Hi,
On Mon, Nov 28, 2011 at 5:59 PM, Peter N. M. Hansteen <pe...@bsdly.net>wrote: > rik <rikc...@gmail.com> writes: > > > I'm using 2 openbsd boxes as router firewall with carp in a colo-like > setup. > > In the last few days we saw the packet loss percentuale increase up to > > 8-10% and it doesn't look like a problem for outside. > > I take this to mean that the CARP setup provided the needed redundancy. > Yes exactly, we've 2 carp interfaces, one for the internal interface, the second for the external interface; the setup is working with no major issue for 3 years or so > > If I ping from the master firewall one of the server inside I can see > > something like this: > > > > 64 bytes from xx.xx.xx.12: icmp_seq=4 ttl=64 time=-3.-656 ms > > 64 bytes from xx.xx.xx.12: icmp_seq=5 ttl=64 time=0.794 ms > > 64 bytes from xx.xx.xx.12: icmp_seq=6 ttl=64 time=0.-491 ms > > ping: sendto: No route to host > > ping: wrote xx.xx.xx.12 64 chars, ret=-1 > > ping: sendto: No route to host > > ping: wrote xx.xx.xx.12 64 chars, ret=-1 > > 64 bytes from xx.xx.xx.12: icmp_seq=9 ttl=64 time=0.526 ms > > 64 bytes from xx.xx.xx.12: icmp_seq=10 ttl=64 time=1.415 ms > > > > No errors in syslog. > > Any idea? > > This is what it looks like when your link goes down, then comes back > again. I'd check with the upstream if they know of any specific incident > that matches your disruption. > The ping I've tried is from the master firewall to a server inside the network: firewall -> switch -> xx.xx.xx.12 The switch works ok, if I ping from one server to another one in the same subnet there's no packet lost so it looks like something on the firewall. The two machines are idle as 99,9% and no high interrupt or mbuf clusters number Thanks! Alessandro
