[OpenIndiana-discuss] weird packet garbling problem

Jim Klimov jimklimov at cos.ru
Sat Feb 2 18:24:09 UTC 2013 

On 2013-02-02 18:26, Jake Young wrote:
> Oddly enough I never had any issues with the automounter or nfs share I was
> backing up the V445 to.  One issue was with the ssh connection between my
> OI desktop and the V445 dropping out (note there is very little text output
> in my backup script) after an hour or two. My other issue was having the

Speculating on these points, I'd suggest that:
1) NFS is by default over UDP, which may be more resilient to dropped
    packets and adaptation to smaller sizes can be natively bundled.
    The higher-layer programs above UDP (i.e. NFS) have to detect and
    retry the transmissions, however - unlike TCP which should handle
    this sort of problems but may lag until it delivers its payload of
    bytes (the "sliding window", usually several typical packets in
    size).

2) SSH drop-out may be timeout-related... See if your server and/or
    client can use (TCP)KeepAlive, or if the script could output more
    data to keep the connection "active". Timeouts might be related
    to the IPFilter (NAT entry age, size of session bucket, etc).

3) Speaking of the latter, we had a problem on our firewall with the
    default IPFilter session bucket being very small. I am not sure
    if this was solved in later releases, we applied a fix like this
    at the time (and it's still running):

[root at newgw /lib/svc/method]# gdiff -bu ipfilter.snv_129-orig ipfilter
--- ipfilter.snv_129-orig       2009-11-27 01:07:18.000000000 +0300
+++ ipfilter    2010-06-29 14:07:36.034883267 +0400
@@ -153,7 +153,12 @@
         create_services_rules || exit $SMF_EXIT_ERR_CONFIG

         [ ! -f ${IPFILCONF} -a ! -f ${IPNATCONF} ] && exit 0
-       ipf -E
+
+       ### Enforce and display state-table sizing
+       ### Jim Klimov, 2009-2010
+        ipf -D -T 
fr_statemax=72901,fr_statesize=104147,fr_statemax,fr_statesize -E -T 
fr_statemax,fr_statesize
+       # ipf -E
+
         load_ippool || exit $SMF_EXIT_ERR_CONFIG
         load_ipf || exit $SMF_EXIT_ERR_CONFIG
         load_ipnat || exit $SMF_EXIT_ERR_CONFIG

   In fact, in OI 151a7 I see that the values are set to 50000, so
   it seems, while on older Sol10u8 and SXCE it is around 4000.

   Our values were from trial-and-error somewhat; and I think there
   was some math to them as well (google or ask Darren) ;)

HTH,
//Jim

More information about the OpenIndiana-discuss mailing list