Henning Brauer wrote: > > 6000 irq/s is not much. > increase sysctl net.inet.ip.ifq.maxlen. >
Thank you v-e-r-y much Henning, this seems to have cured the problem. Another problem seems left, anyway. :( I'm running bgpd on both OpenBSD boxes: it's really a fine piece of software, but when dealing with a setup like mine (same box does PF & BGP routing, from here "the firewall"), you can get in trouble when using one BGP session per-provider-per-firewall, and the uplink ISP get you some packets on firewall A, some others on firewall B (so, there isn't a priority on BGP session). Another similar problem arise when the firewall B becomes master, the firewall A stops to packets flow, but maybe it's BGP sessions remains acrive (the "most" active, or the really one with most priority, depends on the ISP).. and packet confusion starts. Of course a "solutions" seems to have a BGP session actived ONLY when a given firewall is active.. but this means that when instantly (without losing the TCP sessions) CARP help to switch to the "secondary" firewall.. everything will be blocked, waiting for the BGP session to download routes. Any of you guys has a hint also for this situation (that's having concurrent BGP sessions, but making sure that the "master firewall" gets all packets coming from all BGP sessions, without mangling with PF states)? Again, thank you in advance. -- View this message in context: http://www.nabble.com/OpenBSD-for-routing---firewalling-a-100Mbit-s-connection-tf4928708.html#a14109004 Sent from the openbsd user - misc mailing list archive at Nabble.com.
