I’m working on setting up a new PF 10.2 environment here where I’ve set up a couple of clusters:
- “development” (nix) - "pre-production” (styx) - “production” (charon) The development cluster has the management interface on their own L2 network. The pre-production & production cluster share another L2 network (but have separate “active_active” password and virtual_router_id). The production cluster members are using 10G interfaces, the other 1G interfaces. 3 cluster nodes in all cases. (All configured via Puppet). Anyway it’s mostly working fine now, but I just noticed a strange artefact. The “pre-production” cluster displays an alert when logging in to the GUI: “76 errors styx01.net.liu.se <http://styx01.net.liu.se/> ipv4 - udp ipv4.udperrors.1m_ipv4_udp_receive_buffer_errors” Looking at the interface statistics I don’t really see any errors but “netstat -su” does display: Udp: 123164560 packets received 61946 packets to unknown port received. 23816 packet receive errors 123526958 packets sent 23816 receive buffer errors 0 send buffer errors Which seems to indicate that some process isn’t capable of handling the amount of incoming UDP traffic and I’m guessing that is the reason for the GUI warning. I also noticed that the fingerbank-collector process seems to be running a lot (atleast right now when I’m looking) and a “tcpdump” shows a lot of UDP traffic on port 1192 between the pre-production cluster members - but also (more surprising) - traffic to and from the “production” cluster members. 3:04:43.689757 IP styx01.net.liu.se.34852 > charon02.net.liu.se.caids-sensor: UDP, length 378 23:04:43.689776 IP styx01.net.liu.se.41209 > styx03.net.liu.se.caids-sensor: UDP, length 378 23:04:43.689894 IP charon01.net.liu.se.52039 > styx01.net.liu.se.caids-sensor: UDP, length 346 23:04:43.689899 IP styx02.net.liu.se.33489 > styx01.net.liu.se.caids-sensor: UDP, length 346 23:04:43.690015 IP charon02.net.liu.se.37544 > styx01.net.liu.se.caids-sensor: UDP, length 346 23:04:43.690637 IP charon03.net.liu.se.50726 > styx01.net.liu.se.caids-sensor: UDP, length 346 23:04:43.690734 IP styx03.net.liu.se.48305 > styx01.net.liu.se.caids-sensor: UDP, length 346 23:04:43.696202 IP styx01.net.liu.se.58055 > charon03.net.liu.se.caids-sensor: UDP, length 378 23:04:43.696220 IP styx01.net.liu.se.51034 > charon01.net.liu.se.caids-sensor: UDP, length 378 23:04:43.696241 IP styx01.net.liu.se.34852 > charon02.net.liu.se.caids-sensor: UDP, length 378 23:04:43.696264 IP styx01.net.liu.se.41209 > styx03.net.liu.se.caids-sensor: UDP, length 378 23:04:43.696287 IP styx01.net.liu.se.59374 > styx02.net.liu.se.caids-sensor: UDP, length 378 (caids-sensor = port 1192, and “lsof” confirms it is fingerbank-collector that has that port) I can only assume that the fingerbank-collector process autodetects other fingerbank-collectors on the same L2 networks and starts to sync between all the nodes and not just the nodes in the local cluster? I’m guessing this is not really optimal - shouldn’t that sync just stay inside each cluster? I can’t find any mention of port 1192 in the configuration files for fingerbank so I’m guessing it is hardcoded somewhere? - Peter
_______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
