Re: jails bring down network interface

From: Robert Watson (rwatson_at_FreeBSD.org)
Date: 07/21/05

  • Next message: MikeM: "Re: Quality of FreeBSD" 
    Date: Thu, 21 Jul 2005 14:59:23 +0100 (BST)
To: Benjamin Lutz <benlutz@datacomm.ch>

    On Thu, 21 Jul 2005, Benjamin Lutz wrote:

    > While tracking an issue with a jail I run, the interface to which the
    > jail aliases it's IP to suddenly became unresponsive.
    >
    > My script starts the jail, then runs ifconfig alias. After starting and
    > stopping the jail about 20 times, the interface basically froze.
    > Ifconfig reported it as up and running, but it would no longer pass any
    > packets. Bringing it down then back up made it work again.
    >
    > Since this is a production machine, I'm afraid I can't give more
    > specific details, I don't wish to run into the problem again.
    >
    > I'm running FreeBSD 5.4-p5, the interface in question is a VIA VT6105
    > Rhine III using the vr(4) driver.

    Should this occur again, the starting point to investigate is to determine
    whether it's "sending" that's broken, "receiving" that's broken, or both.
    I would investigate them by:

    - Using ping on the system to ping a remote host, see if the other system
       receives the ping packets using tcpdump.

    - Use ping on another host to ping the local host, and see if tcpdump on
       the local host sees the ping packets.

    As an FYI, ideally you'll do it using a pair of machines that already have
    each other in the ARP cache, or otherwise you'll need to look for ARP
    requests on the local area network instead of ICMP requests. Beware
    switches and routers that mask traffic from third parties (hence
    suggesting using those two machines).

    Also, it would be good to know if the if_vr interface receives interrupts
    or not when it's "wedged" -- you can check this using vmstat -i or systat
    -vmstat 1 and see what the interrupt count for the interface is. I prefer
    systat to vmstat, FYI.

    Finally, if you sit there and ping for a while, do you start getting
    ENOBUFS back from the interface?

    Finally, the dmesg probe output would be helpful.

    Thanks,

    Robert N M Watson
    _______________________________________________
    freebsd-stable@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-stable
    To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"

  • Next message: MikeM: "Re: Quality of FreeBSD"

    Relevant Pages

    • Re: Cant ping into or outof Redhat box
      ... In comp.os.linux.networking Geoff wrote: ... > I can ping my system from itself (ie local host, or via it's static IP), ... interface look like, what the tcpdump from the interface shows ... ...
      (comp.os.linux.networking)
    • Re: Cant ping into or outof Redhat box
      ... In comp.os.linux.networking Geoff wrote: ... > I can ping my system from itself (ie local host, or via it's static IP), ... interface look like, what the tcpdump from the interface shows ... ...
      (linux.redhat)
    • Re: PIX: Ping VPN host from inside network
      ... to ping hosts in the vpn subnet pool or vice-versa. ... The same capture applied to the outside interface shows pings heading ... access-list inside_nat0_outbound extended permit ip any 192.168.24.0 ... access-group outside_access_in in interface outside ...
      (comp.security.firewalls)
    • Re: Linux routing mystery. No replies until machine sources traffic.
      ... The machine has an interface on each of these ... You cannot have more than one default route. ... A machine can ping ... 1.1.1.0/24 dev eth0 proto kernel scope link src 1.1.1.5 ...
      (comp.os.linux.networking)
    • Re: Dropped packets via ISR
      ... I also used ping plotter... ... Tried changing from full duplex to half duplex to auto and that did ... "1) Interface MTU at 1500 is fine. ...
      (comp.dcom.sys.cisco)