> Hi All, > > The network issue we are having probably is confined or caused by > ourselves, but I am wondering if anyone out there using Solaris 10 > Update 3 with ipFilter 4.1.19 and latest ip_fil_solaris.c, ip_state.c > and pfil 2.1.12 patches seeing the same problem we are seeing. The > problem in question is, once in a while, our outgoing network traffic > will pause, and snooping the outgoing interface will show outgoing > traffic, but no incoming traffic. It seems like ipf is dropping them > all. The only way get the network traffic to resume is to ping our > network gateway. > > Our ISP says the problem is on my end. Our pipe is fine. We have since > replaced the network cards in the Solaris box just in case it is a > hardware issue, but the problem persisted. Before the Update 3 and > ipFilter upgrade, we have no problem running ipfilter 4.1.16 on the > same hardware. > > We are thinking about downgrade ipFilter to previous version. What > version of ipfilter do you recommend to use for Solaris 10 Update 3 in > production? > > Thanks, > > -- Sum >
We're seeing periodic pauses (10 or so a day) which cause TCP connections to hang. It seems to be related to TCP connections sending large packets, as using 'less' on large files seems to be affected periodically. We're running sol10/x86-amd64 u2 (06/06) with Feb 28 2007 (approx) recommended patch set on Sun Fire X2100M2's. Our servers that are affected are located in London, communicating with servers in Australia and USA via IPsec. We also run the same OS/ipf/pfil in Australia without IPsec or long haul involvement, and haven't noticed the problem, but then we don't do as much with this server. We were originally running pfil_2.1.11-ip_fil4.1.16 with a few patches from the mailing list and the problem was quite significant, but 10 days ago we upgraded to a fairly vanilla pfil_2.1.12-ip_fil4.1.19 and the problem has diminished noticably, but is still present. (say 5 times a day now) I note a change in pfil using timeout to send packets that may be related to this improvement. I'm not 100% sure the problem is caused by ipfil/pfil but, since it occurs so intermittently its hard to identify. I might try switching back to vanilla Sun supplied ipf/pfil to see if that helps any. Ian D
