On 2014/02/14 13:03, Alex Mathiasen wrote:
> Hello,
>
> First of all: I hope I am posting this to the correct maillinglist, if not
> then I'm sorry!
>
> I am having big issues with my OpenBSD 5.4 (Also had these issues prior to
> upgrading to 5.4). The server is a complete new installation - I have tried
> this setup with 3 different servers from different manufactures, and 4
> different network cards (HP 100 Mbit, HP 4x1 Gbit, Intel 2x1 Gbit, Trend Net
> 1Gbit). The server is loaded with 4Gigs of RAM, and have plenty of resources
> available. Current load is 0.10. Kernel have not been modified or altered.
>
> The setup is as following: BGPD configured, routing enabled. The BGPD works
> fine, I get all the prefixes loaded, as seen below.
>
> # bgpctl show
> Neighbor AS MsgRcvd MsgSent OutQ Up/Down
> State/PrfRcvd
> TDC 3292
> 82071 16 0 00:12:47 476299
>
> This is my sysctl.conf (kern.bufcache and net.inet.ip was added trying to
> resolve this issue, without result.)
>
> net.inet.ip.forwarding=1 # 1=Permit forwarding (routing) of IPv4
> packets
> kern.bufcachepercent=50
Remove this bufcachepercent=50 line, it is useless on a router and
potentially harmful.
> net.inet.ip.ifq.maxlen=512
>
> The issue is: I am having big diffeculties with routing my packets both to
> internal hosts, and external hosts. Periodically when tracing/pinging from my
> OpenBSD, it just can't route successfully. This also affect my ingoing and
> outgoing traffic, by resulting in lost packets.
>
> This is an example of attempting to ping:
> # ping 8.8.8.8
> PING 8.8.8.8 (8.8.8.8): 56 data bytes
> ping: sendto: No route to host
> ping: wrote 8.8.8.8 64 chars, ret=-1
> ping: sendto: No route to host
> ping: wrote 8.8.8.8 64 chars, ret=-1
> ping: sendto: No route to host
> ping: wrote 8.8.8.8 64 chars, ret=-1
> ping: sendto: No route to host
> ping: wrote 8.8.8.8 64 chars, ret=-1
> ping: sendto: No route to host
> ping: wrote 8.8.8.8 64 chars, ret=-1
> 64 bytes from 8.8.8.8: icmp_seq=5 ttl=51 time=23.881 ms
> 64 bytes from 8.8.8.8: icmp_seq=6 ttl=51 time=22.117 ms
>
> Second attempt:
> # ping 8.8.8.8
> PING 8.8.8.8 (8.8.8.8): 56 data bytes
> ping: sendto: No route to host
> ping: wrote 8.8.8.8 64 chars, ret=-1
> ping: sendto: No route to host
> ping: wrote 8.8.8.8 64 chars, ret=-1
> ping: sendto: No route to host
> ping: wrote 8.8.8.8 64 chars, ret=-1
> 64 bytes from 8.8.8.8: icmp_seq=3 ttl=51 time=22.276 ms
> 64 bytes from 8.8.8.8: icmp_seq=4 ttl=51 time=22.315 ms
>
> Third attempt:
> # ping 8.8.8.8
> PING 8.8.8.8 (8.8.8.8): 56 data bytes
> 64 bytes from 8.8.8.8: icmp_seq=0 ttl=51 time=22.356 ms
> 64 bytes from 8.8.8.8: icmp_seq=1 ttl=51 time=22.309 ms
>
> And this just keeps going on, sometimes 100% sucessfully, sometimes with 2-xx
> packets lost before routing is successful.
>
> Trace-routes to internal hosts:
>
> # traceroute 212.70.x.x
> traceroute to 212.70.x.x (212.70.x.x), 64 hops max, 40 byte packets
> 1 firewall (212.70.x.x5) 0.260 ms 0.224 ms 0.111 ms
> 2 php (212.70.x.x) 0.496 ms 0.484 ms 0.352 ms
>
> Second attempt:
> # traceroute 212.70.x.x
> traceroute to 212.70.x.x (212.70.x.x), 64 hops max, 40 byte packets
> 1 firewall (212.70.x.x5) 0.176 ms 0.223 ms 0.235 ms
> 2 php (212.70.x.x) 0.483 ms 0.474 ms 0.363 ms
>
> Third attempt:
> # traceroute 212.70.x.x
> traceroute to 212.70.x.x (212.70.x.x), 64 hops max, 40 byte packets
> sendto: No route to host
> 1 traceroute: wrote 212.70.x.x 40 chars, ret=-1
> *sendto: No route to host
> traceroute: wrote 212.70.x.x 40 chars, ret=-1
> *sendto: No route to host
> traceroute: wrote 212.70.x.x 40 chars, ret=-1
> *sendto: No route to host
> 2 traceroute: wrote 212.70.x.x 40 chars, ret=-1
> *sendto: No route to host
> traceroute: wrote 212.70.x.x 40 chars, ret=-1
> *sendto: No route to host
> traceroute: wrote 212.70.x.x 40 chars, ret=-1
> *
> 3 php (212.70.x.x) 0.416 ms 0.482 ms 0.474 ms
>
> Any suggestions on how I can further debug this issue, or possible resolve
> this once in for all? I can grant access to the server as well, if anyone
> feels like debugging.
>
> Looking forward to some replies. Thank you in advance.
>
> Best regards, Alex Mathiasen
Some ideas:
- Check bgpd log entries in /var/log/daemon
- Check kernel log entries in dmesg
- Examine things both when it's working fand when it's not working
and compare to spot differences, for example:
bgpctl show nexthop
route -n get <bgp peer's address>
route -n get <failing destination>
ifconfig -A
