Hi all, Removing IPF for 5.4-STABLE seems to have made the boxes stable. I switched all the firewalls to PF and they haven't crashed since, its been about 3 days now... (before they were crashing every 12 hours). Here are my worries: 1) If I were to put this machine into production, it could crash at any time for another reason... or maybe the switch to PF hasn't actually stabalized it, and its just playing games with me. 2) If it crashes again, I might lose some responsibilities at work due to trust and/or "inabilities". So here's the thing .... 5.4-STABLE is a great OS, I run it on other single processor machines... but obviously it doesn't seem to like the three servers I have it setup on at work that keep crashing (or atleast kept crashing until recently). Therefore, part of me is thinking of switching back to either 4.11 or to OBSD 3.7. Problem is, this switch wouldn't be temporary, it would have to be permanant. I couldn't set things up now and then move them again a month from now. 4.11-STABLE is stable, but it would have to be our solution for at least one or two years... So my debate is whether to choose FreeBSD 4.11-STABLE which I know is stable, but isn't actively developed and/or patched (except for security patches), or choose something like OBSD 3.7 which I know is stable and is also actively developed ... but then again, maybe OpenBSD will have trouble with these three servers too, knowing my luck. What's everyone's opinion? I've had replies to previous posts telling me to go back to 4.11 "temporarily", or to "at least get something stable while you work on something new", but ... I'd like to do this all in one shot..... PS: I don't mind TESTING stability ... as long as the box isn't crashing, I can hold off a few weeks for stability testing before i do a switch over. I'm not looking to do a psycho load-it, install-it, configure-it, switch-it in 24 hours thing.... Regards, Matt
On Thu, Jun 30, 2005 at 05:07:59PM -0400, Matt Juszczak wrote:> Hi all, > > Removing IPF for 5.4-STABLE seems to have made the boxes stable. I > switched all the firewalls to PF and they haven't crashed since, its been > about 3 days now... (before they were crashing every 12 hours).Of course, the best thing would be to try and identify the cause of the problem and get it fixed. To do this, you need to proceed with the advice and patches previously given. If you really can't stay with 5.4 and try to work this to conclusion, I'd recommend going for something you know will work instead of diving in to a whole new untested environment with its own new set of potential problems to overcome. Kris -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 187 bytes Desc: not available Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20050630/de731a04/attachment.bin
On Thu, Jun 30, 2005 at 05:07:59PM -0400, Matt Juszczak wrote:> Removing IPF for 5.4-STABLE seems to have made the boxes stable. I > switched all the firewalls to PF and they haven't crashed since, its been > about 3 days now... (before they were crashing every 12 hours).The similar situation: two boxes with SMP (two physical processors each box). GENERIC kernel works. GENERIC kernel with IPF module or IPF compiled into GENERIC works. After adding SMP either to box with GENERIC with IPF module loaded or to box with IPF compiled into the kernel, boxes crashes regularly. After changing to PF I did not notice single crash for month (production servers with, sometimes, heavy load). My conclusion: I do not know what was wrong, but I could not get non-crashing 5.4 box with IPF.> 1) If I were to put this machine into production, it could crash at any > time for another reason... or maybe the switch to PF hasn't actually > stabalized it, and its just playing games with me. > > 2) If it crashes again, I might lose some responsibilities at work due to > trust and/or "inabilities".I would try FreeBSD with PF anyway. Works perfectly. -- * Maciej Wierzbicki * At paranoia's poison door * * VOO1-RIPE VOO1-6BONE *
On Thu, 30 Jun 2005 17:07:59 -0400 (EDT) Matt Juszczak <matt@atopia.net> wrote> [...] > Therefore, part of me is thinking of switching back to either 4.11 or to > OBSD 3.7. Problem is, this switch wouldn't be temporary, it would have to > be permanant. I couldn't set things up now and then move them again a > month from now.If you're wanting the system to be untouched for two years, set openbsd aside. If you don't understand what I mean, read their FAQ again and hunt up their support policy and read carefully the instructions on security patches and on updates and upgrades. OpenBSD is a great OS, and I recommend learning it and using it, but the pace is pretty stiff, especially until you get used to it. -- Joel Rees <rees@ddcom.co.jp> digitcom, inc. ???????? Kobe, Japan +81-78-672-8800 ** <http://www.ddcom.co.jp> **