[Swan] TX/RX Errors on IPsec VTI
Craig Marker
cmarker at inspeednetworks.com
Thu Jul 20 22:11:27 UTC 2017
I’ve yet to catch the TX errors in the wild, but the RX errors happen when large amounts of TCP traffic are going across the tunnel. They don’t
appear to be aligned with restart/rekey.
XfrmInNoStates 1
XfrmInStateSeqError 3337
XfrmOutNoStates 1757
> On Jul 2, 2017, at 5:05 AM, Paul Wouters <paul at nohats.ca> wrote:
>
> On Tue, 27 Jun 2017, Craig Marker wrote:
>
>> tunisp4: flags=209<UP,POINTOPOINT,RUNNING,NOARP> mtu 1480
>> inet x.x.x.x netmask 255.255.255.255 destination y.y.y.y
>> tunnel txqueuelen 1 (IPIP Tunnel)
>> RX packets 8732239 bytes 2617024564 (2.4 GiB)
>> RX errors 397 dropped 397 overruns 0 frame 0
>> TX packets 14074281 bytes 10912751224 (10.1 GiB)
>> TX errors 1679 dropped 0 overruns 0 carrier 1679 collisions 0
>> I’m seeing RX errors and dropped packets in addition to TX carrier errors on my IPsec VTI. I’ve played
>> around with txqueuelen, which reduces the RX errors, but doesn’t eliminate them. Has anyone else seen
>> these or have an idea of configuration to change? I’m running libreswan 3.19 on CentOS 7.3.
>
> Did those happen during restart/rekey ?
>
> What does this command say: grep -v -P "\t0$" /proc/net/xfrm_stat
>
> Paul
More information about the Swan
mailing list