Problem s VPN tunely - zrejme fragmentace
Zbyněk Burget
zburget at burgnet.cz
Mon Nov 16 14:38:25 CET 2009
Dan Lukes napsal(a):
> Zbyněk Burget wrote:
>> Mohl bych se zeptat, kde je hranice, kde je jeste mnozstvi fragmentace
>> v poradku a kde uz je to moc?
>
> vetsina TCP komunikace nastaveny "Don't fragment" flag. Na UDP zalezi na
> typu provozu. Beznych 512B DNS paketu by se fragmentovat nemelo, ale
> vetsi pakety se fragmentovat mohou.
Hmmm - takze kdyz mam sit s nekolika sty prevazne domacimi uzivateli,
kde se "telefonuje" Skypem a ICQ, telefonuje pomoci VoIP, pouzivaji
ruzne torrentove stahovace, tak tam ten UDP provoz je celkem cily... To
se pak asi opravdu bude spatne odhadovat, jestli je neco moc nebo malo.
>
> Neexistuje presna hranice. Muzu ti ale poslouzit cisly z nekterych svych
> siti (site s pomerne velkymi toky takze "total" citac se protaci a nelze
> ho brat vazne, uptime je pres 82 dnu):
>
> ip:
> 602409910 total packets received
> 29 fragments received
> 17 fragments dropped (dup or out of space)
> 6 fragments dropped after timeout
> 2 packets reassembled ok
> 2 output datagrams fragmented
> 6 fragments created
>
no, u mne to vypada takhle po 14 dennim uptime (jestli ej total
pretoceny nebo ne, netusim) - IPFW, pokud jsem nekde neco neprehledl, by
mi ICMP nikde filtrovat nemelo.
ip:
2667487672 total packets received
12252769 fragments received
5269 fragments dropped (dup or out of space)
481492 fragments dropped after timeout
2196194 packets reassembled ok
1735063 output datagrams fragmented
10096589 fragments created
...a pri prohlizeni dalsich parametru se mi jeste nelibi tyhlety - nebo
je to v poradku?
5685 bad header checksums
2 with size smaller than minimum
149501 with data size < data length
76547 packets for unknown/unsupported protocol
21487 packets received for unknown multicast group
8813 output packets dropped due to no bufs, etc.
10 datagrams with bad address in header
Mohlo by neco z tohohle znamenat nejaky problem? Mam po necem zacit
patrat, co by bylo dobre najit a vychytat?
Zbynek
More information about the Users-l
mailing list