Hi Everybody,
After updating from 8.203 to 8.301, we were confronted with a serious malfunctioning of ASG. Lots of broken packets were sent to our network, identified by Wireshark as "Ethernet_II" only and nothing else. These broken packets caused some more problems on other systems, BTW.
To make a longer story short, we could first track it down to the intrusion prevention system (IPS). Shutting IPS down but leaving everything else turned on made the problem go away.
Turning all IPS patterns off without turning IPS completely off did *not* help.
Some more tests revealed IMO that snort is not the culprit. I think it happens somewhere between nic driver and netfilter drivers.
Finally, disabling "rx checksumming offload" for the involved nics solved the problem (ethtool -K rx off eth0,eth1). IPS is now running normally again.
Our system:
Asus RS300-E6/PS4 (http://www.asus.de/Server_Workstation/Servers/RS300E6PS4)
1 x Intel Xeon CPU X3450
2 x Intel 82574L NICs pcie onboard (driver e1000e)
2 x Intel 82571EB NICs pcie add-on card (driver e1000e)
8 GB RAM
64bit kernel
We use only 2 out of the 4 network interfaces, which are bridged (br0). The problem occurs with every possible pair of interfaces.
Some more facts:
- The problem is reproducible. Re-installing ASG 8.2 makes it go away, 8.3 brings it back
- It is not related to installing ASG 8.3 by Up2Date vs. ISO
It would be nice if Astaro could fix this in a future release.
Peter Rindfuss
Social Science Research Center Berlin
WZB | Wissenschaftszentrum Berlin für Sozialforschung
This thread was automatically locked due to age.
