From nobody@FreeBSD.org  Sun Feb  6 17:47:24 2011
Return-Path: <nobody@FreeBSD.org>
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 04FCE1065672
	for <freebsd-gnats-submit@FreeBSD.org>; Sun,  6 Feb 2011 17:47:24 +0000 (UTC)
	(envelope-from nobody@FreeBSD.org)
Received: from red.freebsd.org (red.freebsd.org [IPv6:2001:4f8:fff6::22])
	by mx1.freebsd.org (Postfix) with ESMTP id DDAD28FC16
	for <freebsd-gnats-submit@FreeBSD.org>; Sun,  6 Feb 2011 17:47:23 +0000 (UTC)
Received: from red.freebsd.org (localhost [127.0.0.1])
	by red.freebsd.org (8.14.4/8.14.4) with ESMTP id p16HlNNQ064512
	for <freebsd-gnats-submit@FreeBSD.org>; Sun, 6 Feb 2011 17:47:23 GMT
	(envelope-from nobody@red.freebsd.org)
Received: (from nobody@localhost)
	by red.freebsd.org (8.14.4/8.14.4/Submit) id p16HlNYR064511;
	Sun, 6 Feb 2011 17:47:23 GMT
	(envelope-from nobody)
Message-Id: <201102061747.p16HlNYR064511@red.freebsd.org>
Date: Sun, 6 Feb 2011 17:47:23 GMT
From: "Vladislav V. Prodan" <universite@ukr.net>
To: freebsd-gnats-submit@FreeBSD.org
Subject: Freeze  tcp-session of the clients, if in the gateway is used quagga
X-Send-Pr-Version: www-3.1
X-GNATS-Notify:

>Number:         154557
>Category:       kern
>Synopsis:       [tcp] Freeze tcp-session of the clients, if in the gateway is used quagga
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    freebsd-net
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Feb 06 17:50:06 UTC 2011
>Closed-Date:    
>Last-Modified:  Fri Feb 11 18:40:05 UTC 2011
>Originator:     Vladislav V. Prodan
>Release:        8.2-PRERELEASE amd64
>Organization:
>Environment:
FreeBSD bgp.ZZZ 8.2-PRERELEASE FreeBSD 8.2-PRERELEASE #0: Sun Jan 30 03:15:34 EET 2011     root@bgp.ZZZ:/usr/obj/usr/src/sys/bgp.1  amd64

>Description:
<uplink via ng0> --> <re1> gateway freebsd (8.2-PRERELEASE, Jan 30)
<re0>-->(Local area network, using unmanaged switch) --> <re0> client
freebsd (8.2-PRERELEASE, Dec 19)

AS1111 <--> AS5555 via BGP
gateway freebsd, quagga-0.99.17_5, prefix XXX.YYY.202.0/23 

No problems with services that use udp, for example, DNS and ntp.
Also, there are no problems when using ipv6.

This impression, if tcp response of more than 1000 bytes - then the
session hangs.

Below shows how to hang two sessions - http and cvsup:

Proto Recv-Q Send-Q  Local Address          Foreign Address       (state)
tcp4       0      0 XXX.YYY.202.12.45966   H250.onetel92.on.http  ESTABLISHED
tcp4       0      0 XXX.YYY.202.12.14486   sesame.csx.cam.a.cvsup ESTABLISHED
tcp4       0     52 10.0.1.201.ssh         10.0.0.10.1587         ESTABLISHED
tcp4       0      0 XXX.YYY.202.12.11307   otrada.pptp      ESTABLISHED
udp4       0      0 10.0.1.201.ntp         *.*
udp6       0      0 fe80:4::1.ntp          *.*
udp6       0      0 localhost.ntp          *.*
udp4       0      0 localhost.ntp          *.*
udp4       0      0 beastie.local.ntp      *.*
udp4       0      0 XXX.YYY.202.18.ntp     *.*
udp6       0      0 fe80:1::92e6:baf.ntp   *.*
udp4       0      0 XXX.YYY.202.12.ntp     *.*
udp4       0      0 localhost.11211        *.*
udp4       0      0 10.0.1.201.domain      *.*
udp4       0      0 localhost.domain       *.*
udp4       0      0 beastie.local.domain   *.*
udp4       0      0 XXX.YYY.202.18.domain  *.*
udp4       0      0 XXX.YYY.202.12.domain  *.*



BGP-router# sh ip bgp  sum
BGP router identifier A.B.C.D, local AS number 5555
RIB entries 632127, using 58 MiB of memory
Peers 2, using 9120 bytes of memory

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
195.230.ZZZ.xx   4 1111    7062    1138        0    0    0 18:54:53     5044
195.230.ZZZ.YY   4 1111  143093    1138        0    0    0 18:54:51   336779

Total number of neighbors 2


/etc/sysctl.conf on the gateway:
kern.ipc.somaxconn=65535
kern.ipc.maxsockets=204800
net.inet.ip.portrange.first=1024
net.inet.ip.portrange.last=65535
kern.maxfiles=204800 ##? 256000
kern.maxfilesperproc=200000 ## ? 230400
kern.ipc.shmmax=67108864
kern.ipc.shmall=67108864
net.inet.tcp.rfc3465=0
net.inet.flowtable.enable=0
net.inet.tcp.blackhole=1
net.inet.udp.blackhole=1
net.inet.icmp.drop_redirect=1


/etc/sysctl.conf on the client:
kern.ipc.somaxconn=65535
kern.ipc.maxsockets=204800
net.inet.ip.portrange.first=1024
net.inet.ip.portrange.last=65535
kern.maxfiles=204800 ##? 256000
kern.maxfilesperproc=200000 ## ? 230400
kern.ipc.shmmax=67108864
kern.ipc.shmall=67108864
net.inet.tcp.rfc3465=0
net.inet.flowtable.enable=0

>How-To-Repeat:

>Fix:


>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->freebsd-net 
Responsible-Changed-By: linimon 
Responsible-Changed-When: Mon Feb 7 03:35:39 UTC 2011 
Responsible-Changed-Why:  
reclassify. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=154557 

From: "Vladislav V. Prodan" <universite@ukr.net>
To: bug-followup@FreeBSD.org
Cc:  
Subject: Re: kern/154557: [tcp] Freeze tcp-session of the clients, if in the
 gateway is used quagga
Date: Mon, 07 Feb 2011 22:13:58 +0200

 #cat /etc/rc.conf
 fsck_y_enable="YES"
 background_fsck="YES"           # Attempt to run fsck in the background
 where po
 background_fsck_delay="60"      # Time to wait (seconds) before starting
 the fsc
 zfs_enable="YES"
 hostname="bgp.nextonmarket.com"
 ifconfig_re0_alias0="inet XXX.YYY.202.1/23"
 ifconfig_re0_alias1="inet XXX.YYY.202.2/23"
 ifconfig_re0_alias2="inet 192.168.1.100"
 sshd_enable="YES"
 gateway_enable="YES"
 ipv6_enable="YES"
 ipv6_gateway_enable="YES"
 ipv6_ifconfig_re0="2001::3/64 alias"
 ipv6_ifconfig_re0_alias0="2001::5"
 ipv6_ifconfig_re0_alias1="2001::200"
 ipv6_ifconfig_re0_alias2="2001::201"
 quagga_enable="YES"
 quagga_flags="-d -A 127.0.0.1"
 quagga_daemons="zebra bgpd"
 ntpdate_enable="YES"
 ntpdate_flags="ua.pool.ntp.org"
 ntpd_enable="YES"
 ifconfig_re0_ipv6="RTADV"
 rtadvd_enable="YES"
 rtadvd_interfaces="re0"
 ifconfig_re1_alias1="192.168.115.177/24"
 ifconfig_re2_alias0="ether 00:23:69:15:62:A8"
 ifconfig_re2_alias1="DHCP"
 bsdstats_enable="YES"
 bsnmpd_enable="YES"
 webmin_enable="YES"
 mpd_enable="YES"
 named_enable="YES"
 nginx_enable="YES"
 firewall_enable="YES"
 firewall_logging="YES"
 firewall_type="UNKNOWN"
 firewall_script="/etc/ipfw/ipfw.conf"
 
 
 Really need to do NAT for each real IP?
 
 
 
 -- 
 Vladislav V. Prodan
 VVP24-UANIC
 +38[067]4584408
 +38[099]4060508
 vlad11@jabber.ru

From: "Vladislav V. Prodan" <universite@ukr.net>
To: bug-followup@FreeBSD.org, universite@ukr.net
Cc:  
Subject: Re: kern/154557: [tcp] Freeze tcp-session of the clients, if in the
 gateway is used quagga
Date: Fri, 11 Feb 2011 20:31:03 +0200

 Put in mpd.conf option:
 
          set iface enable tcpmssfix
 
 and it worked.
 
 -- 
 Vladislav V. Prodan
 VVP24-UANIC
 +38[067]4584408
 +38[099]4060508
 vlad11@jabber.ru
>Unformatted:
