Occasional firewall hang - Pf 1.2.3, Soekris net 5xxx box
Just though I would report that we have a dual Soekris pf setup working with CARP and failing over nicely. It's a good thing the failover IS working as the master unit is hanging almost once a week.
Does anyone have any experience of think happening before?
Some more info:
- We have 8 CARP VIPs on the master, all of which failover nicely to the backup when the master hangs
- Both units have been fitted with the Hifn crypto card.
- A large proportion of CPU is taken up by interrupt. Box is only doing max 6mb traffic (unencrypted) and max 1.5 mb VPN traffic. CPU is load related but reaches 40% when serving these max traffic levels at lunch time. I read somewhere on the forums that Soekris devices do run a high number of interrupts - however I have another identical unit which has been running far more traffic (40mb +) but running a system called zeroshell and the current uptime of that device is over 400 days!
- The hangs do not appear to be load related it has happened three time so far since we put the new firewalls in a month ago. Initially it was every 4 days. I changed the crypto on the VPN from 3DES to 128 AES and after doing this the box stayed up for 9 days but this might have been a fluke. I'm currently waiting for it to happen again, after which I think I will switch to running the Geode crypto which works nice with 128 AES and see what that does.
I guess it could be hardware.
Anyone else have any other ideas that might help me track down this issue or perhaps find a contributing factor so we can try to predict failures and then monitor the device in far more detail before it hangs.
Easy way to test if it's hardware: swap the config files for master and backup, see if the "master" still hangs.