Re: soft lockup with conntrackd / keepalived / VLAN

netdev.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: Adam Gundy <arg@cyberscience.com>
To: netdev@vger.kernel.org
Subject: Re: soft lockup with conntrackd / keepalived / VLAN
Date: Tue, 06 Jul 2010 13:56:41 -0600	[thread overview]
Message-ID: <4C338A79.10404@cyberscience.com> (raw)
In-Reply-To: <4C2E0E0B.8040903@cyberscience.com>

Adam Gundy wrote:
> I've built a pair of router boxes which are using keepalived and 
> conntrackd to provide a redundant router setup. we're also using a 
> single 802.1Q VLAN on the box.
> 
> occasionally, the box will lockup for 5 minutes, during which time 
> routed traffic is extremely delayed (2 or 3 second ping times). 
> initially, there were no log messages about the lockup. we switched from 
> using an internal nvidia (forcedeth) NIC in the belief that it may have 
> been causing the problem.. however: with the new gigabit NICs, we still 
> see the hangs, but we also get this in the kernel log:

> PS: this is a Ubuntu Lucid kernel - 2.6.32. I'm working on a stock 
> kernel to see if it still happens..

the issue appears to be IPSEC. pings across an IPSEC tunnel get slower and 
slower until the 'five minute fit', then ALL pings (IPSEC or not), plus the 
machine itself are extremely slow or non-responsive.

this behavior is also visible with a stock 2.6.32.15 kernel, but not 
reproducible with 2.6.33.5.

it looks like there were some IPSEC locking changes between those two kernels, 
but I couldn't find any obvious bug reports with similar symptoms..

     prev parent reply	other threads:[~2010-07-06 19:56 UTC|newest]

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2010-07-02 16:04 soft lockup with conntrackd / keepalived / VLAN Adam Gundy
2010-07-06 19:56 ` Adam Gundy [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=4C338A79.10404@cyberscience.com \
    --to=arg@cyberscience.com \
    --cc=netdev@vger.kernel.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).