On 15/09/2018 6:40 pm, Rowland Penny via samba wrote:> On Sat, 15 Sep 2018 12:52:52 +1000 > Reuben Farrelly via samba <samba at lists.samba.org> wrote: >> thunderstorm ~ # testparm >> Load smb config files from /etc/samba/smb.conf >> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit >> (16384) Processing section "[homes]" >> Processing section "[root]" >> Processing section "[photos]" >> Processing section "[store]" >> Loaded services file OK. >> Server role: ROLE_STANDALONE >> >> Press enter to see a dump of your service definitions >> >> # Global parameters >> [global] >> domain master = Yes >> security = USER >> server role = standalone server > > NOTE: I have shrunk your smb.conf for clarity. > > It is undoubtedly for a 'standalone server', so why does it also have > the line 'domain master = Yes' ?? > It cannot be both, I would suggest removing this line.Sure - valid point. I've removed that statement now as you're right, it's not needed, and things are much better. Fingers crossed! What I have observed now was: - Upon startup of Samba 4.9.0 again I saw again a repeated burst of broadcast packets - Switches once again went into storm-control mode and shut ports down - The environment recovered, but this time things stabilised and has been OK for the last hour since. Things seem to be working fine now. Regardless of if the config was right or not (I agree that the setting in my case was wrong and unnecessary), this is a regression, because it causes an unexpected and undocumented change in behaviour compared to previous versions of the code. I also wonder why network broadcasts don't seem to be rate limited by Samba. I can't imagine any valid use case where any application would blast thousands of broadcasts per second out onto the wire, regardless of the configuration or misconfiguration of the application. At the very least this needs a mention in the release notes, especially given the potential this has to cause an outage. Things may have changed (and change is usually good), but the least that can be done is people are given a one line heads up. Thanks, Reuben
On Sat, 15 Sep 2018 21:28:43 +1000 Reuben Farrelly via samba <samba at lists.samba.org> wrote:> > > On 15/09/2018 6:40 pm, Rowland Penny via samba wrote: > > On Sat, 15 Sep 2018 12:52:52 +1000 > > Reuben Farrelly via samba <samba at lists.samba.org> wrote: > >> thunderstorm ~ # testparm > >> Load smb config files from /etc/samba/smb.conf > >> rlimit_max: increasing rlimit_max (1024) to minimum Windows limit > >> (16384) Processing section "[homes]" > >> Processing section "[root]" > >> Processing section "[photos]" > >> Processing section "[store]" > >> Loaded services file OK. > >> Server role: ROLE_STANDALONE > >> > >> Press enter to see a dump of your service definitions > >> > >> # Global parameters > >> [global] > >> domain master = Yes > >> security = USER > >> server role = standalone server > > > > NOTE: I have shrunk your smb.conf for clarity. > > > > It is undoubtedly for a 'standalone server', so why does it also > > have the line 'domain master = Yes' ?? > > It cannot be both, I would suggest removing this line. > > Sure - valid point. I've removed that statement now as you're right, > it's not needed, and things are much better. Fingers crossed! > > What I have observed now was: > > - Upon startup of Samba 4.9.0 again I saw again a repeated burst of > broadcast packets > - Switches once again went into storm-control mode and shut ports downIt shouldn't do that, well not to the extent you describe> - The environment recovered, but this time things stabilised and has > been OK for the last hour since. Things seem to be working fine now.> > Regardless of if the config was right or not (I agree that the > setting in my case was wrong and unnecessary), this is a regression, > because it causes an unexpected and undocumented change in behaviour > compared to previous versions of the code. > > I also wonder why network broadcasts don't seem to be rate limited by > Samba. I can't imagine any valid use case where any application > would blast thousands of broadcasts per second out onto the wire, > regardless of the configuration or misconfiguration of the > application. > > At the very least this needs a mention in the release notes, > especially given the potential this has to cause an outage. Things > may have changed (and change is usually good), but the least that can > be done is people are given a one line heads up. >The problem is, it wasn't a know problem and we still don't know if it is something that is just applicable to your network, so how how do you warn people about something that you don't expect to happen. It is easy to be wise after the fact ;-) Rowland
On 15/09/2018 10:04 pm, Rowland Penny via samba wrote:>> Regardless of if the config was right or not (I agree that the >> setting in my case was wrong and unnecessary), this is a regression, >> because it causes an unexpected and undocumented change in behaviour >> compared to previous versions of the code. >> >> I also wonder why network broadcasts don't seem to be rate limited by >> Samba. I can't imagine any valid use case where any application >> would blast thousands of broadcasts per second out onto the wire, >> regardless of the configuration or misconfiguration of the >> application. >> >> At the very least this needs a mention in the release notes, >> especially given the potential this has to cause an outage. Things >> may have changed (and change is usually good), but the least that can >> be done is people are given a one line heads up. >> > > The problem is, it wasn't a know problem and we still don't know if it > is something that is just applicable to your network, so how how do you > warn people about something that you don't expect to happen. It is easy > to be wise after the fact ;-)Indeed and understood. I'm happy to help debug this, it's easy for me to reproduce on demand here in my home environment. Let me know what, if anything, I can do to help. Thanks, Reuben