CARP send failed due to mbuf memory error

Thu, 08 Feb 2007 03:21:01 -0800 

Hi all,
Just been trying to track down why CARP keeps unexpectedly failing over to the backup (a pair of firewalls) and I noticed (OpenBSD/i386 3.9) that there have been some mbuf errors: 

# netstat -s -p carp
carp:
        98 packets received (IPv4)
        0 packets received (IPv6)
                0 packets discarded for bad interface
                0 packets discarded for wrong TTL
                0 packets shorter than header
                0 discarded for bad checksums
                0 discarded packets with a bad version
                0 discarded because packet too short
                0 discarded for bad authentication
                0 discarded for bad vhid
                0 discarded because of a bad address list
        144221 packets sent (IPv4)
        0 packets sent (IPv6)
                4 send failed due to mbuf memory error

I have 8192 mbufs (set by sysctl):

# netstat -m
550 mbufs in use:
        546 mbufs allocated to data
        1 mbuf allocated to packet headers
        3 mbufs allocated to socket names and addresses
546/702/8192 mbuf clusters in use (current/peak/max)
1576 Kbytes allocated to network (78% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines


Any ideas?  Someone suggested that the mbuf memory error counter  
might be incremented when pf drops a packet from a queue, however all  
our carp stuff has its own queue:


snippets from pf.conf:
# Allow CARP from other firewall

pass in quick on $ext_if proto carp from $fw_ext_ips to 224.0.0.18  
keep state queue fw
pass in quick on $int_if proto carp from $fw_int_ips to 224.0.0.18  
keep state queue fw
pass out quick on $ext_if proto carp from $fw_ext_ips to 224.0.0.18  
keep state queue fw
pass out quick on $int_if proto carp from $fw_ext_ips to 224.0.0.18  
keep state queue fw


queue     fw   bandwidth 64Kb priority 5 cbq(borrow,red)

and the output from pfctl -s queue -v:

queue   fw bandwidth 64Kb priority 5 cbq( red borrow )

  [ pkts:     154556  bytes:   11546909  dropped pkts:      0  
bytes:      0 ]

  [ qlength:   0/ 50  borrows:      0  suspends:      0 ]

So no dropped packets there.

Any ideas?

-Matt

--
Matt Hamilton                                       [EMAIL PROTECTED]
Netsight Internet Solutions, Ltd.        Business Vision on the Internet
http://www.netsight.co.uk                             +44 (0)117 9090901
Web Design | Zope/Plone Development & Consulting | Co-location | Hosting























					Reply via email to