.com/open?id=1TVqiNmlaL4Hu5-I3IDiJpX66vPofHpd9

I'd appreciate it if you could let me know if you see anything odd in that 
trace.

Thanks,

Vieri

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Shorewall-users mailing list
Shorewall-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/shorewall-users

Reply via email to