Menu

#58 MPD and Netflow Bug

None
closed-fixed
Dmitry S. Lukhtionov
mpd5 (1) netflow (1) l2tp (4) hight ping (1)
5
2017-11-05
2016-03-29
AgnitumuS
No

Freebsd + MPD5 CVS + L2TP(3500+ online) + Netflow
I detect what after some time ping to users ip what they receive from L2TP was grow ...
I many times fight with this:

  • Move nat
  • Move BGP
  • Optimize Firewall
  • Remove Firewall
  • Try Anoher firewall

Nothing help.
Today i try drop user session (not reboot device, not reboot mpd, only drop), and i sow what ping was begin as normal (near 23-30 before from 500-1000 and more).
I try detect why help drop and what changes can help without drop. And detect,

My tests is:
1 Send no the traffic limit via COA - NEGATIVE
2 Recover the traffic limit via COA - NEGATIVE
4 Disable Netflow - NEGATIVE
---With disabled Netflow
5 Send no the traffic limit via COA - NEGATIVE
6 Recover the traffic limit via COA - SUCCESS
7 Send no the traffic limit via COA - SUCCESS
8 Recover the traffic limit via COA + Netflow - SUCCESS

I think something in Netflow function but what i not know (i not have rich knownladge in C)
THX ...

Related

Bugs: #58

Discussion

  • Dmitry S. Lukhtionov

    Dmitry S. Lukhtionov - 2016-03-30

    FreeBSD has a small queue for L2TP
    http://lutz.donnerhacke.de/Blog/Aussetzer-im-L2TP

    In FreeBSD 11-CURRENT L2TP queue is slightly increased

    2016-03-29 21:52 GMT+03:00 AgnitumuS agnitumus@users.sf.net:

    Status: open
    Group:
    Labels: mpd5 netflow l2tp hight ping
    Created: Tue Mar 29, 2016 06:52 PM UTC by AgnitumuS
    Last Updated: Tue Mar 29, 2016 06:52 PM UTC
    Owner: Dmitry S. Luhtionov

    Freebsd + MPD5 CVS + L2TP(3500+ online) + Netflow
    I detect what after some time ping to users ip what they receive from L2TP
    was grow ...
    I many times fight with this:

    • Move nat * Move BGP

    • Optimize Firewall * Remove Firewall

    • Try Anoher firewall

    Nothing help.
    Today i try drop user session (not reboot device, not reboot mpd, only
    drop), and i sow what ping was begin as normal (near 23-30 before
    from 500-1000 and more).
    I try detect why help drop and what changes can help without drop. And
    detect,

    My tests is:
    1 Send no the traffic limit via COA - NEGATIVE
    2 Recover the traffic limit via COA - NEGATIVE
    4 Disable Netflow - NEGATIVE
    ---With disabled Netflow
    5 Send no the traffic limit via COA - NEGATIVE
    6 Recover the traffic limit via COA - SUCCESS
    7 Send no the traffic limit via COA - SUCCESS
    8 Recover the traffic limit via COA + Netflow - SUCCESS

    I think something in Netflow function but what i not know (i not have rich
    knownladge in C)
    THX ...

    Sent from sourceforge.net because you indicated interest in
    https://sourceforge.net/p/mpd/bugs/58/

    To unsubscribe from further messages, please visit
    https://sourceforge.net/auth/subscriptions/

     

    Related

    Bugs: #58

    alternate

    • AgnitumuS

      AgnitumuS - 2016-03-31

      Thanks !
      Спасибо за быстрый ответ ! Т/Е лучше перейти на последнюю фрю или подождать STABLE ?
      ПРоблемы решил отключение нетфлов в MPD
      Тикет закрываем ...

       

      Last edit: AgnitumuS 2016-03-31

      • Dmitry S. Lukhtionov

        Dmitry S. Lukhtionov - 2016-04-01
        1. Лучше перейти на 11-ю ветку. Туда вошли несколько патчей для netgraph,
          которых нету в 10-й. Позволяет немного сократить путь пакета в netgraph,
          если не включены компрессия, шифрование и т.п.
        2. В mpd-5.8 появилась новая опция 'set link remove-tee", которая убирает
          ng_tee ноду из цепочки, при уже поднятом соединении, что убирает несколько
          блокировок и сокращает путь пакета в netgraph.
        3. Попробуйте этот патч для mpd: http://pastebin.com/trtBCtvG Он заменяет
          системный вызов poll() на kqueue(), что актуально для большого количества
          соединений
        4. Попробуйте выключить icmp redirect. Это избавит от лишней блокировки в
          сетевом стеке.
        5. Выключите сборку энтропии для random генератора для всей сетевой
          подсистемы и прерыванийr. Например, по умолчанию для 11-CURRENT стоят такие
          значения: kern.random.harvest.mask_symbolic:
          [UMA],[FS_ATIME],SWI,INTERRUPT,NET_NG,NET_ETHER,NET_TUN,MOUSE,KEYBOARD,ATTACH,CACHED
        6. Проверьте по "vmstat -z", хватает ли памяти ядра для netgraph

        2016-03-31 23:06 GMT+03:00 AgnitumuS agnitumus@users.sf.net:

        Thanks !
        Спасибо за быстрый ответ ! Т/Е лучше перейти на последнюю фрю или
        подождать STABLE ?
        ПРоблемы решил отключение нетфлов в MPD

        Status: open
        Group:
        Labels: mpd5 netflow l2tp hight ping
        Created: Tue Mar 29, 2016 06:52 PM UTC by AgnitumuS
        Last Updated: Tue Mar 29, 2016 06:52 PM UTC
        Owner: Dmitry S. Luhtionov

        Freebsd + MPD5 CVS + L2TP(3500+ online) + Netflow
        I detect what after some time ping to users ip what they receive from L2TP
        was grow ...
        I many times fight with this:

        • Move nat * Move BGP

        • Optimize Firewall * Remove Firewall

        • Try Anoher firewall

        Nothing help.
        Today i try drop user session (not reboot device, not reboot mpd, only
        drop), and i sow what ping was begin as normal (near 23-30 before
        from 500-1000 and more).
        I try detect why help drop and what changes can help without drop. And
        detect,

        My tests is:
        1 Send no the traffic limit via COA - NEGATIVE
        2 Recover the traffic limit via COA - NEGATIVE
        4 Disable Netflow - NEGATIVE
        ---With disabled Netflow
        5 Send no the traffic limit via COA - NEGATIVE
        6 Recover the traffic limit via COA - SUCCESS
        7 Send no the traffic limit via COA - SUCCESS
        8 Recover the traffic limit via COA + Netflow - SUCCESS

        I think something in Netflow function but what i not know (i not have rich
        knownladge in C)
        THX ...

        Sent from sourceforge.net because you indicated interest in
        https://sourceforge.net/p/mpd/bugs/58/

        To unsubscribe from further messages, please visit
        https://sourceforge.net/auth/subscriptions/

         

        Related

        Bugs: #58

        • alex

          alex - 2016-05-27

          на сколько безопасно ставить 11 версию? все таки оно еще не зарелизена

           

          • Dmitry S. Lukhtionov

            Dmitry S. Lukhtionov - 2016-05-30

            Работает без проблем.
            Единственное, в ядре и в jemalloc нужно отключить отладку.

            2016-05-27 12:07 GMT+03:00 alex alexkmua@users.sf.net:

            на сколько безопасно ставить 11 версию? все таки оно еще не зарелизена

            Status: open
            Group:
            Labels: mpd5 netflow l2tp hight ping
            Created: Tue Mar 29, 2016 06:52 PM UTC by AgnitumuS
            Last Updated: Tue Mar 29, 2016 06:52 PM UTC
            Owner: Dmitry S. Luhtionov

            Freebsd + MPD5 CVS + L2TP(3500+ online) + Netflow
            I detect what after some time ping to users ip what they receive from L2TP
            was grow ...
            I many times fight with this:

            • Move nat * Move BGP

            • Optimize Firewall * Remove Firewall

            • Try Anoher firewall

            Nothing help.
            Today i try drop user session (not reboot device, not reboot mpd, only
            drop), and i sow what ping was begin as normal (near 23-30 before
            from 500-1000 and more).
            I try detect why help drop and what changes can help without drop. And
            detect,

            My tests is:
            1 Send no the traffic limit via COA - NEGATIVE
            2 Recover the traffic limit via COA - NEGATIVE
            4 Disable Netflow - NEGATIVE
            ---With disabled Netflow
            5 Send no the traffic limit via COA - NEGATIVE
            6 Recover the traffic limit via COA - SUCCESS
            7 Send no the traffic limit via COA - SUCCESS
            8 Recover the traffic limit via COA + Netflow - SUCCESS

            I think something in Netflow function but what i not know (i not have rich
            knownladge in C)
            THX ...

            Sent from sourceforge.net because you indicated interest in
            https://sourceforge.net/p/mpd/bugs/58/

            To unsubscribe from further messages, please visit
            https://sourceforge.net/auth/subscriptions/

             

            Related

            Bugs: #58

            • Dmitry S. Lukhtionov

              Dmitry S. Lukhtionov - 2016-05-30

              тут я ничего поделать не могу.
              могу только надеятся, что переход на 11-CURRENT немного исправит ситуацию

              2016-05-30 10:45 GMT+03:00 Dmitry S. Luhtionov <dmitryluhtionov@users.sf.net

              :

              Работает без проблем.
              Единственное, в ядре и в jemalloc нужно отключить отладку.

              2016-05-27 12:07 GMT+03:00 alex alexkmua@users.sf.net:

              на сколько безопасно ставить 11 версию? все таки оно еще не зарелизена

              Status: open
              Group:
              Labels: mpd5 netflow l2tp hight ping
              Created: Tue Mar 29, 2016 06:52 PM UTC by AgnitumuS
              Last Updated: Tue Mar 29, 2016 06:52 PM UTC
              Owner: Dmitry S. Luhtionov

              Freebsd + MPD5 CVS + L2TP(3500+ online) + Netflow
              I detect what after some time ping to users ip what they receive from L2TP
              was grow ...
              I many times fight with this:

              -

              Move nat * Move BGP
              -

              Optimize Firewall * Remove Firewall
              - Try Anoher firewall

              Nothing help.
              Today i try drop user session (not reboot device, not reboot mpd, only
              drop), and i sow what ping was begin as normal (near 23-30 before
              from 500-1000 and more).
              I try detect why help drop and what changes can help without drop. And
              detect,

              My tests is:
              1 Send no the traffic limit via COA - NEGATIVE
              2 Recover the traffic limit via COA - NEGATIVE
              4 Disable Netflow - NEGATIVE
              ---With disabled Netflow
              5 Send no the traffic limit via COA - NEGATIVE
              6 Recover the traffic limit via COA - SUCCESS
              7 Send no the traffic limit via COA - SUCCESS
              8 Recover the traffic limit via COA + Netflow - SUCCESS

              I think something in Netflow function but what i not know (i not have rich
              knownladge in C)
              THX ...

              Sent from sourceforge.net because you indicated interest in
              https://sourceforge.net/p/mpd/bugs/58/

              To unsubscribe from further messages, please visit
              https://sourceforge.net/auth/subscriptions/

              Status: open
              Group:
              Labels: mpd5 netflow l2tp hight ping
              Created: Tue Mar 29, 2016 06:52 PM UTC by AgnitumuS
              Last Updated: Tue Mar 29, 2016 06:52 PM UTC
              Owner: Dmitry S. Luhtionov

              Freebsd + MPD5 CVS + L2TP(3500+ online) + Netflow
              I detect what after some time ping to users ip what they receive from L2TP
              was grow ...
              I many times fight with this:

              • Move nat * Move BGP

              • Optimize Firewall * Remove Firewall

              • Try Anoher firewall

              Nothing help.
              Today i try drop user session (not reboot device, not reboot mpd, only
              drop), and i sow what ping was begin as normal (near 23-30 before
              from 500-1000 and more).
              I try detect why help drop and what changes can help without drop. And
              detect,

              My tests is:
              1 Send no the traffic limit via COA - NEGATIVE
              2 Recover the traffic limit via COA - NEGATIVE
              4 Disable Netflow - NEGATIVE
              ---With disabled Netflow
              5 Send no the traffic limit via COA - NEGATIVE
              6 Recover the traffic limit via COA - SUCCESS
              7 Send no the traffic limit via COA - SUCCESS
              8 Recover the traffic limit via COA + Netflow - SUCCESS

              I think something in Netflow function but what i not know (i not have rich
              knownladge in C)
              THX ...

              Sent from sourceforge.net because you indicated interest in
              https://sourceforge.net/p/mpd/bugs/58/

              To unsubscribe from further messages, please visit
              https://sourceforge.net/auth/subscriptions/

               

              Related

              Bugs: #58

      • alex

        alex - 2016-05-27

        подскажите пожалуйста, каким образом отключили netflow?

         

        • AgnitumuS

          AgnitumuS - 2016-05-30

          А он у вас включен ? Опишите проблему ...
          Вообще сейчас, даже с отключенным гипертредингом и Нетфлоу у меня возникают проблемы ... Очень жду 11 стабильной (дата его выхода это мой второй новый год).

           

  • alex

    alex - 2016-06-06

    обновил систему к 10.3 RELEASE - проблема исчезла, наблюдаю...

     

  • Eugene Grosbein

    Eugene Grosbein - 2017-11-05
    • status: open --> closed-fixed
    • Group: -->
     

  • Eugene Grosbein

    Eugene Grosbein - 2017-11-05

    Закрываем, так как автор подтвердил исправление проблемы.

     

Log in to post a comment.

MongoDB Logo MongoDB