On Jul 14, 2006, at 2:32 PM, Kian Mohageri wrote:
On 7/14/06, Jason Dixon <[EMAIL PROTECTED]> wrote:
We have an OpenBSD 3.8 firewall that has been in production for the
last six months. Until the last week or two, everything has been
great. Recently while diagnosing a problem with the bonded T1 pair,
I noticed the following error while pinging the gateway:
ping: sendto: No buffer space available
This always coincided with a very high spike (1000-3000ms) in
latency, which would usually go back down to ~0ms and operate
normally. The interface in question is an Intel em connected to a
Cisco 2950 trunk. The other two interfaces (em1, sk0) are working
fine. The LAN interface (em1) pushes *much* more data, as it routes
between 13 internal VLANs. I've also had another box perform the
same ping test concurrently to confirm this isn't a problem with the
gateway.
This is the same behavior I would see when trying to ping out our
internal
em(4) interface when the transmit queue filled up (or it was
thought to be
full). You can confirm that is the case by checking ifconfig (look
for
OACTIVE).
I'm not seeing OACTIVE on em0, vlan1 (vlandev em0) or carp1 (carpdev
vlan1).
But, does that interface ever fail completely and require an interface
restart, or just spike?
I found the problem. It ended up being excessive (read: BAD)
queueing on my part. In order to further optimize VoIP/VPN traffic
for some remote offices, I recently removed the borrow option from
some parent CBQ queues. This was causing much more packet buffering
than you would normally see. It makes me wonder though... how does
one evaluate the buffers on an interface used by altq?
Thanks,
--
Jason Dixon
DixonGroup Consulting
http://www.dixongroup.net
