Имеется сервер с pptpd и pppoed.Copyright (c) 1992-2007 The FreeBSD Project.
Copyright (c) 1979, 1980, 1983, 1986, 1988, 1989, 1991, 1992, 1993, 1994
The Regents of the University of California. All rights reserved.
FreeBSD is a registered trademark of The FreeBSD Foundation.
FreeBSD 7.0-BETA2 #0: Fri Nov 16 10:49:31 EET 2007
user@vpn.host.ru:/usr/obj/usr/src/sys/VPN
Timecounter "i8254" frequency 1193182 Hz quality 0
CPU: Intel(R) Xeon(R) CPU E5310 @ 1.60GHz (1595.93-MHz K8-class CPU)
Origin = "GenuineIntel" Id = 0x6f7 Stepping = 7
Features=0xbfebfbff<FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CLFLUSH,DTS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE>
Features2=0x4e33d<SSE3,RSVD2,MON,DS_CPL,VMX,TM2,SSSE3,CX16,xTPR,PDCM,DCA>
AMD Features=0x20100800<SYSCALL,NX,LM>
AMD Features2=0x1<LAHF>
Cores per package: 4
usable memory = 1065545728 (1016 MB)
avail memory = 1027014656 (979 MB)
ACPI APIC Table: <HP ML150 G3>
FreeBSD/SMP: Multiprocessor System Detected: 4 CPUs
cpu0 (BSP): APIC ID: 0
cpu1 (AP): APIC ID: 1
cpu2 (AP): APIC ID: 2
cpu3 (AP): APIC ID: 3
ioapic0 <Version 2.0> irqs 0-23 on motherboard
ioapic1 <Version 2.0> irqs 24-47 on motherboard
kbd1 at kbdmux0
acpi0: <HP> on motherboard
acpi0: [ITHREAD]
acpi0: Power Button (fixed)
Timecounter "ACPI-fast" frequency 3579545 Hz quality 1000
acpi_timer0: <24-bit timer at 3.579545MHz> port 0x1008-0x100b on acpi0
cpu0: <ACPI CPU> on acpi0
p4tcc0: <CPU Frequency Thermal Control> on cpu0
cpu1: <ACPI CPU> on acpi0
p4tcc1: <CPU Frequency Thermal Control> on cpu1
cpu2: <ACPI CPU> on acpi0
p4tcc2: <CPU Frequency Thermal Control> on cpu2
cpu3: <ACPI CPU> on acpi0
p4tcc3: <CPU Frequency Thermal Control> on cpu3
pcib0: <ACPI Host-PCI bridge> port 0xcf8-0xcff on acpi0
pci0: <ACPI PCI bus> on pcib0
pcib1: <ACPI PCI-PCI bridge> at device 2.0 on pci0
pci1: <ACPI PCI bus> on pcib1
pcib2: <ACPI PCI-PCI bridge> at device 0.0 on pci1
pci2: <ACPI PCI bus> on pcib2
pcib3: <ACPI PCI-PCI bridge> irq 16 at device 0.0 on pci2
pci3: <ACPI PCI bus> on pcib3
pcib4: <ACPI PCI-PCI bridge> at device 0.3 on pci1
pci4: <ACPI PCI bus> on pcib4
fxp0: <Intel 82559 Pro/100 Ethernet> port 0x2000-0x203f mem 0xdfc00000-0xdfc00fff,0xdfb00000-0xdfbfffff irq 28 at device 1.0 on pci4
miibus0: <MII bus> on fxp0
inphy0: <i82555 10/100 media interface> PHY 1 on miibus0
inphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, auto
fxp0: Ethernet address: 00:d0:43:7a:d3:4e
fxp0: [ITHREAD]
pcib5: <PCI-PCI bridge> at device 3.0 on pci0
pci5: <PCI bus> on pcib5
pcib6: <ACPI PCI-PCI bridge> irq 16 at device 28.0 on pci0
pci6: <ACPI PCI bus> on pcib6
pci0: <serial bus, USB> at device 29.0 (no driver attached)
pci0: <serial bus, USB> at device 29.1 (no driver attached)
pci0: <serial bus, USB> at device 29.2 (no driver attached)
pci0: <serial bus, USB> at device 29.3 (no driver attached)
pci0: <serial bus, USB> at device 29.7 (no driver attached)
pcib7: <ACPI PCI-PCI bridge> at device 30.0 on pci0
pci7: <ACPI PCI bus> on pcib7
pci0:7:1:0: bad VPD cksum, remain 18
bge0: <HP NC7781 Gigabit Server Adapter, ASIC rev. 0x1002> mem 0xdf800000-0xdf80ffff irq 18 at device 1.0 on pci7
miibus1: <MII bus> on bge0
brgphy0: <BCM5703 10/100/1000baseTX PHY> PHY 1 on miibus1
brgphy0: 10baseT, 10baseT-FDX, 100baseTX, 100baseTX-FDX, 1000baseT, 1000baseT-FDX, auto
bge0: Ethernet address: 00:хх:хх:хх:хх:хх
bge0: [ITHREAD]
vgapci0: <VGA-compatible display> mem 0xde000000-0xdeffffff,0xdf810000-0xdf813fff,0xdf000000-0xdf7fffff irq 18 at device 2.0 on pci7
isab0: <PCI-ISA bridge> at device 31.0 on pci0
isa0: <ISA bus> on isab0
atapci0: <Intel 63XXESB2 UDMA100 controller> port 0x1f0-0x1f7,0x3f6,0x170-0x177,0x376,0x1880-0x188f at device 31.1 on pci0
ata0: <ATA channel 0> on atapci0
ata0: [ITHREAD]
ata1: <ATA channel 1> on atapci0
ata1: [ITHREAD]
atapci1: <Intel 63XXESB2 SATA300 controller> port 0x18c8-0x18cf,0x18ac-0x18af,0x18c0-0x18c7,0x18a8-0x18ab,0x18b0-0x18bf mem 0xdfd00400-0xdfd007ff irq 19 at device 31.2 on pci0
atapci1: [ITHREAD]
ata2: <ATA channel 0> on atapci1
ata2: [ITHREAD]
ata3: <ATA channel 1> on atapci1
ata3: [ITHREAD]
acpi_button0: <Power Button> on acpi0
orm0: <ISA Option ROMs> at iomem 0xc0000-0xc7fff,0xc8000-0xc8fff,0xdc000-0xdffff on isa0
atkbdc0: <Keyboard controller (i8042)> at port 0x60,0x64 on isa0
atkbd0: <AT Keyboard> irq 1 on atkbdc0
kbd0 at atkbd0
atkbd0: [GIANT-LOCKED]
atkbd0: [ITHREAD]
sc0: <System console> at flags 0x100 on isa0
sc0: VGA <16 virtual consoles, flags=0x300>
vga0: <Generic ISA VGA> at port 0x3c0-0x3df iomem 0xa0000-0xbffff on isa0
Timecounters tick every 1.000 msec
IP Filter: v4.1.28 initialized. Default = pass all, Logging = enabled
ipfw2 initialized, divert enabled, rule-based forwarding disabled, default to accept, logging disabled
acd0: DVDR <HL-DT-STDVD+-RW GSA-H21L/2.02> at ata0-master UDMA33
ad4: 152627MB <FB160C4081 HPF0> at ata2-master SATA150
SMP: AP CPU #1 Launched!
SMP: AP CPU #2 Launched!
SMP: AP CPU #3 Launched!
Trying to mount root from ufs:/dev/ad4s1abge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether 00:xx:xx:xx:xx:xx
media: Ethernet autoselect (100baseTX <full-duplex>)
status: activevlan100: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=3<RXCSUM,TXCSUM>
ether 00:уу:уу:уу:уу:уу
inet 123.123.123.69 netmask 0xfffffff8 broadcast 123.123.123.71
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
vlan: 100 parent interface: bge0
pppoed слушает остальные vlan'ы и там проблем нет.pptpd слушает vlan100 (он внешний + к нему и подключаются пользователи)
пользователей несколько сотен.В 80% случаев соединение проходит нормально, в 20 - на этапе подключения возникают ошибки (Windows трактовка) :
800 - практически сразу (в самом начале)
629 - в конце = на этапе проверки сетевых протоколов
Вот как это примерно выглядит:=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
629 ошибка
20:49:39.339145 IP vpn > 192.168.131.8: GREv1, call 2188, seq 24, ack 17, length 40: IPCP, Conf-Ack (0x02), id 10, length 24
20:49:39.339158 IP vpn > 192.168.131.8: GREv1, call 2188, seq 25, length 18: IPCP, Term-Request (0x05), id 3, length 6
20:49:39.339174 IP vpn > 192.168.131.8: GREv1, call 2188, seq 26, length 56: LCP, Ident (0x0c), id 7, length 42
20:49:39.411743 IP 192.168.131.8 > vpn: GREv1, call 49408, ack 26, no-payload, length 12
20:49:39.414958 IP 192.168.131.8 > vpn: GREv1, call 49408, seq 18, length 53: IP 123.123.123.53 > IGMP.MCAST.NET: [|igmp]
20:49:39.442733 IP 192.168.131.8 > vpn: GREv1, call 49408, seq 19, length 341: IP 123.123.123.53 > 255.255.255.255: [|udp]
20:49:39.451852 IP 192.168.131.8 > vpn: GREv1, call 49408, seq 20, length 18: IPCP, Term-Ack (0x06), id 3, length 6
20:49:39.452858 IP vpn > 192.168.131.8: GREv1, call 2188, seq 27, ack 20, length 24: LCP, Term-Request (0x05), id 3, length 6
20:49:39.456240 IP 192.168.131.8.2188 > vpn.pptp: P 373:389(16) ack 189 win 65347: pptp CTRL_MSGTYPE=CCRQ CALL_ID(0) [|pptp]
20:49:39.456311 IP vpn.pptp > 192.168.131.8.2188: F 189:189(0) ack 389 win 65535
20:49:39.464025 IP 192.168.131.8.2188 > vpn.pptp: F 389:389(0) ack 190 win 65347
20:49:39.464050 IP vpn.pptp > 192.168.131.8.2188: . ack 390 win 65534
XXXXXXX---тут дисконектНормальное соединение
20:48:09.592272 IP 192.168.131.8 > vpn: GREv1, call 47872, seq 16, ack 21, length 28: IPCP, Conf-Ack (0x02), id 2, length 12
20:48:09.611547 IP 192.168.131.8 > vpn: GREv1, call 47872, seq 17, ack 23, length 40: IPCP, Conf-Request (0x01), id 10, length 24
20:48:09.623383 IP vpn > 192.168.131.8: GREv1, call 2145, seq 24, ack 17, length 40: IPCP, Conf-Ack (0x02), id 10, length 24
20:48:09.665972 IP 192.168.131.8 > vpn: GREv1, call 47872, ack 24, no-payload, length 12
20:48:09.721225 IP 192.168.131.8 > vpn: GREv1, call 47872, seq 18, length 53: IP 123.123.123.228 > IGMP.MCAST.NET: [|igmp]
20:48:09.771601 IP vpn > 192.168.131.8: GREv1, call 2145, ack 18, no-payload, length 12
20:48:09.804380 IP 192.168.131.8 > vpn: GREv1, call 47872, seq 19, length 341: IP 123.123.123.228 > 255.255.255.255: [|udp]
20:48:09.809781 IP 192.168.131.8 > vpn: GREv1, call 47872, seq 20, length 174: IP 123.123.123.228 > 239.255.255.250: [|udp]
20:48:09.860637 IP vpn > 192.168.131.8: GREv1, call 2145, ack 20, no-payload, length 12
20:48:10.647033 IP 192.168.131.8 > vpn: GREv1, call 47872, seq 21, length 53: IP 123.123.123.228 > IGMP.MCAST.NET: [|igmp]
20:48:10.677224 IP 192.168.131.8 > vpn: GREv1, call 47872, seq 22, length 83: IP 123.123.123.228 > irc.host.ru: [|udp]
20:48:10.686758 IP vpn > 192.168.131.8: GREv1, call 2145, seq 25, ack 22, length 322: IP [|ip]
20:48:10.703409 IP 192.168.131.8 > vpn: GREv1, call 47872, seq 23, ack 25, length 65: IP [|ip]
20:48:10.753638 IP vpn > 192.168.131.8: GREv1, call 2145, ack 23, no-payload, length 12=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
800 ошибка
17:01:36.512238 IP 10.7.0.2.gandalf-lm > vpn.pptp: S 886674397:886674397(0) win 65535 <mss 1420,nop,nop,sackOK>
17:01:36.512268 IP vpn.pptp > 10.7.0.2.gandalf-lm: S 3727705929:3727705929(0) ack 886674398 win 65535 <mss 1420>
17:01:36.526061 IP 10.7.0.2.gandalf-lm > vpn.pptp: P 1:157(156) ack 1 win 65535: pptp CTRL_MSGTYPE=SCCRQ PROTO_VER(1.0) [|pptp]
17:01:36.527748 IP vpn.pptp > 10.7.0.2.gandalf-lm: F 1:1(0) ack 157 win 65535
17:01:36.539267 IP 10.7.0.2.gandalf-lm > vpn.pptp: F 157:157(0) ack 2 win 65535
17:01:36.539287 IP vpn.pptp > 10.7.0.2.gandalf-lm: . ack 158 win 65534
XXXXXXX---тут дисконектНормальное соединение
17:02:04.560230 IP 10.7.0.2.blueberry-lm > vpn.pptp: S 2054453977:2054453977(0) win 65535 <mss 1420,nop,nop,sackOK>
17:02:04.560258 IP vpn.pptp > 10.7.0.2.blueberry-lm: S 3856560329:3856560329(0) ack 2054453978 win 65535 <mss 1420>
17:02:04.573731 IP 10.7.0.2.blueberry-lm > vpn.pptp: P 1:157(156) ack 1 win 65535: pptp CTRL_MSGTYPE=SCCRQ PROTO_VER(1.0) [|pptp]
17:02:04.575561 IP vpn.pptp > 10.7.0.2.blueberry-lm: P 1:157(156) ack 157 win 65535: pptp CTRL_MSGTYPE=SCCRP PROTO_VER(1.0) [|pptp]
17:02:04.591256 IP 10.7.0.2.blueberry-lm > vpn.pptp: P 157:325(168) ack 157 win 65379: pptp CTRL_MSGTYPE=OCRQ CALL_ID(0) [|pptp]
17:02:04.592095 IP vpn.pptp > 10.7.0.2.blueberry-lm: P 157:189(32) ack 325 win 65535: pptp CTRL_MSGTYPE=OCRP CALL_ID(14720) [|pptp]
17:02:04.607229 IP 10.7.0.2.blueberry-lm > vpn.pptp: P 325:349(24) ack 189 win 65347: pptp CTRL_MSGTYPE=SLI PEER_CALL_ID(14720) [|pptp]
17:02:04.613105 IP 10.7.0.2 > vpn: GREv1, call 14720, seq 0, length 37: LCP, Conf-Request (0x01), id 0, length 23
17:02:04.663761 IP vpn > 10.7.0.2: GREv1, call 0, ack 0, no-payload, length 12
17:02:04.702037 IP vpn > 10.7.0.2: GREv1, call 0, seq 0, length 53: LCP, Conf-Request (0x01), id 1, length 39
17:02:04.702047 IP vpn > 10.7.0.2: GREv1, call 0, seq 1, length 23: LCP, Conf-Reject (0x04), id 0, length 9
17:02:04.702056 IP vpn > 10.7.0.2: GREv1, call 0, seq 2, length 56: LCP, Ident (0x0c), id 0, length 42
17:02:04.706733 IP vpn.pptp > 10.7.0.2.blueberry-lm: . ack 349 win 65535=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
в логе проскакивают ошибки (может они и не имеют отношения к проблеме)
Nov 19 22:15:01 vpn pptpd[19800]: GRE: read(fd=7,buffer=510be0,len=8196) from PTY failed: status = 0 error = No error
Nov 19 22:15:01 vpn pptpd[19800]: CTRL: PTY read or GRE write failed (pty,gre)=(7,6)
Nov 19 22:15:07 vpn pptpd[20051]: GRE: read(fd=7,buffer=510be0,len=8196) from PTY failed: status = 0 error = No error
Nov 19 22:15:07 vpn pptpd[20051]: CTRL: PTY read or GRE write failed (pty,gre)=(7,6)сервер особо не загружен - ресурсов хватает
на bge0 траффик 50% в пике.Пул ip достаточно большой, максимальное количество соединений (connections в pptpd.conf) тоже.
увеличил также
#define CONNECTIONS_DEFAULT
#define MAX_CALLSно картина таже
В чем причина, и какие есть варианты решения данной проблемы?
Причина как оказалось в mtu/mru (заметил соседнюю тему).Но всеравно окончательного понимания нет - и следовательно оптимально настроить не получается.
В данном случае MTU есть у
- Ethernet он фиксирован = 1500 (+ там есть VLAN_MTU, который насколько я понял передается дочерним VLAN'ам)
- VLAN'а на этом интерфейсе
- демоноа pptpd
- демона pppoed
- настройках ppp для pptp
- настройках ppp для pppoeПо идее у второго должно быть меньше чем у первого, у последних четырех меньше чем у второго?
Объясните как их подобрать для оптимальной работы по ADSL?