Further info on the problem below. The past two nights the failover
has happened at between 12:03am and 12:05am both nights. Looking at
traffic graphs, I don't see any spikes or anomolies at all. The
first time we had 4 mbuf errors, and checking today, the total is 8,
so in both cases there were 4 mbuf errors and then the carp failed over.
I'm still none the wiser as to why this is happening though. I'm
going to setup tcpdump to run tonight at 11:55pm and see if I can
capture the traffic to see if I can see any particular packet(s)
causing the problem.
-Matt
On 8 Feb 2007, at 11:14, Matt Hamilton wrote:
Hi all,
Just been trying to track down why CARP keeps unexpectedly
failing over to the backup (a pair of firewalls) and I noticed
(OpenBSD/i386 3.9) that there have been some mbuf errors:
# netstat -s -p carp
carp:
98 packets received (IPv4)
0 packets received (IPv6)
0 packets discarded for bad interface
0 packets discarded for wrong TTL
0 packets shorter than header
0 discarded for bad checksums
0 discarded packets with a bad version
0 discarded because packet too short
0 discarded for bad authentication
0 discarded for bad vhid
0 discarded because of a bad address list
144221 packets sent (IPv4)
0 packets sent (IPv6)
4 send failed due to mbuf memory error
I have 8192 mbufs (set by sysctl):
# netstat -m
550 mbufs in use:
546 mbufs allocated to data
1 mbuf allocated to packet headers
3 mbufs allocated to socket names and addresses
546/702/8192 mbuf clusters in use (current/peak/max)
1576 Kbytes allocated to network (78% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines
Any ideas? Someone suggested that the mbuf memory error counter
might be incremented when pf drops a packet from a queue, however
all our carp stuff has its own queue:
snippets from pf.conf:
# Allow CARP from other firewall
pass in quick on $ext_if proto carp from $fw_ext_ips to 224.0.0.18
keep state queue fw
pass in quick on $int_if proto carp from $fw_int_ips to 224.0.0.18
keep state queue fw
pass out quick on $ext_if proto carp from $fw_ext_ips to 224.0.0.18
keep state queue fw
pass out quick on $int_if proto carp from $fw_ext_ips to 224.0.0.18
keep state queue fw
queue fw bandwidth 64Kb priority 5 cbq(borrow,red)
and the output from pfctl -s queue -v:
queue fw bandwidth 64Kb priority 5 cbq( red borrow )
[ pkts: 154556 bytes: 11546909 dropped pkts: 0
bytes: 0 ]
[ qlength: 0/ 50 borrows: 0 suspends: 0 ]
So no dropped packets there.
Any ideas?
-Matt
--
Matt Hamilton
[EMAIL PROTECTED]
Netsight Internet Solutions, Ltd. Business Vision on the
Internet
http://www.netsight.co.uk +44 (0)117
9090901
Web Design | Zope/Plone Development & Consulting | Co-location |
Hosting
--
Matt Hamilton [EMAIL PROTECTED]
Netsight Internet Solutions, Ltd. Business Vision on the Internet
http://www.netsight.co.uk +44 (0)117 9090901
Web Design | Zope/Plone Development & Consulting | Co-location | Hosting
