Missing packets between interfaces

Demosthenes · May 13, 2010, 4:41pm

I'm having issues with packets dropping somewhere on my firewall, between eth0 and eth2. Firewall is an Astaro box, essentially a pretty gui on top of modified sles10 using iptables.

I started looking into this when people started reporting issues with their ssh connections to a particular server... For testing I started using ping. I'm getting significant packet loss whenever I try. This server is at 10.10.50.4, local network is 10.10.20.x.

Here's my tcpdump from the firewall box

On eth0 (LAN) it shows every single ICMP request, as well as the replies that get back:

<M> salt:/root # tcpdump -i eth0 proto ICMP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 224 bytes
12:16:57.220490 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 0, length 64
12:16:58.206952 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 1, length 64
12:16:59.212467 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 2, length 64
12:17:00.213339 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 3, length 64
12:17:00.213674 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 3, length 64
12:17:01.213562 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 4, length 64
12:17:01.213800 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 4, length 64
12:17:02.215282 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 5, length 64
12:17:02.215724 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 5, length 64
12:17:03.216104 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 6, length 64
12:17:03.216339 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 6, length 64
12:17:04.232303 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 7, length 64
12:17:04.232774 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 7, length 64
12:17:05.223040 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 8, length 64
12:17:05.223418 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 8, length 64
12:17:06.218322 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 9, length 64
12:17:06.218803 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 9, length 64
12:17:07.222737 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 10, length 64
12:17:08.212627 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 11, length 64
12:17:08.213087 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 11, length 64
12:17:09.212550 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 12, length 64
12:17:09.212983 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 12, length 64
12:17:10.213224 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 13, length 64
12:17:10.213639 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 13, length 64
12:17:11.215442 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 14, length 64
12:17:11.215766 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 14, length 64
12:17:12.212123 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 15, length 64
12:17:13.216038 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 16, length 64
12:17:14.222200 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 17, length 64
12:17:14.222431 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 17, length 64
12:17:15.222074 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 18, length 64
12:17:16.222048 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 19, length 64
12:17:16.222488 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 19, length 64
12:17:17.222371 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 20, length 64
12:17:17.222621 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 20, length 64
12:17:18.231939 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 21, length 64
12:17:18.232532 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 21, length 64
12:17:19.242041 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 22, length 64
12:17:19.242414 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 22, length 64
12:17:20.261929 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 23, length 64
12:17:20.262288 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 23, length 64
12:17:21.221866 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 24, length 64
12:17:22.231880 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 25, length 64
12:17:23.212526 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 26, length 64
12:17:23.213011 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 26, length 64
12:17:24.222233 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 27, length 64
12:17:24.222662 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 27, length 64
12:17:25.215620 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 28, length 64
12:17:25.216049 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 28, length 64
12:17:26.215342 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 29, length 64
12:17:27.246914 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 30, length 64
12:17:27.247315 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 30, length 64

Here's what I get from eth2:

<M> salt:/root # tcpdump -i eth2 proto ICMP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth2, link-type EN10MB (Ethernet), capture size 224 bytes
12:17:00.213421 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 3, length 64
12:17:00.213608 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 3, length 64
12:17:01.213637 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 4, length 64
12:17:01.213751 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 4, length 64
12:17:02.215376 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 5, length 64
12:17:02.215644 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 5, length 64
12:17:03.216171 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 6, length 64
12:17:03.216289 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 6, length 64
12:17:04.232376 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 7, length 64
12:17:04.232672 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 7, length 64
12:17:05.223103 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 8, length 64
12:17:05.223326 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 8, length 64
12:17:06.218390 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 9, length 64
12:17:06.218720 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 9, length 64
12:17:08.212700 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 11, length 64
12:17:08.213013 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 11, length 64
12:17:09.212622 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 12, length 64
12:17:09.212909 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 12, length 64
12:17:10.213320 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 13, length 64
12:17:10.213556 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 13, length 64
12:17:11.215504 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 14, length 64
12:17:11.215700 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 14, length 64
12:17:14.222271 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 17, length 64
12:17:14.222379 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 17, length 64
12:17:16.222115 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 19, length 64
12:17:16.222417 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 19, length 64
12:17:17.222435 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 20, length 64
12:17:17.222564 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 20, length 64
12:17:18.232170 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 21, length 64
12:17:18.232458 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 21, length 64
12:17:19.242176 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 22, length 64
12:17:19.242345 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 22, length 64
12:17:20.262047 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 23, length 64
12:17:20.262225 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 23, length 64
12:17:23.212613 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 26, length 64
12:17:23.212938 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 26, length 64
12:17:24.222381 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 27, length 64
12:17:24.222580 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 27, length 64
12:17:25.215692 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 28, length 64
12:17:25.215975 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 28, length 64
12:17:27.247057 IP 10.10.20.219 > 10.10.50.4: ICMP echo request, id 62477, seq 30, length 64
12:17:27.247244 IP 10.10.50.4 > 10.10.20.219: ICMP echo reply, id 62477, seq 30, length 64

Notice the difference? I've restarted the firewall and this is still occurring. Why is it dropping packets between interfaces? What should I be looking at next to try and diagnose/solve this issue.

jim_mcnamara · May 14, 2010, 12:30am

Obvious questions:
it was working before? - how do you know?
has anything changed on the SLES box lately? You know ifconfig, etc.
Any changes to router or bridge configs on the eth2: side?

The display shows no "speed" disparity from eth0 to eth2, correct?

syslog does not show any issues on the SLES box, right?

fpmurphy · May 14, 2010, 1:38am