Re: [Cake] Ubiquity (Unifi ) Smart Queues

[dave seddon via Cake]

G'day,

Just a small update on the Unifi security gateway stuff.  They have a new
range of devices which are a lot more powerful.
(
https://store.ui.com/us/en/collections/cloud-gateway-ultra/products/ucg-ultra
)

The good news is that the limits set in the GUI now match exactly the
"rate" set in the qcdisc.

root@UCG-Ultra:~# *tc -p -s -d qdisc show dev eth4*
qdisc htb 1: root refcnt 5 r2q 10 default 0x2 direct_packets_stat 0 ver
3.17 direct_qlen 1000
 Sent 13112672757 bytes 41407610 pkt (dropped 2863, overlimits 12123381
requeues 0)
 backlog 0b 0p requeues 0
qdisc fq_codel 2: parent 1:2 limit 2000p flows 1024 quantum 300 target 5ms
interval 100ms memory_limit 4Mb ecn drop_batch 64
 Sent 13112672757 bytes 41407610 pkt (dropped 2863, overlimits 0 requeues
0)
 backlog 0b 0p requeues 0
  maxpacket 27888 drop_overlimit 0 new_flow_count 9175282 ecn_mark 0
  new_flows_len 1 old_flows_len 3
qdisc ingress : parent :fff1 
 Sent 104038056896 bytes 143646981 pkt (dropped 0, overlimits 0 requeues 0)
 backlog 0b 0p requeues 0

root@UCG-Ultra:/etc/systemd# *tc -d class show dev eth4*
class htb 1:1 root rate 35Mbit ceil 35Mbit linklayer ethernet burst 1491b/1
mpu 0b cburst 1491b/1 mpu 0b level 7
class htb 1:2 parent 1:1 leaf 2: prio 7 quantum 1514 rate 64bit ceil 35Mbit
linklayer ethernet burst 1500b/1 mpu 0b cburst 1491b/1 mpu 0b level 0
class fq_codel 2:1bf parent 2:
class fq_codel 2:274 parent 2:
class fq_codel 2:296 parent 2:
class fq_codel 2:2ca parent 2:
class fq_codel 2:34a parent 2:
class fq_codel 2:364 parent 2:

root@UCG-Ultra:~# *tc -p -s -d qdisc show dev ifbeth4*
qdisc htb 1: root refcnt 2 r2q 10 default 0x2 direct_packets_stat 0 ver
3.17 direct_qlen 1000
 Sent 108770017013 bytes 143572868 pkt (dropped 24028, overlimits 43487579
requeues 0)
 backlog 0b 0p requeues 0
qdisc fq_codel 2: parent 1:2 limit 2000p flows 1024 quantum 1514 target 5ms
interval 100ms memory_limit 4Mb ecn drop_batch 64
 Sent 108770017013 bytes 143572868 pkt (dropped 24028, overlimits 0
requeues 0)
 backlog 0b 0p requeues 0
  maxpacket 69876 drop_overlimit 10448 new_flow_count 14414347 ecn_mark 0
drop_overmemory 10448
  new_flows_len 1 old_flows_len 2

root@UCG-Ultra:/etc/systemd# *tc -d class show dev ifbeth4*
class htb 1:1 root rate 800Mbit ceil 800Mbit linklayer ethernet burst
1400b/1 mpu 0b cburst 1400b/1 mpu 0b level 7
class htb 1:2 parent 1:1 leaf 2: prio 7 quantum 1514 rate 64bit ceil
800Mbit linklayer ethernet burst 1500b/1 mpu 0b cburst 1400b/1 mpu 0b level
0
class fq_codel 2:111 parent 2:
class fq_codel 2:3cc parent 2:

So 35Mb/s and 800Mb/s match what is configured in the GUI.

[image: image.png]

The bad news is still no cake.

The bottleneck in my house is now the air interfaces.   I'll run some flent
tests soon.

Thanks,
Dave Seddon


Other device details

root@UCG-Ultra:~# uname -a
Linux UCG-Ultra 5.4.213-ui-ipq5322 #5.4.213 SMP PREEMPT Fri Jan 26 01:53:55
CST 2024 aarch64 GNU/Linux

root@UCG-Ultra:~# cat /proc/cpuinfo
processor : 0
BogoMIPS : 48.00
Features : fp asimd evtstrm aes pmull sha1 sha2 crc32 cpuid
CPU implementer : 0x51
CPU architecture: 8
CPU variant : 0xa
CPU part : 0x801
CPU revision : 4

processor : 1
BogoMIPS : 48.00
Features : fp asimd evtstrm aes pmull sha1 sha2 crc32 cpuid
CPU implementer : 0x51
CPU architecture: 8
CPU variant : 0xa
CPU part : 0x801
CPU revision : 4

processor : 2
BogoMIPS : 48.00
Features : fp asimd evtstrm aes pmull sha1 sha2 crc32 cpuid
CPU implementer : 0x51
CPU architecture: 8
CPU variant : 0xa
CPU part : 0x801
CPU revision : 4

processor : 3
BogoMIPS : 48.00
Features : fp asimd evtstrm aes pmull sha1 sha2 crc32 cpuid
CPU implementer : 0x51
CPU architecture: 8
CPU variant : 0xa
CPU part : 0x801
CPU revision : 4


root@UCG-Ultra:~# cat /proc/interrupts
   CPU0   CPU1   CPU2   CPU3
  4:   49385470   71684295   74561605   77496134 GIC-0  20 Level
arch_timer
  6:  0  0  0  0 GIC-0  39 Level
arch_mem_timer
  8:  0  0  0  0 GIC-0 195 Level
edma_txcmpl_4
  9:  0  0  0  0 GIC-0 196 Level
edma_txcmpl_5
 10:  0  0  0  0 GIC-0 197 Level
edma_txcmpl_6
 11:  0  0  0  0 GIC-0 198 Level
edma_txcmpl_7
 12:1301701  0  0  0 GIC-0 199 Level
edma_txcmpl_8
 13:   16537922  0  0  0 GIC-0 200 Level
edma_txcmpl_9
 14:   16902391  0  0  0 GIC-0 201 Level
edma_txcmpl_10
 15:   19093638  0  0  0 GIC-0 202 Level
edma_txcmpl_11
 16: 218358  0  0  0 GIC-0 203 Level
edma_txcmpl_12
 17:   14172534  0  0  0 GIC-0 204 Level
edma_txcmpl_13
 18:   12228644  0  0  0 GIC-0 205 Level
edma_txcmpl_14
 19:   14848643  0  0  0 GIC-0 206 Level
edma_txc

Re: Is there ready functionality for disabling caching of particular objects

[dave seddon]

I guess you could rewrite the headers
https://docs.trafficserver.apache.org/en/latest/admin-guide/plugins/header_rewrite.en.html

On Mon, Apr 22, 2024 at 7:31 AM Pavel Vazharov  wrote:

> Thank you for the response.
>
> Unfortunately we don't have control over the upstream http servers in this
> case.
> We need to make sure that we don't cache particular objects while working
> as a forward proxy.
> I think, I can write a C++ plugin for this. I was just trying to find if
> there is a ready solution before writing our own.
>
> On Mon, Apr 22, 2024 at 5:26 PM dave seddon 
> wrote:
>
>> The "cleanest" way is for the upstream http server to add cache control
>> headers
>>
>> https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control
>>
>> On Mon, Apr 22, 2024, 07:22 Pavel Vazharov  wrote:
>>
>>> Hi there,
>>>
>>> Is there existing ATS functionality or plugin through which can be
>>> disabled caching of particular objects by URL or regex?
>>>
>>> Thanks,
>>> Pavel.
>>>
>>

-- 
Regards,
Dave Seddon
+1 415 857 5102

Re: Is there ready functionality for disabling caching of particular objects

[dave seddon]

The "cleanest" way is for the upstream http server to add cache control
headers

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control

On Mon, Apr 22, 2024, 07:22 Pavel Vazharov  wrote:

> Hi there,
>
> Is there existing ATS functionality or plugin through which can be
> disabled caching of particular objects by URL or regex?
>
> Thanks,
> Pavel.
>

Re: Using Apache Traffic Server as HTTP client to store some content in the storage

[dave seddon]

Thanks Brian! Very cool

I don't know if you're supposed to retroactively update release notes, but
that's a pretty big feature not in the notes.

https://docs.trafficserver.apache.org/en/10.0.x/release-notes/upgrading.en.html

Stale-while-revaldate feature was a major challenge for some of our use
cases, so it's awesome to hear that is resolved. Congratulations and thank
you!

A potentially larger challenge is memory footprint. Generally, for Yahoo,
Apple, Comcast CDNs, and all you guys all have beefy machines with plenty
of RAM, so this isn't a drama. In those scenarios ATS is an amazing
solution! Woot woot. Love it!

There are more unique situations, home caching for example, where you want
large amounts of cache storage, but much lower in memory indexes to that
storage.

I'm not suggesting ATS needs to solve is, but, for the sake of the mailing
list history, people need to keep in mind.

Specifically, and unless I'm mistaken, RAM consumption is directly linear
with the available cache size, regardless of the "working set".

E.g. If you have a large storage you need a (relatively) large amount of
RAM to index into that storage, even if most of the storage is not accessed.

Again, this is a totally understandable engineering decision, and makes
sense in most situations.

On Fri, Apr 19, 2024, 14:02 Brian Neradt  wrote:

> If I understand correctly, ATS does NOT support stale while revalidate,
>> which is surprising given the RFC was created by a Yahoo-ligan. ;)
>>
>
> I'm glad you mentioned this. Actually Yahoo open-sourced the functionality
> for stale while revalidate via the stale_response.so plugin for ATS 10:
>
>
> https://docs.trafficserver.apache.org/en/latest/admin-guide/plugins/stale_response.en.html#stale-response-plugin
>
> On Fri, Apr 19, 2024 at 3:38 PM dave seddon 
> wrote:
>
>> Depending on your use case, you also want to carefully consider the cache
>> control headers for the downloaded object.
>>
>> If I understand correctly, ATS does NOT support stale while revalidate,
>> which is surprising given the RFC was created by a Yahoo-ligan. ;)
>>
>> On Fri, Apr 19, 2024 at 9:51 AM Leif Hedstrom  wrote:
>>
>>> We discussed this in the slack channel. Probably the best option for you
>>> (other than writing a new plugin) is to use the background_fetch plugin.
>>> You will still need to trigger a download, but you can avoid having to wait
>>> for the full response in the client. So, what you’d do is
>>>
>>>  curl -H “Range: bytes=0-1” https://www.example.com/some/url/foo.img
>>>
>>>
>>> And make sure background_fetch is enabled on this remap rule. No matter
>>> what you do, you will have to have something that tells ATS to kick off a
>>> download, and the above is probably as good as any alternative.
>>>
>>> Cheers,
>>>
>>> — Leif
>>>
>>>
>>> On Apr 17, 2024, at 9:33 AM, Pavel Vazharov  wrote:
>>>
>>> Hi Brian,
>>>
>>> Thank you for your response.
>>> It'll do the job but, as far as I understand it, an external
>>> functionality will need to download the content in order to push it into
>>> the ATS.
>>> The content that I want to write in the ATS storage is on the Internet.
>>>
>>> Regards,
>>> Pavel.
>>>
>>> On Wed, Apr 17, 2024 at 6:26 PM Brian Neradt 
>>> wrote:
>>>
>>>> Hi Pavel,
>>>>
>>>> This isn't a direct answer to your question, but are you aware of the
>>>> ATS HTTP PUSH feature? That allows you to push objects into the ATS cache
>>>> without the typical caching of proxied response. Can that help you in this
>>>> situation?
>>>>
>>>>
>>>> https://docs.trafficserver.apache.org/en/latest/admin-guide/configuration/cache-basics.en.html#pushing-content-into-the-cache
>>>>
>>>>
>>>> On Wed, Apr 17, 2024 at 8:41 AM Pavel Vazharov  wrote:
>>>>
>>>>> Hi there,
>>>>>
>>>>> Is there a way to use the ATS as an HTTP client to download and store
>>>>> given content?
>>>>> I'm aware that I can achieve this with a local HTTP client (wget,
>>>>> curl) which uses the ATS as a forward proxy and then the ATS will store 
>>>>> the
>>>>> content (which is the actual goal).
>>>>> I was wondering if there is a way without using an additional HTTP
>>>>> client so that I can skip the additional content moving between sockets.
>>>>>
>>>>> Thanks,
>>>>> Pavel.
>>>>>
>>>>
>>>>
>>>> --
>>>> "Come to Me, all who are weary and heavy-laden, and I will
>>>> give you rest. Take My yoke upon you and learn from Me, for
>>>> I am gentle and humble in heart, and you will find rest for
>>>> your souls. For My yoke is easy and My burden is light."
>>>>
>>>> ~ Matthew 11:28-30
>>>>
>>>
>>>
>>
>> --
>> Regards,
>> Dave Seddon
>> +1 415 857 5102
>>
>
>
> --
> "Come to Me, all who are weary and heavy-laden, and I will
> give you rest. Take My yoke upon you and learn from Me, for
> I am gentle and humble in heart, and you will find rest for
> your souls. For My yoke is easy and My burden is light."
>
> ~ Matthew 11:28-30
>

Re: Using Apache Traffic Server as HTTP client to store some content in the storage

[dave seddon]

Depending on your use case, you also want to carefully consider the cache
control headers for the downloaded object.

If I understand correctly, ATS does NOT support stale while revalidate,
which is surprising given the RFC was created by a Yahoo-ligan. ;)

On Fri, Apr 19, 2024 at 9:51 AM Leif Hedstrom  wrote:

> We discussed this in the slack channel. Probably the best option for you
> (other than writing a new plugin) is to use the background_fetch plugin.
> You will still need to trigger a download, but you can avoid having to wait
> for the full response in the client. So, what you’d do is
>
>  curl -H “Range: bytes=0-1” https://www.example.com/some/url/foo.img
>
>
> And make sure background_fetch is enabled on this remap rule. No matter
> what you do, you will have to have something that tells ATS to kick off a
> download, and the above is probably as good as any alternative.
>
> Cheers,
>
> — Leif
>
>
> On Apr 17, 2024, at 9:33 AM, Pavel Vazharov  wrote:
>
> Hi Brian,
>
> Thank you for your response.
> It'll do the job but, as far as I understand it, an external functionality
> will need to download the content in order to push it into the ATS.
> The content that I want to write in the ATS storage is on the Internet.
>
> Regards,
> Pavel.
>
> On Wed, Apr 17, 2024 at 6:26 PM Brian Neradt 
> wrote:
>
>> Hi Pavel,
>>
>> This isn't a direct answer to your question, but are you aware of the ATS
>> HTTP PUSH feature? That allows you to push objects into the ATS cache
>> without the typical caching of proxied response. Can that help you in this
>> situation?
>>
>>
>> https://docs.trafficserver.apache.org/en/latest/admin-guide/configuration/cache-basics.en.html#pushing-content-into-the-cache
>>
>>
>> On Wed, Apr 17, 2024 at 8:41 AM Pavel Vazharov  wrote:
>>
>>> Hi there,
>>>
>>> Is there a way to use the ATS as an HTTP client to download and store
>>> given content?
>>> I'm aware that I can achieve this with a local HTTP client (wget, curl)
>>> which uses the ATS as a forward proxy and then the ATS will store the
>>> content (which is the actual goal).
>>> I was wondering if there is a way without using an additional HTTP
>>> client so that I can skip the additional content moving between sockets.
>>>
>>> Thanks,
>>> Pavel.
>>>
>>
>>
>> --
>> "Come to Me, all who are weary and heavy-laden, and I will
>> give you rest. Take My yoke upon you and learn from Me, for
>> I am gentle and humble in heart, and you will find rest for
>> your souls. For My yoke is easy and My burden is light."
>>
>> ~ Matthew 11:28-30
>>
>
>

-- 
Regards,
Dave Seddon
+1 415 857 5102

[Cake] irtt update to go 1.22

[dave seddon via Cake]

G'day,

I'm chasing weird latency spikes in my wifi network, so on Dave T's
suggestion, I'm going to try using irtt to debug it.

I noticed irtt hasn't upgraded its Go version for a long time, and Go has
come a long way since 1.12. While I was there I spotted a bunch of lint
errors, so I just hacked in a quick log.Fatal, but these should probably be
real error exit codes.

https://github.com/heistp/irtt/pull/41

-- 
Regards,
Dave Seddon
+1 415 857 5102
___
Cake mailing list
Cake@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cake

Re: [Cake] Nanog l4s video

[dave seddon via Cake]

Off topic, but awesome and I think you'll enjoy it

https://youtu.be/c2jiqkpw4VY?si=ju-H9ivyNAFBM_R0

On Fri, Feb 23, 2024, 20:57 dave seddon  wrote:

> https://youtu.be/E7okBZ8NfQ8?si=Ip4Lxo1g1Xx7oy4Z
>
___
Cake mailing list
Cake@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cake

[Cake] Nanog l4s video

[dave seddon via Cake]

https://youtu.be/E7okBZ8NfQ8?si=Ip4Lxo1g1Xx7oy4Z
___
Cake mailing list
Cake@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cake

Re: [Cake] Ubiquity (Unifi ) Smart Queues

[dave seddon via Cake]

Nils - I guess you could run LibreQoS on N100?

On Tue, Jan 9, 2024 at 8:57 AM Nils Andreas Svee via Cake <
cake@lists.bufferbloat.net> wrote:

> On Jan 9, 2024, at 17:05, Dave Taht  wrote:
>
> On Tue, Jan 9, 2024 at 10:40 AM Nils Andreas Svee via Cake
>  wrote:
>
> Though frankly, I don’t plan on updating the sch_cake and tc binaries when
> new firmwares are released anymore, as they don’t publish the GPL archives
> on their webpage after the redesign, and they don’t respond to requests for
> them either by the looks of the forums. So if it breaks there’s not much I
> can do anymore.
>
>
> This irks me enormously. It is the direct outcome of the cambium
> elevate lawsuit, where both companies lost, the ISPs lost, open source
> practices long established about publishing sources, lost, and the
> lawyers went on to other nasty things leaving this trail of awful
> precedents  in their wake.
>
> https://www.mtin.net/blog/ubnt-vs-cambium/
>
> Wow, hadn’t read about that. They even sued an ISP just for using
> Cambium’s software on their hardware?
> That is crazy, just evil corporate lawyers doing their thing I guess.
>
> I do not know what to do about it. It also irks me that as a
> contributor to "smart queues" they are not maintaining it well.
>
> It leaves something to be desired yes, and I would’ve hoped to see CAKE
> included too of course,
> but even WireGuard is only available in the latest release candidates with
> the redesigned web UI, so I’m not holding my breath.
>
> I still have an EdgeRouter 4 that serves the family farm and one of the
> 8-port switches under my desk, if only because I don’t wanna spend money on
> replacing them, and they do serve their purpose.
>
> I’ve since moved though, and now live in an area that has FTTH, so I
> needed something beefier to handle CAKE on a 750/750 subscription, because
> obviously there’s still bloat even on that ;)
>
> One of those Chinese boxes with a N100 in it and OpenWrt on top works
> wonders :)
>
> Best Regards,
> Nils Andreas Svee
> _______
> Cake mailing list
> Cake@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cake
>


-- 
Regards,
Dave Seddon
+1 415 857 5102
___
Cake mailing list
Cake@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cake

Re: [Cake] Ubiquity (Unifi ) Smart Queues

[dave seddon via Cake]

 0
 0 BM





On Tue, Jan 9, 2024 at 8:05 AM Dave Taht via Cake <
cake@lists.bufferbloat.net> wrote:

> On Tue, Jan 9, 2024 at 10:40 AM Nils Andreas Svee via Cake
>  wrote:
>
> > Though frankly, I don’t plan on updating the sch_cake and tc binaries
> when new firmwares are released anymore, as they don’t publish the GPL
> archives on their webpage after the redesign, and they don’t respond to
> requests for them either by the looks of the forums. So if it breaks
> there’s not much I can do anymore.
>
> This irks me enormously. It is the direct outcome of the cambium
> elevate lawsuit, where both companies lost, the ISPs lost, open source
> practices long established about publishing sources, lost, and the
> lawyers went on to other nasty things leaving this trail of awful
> precedents  in their wake.
>
> https://www.mtin.net/blog/ubnt-vs-cambium/
>
> I do not know what to do about it. It also irks me that as a
> contributor to "smart queues" they are not maintaining it well.
>
> >
> > Best Regards,
> > Nils Andreas Svee
> >
> > On Jan 3, 2024, at 14:44, Pete Heist via Cake <
> cake@lists.bufferbloat.net> wrote:
> >
> > On Tue, 2024-01-02 at 10:59 -0800, dave seddon via Cake wrote:
> >
> > I thought people might be interested to see what Ubiquity/Unifi is
> > doing with "Smart Queues" on their devices.  The documentation on
> > their website is not very informative.
> > 
> > "Smart Queue" Implementation
> >
> > Looks like they only apply tc qdiscs to the Eth2, and sadly this is
> > NOT cake, but fq_codel.
> >
> > And cake isn't available :(
> >
> > root@USG-Pro-4:~# tc qdisc replace dev eth0 cake bandwidth 100m rtt
> > 20ms
> > Unknown qdisc "cake", hence option "bandwidth" is unparsable
> >
> >
> > Hi Dave, there's a community contributed version of Cake for EdgeRouter
> > devices that I've been using for years on production ER-X's:
> >
> >
> https://community.ui.com/questions/Cake-compiled-for-the-EdgeRouter-devices/fc1ff27c-f321-4344-8737-fcc755cae8a2
> >
> > I don't think that works for UniFi/USG devices, however, and one should
> > note the disclaimer and be careful when installing it. Also, it must be
> > re-installed after every upgrade.
> >
> > Cheers,
> > Pete
> >
> > ___
> > Cake mailing list
> > Cake@lists.bufferbloat.net
> > https://lists.bufferbloat.net/listinfo/cake
> >
> >
> > _______
> > Cake mailing list
> > Cake@lists.bufferbloat.net
> > https://lists.bufferbloat.net/listinfo/cake
>
>
>
> --
> 40 years of net history, a couple songs:
> https://www.youtube.com/watch?v=D9RGX6QFm5E
> Dave Täht CSO, LibreQos
> ___
> Cake mailing list
> Cake@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cake
>


-- 
Regards,
Dave Seddon
+1 415 857 5102
___
Cake mailing list
Cake@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cake

Re: [Cake] Ubiquity (Unifi ) Smart Queues

[dave seddon via Cake]

Thanks Sebastian!

Now I see the rates!!

I actually reduced the rates to ensure this device is the bottleneck 80/10
Mb/s

[image: image.png]

root@USG-Pro-4:~# tc -d class show dev eth2
class htb 1:10 root leaf 100: prio 0 quantum 118750 rate 9500Kbit ceil
9500Kbit burst 1598b/1 mpu 0b overhead 0b cburst 1598b/1 mpu 0b overhead 0b
level 0
class fq_codel 100:12c parent 100:
class fq_codel 100:213 parent 100:
class fq_codel 100:22e parent 100:

root@USG-Pro-4:~# tc -d class show dev ifb_eth2
class htb 1:10 root leaf 100: prio 0 quantum 20 rate 76000Kbit ceil
76000Kbit burst 1596b/1 mpu 0b overhead 0b cburst 1596b/1 mpu 0b overhead
0b level 0
class fq_codel 100:2c8 parent 100:
class fq_codel 100:3df parent 100:

On Tue, Jan 2, 2024 at 12:53 PM Sebastian Moeller  wrote:

> Hi Dave.
>
> just a few comments from the peanut gallery...
>
>
> > On Jan 2, 2024, at 19:59, dave seddon via Cake <
> cake@lists.bufferbloat.net> wrote:
> >
> > G'day,
> >
> > Happy new year y'all
>
> +1
>
> >
> > I thought people might be interested to see what Ubiquity/Unifi is doing
> with "Smart Queues" on their devices.  The documentation on their website
> is not very informative.
> >
> > Hopefully, this is vaguely interesting because Ubiquity is widely
> deployed and apparently they have a market cap of >$8 billion, so you would
> hope they do a "good job" (... Seems like they might be a target customer
> for libreqos )
> >
> > 
> > https://finance.yahoo.com/quote/ui/
> >
> > ( I use Unifi because their wifi stuff seems ok, and all the
> switching/routing/wifi is all integrated into the single gui control
> system.  Also honestly, I'm not sure I know how to do prefix delegation
> stuff on Linux by hand. )
> >
> > Network diagram
> >
> > Spectrum Cable Internets <--> Eth2 [ USG-Pro-4 ] Eth0 <--->
> [Switches] <> Access points
> >
> > "Smart Queue" Configuration
> > Ubiquity doesn't have many knobs, you just enable "smart queues" and set
> the bandwidth.
> >
> >
> >
> >
> > "Smart Queue" Implementation
> >
> > Looks like they only apply tc qdiscs to the Eth2, and sadly this is NOT
> cake, but fq_codel.
> >
> > And cake isn't available :(
> >
> > root@USG-Pro-4:~# tc qdisc replace dev eth0 cake bandwidth 100m rtt 20ms
> > Unknown qdisc "cake", hence option "bandwidth" is unparsable
> >
> > Outbound eth2
> >
> > root@USG-Pro-4:~# tc -p -s -d qdisc show dev eth2
> > qdisc htb 1: root refcnt 2 r2q 10 default 10 direct_packets_stat 0 ver
> 3.17
> >  Sent 1071636465 bytes 5624944 pkt (dropped 0, overlimits 523078
> requeues 0)  < OVERLIMITS?
> >  backlog 0b 0p requeues 0
> > qdisc fq_codel 100: parent 1:10 limit 10240p flows 1024 quantum 1514
> target 5.0ms interval 100.0ms ecn
> >  Sent 1071636465 bytes 5624944 pkt (dropped 2384, overlimits 0 requeues
> 0)   <- DROPS
> >  backlog 0b 0p requeues 0
> >   maxpacket 1514 drop_overlimit 0 new_flow_count 1244991 ecn_mark 0
> >   new_flows_len 1 old_flows_len 1
> > qdisc ingress : parent :fff1 
> >  Sent 12636045136 bytes 29199533 pkt (dropped 0, overlimits 0 requeues
> 0)
> >  backlog 0b 0p requeues 0
> >   • target 5.0ms is the default (
> https://www.man7.org/linux/man-pages/man8/tc-fq_codel.8.html ).  I wonder
> if they did much testing on this hardware?
>
> [SM] Not sure whether playing with target in isolation would be much use,
> in codel theory target should be 5-10% of interval ans interval should be
> in the order of magnitude of to be handled RTTs (the default is 100ms wich
> works reasonably well even across the Atlantic, but you probably knew all
> that).
>
> >   • ( I actually have a spare "wan" ethernet port, so I
> guess I could hook up a PC and perform a flent test. )
> >   • It's unclear to me what the "htb" is doing, because I would have
> expected the download/upload rates to be configured here, but they appear
> not to be
>
> [SM] Likely because HTB does not reveal this when asked with the `-s`
> option, try `-q` instead and not as qdisc but as class (so maybe `tc -d
> class show dev eth2`).
>
> >   • I'm not really sure what "overlimits" means or what that does,
> and tried looking this up, but I guess the kernel source is likely the
> "best" documentation for this.  Maybe this means it's dropping?  Or is it
> ECN?
>
> I think this text about TBF explains this reasonably well (HTB is
> essentially a hi

ATS and RFC5861 stale-while-revalidate?

[dave seddon]

G'day,

I hope you are doing well.

Just wondering about ATS's support for RFC 5861 (
https://www.rfc-editor.org/rfc/rfc5861 ), specifically
stale-while-revalidate.

Based on our testing, our current config we have does NOT seem to allow
serving stale while revalidating.

There's an old doc from 2015 talking about the feature, but not sure if
this was ever finalized.
https://cwiki.apache.org/confluence/display/TS/Stale-While-Revalidate+in+the+core

There is mention of stale-while-revalidate (SWR) here, but not a lot of
details:
https://docs.trafficserver.apache.org/admin-guide/plugins/collapsed_forwarding.en.html#description

The cache architecture doesn't discuss serving stale while revalidate
https://docs.trafficserver.apache.org/developer-guide/cache-architecture/architecture.en.html#cache-read

Glossary term mentions revalidation, but nothing about stale.
https://docs.trafficserver.apache.org/appendices/glossary.en.html#term-revalidation


Looking at "is_stale_cache_response_returnable", it looks like the code
does take into account
must-revalidate header
https://github.com/apache/trafficserver/blob/master/src/proxy/http/HttpTransact.cc#L5984

Grepping the code for these headers doesn't find anything.

das@t:~/Downloads/trafficserver$ grep -R "stale-while-revalidate" ./
das@t:~/Downloads/trafficserver$ grep -R "stale-if-error" ./


So it seems like ATS does not support RFC 5861

-- 
Regards,
Dave Seddon

Re: [Cake] some comprehensive arm64 w/cake results

[dave seddon via Cake]

G'day,

Dave Taht and I have had a couple of phone conversations now, and he's
convinced me that rather than inserting the netem delay on each laptop,
that latency should be added by a seperate device.  To this end, I've got
another little PC and a NIC coming, so that I can repeat all the tests with
seperate latency injection.

However, I've also completed the flent tests with the laptops adding
latency at each end.

Full test runs here:
https://github.com/randomizedcoder/qdisc_results/tree/main/qdisc/2023-10-23T16%3A49%3A10

You can find the actual rrul flent .tar.gz results for each test.

e.g
Pi4 fq is here:
https://github.com/randomizedcoder/qdisc_results/blob/main/qdisc/2023-10-23T16%3A49%3A10/pi4/fq/flent/test/16_flent/rrul-2023-10-23T170016.068273.2023-10-23T16_49_10_pi4_fq.flent.gz

Lychee Pi Risv with cake qdisc:
https://github.com/randomizedcoder/qdisc_results/blob/main/qdisc/2023-10-23T16%3A49%3A10/lpi4a/cake20/flent/test/16_flent/rrul-2023-10-23T201354.818316.2023-10-23T16_49_10_lpi4a_cake20.flent.gz

Just take these with a grain of salt until the new latency injection is in
place.

... I'll see if I can script up the generation of all the pretty graphs soon

Thanks,
Dave Seddon


On Sun, Oct 15, 2023 at 8:11 AM dave seddon 
wrote:

> G'day,
>
> I've put more work into a test framework around the qdisc tests, but
> unfortunately flent doesn't work easily with Ubuntu LTS (
> https://github.com/tohojo/flent/issues/232, which I think is an issue
> with flent parsing the fping output ).
>
> Results and graphs in this sheet:
>
> https://docs.google.com/spreadsheets/d/1T59QwEdNwJFm4TgDFA_NY98gicOm8ABXKvDsSIMz9ag/edit#gid=1203641125
>
> Raw results of x2 test runs are here:
> https://github.com/randomizedcoder/qdisc_results/blob/main/qdisc/report.csv
>
> Each run:
>
> https://github.com/randomizedcoder/qdisc_results/blob/main/qdisc/2023-10-13T18%3A45%3A45/report.csv
>
> https://github.com/randomizedcoder/qdisc_results/blob/main/qdisc/2023-10-14T14%3A22%3A53/report.csv
>
> Full iperf outputs are available too, for example: 
> https://github.com/randomizedcoder/qdisc_results/blob/main/qdisc/2023-10-13T18%3A45%3A45/nanopi-r2s/fq_codel/iperf/test/16_iperf/stdout
>
>
> Logs for each run are also available, for example:
> https://github.com/randomizedcoder/qdisc_results/blob/main/qdisc/2023-10-13T18%3A45%3A45/log.json
>
> The code repo updated here: https://github.com/randomizedcoder/cake ,
> with thehttps://github.com/randomizedcoder/cake/blob/main/README.md which
> explains how the test work.
> Updated google doc is started here:
> https://docs.google.com/document/d/1fYKj3BS89aB9drg_DsSq289xSdVQhn1zUJYCj0WuCs0/edit?usp=sharing
>
> Based on the questions on this list earlier, there is a folder with device
> information for each of the devices
> https://github.com/randomizedcoder/cake/tree/main/device_info
>
> For example, the Pi4 and the Lichee Pi (risc-v) hardware layout is here:
> - 
> https://github.com/randomizedcoder/cake/blob/main/device_info/pi4/hwloc-ls-pi4.png
>
> -
> https://github.com/randomizedcoder/cake/blob/main/device_info/lpi4a/hwloc-ls-lpi4a.png
>
> The switch has also been upgraded to a Cisco 3750x, which I think based on
> the "show interface" output has a max queue size of 40 frames.  The test
> process clears the counters before each test and gathers the "show
> interface" output at the end.
>
> The Lichee Pi 4A doesn't look good (
> https://wiki.sipeed.com/hardware/en/lichee/th1520/lp4a.html )
>
> [image: image.png]
> I really wish the flent was working, so I'll probably see if I can work
> out the parsing.
>
> Thanks,
> Dave Seddon
>
> On Fri, Oct 13, 2023 at 10:25 AM dave seddon 
> wrote:
>
>> My bad.  There's a bug for this Looks like I have to downgrade fping
>>
>> https://github.com/tohojo/flent/issues/232
>> https://github.com/schweikert/fping/issues/203
>>
>> On Fri, Oct 13, 2023 at 8:59 AM dave seddon 
>> wrote:
>>
>>> G'day,
>>>
>>> I've been working away on automation of the tests.  Pretty close to
>>> having much nicer tests with a lot more details.  I've also got the risc-v
>>> device working.
>>>
>>> However, I've run into something funny with flent.  Flent is not happy
>>> with fping or ping.
>>>
>>> das@3rd:~/Downloads/cake/cmd/run_qdiscs_tests$ /usr/bin/sudo
>>> /usr/sbin/ip netns exec network101 /usr/bin/flent rrul --output
>>>  
>>> /tmp/qdisc/2023-10-13T15:53:21/pi4/noqueue/flent/test/15_flent/flent_pi4_noqueue.png
>>> --data-dir /tmp/qdisc/2023-10-13T15:53:21/pi4/noqueue/flent/test/15_flent/
>>> --format summary --plot all_scaled --title-extra
>>> 2023-10-13T15:53:21

Re: How to establish a uni-directional Ethernet link in the dpdk environment

[dave seddon]

Normally, if you're doing "single fiber optics" it basically means you have
a single color/frequency in one direction, and another color/frequency,
which is slightly offset.  e.g. They say blue for send, and purple for
recieve, or something like that.  It's hard to screw it up, but I've
definitely tried :)

On Sun, Oct 15, 2023 at 4:21 PM Stephen Hemminger <
step...@networkplumber.org> wrote:

> On Sun, 15 Oct 2023 10:30:48 +0330
> Alireza Sadeghpour  wrote:
>
> > Hi,
> >
> > I am trying to establish a uni-directional Ethernet link where a singular
> > fiber is used to transmit data to the receiver in the DPDK environment.
> The
> > Rx of the transmit side and the Tx of the receive side are not physically
> > connected, like in a Data diode scenario. The ethernet controller on both
> > sides is intel 82580.
> >
> > my problem is that when I detach the RX line from one side, both sides'
> > links go down.
> >
> > Could anyone please give me some advice to solve this problem and
> establish
> > a valid unidirectional ethernet link?
>
> This is not a DPDK problem. Trying to non-standard configuration like this
> requires detailed knowledge of the hardware registers, and likely driver
> specific
> changes to do that.
>
> It is possible to bring up device in normal full duplex mode and even setup
> the receive queues but ignore them. But that doesn't sound like what you
> want.
>


-- 
Regards,
Dave Seddon
+1 415 857 5102

Re: [Cake] some comprehensive arm64 w/cake results

[dave seddon via Cake]

Oh thanks Sebastian.  I have irtt installed, but it looks like I need to
start the server.   That's easy.  Doing it now.

( Incidentally, I did write a golang based icmp pinger.  It can ping at
very high rates: https://github.com/edgio/icmpengine.  Really should write
one with rust using io_uring... )



On Sun, Oct 15, 2023 at 8:53 AM Sebastian Moeller  wrote:

> If I recall correctly, flent will use irtt for its delay probes if
> available on both ends. Sure fixing fping seems like a good thing longer
> term, but to get data in quickly, maybe try irtt instead?
>
>
> On 15 October 2023 17:11:23 CEST, dave seddon via Cake <
> cake@lists.bufferbloat.net> wrote:
>
>> G'day,
>>
>> I've put more work into a test framework around the qdisc tests, but
>> unfortunately flent doesn't work easily with Ubuntu LTS (
>> https://github.com/tohojo/flent/issues/232, which I think is an issue
>> with flent parsing the fping output ).
>>
>> Results and graphs in this sheet:
>>
>> https://docs.google.com/spreadsheets/d/1T59QwEdNwJFm4TgDFA_NY98gicOm8ABXKvDsSIMz9ag/edit#gid=1203641125
>>
>> Raw results of x2 test runs are here:
>>
>> https://github.com/randomizedcoder/qdisc_results/blob/main/qdisc/report.csv
>>
>> Each run:
>>
>> https://github.com/randomizedcoder/qdisc_results/blob/main/qdisc/2023-10-13T18%3A45%3A45/report.csv
>>
>> https://github.com/randomizedcoder/qdisc_results/blob/main/qdisc/2023-10-14T14%3A22%3A53/report.csv
>>
>> Full iperf outputs are available too, for example: 
>> https://github.com/randomizedcoder/qdisc_results/blob/main/qdisc/2023-10-13T18%3A45%3A45/nanopi-r2s/fq_codel/iperf/test/16_iperf/stdout
>>
>>
>> Logs for each run are also available, for example:
>> https://github.com/randomizedcoder/qdisc_results/blob/main/qdisc/2023-10-13T18%3A45%3A45/log.json
>>
>> The code repo updated here: https://github.com/randomizedcoder/cake ,
>> with thehttps://github.com/randomizedcoder/cake/blob/main/README.md
>> which explains how the test work.
>> Updated google doc is started here:
>> https://docs.google.com/document/d/1fYKj3BS89aB9drg_DsSq289xSdVQhn1zUJYCj0WuCs0/edit?usp=sharing
>>
>> Based on the questions on this list earlier, there is a folder with
>> device information for each of the devices
>> https://github.com/randomizedcoder/cake/tree/main/device_info
>>
>> For example, the Pi4 and the Lichee Pi (risc-v) hardware layout is here:
>> - 
>> https://github.com/randomizedcoder/cake/blob/main/device_info/pi4/hwloc-ls-pi4.png
>>
>> -
>> https://github.com/randomizedcoder/cake/blob/main/device_info/lpi4a/hwloc-ls-lpi4a.png
>>
>> The switch has also been upgraded to a Cisco 3750x, which I think based
>> on the "show interface" output has a max queue size of 40 frames.  The test
>> process clears the counters before each test and gathers the "show
>> interface" output at the end.
>>
>> The Lichee Pi 4A doesn't look good (
>> https://wiki.sipeed.com/hardware/en/lichee/th1520/lp4a.html )
>>
>> [image: image.png]
>> I really wish the flent was working, so I'll probably see if I can work
>> out the parsing.
>>
>> Thanks,
>> Dave Seddon
>>
>> On Fri, Oct 13, 2023 at 10:25 AM dave seddon 
>> wrote:
>>
>>> My bad.  There's a bug for this Looks like I have to downgrade fping
>>>
>>> https://github.com/tohojo/flent/issues/232
>>> https://github.com/schweikert/fping/issues/203
>>>
>>> On Fri, Oct 13, 2023 at 8:59 AM dave seddon 
>>> wrote:
>>>
>>>> G'day,
>>>>
>>>> I've been working away on automation of the tests.  Pretty close to
>>>> having much nicer tests with a lot more details.  I've also got the risc-v
>>>> device working.
>>>>
>>>> However, I've run into something funny with flent.  Flent is not happy
>>>> with fping or ping.
>>>>
>>>> das@3rd:~/Downloads/cake/cmd/run_qdiscs_tests$ /usr/bin/sudo
>>>> /usr/sbin/ip netns exec network101 /usr/bin/flent rrul --output
>>>>  
>>>> /tmp/qdisc/2023-10-13T15:53:21/pi4/noqueue/flent/test/15_flent/flent_pi4_noqueue.png
>>>> --data-dir /tmp/qdisc/2023-10-13T15:53:21/pi4/noqueue/flent/test/15_flent/
>>>> --format summary --plot all_scaled --title-extra
>>>> 2023-10-13T15:53:21_pi4_noqueue --note 2023-10-13T15:53:21_pi4_noqueue
>>>> --extended-metadata --host 172.17.51.10 --length 60 --ipv4 --socket-stats
>>>> Starting Flent 2.0

Re: [Cake] some comprehensive arm64 w/cake results

[dave seddon via Cake]

G'day,

I've put more work into a test framework around the qdisc tests, but
unfortunately flent doesn't work easily with Ubuntu LTS (
https://github.com/tohojo/flent/issues/232, which I think is an issue with
flent parsing the fping output ).

Results and graphs in this sheet:
https://docs.google.com/spreadsheets/d/1T59QwEdNwJFm4TgDFA_NY98gicOm8ABXKvDsSIMz9ag/edit#gid=1203641125

Raw results of x2 test runs are here:
https://github.com/randomizedcoder/qdisc_results/blob/main/qdisc/report.csv

Each run:
https://github.com/randomizedcoder/qdisc_results/blob/main/qdisc/2023-10-13T18%3A45%3A45/report.csv
https://github.com/randomizedcoder/qdisc_results/blob/main/qdisc/2023-10-14T14%3A22%3A53/report.csv

Full iperf outputs are available too, for example:
https://github.com/randomizedcoder/qdisc_results/blob/main/qdisc/2023-10-13T18%3A45%3A45/nanopi-r2s/fq_codel/iperf/test/16_iperf/stdout


Logs for each run are also available, for example:
https://github.com/randomizedcoder/qdisc_results/blob/main/qdisc/2023-10-13T18%3A45%3A45/log.json

The code repo updated here: https://github.com/randomizedcoder/cake , with
thehttps://github.com/randomizedcoder/cake/blob/main/README.md which
explains how the test work.
Updated google doc is started here:
https://docs.google.com/document/d/1fYKj3BS89aB9drg_DsSq289xSdVQhn1zUJYCj0WuCs0/edit?usp=sharing

Based on the questions on this list earlier, there is a folder with device
information for each of the devices
https://github.com/randomizedcoder/cake/tree/main/device_info

For example, the Pi4 and the Lichee Pi (risc-v) hardware layout is here:
- 
https://github.com/randomizedcoder/cake/blob/main/device_info/pi4/hwloc-ls-pi4.png

-
https://github.com/randomizedcoder/cake/blob/main/device_info/lpi4a/hwloc-ls-lpi4a.png

The switch has also been upgraded to a Cisco 3750x, which I think based on
the "show interface" output has a max queue size of 40 frames.  The test
process clears the counters before each test and gathers the "show
interface" output at the end.

The Lichee Pi 4A doesn't look good (
https://wiki.sipeed.com/hardware/en/lichee/th1520/lp4a.html )

[image: image.png]
I really wish the flent was working, so I'll probably see if I can work out
the parsing.

Thanks,
Dave Seddon

On Fri, Oct 13, 2023 at 10:25 AM dave seddon 
wrote:

> My bad.  There's a bug for this Looks like I have to downgrade fping
>
> https://github.com/tohojo/flent/issues/232
> https://github.com/schweikert/fping/issues/203
>
> On Fri, Oct 13, 2023 at 8:59 AM dave seddon 
> wrote:
>
>> G'day,
>>
>> I've been working away on automation of the tests.  Pretty close to
>> having much nicer tests with a lot more details.  I've also got the risc-v
>> device working.
>>
>> However, I've run into something funny with flent.  Flent is not happy
>> with fping or ping.
>>
>> das@3rd:~/Downloads/cake/cmd/run_qdiscs_tests$ /usr/bin/sudo
>> /usr/sbin/ip netns exec network101 /usr/bin/flent rrul --output
>>  
>> /tmp/qdisc/2023-10-13T15:53:21/pi4/noqueue/flent/test/15_flent/flent_pi4_noqueue.png
>> --data-dir /tmp/qdisc/2023-10-13T15:53:21/pi4/noqueue/flent/test/15_flent/
>> --format summary --plot all_scaled --title-extra
>> 2023-10-13T15:53:21_pi4_noqueue --note 2023-10-13T15:53:21_pi4_noqueue
>> --extended-metadata --host 172.17.51.10 --length 60 --ipv4 --socket-stats
>> Starting Flent 2.0.1 using Python 3.10.12.
>> Starting rrul test. Expected run time: 70 seconds.
>> WARNING: Found fping, but couldn't parse its output. Not
>> using.  < ???
>> ERROR: Runner Ping (ms) ICMP failed check: Cannot parse output of the
>> system ping binary (/usr/bin/ping). Please install fping v3.5+.<- ??
>>
>> das@3rd:~/Downloads/cake/cmd/run_qdiscs_tests$ dpkg --list | grep ping
>> ii  fping 5.1-1
>> amd64sends ICMP ECHO_REQUEST packets to network hosts
>> ii  iputils-ping  3:20211215-1
>>  amd64Tools to test the reachability of network hosts
>> ii  kpartx0.8.8-1ubuntu1.22.04.1
>>  amd64create device mappings for partitions
>> ii  libharfbuzz0b:amd64   2.7.4-1ubuntu3.1
>>  amd64OpenType text shaping engine (shared library)
>> das@3rd:~/Downloads/cake/cmd/run_qdiscs_tests$ fping --version
>> fping: Version 5.1
>> das@3rd:~/Downloads/cake/cmd/run_qdiscs_tests$ ping -V
>> ping from iputils 20211215
>>
>> das@3rd:~/Downloads/cake/cmd/run_qdiscs_tests$ cat /etc/lsb-release
>> DISTRIB_ID=Ubuntu
>> DISTRIB_RELEASE=22.04
>> DISTRIB_CODENAME=jammy
>> DISTRIB_DESCRIPTION="Ubuntu 22.04.3 LTS"
>>
>&

Re: [Cake] some comprehensive arm64 w/cake results

[dave seddon via Cake]

My bad.  There's a bug for this Looks like I have to downgrade fping

https://github.com/tohojo/flent/issues/232
https://github.com/schweikert/fping/issues/203

On Fri, Oct 13, 2023 at 8:59 AM dave seddon 
wrote:

> G'day,
>
> I've been working away on automation of the tests.  Pretty close to having
> much nicer tests with a lot more details.  I've also got the risc-v device
> working.
>
> However, I've run into something funny with flent.  Flent is not happy
> with fping or ping.
>
> das@3rd:~/Downloads/cake/cmd/run_qdiscs_tests$ /usr/bin/sudo /usr/sbin/ip
> netns exec network101 /usr/bin/flent rrul --output
>  
> /tmp/qdisc/2023-10-13T15:53:21/pi4/noqueue/flent/test/15_flent/flent_pi4_noqueue.png
> --data-dir /tmp/qdisc/2023-10-13T15:53:21/pi4/noqueue/flent/test/15_flent/
> --format summary --plot all_scaled --title-extra
> 2023-10-13T15:53:21_pi4_noqueue --note 2023-10-13T15:53:21_pi4_noqueue
> --extended-metadata --host 172.17.51.10 --length 60 --ipv4 --socket-stats
> Starting Flent 2.0.1 using Python 3.10.12.
> Starting rrul test. Expected run time: 70 seconds.
> WARNING: Found fping, but couldn't parse its output. Not
> using.  < ???
> ERROR: Runner Ping (ms) ICMP failed check: Cannot parse output of the
> system ping binary (/usr/bin/ping). Please install fping v3.5+.<- ??
>
> das@3rd:~/Downloads/cake/cmd/run_qdiscs_tests$ dpkg --list | grep ping
> ii  fping 5.1-1
> amd64sends ICMP ECHO_REQUEST packets to network hosts
> ii  iputils-ping  3:20211215-1
>amd64Tools to test the reachability of network hosts
> ii  kpartx0.8.8-1ubuntu1.22.04.1
>amd64create device mappings for partitions
> ii  libharfbuzz0b:amd64   2.7.4-1ubuntu3.1
>amd64OpenType text shaping engine (shared library)
> das@3rd:~/Downloads/cake/cmd/run_qdiscs_tests$ fping --version
> fping: Version 5.1
> das@3rd:~/Downloads/cake/cmd/run_qdiscs_tests$ ping -V
> ping from iputils 20211215
>
> das@3rd:~/Downloads/cake/cmd/run_qdiscs_tests$ cat /etc/lsb-release
> DISTRIB_ID=Ubuntu
> DISTRIB_RELEASE=22.04
> DISTRIB_CODENAME=jammy
> DISTRIB_DESCRIPTION="Ubuntu 22.04.3 LTS"
>
> I did install via "apt install fping"
>
> Any thoughts please?
>
> Kind regards,
> Dave
>
> On Thu, Sep 28, 2023 at 6:27 AM Sebastian Moeller via Cake <
> cake@lists.bufferbloat.net> wrote:
>
>>
>>
>> > On Sep 28, 2023, at 15:19, David Lang  wrote:
>> >
>> > On Thu, 28 Sep 2023, Sebastian Moeller via Cake wrote:
>> >
>> >> P.S.: I am tempted, but will likely wait until they are available in
>> quantity and hope that the street price comes down a bit before getting one
>> ;)
>> >
>> > They aren't available at all yet, and it's not clear when they will be
>> available.
>>
>> The announcement was end of October, but I think I could
>> pre-order right now if I was feeling an urge. You are right though,
>> announced != available or delivered.
>>
>> Regards
>> Sebastian
>>
>> P.S.: I have a pi400 in use as "desktop" for my oldest kid, this is close
>> to be actually generally usable, I would guess that changing a potential
>> p500 from the pi400's 4GB to 8 GB together with the other imprivements the
>> 5 brings might push it over the threshold into the truly useful category.
>> Which probably means that either a potential pi500 will come late and
>> probably with only 4 GB, but let's see how this works out now that the
>> supply situation is less problematic.
>> And I understand that there are other capable ARM based SoCs for
>> homerouter/desktop duty, I just happen ot have a soft spot for the
>> raspberry project ;)
>>
>> >
>> > David Lang
>>
>> ___
>> Cake mailing list
>> Cake@lists.bufferbloat.net
>> https://lists.bufferbloat.net/listinfo/cake
>>
>
>
> --
> Regards,
> Dave Seddon
> +1 415 857 5102
>


-- 
Regards,
Dave Seddon
+1 415 857 5102
___
Cake mailing list
Cake@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cake

Re: [Cake] some comprehensive arm64 w/cake results

[dave seddon via Cake]

G'day,

I've been working away on automation of the tests.  Pretty close to having
much nicer tests with a lot more details.  I've also got the risc-v device
working.

However, I've run into something funny with flent.  Flent is not happy with
fping or ping.

das@3rd:~/Downloads/cake/cmd/run_qdiscs_tests$ /usr/bin/sudo /usr/sbin/ip
netns exec network101 /usr/bin/flent rrul --output
 
/tmp/qdisc/2023-10-13T15:53:21/pi4/noqueue/flent/test/15_flent/flent_pi4_noqueue.png
--data-dir /tmp/qdisc/2023-10-13T15:53:21/pi4/noqueue/flent/test/15_flent/
--format summary --plot all_scaled --title-extra
2023-10-13T15:53:21_pi4_noqueue --note 2023-10-13T15:53:21_pi4_noqueue
--extended-metadata --host 172.17.51.10 --length 60 --ipv4 --socket-stats
Starting Flent 2.0.1 using Python 3.10.12.
Starting rrul test. Expected run time: 70 seconds.
WARNING: Found fping, but couldn't parse its output. Not
using.  < ???
ERROR: Runner Ping (ms) ICMP failed check: Cannot parse output of the
system ping binary (/usr/bin/ping). Please install fping v3.5+.<- ??

das@3rd:~/Downloads/cake/cmd/run_qdiscs_tests$ dpkg --list | grep ping
ii  fping 5.1-1
  amd64sends ICMP ECHO_REQUEST packets to network hosts
ii  iputils-ping  3:20211215-1
   amd64Tools to test the reachability of network hosts
ii  kpartx0.8.8-1ubuntu1.22.04.1
   amd64create device mappings for partitions
ii  libharfbuzz0b:amd64   2.7.4-1ubuntu3.1
   amd64OpenType text shaping engine (shared library)
das@3rd:~/Downloads/cake/cmd/run_qdiscs_tests$ fping --version
fping: Version 5.1
das@3rd:~/Downloads/cake/cmd/run_qdiscs_tests$ ping -V
ping from iputils 20211215

das@3rd:~/Downloads/cake/cmd/run_qdiscs_tests$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.3 LTS"

I did install via "apt install fping"

Any thoughts please?

Kind regards,
Dave

On Thu, Sep 28, 2023 at 6:27 AM Sebastian Moeller via Cake <
cake@lists.bufferbloat.net> wrote:

>
>
> > On Sep 28, 2023, at 15:19, David Lang  wrote:
> >
> > On Thu, 28 Sep 2023, Sebastian Moeller via Cake wrote:
> >
> >> P.S.: I am tempted, but will likely wait until they are available in
> quantity and hope that the street price comes down a bit before getting one
> ;)
> >
> > They aren't available at all yet, and it's not clear when they will be
> available.
>
> The announcement was end of October, but I think I could pre-order
> right now if I was feeling an urge. You are right though, announced !=
> available or delivered.
>
> Regards
> Sebastian
>
> P.S.: I have a pi400 in use as "desktop" for my oldest kid, this is close
> to be actually generally usable, I would guess that changing a potential
> p500 from the pi400's 4GB to 8 GB together with the other imprivements the
> 5 brings might push it over the threshold into the truly useful category.
> Which probably means that either a potential pi500 will come late and
> probably with only 4 GB, but let's see how this works out now that the
> supply situation is less problematic.
> And I understand that there are other capable ARM based SoCs for
> homerouter/desktop duty, I just happen ot have a soft spot for the
> raspberry project ;)
>
> >
> > David Lang
>
> ___
> Cake mailing list
> Cake@lists.bufferbloat.net
> https://lists.bufferbloat.net/listinfo/cake
>


-- 
Regards,
Dave Seddon
+1 415 857 5102
___
Cake mailing list
Cake@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cake

Re: [Cake] some comprehensive arm64 w/cake results

[dave seddon via Cake]

Thanks Jonathan!

Curious and curiouser

I'd love to understand the difference between the tests I've been doing and
your tests.

   - How many TCP flows did you have please ( cake performance seems to
   drop significantly with increased number of TCP flows, although I need to
   do more testing to understand why )?
   - What was the RTT?
   - Load tool?
   - ... so many questions :)


On Mon, Sep 18, 2023 at 3:13 PM Jonathan Morton 
wrote:

> > On 18 Sep, 2023, at 10:50 pm, dave seddon via Cake <
> cake@lists.bufferbloat.net> wrote:
> >
> > The cake tests so far had rtt 1ms and rtt 3ms, which might be too low.
> ( If it is too low, then maybe it would make sense to remove "rtt lan = rtt
> 1ms" option, as it's a misleading configuration option? )
>
> If all your traffic is over the LAN, and you have a machine and
> application tuned for the extra-low latencies that a LAN can offer, then
> setting LAN-grade targets for Cake might make sense.  But most people's
> traffic is a mixture, with the performance of Internet traffic being more
> important, and that is better served by the *default* settings.
>
> You ran fq_codel at its default settings.  These are equivalent to Cake's
> default settings, so far as the AQM activity is concerned.  I'm just asking
> for a like-to-like comparison.  You could be pleasantly surprised.
>
>  - Jonathan Morton



-- 
Regards,
Dave Seddon
+1 415 857 5102
___
Cake mailing list
Cake@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cake

Re: [Cake] some comprehensive arm64 w/cake results

[dave seddon via Cake]

G'day Mr David Reed,

Thanks for the comments.

Definitely agree with your sentiments and the tests definitely do NOT
simply represent Intel verse ARM.

Perhaps I should have been more clear about the objectives of the testing:

I'm curious to understand the performance of these lower end SoC devices,
because these are the types of devices that act as home gateway routers, as
access points, and such.  There are many many millions of these devices out
there and I don't know how well understood their performance is:
e.g. How bad is my Spectrum Internet cable modem?
e.g. I have a Unifi security gateway and it's "smart queue" performance is
pretty poor ( <200 Mb/s ).  Why is it so poor?

Obviously, with real servers ( and even virtual AWS ones ) which have real
NICs, you get things like multi-queues with RSS, and a lot more tuning
knobs, and so they can go a lot faster.

In the tests so far, the Asus CN60 device with the r8169 performs pretty
well, where the NIC is likely to be contributing positively.  The default
configuration has a bunch of off-loading enabled:

root@asus-cn60-2:/home/das# ethtool --show-features enp1s0 | grep ": on"
rx-checksumming: on
tx-checksumming: on
tx-checksum-ipv4: on
tx-checksum-ipv6: on
generic-receive-offload: on
rx-vlan-offload: on
tx-vlan-offload: on
highdma: on [fixed]

However, based on these initial tests, which are not complete, it's
certainly curious that the Pi4 is doing ~923Mbit/s with pfifo_fast and then
doing significantly less ( ~621 Mbits/sec ) with cake.  I'm interested to
understand this in more detail, where DaveT has recommended adding 20ms or
40ms.  The cake tests so far had rtt 1ms and rtt 3ms, which might be too
low.  ( If it is too low, then maybe it would make sense to remove "rtt lan
= rtt 1ms" option, as it's a misleading configuration option? )

Definitely, during the testing these little devices have the NIC IRQs all
going through core 0, so I want to explore tuning options.

root@rpi4b:/home/das# cat /proc/interrupts | grep -E '(CPU0|eth0)'
   CPU0   CPU1   CPU2   CPU3
 30:   38651749  0  0  0 GICv2 189 Level
eth0  <--- IRQs only going to CPU0
 31:   20418643  0  0  0 GICv2 190 Level
eth0

Some ideas include:
- Moving most processes of core0. e.g. Configure all the systemd slices NOT
to use core0, so core0 is essentially freed to only service the IRQs
- RPS (
https://www.kernel.org/doc/html/latest/networking/scaling.html#rps-receive-packet-steering
). e.g. Can the other cores get more involved?
- Tuning ideas from here:
https://github.com/leandromoreira/linux-network-performance-parameters.
Specifically, I was wondering about increasing netdev_budget sysctls.

The defaults are shown here

root@rpi4b:/home/das# sysctl -a | grep netdev_budget
net.core.netdev_budget = 300
net.core.netdev_budget_usecs = 8000

"Armbian's kernel isn't a particularly high performance kernel build."

Happy to discuss any recommended tuning.  Armbrian is very easy to install
on the microSD card.  ( Actually, I have the LicheePi 4A RISC-V, but can't
find a easy image to just load on a microSD card. )


Over the weekend, I reconfigured the testing setup using a lot more VLANs.
Now each device has ALL the different qdiscs configured on different VLANs
and IPs, allowing the iperf/flent tests to be run one after the other with
no need to change the qdiscs between tests.  I'm currently repeating every
combination of test, before adding the netem 20/40ms latency as DaveT
suggested.  ( Test take a while: 8 devices * 6 qdiscs = 48 tests, by 10
minute tests = 480 minutes = 8 hours )

Roughly the plan is:
1. Retest all combinations.  This is to confirm the starting position. <---
running now
2. Add netem latency 20 and 40ms, and retest all combinations.  I'm hoping
Pi4 cake performance will be closer to > 900 Mb/s
3. Apply some tuning options, and retest all combinations

Kind regards,
Dave Seddon

On Sun, Sep 17, 2023 at 6:05 PM Dave Taht  wrote:

>
> A huge thanks to dave seddon for buckling down and doing some
> comprehensive testing of a variety of arm64 gear!
>
>
> https://docs.google.com/document/d/1HxIU_TEBI6xG9jRHlr8rzyyxFEN43zMcJXUFlRuhiUI/edit#heading=h.bpvv3vr500nw
>
> --
> Oct 30:
> https://netdevconf.info/0x17/news/the-maestro-and-the-music-bof.html
> Dave Täht CSO, LibreQos
>


-- 
Regards,
Dave Seddon
+1 415 857 5102
___
Cake mailing list
Cake@lists.bufferbloat.net
https://lists.bufferbloat.net/listinfo/cake

[go-nuts] icmpengine - a small golang ping library

[dave seddon]

G'day,

I hope this is an appropriate place to post about a new little library.

Recently I was looking for a basic ping library but didn't have much luck, 
so I hope the community will find this helpful:

https://github.com/EdgeCast/icmpengine

Feedback welcome.

Kind regards,
Dave Seddon

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/golang-nuts/33536eb5-00ec-4fb6-ac0e-9817254df5b0n%40googlegroups.com.

Re: [dpdk-users] Peformance troubleshouting of TCP/IP stack over DPDK.

[dave seddon]

 better performance than the standard Linux kernel
> > one
> > > but
> > > so far we can't get this performance.
> > > 2. Do you think the diffrence comes because of the time spending
> handling
> > > packets
> > > and handling epoll in both of the tests? What do I mean. For the
> standard
> > > Linux tests
> > > the interrupts handling has higher priority than the epoll handling and
> > > thus the application
> > > can spend much more time handling packets and processing them in the
> > kernel
> > > than
> > > handling epoll events in the user space. For the DPDK+FreeBSD case the
> > time
> > > for
> > > handling packets and the time for processing epolls is kind of equal. I
> > > think, that this was
> > > the reason why we were able to get more performance increasing the
> number
> > > of read
> > > packets at one go and decreasing the epoll events. However, we couldn't
> > > increase the
> > > throughput enough with these tweaks.
> > > 3. Can you suggest something else that we can test/measure/profile to
> get
> > > better idea
> > > what exactly is happening here and to improve the performance more?
> > >
> > > Any help is appreciated!
> > >
> > > Thanks in advance,
> > > Pavel.
> >
> > First off, if you are testing on KVM, are you using PCI pass thru or
> SR-IOV
> > to make the device available to the guest directly. The default mode uses
> > a Linux bridge, and this results in multiple copies and context switches.
> > You end up testing Linux bridge and virtio performance, not TCP.
> >
> > To get full speed with TCP and most software stacks you need TCP
> > segmentation
> > offload.
> >
> > Also software queue discipline, kernel version, and TCP congestion
> control
> > can have a big role in your result.
> >
>
> Hi,
>
> Thanks for the response.
>
> We did the tests on Ubuntu 18.04.4 LTS (GNU/Linux 4.15.0-96-generic
> x86_64).
> The NIC was given to the guest using SR-IOV.
> The TCP segmentation offload was enabled for both tests (standard Linux and
> DPDK+FreeBSD).
> The congestion control algorithm for both tests was 'cubic'.
>
> What do you mean by 'software queue discipline'?
>
> Regards,
> Pavel.
>


-- 
Regards,
Dave Seddon
+1 415 857 5102

Re: [dpdk-users] [dpdk-dev] KNI Module (multiple) to handle IGMP requests

[dave seddon]

*I am relying on KNI TCP/IP stack to handle the igmp - Membership Query to
send the igmp - Membership Report, port-1 never send the report and *
* hence switch drops the multicast data within few minutes.*

Are you saying that traffic does arrive on both ports briefly, and then
stops on port1?  This would imply that an IGMP join did initially go out
both ports.

On Tue, Aug 6, 2019 at 5:21 AM Vikash Kumar 
wrote:

> Hello Everyone,
>
> Currently I am working on a project in which I need to capture the ipv4
> multicast data from a managed (igmp enabled) switch.
>
> In order achieve this, I am currently using below configuration:
>
> dpdk-18.05.1.
>
> *Hardware Description:*
>
> Operating System: CentOS Linux 7 (Core)
>
> CPE OS Name: cpe:/o:centos:centos:7
>
> Kernel: Linux 3.10.0-957.12.1.el7.x86_64
>
> Architecture: x86-64
>
> NIC: Ethernet 10G 2P X520 Adapter 154d (ixgbe)
>
> IG Huge Page available.
>
> Changes made in grub: isolcpus=0-1 default_hugepagesz=1G hugepagesz=1G
> transparent_hugepage=never"
>
> KNI Module successfully loaded as : sudo /sbin/insmod
> $RTE_SDK/$RTE_TARGET/kmod/rte_kni.ko kthread_mode=multiple
>
> Successfully created 16 hugepages.
>
> Successfully created hugepage filesystem. (using 'sudo mount -t
> hugetlbfs nodev /mnt/huge')
>
> Static IPs given to both ports of NIC.
>
> Successfully binded both the ports with igb_uio driver.
>
> Referring to KNI sample application, allocated 1 KNI module for each
> port. Used same MAC address, IP address, ifname same as the original NIC.
>
> Able to join multicast feeds using these kni interfaces (
> setsockoptIP_ADD_SOURCE_MEMBERSHIP )
>
> Using 1 lcore for each port. lcore 0 to capture the data over port 0 and
> lcore 1 to capture the data over port 1.
>
> Each of these 2 eal thread running on lcore does the below operations:
>
> rte_eth_rx_burst() -> keep copy of required multicast data and free the
> mbuff if copied. Else all other packets passed to kni tx (including igmp
> packets)
>
> rte_kni_tx_burst()
>
> rte_kni_handle_request()
>
> rte_kni_rx_burst()
>
> rte_eth_tx_burst()
>
> *_Problem Statement:_*
>
> Everything works fine with port 0. But for Port 1, I observe that there
> is no output from rte_kni_rx_burst, which in turn leads to multicast
> drop by switch.
>
> I am relying on KNI TCP/IP stack to handle the igmp - Membership Query
> to send the igmp - Membership Report, port-1 never send the report and
> hence switch drops the multicast data within few minutes.
>
> I have seen this behaviour on 2-3 machines of almost similar
> configuration. However, strangly on one another similar machine, the
> behaviour was totally opposite. There Port1 was working fine and port0
> was dropping the multicast.
>
> *Please advice, what I am missing here and what can I do to debug this
> issue further.*
>
> **
>
> Thanks & Regards,
>
> Vix
>
>
>

-- 
Regards,
Dave Seddon
+1 415 310 4086

Re: BGP Connection reset on fast timers

[dave seddon]

Packet 35 shows .13, which is the Bird running on Vmware (sorry about
that), and clearly thinks the hold time expired:

Major error Code: Hold Timer Expired (4)
Minor error Code (Hold Timer Expired): 0

Might be worth trying to run bird debugging to see what else it says.
Have you consider BFD?
Maybe try running different visualization (e.g. KVM), or no visualization.

On Tue, Jun 12, 2018 at 3:42 AM, Olivier Benghozi <
olivier.bengh...@wifirst.fr> wrote:

> Just a comment:
>
> here we use 5/15 on some 10GE links between Redback/Ericsson/SmartEdge and
> Cisco routers (so, unrelated to BIRD and Linux) with success (never flaps
> if the link is OK). These links are used to receive/transmit L2TP tunnels
> traffic.
>
> The usecase was:
> 1) there are some intermediate switches on the links (so a cut cannot
> always be quickly detected)
> 2)  L2TP timers are aggressive and it's relevant to switch to another path
> quickly enough in order to avoid some L2TP tunnels disconnections, which in
> turn would disconnect several tens of thousands PPP sessions and users
> 3) BFD wasn't an option (between two different operators)
>
>
> Olivier
>
> Le 12 juin 2018 à 11:09, Maria Jan Matějka  a écrit :
>
> If I remember it correctly, there was somebody who used a 5/15 setup and
> still had to take a lot of care to keep the links up.
>
> By the way, is there any good reason to have so short timeouts?
>
>
>


-- 
Regards,
Dave Seddon
+1 415 310 4086

Re: BGP AS Path Filter

[dave seddon]

Bgp loop prevention works by never accepting a route with you're own AS in
the path. Therefore if you prepend your route with the AS numbers of the
upstream networks, those networks won't accept the route. However, maybe
your ISP will not accept the route either if the have strict filters (they
probably will accept it), but keep in mind reachability might not work, so
treat carefully.

On Nov 16, 2017 3:44 AM, "Shurshuka"  wrote:

> Hello,
>
> I am newbie in Bird & BGP so pardon my question:
>
> I have server and my own AS/IP's (/24).
> I get default from my provider.
> My provider has a lot of upstreams (different IP transit providers with
> there own AS).
> I want my AS/routes to be announce only from some providers upstreams.
> My provider doesn't provide any self-service BGP communities for that.
> As I understood, I can do this thing with BGP AS Path Filter (Default is
> OK for this? Or Full View required?).
> What filter I need to use (import/export)?
> I tried to use this filter, but it failed:
>
> > import filter {
> >
> > if (bgp_path ~ [= * IP_TRANSIT_PROVIDER_AS_1 PROVIDER_AS
> MY_AS =]) || (bgp_path ~ [= * IP_TRANSIT_PROVIDER_AS_2 PROVIDER_AS MY_AS
> =]) then {
> >
> > accept;
> >
> > } else reject;
> > };
>
> Could you please to answer my questions and to tell in what direction to
> move on?
>
> Thanks.
>

Re: Hold time expired error

[dave seddon]

Perhaps you can get a pcap of what's happening? Capturing just the bgp
should be pretty small pcap.

On Aug 5, 2017 7:37 PM, "Ajai Kumar"  wrote:

> Dear All,
> Looking forward for your support on issue reported in appended mail.
> Regards,
> Ajai Kumar
>
> On 4 August 2017 at 10:50, Ajai Kumar  wrote:
>
>> Dear All,
>>
>>
>> I am suspecting issue on bird,pls refer response are
>>
>> Question:  you cannot ping across your IX, you need to look lower than
>> BIRD to figure out the problem.
>>
>>
>> Ans: Yes I can ping the IP from switch connected to bird server. However
>> not able to ping from bird server.
>>
>>
>>
>> Question: I would try to answer questions like: Is ARP resolving IPs to
>> MACs?
>>
>> Ans: Yes ARP is resolving IPs to MACS
>>
>>
>>
>> Question: Is the problem isolated to a single BIRD server only?
>>
>> Yes the problem occurs now on new one I am installing, the other BIRD
>> installed later are working properly
>>
>>  Question:  We are using BIRD 1.3.9. Can you confirm which version of
>> bird does not have this issues.
>>
>>
>> Question Is it only IPv4 problem only,
>>
>> Yes it is an IPv4 problem,
>>
>>
>> or IPv6 as well?
>>
>> Looking forward for your help pls.
>>
>> Regards,
>> Ajai Kumar
>>
>> On 3 August 2017 at 21:02, Janvier Rwakagabo 
>> wrote:
>>
>>> Find my comments in red.
>>>
>>>
>>>
>>> Thanks
>>>
>>>
>>>
>>> Regards,
>>>
>>>
>>>
>>> Janvier R.
>>>
>>>
>>>
>>> *From:* Bird-users [mailto:bird-users-boun...@network.cz] *On Behalf Of
>>> *Jonathan Stewart
>>> *Sent:* Thursday, August 3, 2017 4:06 PM
>>> *To:* Ajai Kumar 
>>> *Cc:* bird 
>>> *Subject:* Re: Hold time expired error
>>>
>>>
>>>
>>> If you cannot ping across your IX, you need to look lower than BIRD to
>>> figure out the problem.
>>>
>>> I can ping the IP through IX
>>>
>>>
>>>
>>>
>>>
>>> I would try to answer questions like: Is ARP resolving IPs to MACs?
>>>
>>> Yes ARP is resolving IPs to MACS
>>>
>>>
>>>
>>> Is the problem isolated to a single BIRD server only?
>>>
>>> Yes the problem occurs now on new one I am installing, the other BIRD
>>> installed later are working properly
>>>
>>>
>>>
>>> Is it only IPv4 problem only,
>>>
>>> Yes it is an IPv4 problem,
>>>
>>>
>>>
>>> or IPv6 as well?
>>>
>>>
>>>
>>> If you can answer some of these questions, you'll get closer to finding
>>> the root cause, I expect.
>>>
>>>
>>>
>>> Cheers,
>>>
>>> Jonathan
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> On Thu, Aug 3, 2017 at 2:25 AM, Ajai Kumar  wrote:
>>>
>>> Dear All,
>>>
>>> We are facing problem with few peers in our IX.   Frequently they get
>>> Hold Timer Expired Error and they are not able to ping our route server IP.
>>> After shut no shut this problem resolves for sometime.  One log message
>>> appended
>>>
>>>
>>> bgp_hold_timeout:4690: NOTIFICATION sent to X.X.X.X (External AS
>>> 132953): code 4 (Hold Timer Expired Error), Reason: holdtime expired for
>>> X.X.X.X (External AS 132953), socket buffer sndcc: 57 rcvcc: 0 TCP state:
>>> 4, snd_una: 728368567 snd_nxt: 728368624 snd_wnd: 15744 rcv_nxt: 429172199
>>> rcv_adv: 429188583, hold timer out 90s, hold timer remain 0s
>>>
>>> Requesting for help pls.
>>>
>>> Regards,
>>>
>>> Ajai Kumar
>>>
>>> --
>>>
>>>
>>> (M) +91-9868477444 <+91%2098684%2077444>
>>> Skype ID:erajay
>>> P-mail: joinajay1 at gmail.com
>>> .
>>> Please don't print this email unless you really need to. This will
>>> preserve trees on our planet.
>>>
>>>
>>>
>>>
>>>
>>> --
>>>
>>>  Jonathan
>>>
>>
>>
>>
>> --
>>
>> (M) +91-9868477444 <098684%2077444>
>> Skype ID:erajay
>> P-mail: joinajay1 at gmail.com
>> .
>> Please don't print this email unless you really need to. This will
>> preserve trees on our planet.
>>
>
>
>
> --
>
> (M) +91-9868477444 <+91%2098684%2077444>
> Skype ID:erajay
> P-mail: joinajay1 at gmail.com
> .
> Please don't print this email unless you really need to. This will
> preserve trees on our planet.
>

Re: [dpdk-users] what is the average latency you get for io forwarding from dpdk?

[dave seddon]

There's an interesting video about speed:
https://youtu.be/ne3svryuthI

On Jan 17, 2017 12:28 AM, "Marco Kwok"  wrote:

> Hello all,
>
> I wonder if anyone could get a relative low latency from dpdk on 1gb link.
>
> When using testpmd, an packet of 150 bytes is sent, packet is received by
> the port and loopback to the sender.
> I usually could get 50us for io forward. Sometime it can be as fast as 3us.
> However it is too slow to be used for switching application.
>
> My test platform is on a intel NUC NUC5I5RYH, which has i5 5250U 1.6GHz,
> 16GB DDR3 and i218-V network chip. dpdk 16.07.2
>
>
> I have done the following things try to get a better latency with no luck:
> -setup 1G hugepages
> -disable cpu frequency scaling to make sure cpu runs at max speed of 2.7GHz
> -isolate a cpu core from kernel task scheduler by isolcpus
> -setting the burst size of testpmd to 1
>
> Guys, I really want your input. I don't need high throughput but low
> latency. Does anyone of you have been able to achieve a lower latency with
> dpdk? I don't see the advantage I have taken from dpdk now.
>
> Best,
> Mark
>

Re: OSPF socket error on "bge0" invalid argument

[dave seddon]

Just a guess "pointopoint" -> "pointtopoint"

On Dec 30, 2016 5:04 PM, "David S."  wrote:

> Dear All,
>
> I have trouble to establish ospf on BIRD 1.6.3 using FreeBSD 11 amd64,
> here is my topology and BIRD configuration:
>
> router-a -- router-b (directly connected use cat6)
>
> router-a: 10.22.40.17/30
> router-b: 10.22.40.18/30
>
> bird.conf in router-a
>
> router id 10.5.16.1;
> debug all;
> import filter ospf_in_routerb;
> export filter ospf_out_routerb;
> tick 2;
> area 0 {
>interface "bge0" {
> stub;
> cost 5;
> hello 10; retransmit 2; wait 10; dead 40;
> type pointopoint;
> };
>networks {
> 103.22.40.16/30;
> };
>interface "*" {
> cost 1000;
> stub;
> };
> };
> }
>
> bird.conf in routerb
>
> router id 10.5.16.2;
> debug all;
> import filter ospf_in_routera;
> export filter ospf_out_routera;
> tick 2;
> area 0 {
>interface "bge0" {
> stub;
> cost 5;
> hello 10; retransmit 2; wait 10; dead 40;
> type pointopoint;
> };
>networks {
> 103.22.40.16/30;
> };
>interface "*" {
> cost 1000;
> stub;
> };
> };
> }
>
> I found the following error message from bird.log:
>
> 2016-12-31 07:52:38  ospf1: Socket error on bge0: Invalid argument
> 2016-12-31 07:52:43  ospf1: Socket error on bge0: Invalid argument
> 2016-12-31 07:52:48  ospf1: Socket error on bge0: Invalid argument
> 2016-12-31 07:52:53  ospf1: Socket error on bge0: Invalid argument
> 2016-12-31 07:52:57  ospf1: Socket error on bge0: Invalid argument
> 2016-12-31 07:53:03  ospf1: Socket error on bge0: Invalid argument
> 2016-12-31 07:53:07  ospf1: Socket error on bge0: Invalid argument
> 2016-12-31 07:53:13  ospf1: Socket error on bge0: Invalid argument
> 2016-12-31 07:53:18  ospf1: Socket error on bge0: Invalid argument
> 2016-12-31 07:53:22  ospf1: Socket error on bge0: Invalid argument
> 2016-12-31 07:53:27  ospf1: Socket error on bge0: Invalid argument
> 2016-12-31 07:53:28  ospf1: Socket error on bge0: Invalid argument
>
> Show ospf:
>
> bird> show ospf
> ospf1:
> RFC1583 compatibility: disabled
> Stub router: No
> RT scheduler tick: 2
> Number of areas: 1
> Number of LSAs in DB:   260
> Area: 0.0.0.0 (0) [BACKBONE]
> Stub:   No
> NSSA:   No
> Transit:No
> Number of interfaces:   25
> Number of neighbors:0
> Number of adjacent neighbors:   0
> Area networks:
>  10.22.40.16/30  Advertise
>
> bird> show protocols all ospf1
> name prototablestate  since   info
> ospf1OSPF master   up 07:53:28Alone
>   Router ID:  10.8.60.1
>   Preference: 150
>   Input filter:   ospf_in_routerb
>   Output filter:  ospf_out_routerb
>   Routes: 25 imported, 259 exported, 0 preferred
>   Route change stats: received   rejected   filteredignored
> accepted
> Import updates: 25  0  0  0
>   25
> Import withdraws:0  0---  0
>0
> Export updates: 630587  0 630328---
>  259
> Export withdraws:   22---------
>0
>
> Why ospf neighbor can't established?
> I'm new to ospf and really need help.
>
> Thank you
>
> Best regards,
> David S.
> 
> e. da...@zeromail.us
> w. pnyet.web.id
>

[dpdk-users] Question regarding packet availability

[dave seddon]

G'day,

BGP peers can advertise routes with a next-hop of a 3rd party neighbor.
This is often used at IX peering peering points across a Ethernet switch
with a route-reflector (RR).  The peers all advertise routes to the RR, and
then the RR send the routes to all the other peers with the next hop not of
the RR, but of the 3rd party neighbor.

Using this, you should be able to use a different NIC on your host machine,
or different machine all together, to run Bird/Quagga BGP to advertise
multiple routes with the next hop IP of our DPDK process(es) using a
different NICs.  This way you won't need to (re)implement a BGP solution in
DPDK.

Info about 3rd party neighbors here with pictures, and it's obviously also
covered in detail within the BGP RFCs:
http://blog.ine.com/2010/09/02/understanding-third-party-next-hop/

You should think carefully about the health checking, and could also
consider that your BGP process could adjust the bandwidth to the different
next hop IPs taking advantage of Link Bandwidth Extended communities which
you can advertise with Bird and both Juniper and Cisco support from an ECMP
perspective:
http://bird.network.cz/pipermail/bird-users/2014-December/009456.html

Hope this helps, as your project sounds interesting.

Kind regards,
Dave

On Thu, Jul 28, 2016 at 3:00 AM, yingzhi  wrote:

> Hi All,
>
>
> I'm new to DPDK and would like to ask some quick questions.
> We are trying to develop a Load Balance solution that take advantage of
> ECMP with BGP, so there is a BGP process running on our LB node, and we'd
> like to use DPDK to improve packet processing performance.
> The questions is, if DPDK bind to a interface, can it still
> sending/receiving BGP packets or I need a separate interface dedicated for
> BGP? In the later case, can the BGP process still aware of the DPDK bond
> port's network and announce that network to uplink router?
>
>
> Any comment/advice is appreciated.
>
>
> Thanks in advance.




-- 
Regards,
Dave Seddon
+1 415 857 5102

Re: Enhanced Route Refresh Capability (rfc7313)

[dave seddon]

Greetings,

If this is truly a bug in Juniper, I'd be happy to log the bug with them.
We'd just need to supply them the tcpdump and reference the RFC where it
says this isn't mandatory.

Kind regards,
Dave Seddon

On Tue, Jun 23, 2015 at 5:37 AM, Raphael Mazelier r...@futomaki.net wrote:



 Le 23/06/15 15:29, Ondrej Zajicek a écrit :


 I considered such option for 1.5.0 but thought it would be unnecessary.
 I will probably reconsider that.



 It seems that juniper router misbehave on this. So it could be a good one.

 --
 Raphael Mazelier

Re: Inject BGP routes with non directly-connected next-hop

[dave seddon]

That's the difference between iBGP and eBGP:

https://tools.ietf.org/html/rfc4271#section-5.1.3

On Tue, Apr 7, 2015 at 5:39 AM, Jan Huňka jan.hu...@gmail.com wrote:

 Hello,

 I'm currently trying to configure BIRD for BGP injection. Routes which are
 added on BIRD should be distributed to specified neighbor router (in this
 case Cisco) and added to it's routing table. I also need to specify
 next-hop IP address of these routes, because injected routes should divert
 the matching traffic through another way until BIRDS stops to distribute
 these routes.

 I was able to configure BIRD to inject these routes with specified
 next-hop using internal BGP. But I also need it to work with external BGP.
 The problem is that the next-hop IP of injected routes is a directly
 connected network of the Cisco router and not BIRD's. BIRD doesn't know
 anything about this network. So the question is, is it possible to inject
 routes from BIRD to Cisco router using external BGP with next-hop IP
 address, which is not directly connected to the BIRD router?

 I should add that the BGP injection using external BGP works too, but only
 If the next-hop IP is a directly connected network od the BIRD router.

 Thank you for any advice.

 Jan Huňka


 Configuration of BIRD:

 protocol device {
 scan time 10;
 }

 protocol static static_10 {
 route 5.100.100.0/24 reject;
 }

 # filters section (DO NOT REMOVE!)
 filter filter_10 {
 if ( proto = static_10 ) then {
 bgp_community.add((25511,444));
 bgp_next_hop=3.100.100.1;
 accept;
 } else {
  reject;
 }
 }

 protocol bgp bgp_10 {
 local as 25511;
 neighbor Y.Y.Y.Y as 25512;
 import all;
 export filter filter_10;
 }

 Configuration of the bgp process on the CISCO router:

 router bgp 25512
  neighbor X.X.X.X remote-as 25511
 !
 address-family ipv4
   neighbor X.X.X.X activate
   no auto-summary
 !

Re: BGP multipath support

[dave seddon]

Thanks.  You mean: https://tools.ietf.org/html/rfc6774 ?




On Tue, Dec 23, 2014 at 1:12 AM, Raphael Mazelier r...@futomaki.net wrote:


 I completly agree, lack of multipath could be a show stopper.
 To dave : for installing multiple path in the routing table of the server
 (analogy to juniper = fib) , bird has to accept mulitple path in his own
 routing tables (rib).



 Le 23/12/14 10:02, David Barroso a écrit :

 Add-path and multipath are two completely different things.

 Does someone know if there are plans around it? I was evaluating running
 bird on the DC but without multipath support that will be impossible. I
 prefer bird 100 times over quagga but I might not have any option as I
 need BGP multipath support.

 On Mon, Dec 22, 2014 at 12:21 AM, dave seddon dave.seddon...@gmail.com
 mailto:dave.seddon...@gmail.com wrote:

 Greetings,

 Bird will just carry the routes, and distribute this information to
 your routers.  Your routers will install the routes, and then
 depending on the router and configuration, the router could install
 multiple routes via multiple paths. However, if you are using the
 Linux machine itself as a router, then I think the options for multi
 path aren't like a router.  e.g. Not per flow ECMP.  Just per packet.

 Kind regards,
 Dave

 On Sun, Dec 21, 2014 at 9:39 AM, Raphael Mazelier r...@futomaki.net
 mailto:r...@futomaki.net wrote:

 Le 19/12/2014 09:55, David Barroso a écrit :

 Hello,
 I was planning to use bird within my DC as my routing protocol
 but apparently BGP multipath is not supported. Is that
 correct? Do you know if there there are any plans to support it?

 Thanks!
 David


 As far as I know bgp multipath is not  implemented in bird.
 Someone to confirm ?
 However bgp add path is now implemented, which it could be used
 as an alternative.

 Regards,

 --
 Raphael Mazelier

Re: BGP multipath support

[dave seddon]

Greetings,

Bird will just carry the routes, and distribute this information to your
routers.  Your routers will install the routes, and then depending on the
router and configuration, the router could install multiple routes via
multiple paths. However, if you are using the Linux machine itself as a
router, then I think the options for multi path aren't like a router.  e.g.
Not per flow ECMP.  Just per packet.

Kind regards,
Dave

On Sun, Dec 21, 2014 at 9:39 AM, Raphael Mazelier r...@futomaki.net wrote:

  Le 19/12/2014 09:55, David Barroso a écrit :

 Hello,
 I was planning to use bird within my DC as my routing protocol but
 apparently BGP multipath is not supported. Is that correct? Do you know if
 there there are any plans to support it?

  Thanks!
 David


 As far as I know bgp multipath is not  implemented in bird. Someone to
 confirm ?
 However bgp add path is now implemented, which it could be used as an
 alternative.

 Regards,

 --
 Raphael Mazelier

[Qemu-devel] qemu - SCSI disk Device Model, Serial Number, and Firmware Version?

[Dave Seddon]

Greetings,

Just wondering if it would be difficult to add the ability to define the
SCSI disk Device Model, Serial Number, and Firmware Version.  I've
been using the '-device lsi' successfully to emulate the LSI controller,
but now I want to emulate certain disks too.

e.g.  I've been using this:
---
...
-drive 
if=none,id=disk00,file=/home/das/documents/qemu/disk00.img.qcow,media=disk,cache=writeback
 \
-device lsi \
-device scsi-disk,drive=disk00,bus=scsi.0 \
...
---


The reason this would be really cool is that tools like smartmontools
seem to match on the Device Model, and the device-model QEMU hasn't
made it into the list yet.

I found hunting around the net that somebody has tried to make this
work.  I'm not sure if it works.
'-drive ...,serial=xyz'



This is how the QEMU disks are currently seen in dmesg:
---
scsi 0:0:0:0: Direct-Access QEMU QEMU HARDDISK0.12 PQ: 0
ANSI: 3
 target0:0:0: tagged command queuing enabled, command queue depth 16.
 target0:0:0: Beginning Domain Validation
 target0:0:0: Domain Validation skipping write tests
 target0:0:0: Ending Domain Validation
---

This is an example of a real disk, that I would like to 'fake':
---
scsi 2:0:0:0: Direct-Access ATA  ST3500320NS  SN06 PQ: 0 ANSI: 5
sd 2:0:0:0: [sda] 976773168 512-byte hardware sectors (500108 MB)
sd 2:0:0:0: [sda] Write Protect is off
sd 2:0:0:0: [sda] Mode Sense: 73 00 00 08
sd 2:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support 
DPO or FUA
sd 2:0:0:0: [sda] 976773168 512-byte hardware sectors (500108 MB)
sd 2:0:0:0: [sda] Write Protect is off
sd 2:0:0:0: [sda] Mode Sense: 73 00 00 08
sd 2:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support 
DPO or FUA
---


Here's an example of the nasty/QEMU output of smartmontools:
---
# smartctl -d sat --all /dev/sg0
smartctl version 5.38 [i686-spcdn-linux-gnu] Copyright (C) 2002-8 Bruce Allen
Home page is http://smartmontools.sourceforge.net/

=== START OF INFORMATION SECTION ===
Device Model: [No Information Found]
Serial Number:[No Information Found]
Firmware Version: �
Device is:Not in smartctl database [for details use: -P showall]
ATA Version is:   1
ATA Standard is:  Exact ATA specification draft version not indicated
Local Time is:Tue Jun  7 16:57:08 2011 UTC
SMART is only available in ATA Version 3 Revision 3 or greater.
We will try to proceed in spite of this.
SMART support is: Ambiguous - ATA IDENTIFY DEVICE words 82-83 don't show if 
SMART supported.
  Checking for SMART support by trying SMART ENABLE command.
  SMART ENABLE appeared to work!  Continuing.
SMART support is: Ambiguous - ATA IDENTIFY DEVICE words 85-87 don't show if 
SMART is enabled.
A mandatory SMART command failed: exiting. To continue, add one or more '-T 
permissive' options
---


Here's an example of the output of smartmontools from a real disk:
---
# smartctl -d sat --all /dev/sg1
smartctl version 5.38 [i686-spcdn-linux-gnu] Copyright (C) 2002-8 Bruce
Allen
Home page is http://smartmontools.sourceforge.net/

=== START OF INFORMATION SECTION ===
Device Model: ST3500320NS --- CAN WE SIMULATE THIS?
Serial Number:9QMCAMS6--- AND THIS?
Firmware Version: SN06--- AND THIS?
User Capacity:500,107,862,016 bytes
Device is:Not in smartctl database [for details use: -P showall]
ATA Version is:   8
ATA Standard is:  ATA-8-ACS revision 4
Local Time is:Tue Jun  7 06:01:29 2011 UTC
SMART support is: Available - device has SMART capability.
SMART support is: Enabled
---



Looking in the source, I can see that the QEMU HARDDISK for example is
statically defined.  Would this be difficult to make an option for the
'-drive '?
---
[root@tester hw]# grep -R 'QEMU' scsi-disk.c
QEMUIOVector qiov;
QEMUBH *bh;
memcpy(outbuf[16], QEMU CD-ROM , 16);
memcpy(outbuf[16], QEMU HARDDISK   , 16);
memcpy(outbuf[8], QEMU, 8);
s-version = qemu_strdup(QEMU_VERSION);
---

Kind regards,
Dave Seddon
d...@seddon.ca

Re: [Qemu-devel] qemu - SCSI disk Device Model, Serial Number, and Firmware Version?

[Dave Seddon]

Greetings,

Thanks for all the responses.

Overall it sounds like supporting this is capability would be fairly
easy.  However, Sadly for me it sounds like this won't be useful to
people generally unless they are trying to virtulize something that
relies on these codes. 

Answers to:

Paulo:

Statement:  Here we should perhaps try to improve the ATA emulation.
Response:  It would probably be helpful to improve both SCSI and ATA
emulation.


Markus:

Question:  That's not what I see.  What version of QEMU are you using?
Answer:  Using current package for Ubuntu 0.12.5 (that's probably a bad
word, give all the @redhat emails. sorry :) )  What do you see?  I did
download the source and check, hence the grep snippet.

Statement:  No.  Hardcoded to QEMU HARDDISK   .
Response:  Why couldn't this be a configuration item?

Thanks for your reference to: docs/qdev-device-use.txt
And also for the 'scsi-hd' example.  I can't see why, if the
serial=S,ver=V options are supported, that model= couldn't also be
added.  - I will try this.

Statement:  Doubt it would be difficult.  But would it be useful?
Agree with what your saying about specific calls, however, in my case
I'm trying to run a vendor supplied image which only supports certain
disks.  It is currently borking because it doesn't like the disks.  I
strongly doubt it does any disk specific calls.  They are doing this to
stop us installing disks bigger than 500GB, for example.  I'm trying to
make appliance software run virtually.


Kevin:
Q:  But this is scsi-disk - what does smartctl even try here?
A:  True.  SMART only applied to ATA.  I should not have included this
smartctl example, however the 'dmesg' output is still relevant.




Kind regards,
Dave Seddon

On Tue, 2011-06-07 at 17:04 +1000, Dave Seddon wrote:
 Greetings,
 
 Just wondering if it would be difficult to add the ability to define the
 SCSI disk Device Model, Serial Number, and Firmware Version.  I've
 been using the '-device lsi' successfully to emulate the LSI controller,
 but now I want to emulate certain disks too.
 
 e.g.  I've been using this:
 ---
 ...
   -drive 
 if=none,id=disk00,file=/home/das/documents/qemu/disk00.img.qcow,media=disk,cache=writeback
  \
   -device lsi \
   -device scsi-disk,drive=disk00,bus=scsi.0 \
 ...
 ---
 
 
 The reason this would be really cool is that tools like smartmontools
 seem to match on the Device Model, and the device-model QEMU hasn't
 made it into the list yet.
 
 I found hunting around the net that somebody has tried to make this
 work.  I'm not sure if it works.
 '-drive ...,serial=xyz'
 
 
 
 This is how the QEMU disks are currently seen in dmesg:
 ---
 scsi 0:0:0:0: Direct-Access QEMU QEMU HARDDISK0.12 PQ: 0
 ANSI: 3
  target0:0:0: tagged command queuing enabled, command queue depth 16.
  target0:0:0: Beginning Domain Validation
  target0:0:0: Domain Validation skipping write tests
  target0:0:0: Ending Domain Validation
 ---
 
 This is an example of a real disk, that I would like to 'fake':
 ---
 scsi 2:0:0:0: Direct-Access ATA  ST3500320NS  SN06 PQ: 0 ANSI: 5
 sd 2:0:0:0: [sda] 976773168 512-byte hardware sectors (500108 MB)
 sd 2:0:0:0: [sda] Write Protect is off
 sd 2:0:0:0: [sda] Mode Sense: 73 00 00 08
 sd 2:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support 
 DPO or FUA
 sd 2:0:0:0: [sda] 976773168 512-byte hardware sectors (500108 MB)
 sd 2:0:0:0: [sda] Write Protect is off
 sd 2:0:0:0: [sda] Mode Sense: 73 00 00 08
 sd 2:0:0:0: [sda] Write cache: enabled, read cache: enabled, doesn't support 
 DPO or FUA
 ---
 
 
 Here's an example of the nasty/QEMU output of smartmontools:
 ---
 # smartctl -d sat --all /dev/sg0
 smartctl version 5.38 [i686-spcdn-linux-gnu] Copyright (C) 2002-8 Bruce Allen
 Home page is http://smartmontools.sourceforge.net/
 
 === START OF INFORMATION SECTION ===
 Device Model: [No Information Found]
 Serial Number:[No Information Found]
 Firmware Version: �
 Device is:Not in smartctl database [for details use: -P showall]
 ATA Version is:   1
 ATA Standard is:  Exact ATA specification draft version not indicated
 Local Time is:Tue Jun  7 16:57:08 2011 UTC
 SMART is only available in ATA Version 3 Revision 3 or greater.
 We will try to proceed in spite of this.
 SMART support is: Ambiguous - ATA IDENTIFY DEVICE words 82-83 don't show if 
 SMART supported.
   Checking for SMART support by trying SMART ENABLE command.
   SMART

Re: FreeBSD route tables limited 16?

[Dave Seddon]

Greetings,

Thanks for the quick response.

It sounds like dedicating some space for this in the mbuf would be the
best way forward, but the question is how much.  I'm worried that most
freebsd users won't go for lots of route tables, which is why you went
for 4 bits originally.

Within the network service provider space there is frequently a
requirement for lots of virtual-routing with MPLS.  I imagine there are
others in my situation, including vendors and people working on
equipment like Cisco/Juniper/Lucatel.

Regarding the size to dedicate, the best number might be 12 bits or
4096.  This would allow a route table per VLAN on a 802.1q interface.
(Actually I'm lying a little because the first and last vlan IDs aren't
usable :) ).

Perhaps a separate option for non-common users who want many route
tables would be best.  e.g.

GIANT_ROUTETABLES=12

Seems like there would need to be changes in multiple places although
perhaps this list isn't exhaustive.  So far the files to edit are:
/usr/src/sys/net/route.h
/sys/sys/mbuf.h


Regarding firewalls and these multiple route tables, have you considered
having a separate firewall rule table per route table?


I haven't looked at the vnet jails, yet.  Will do.  Thanks.

Kind regards,
Dave

-Original Message-
From: Julian Elischer jul...@elischer.org
To: d...@seddon.ca
Cc: Andrew Hannam andr...@itsallaboutbiz.com, FreeBSD Net
n...@freebsd.org, Robert Watson rwat...@freebsd.org
Subject: Re: FreeBSD route tables limited 16?
Date: Mon, 13 Sep 2010 17:56:37 -0700
Mailer: Mozilla/5.0 (Macintosh; U; PPC Mac OS X 10.4; en-US; rv:1.9.2.9)
Gecko/20100825 Thunderbird/3.1.3

On 9/13/10 5:18 PM, Dave Seddon wrote:
 Greetings Julian,

 I've been wondering if it's possible to increase the number of FreeBSD
 route tables to a larger number.  It seems this is currently 4 bits,
 however I was wondering about perhaps 16 bits?


Yes the code is designed to handle many more and if you do
create more then everything SHOULD handle it.
The bottleneck is that we need to store an associated fib with
each outgoing (or for that matter incoming) packet, bit we do not at
this time want to dedicate a whole word in the mbuf to the task.
My hack for 8.x (before it was done) was to hide the information
in the flags word of the mbuf.
I only took 4 bits to make sure I didn't trample on other
people's use of bits there. The plan is/was to make a separate
entry in the mbuf some time after 7.x branched (say, now for
example :-)  )
you could just steal more bits for now, but if you take 8 bits
there will only be one spare.

(see /sys/sys/mbuf.h)

It may just be time to bite the bullet and steal the entry.

Out of curiosity, why do you need  16 fibs?

have you considered using vnet jails a well?




 /* MRT compile-time constants */
 #ifdef _KERNEL
   #ifndef ROUTETABLES
#define RT_NUMFIBS 1
#define RT_MAXFIBS 1
   #else
/* while we use 4 bits in the mbuf flags, we are limited to 16 */
#define RT_MAXFIBS 16
#if ROUTETABLES  RT_MAXFIBS
 #define RT_NUMFIBS RT_MAXFIBS
 #error ROUTETABLES defined too big
#else
 #if ROUTETABLES == 0
  #define RT_NUMFIBS 1
 #else
  #define RT_NUMFIBS ROUTETABLES
 #endif
#endif
   #endif
 #endif

 Really liked your announcement years ago:
 http://lists.freebsd.org/pipermail/freebsd-arch/2007-December/007331.html

 Kind regards,
 Dave Seddon
 +61 447 SEDDON
 d...@seddon.ca

 -Original Message-
 From: Andrew Hannamandr...@itsallaboutbiz.com
 To: d...@seddon.ca
 Subject: RE: FreeBSD route tables - limited to 16 :(
 Date: Mon, 13 Sep 2010 15:55:47 +1000
 Mailer: Microsoft Office Outlook 12.0

 I think the gentleman is confusing route-tables with routes.
 150K routes is easily possible but it is obvious there is currently only 
 support for up to 16 route tables.

 I think that you are right and the number of bits will need to be updated.

 I don't know the answer to the 'route leaking' question and it has been a 
 long time since I looked at this code.

 You really need to speaking the specialist responsible for the multiple route 
 table code. This person should be clearly marked in the code headers.

 I'm guessing that no-one has thought about using it the way you are planning 
 to use it.

 If I get some time I will have a look - but don't hold your breath.

 Regards,
 Andrew.

 -Original Message-
 From: Dave Seddon [mailto:d...@seddon.ca]
 Sent: Saturday, 11 September 2010 12:52 AM
 To: Aldous, Matthew D
 Cc: d...@seddon.ca; Andrew Hannam; Truman Boyes
 Subject: RE: FreeBSD route tables - limited to 16 :(

 Greetings,

 I'm guessing we need to adjust the number of bits defined for the route
 table in the mbufs structure definition (where ever that is), then we
 can update the route.h to match.

 I guess really we should make the mbufs codes _and_ route.h code pickup
 the KERNCONF definition of the variable ROUTETABLES.

 Andrew - thoughts on this?

 I'm not sure if the firewall rules allow you

ipf ttl question

[Dave+Seddon]

Greetings, 

I'm running ipf+ipnat and proftp.  I'm encountering a problem where the data 
connection is working fine, however because there's a large tranfer no data 
is tranferred on port 21, so the port 21 session dies (ttl expires). 

The transfer is running now. 

How can I change the ttl on the port 21 session, without dropping the 
session?
Or can I change the ruleset to allow everything without dropping the 
session? 


Regards,
Dave
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: dummynet, em driver, device polling issues :-((

[Dave+Seddon]

Greetings, 

The default values are based on 100 MB/s fxp driver.  Luigi did heaps of 
work a few years ago on this, and arrived at these values after lots of 
testing (i think).  (I also remember reading some interesting stuff where he 
had fxp and a 3com card and was testing to see how many frames he could push 
out of each differnet card - fxp won!).  Given we're now running 1000MB/s em 
cards, it might be safe to say you can increase the defaults by 10.  You 
have to edit the source to change some of the defaults: 


/usr/src/sys/kern/kern_poll.c
#define MIN_POLL_BURST_MAX  100
#define MAX_POLL_BURST_MAX  1 

I tried doing this, but encountered the problems with the throughput somehow 
related to the em cards and gave up.  Maybe you're results will be better. 


Regards,
Dave Seddon 




Ferdinand Goldmann writes: 

Kevin Day wrote: 

In one case, we had a system acting as a router. It was a Dell PowerEdge 
2650, with two dual server adapters. each were on separate PCI busses. 
3 were lan links, and one was a wan link. The lan links were 
receiving about 300mbps each, all going out the wan link at near 
900mbps at peak. We were never able to get above 944mbps, but I never 
cared enough to figure out where the bottleneck was there.


944mbps is a very good value, anyway. What we see in our setup are 
throuput rates around 300mbps or below. When testing with tcpspray, 
throughput hardly exceeded 13MB/s. 

Are you running vlans on your interface? Our em0-card connects several 
sites together, which are all sitting on separate vlan interfaces for 
which the em0 acts as parent interface. 


This was with PCI-X, and a pretty stripped config on the server side.


Maybe this makes a difference, too. We only have a quite old xSeries 330 
with PCI and a 1.2GHz CPU. 



Nothing fancy on polling, i think we set HZ to 1


Ten-thousand? Or is this a typo, and did you mean thousand? 

This is weird. :-( Please, is there any good documentation on tuning 
device polling? The man page does not give any useful pointers about 
values to use for Gbit cards. I have already read things about people 
using 2000, 4000HZ ... Gaaah! 

I tried with 1000 and 2000 so far, without good results. It seems like 
everybody makes wild assumptions on what values to use for polling. 

, turned on idle_poll, and set user_frac to 10 because we had some cpu 
hungry tasks that were not a high priority.


I think I red somewhere about problems with idle_poll. How high is your 
burst_max value? Are you seeing a lot of ierrs? 

*sigh* :-( confusing. 


--
 Ferdinand Goldmann     |  |
 EMail:  [EMAIL PROTECTED]   |--00  |UNIX  |
 Tel. : +43/732/2468/9398 Fax. : +43/732/2468/9397   C   ^  |  |
 EMail:  [EMAIL PROTECTED]\ ~/  ~~~|
 PGP D4CF 8AA4 4B2A 7B88 65CA  5EDC 0A9B FA9A 13EA B993| |-3
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: dummynet, em driver, device polling issues :-((

[Dave+Seddon]

Jeremie,
Sorry for top posting.  My time machine is broken :) 


Kevin,
You mention your running at near line rate.  What are you pushing or 
pulling?  Whats the rough spec of these machines pushing out this much data? 
What setting do you have for the polling?  I've been trying to do near line 
rate and can't even get close with new HP-DL380s (Single 3.4 Ghz Xeon).  I 
think the PCI bus might be the problem.  The em Intel NICs I found to be 
very slow and stop after about 3 hours.  - The Intel NICs I have are dual 
port, although they end up on seperate IRQs. 


-
cat /var/run/dmesg | grep em
em0: Ethernet address: 00:11:0a:57:70:fa
em0:  Speed:N/A  Duplex:N/A
em1: Intel(R) PRO/1000 Network Connection, Version - 1.7.35 port 
0x5040-0x507f mem 0xfde6-0xfde7 irq 73 at device 1.1 on pci6

em1: Ethernet address: 00:11:0a:57:70:fb
em1:  Speed:N/A  Duplex:N/A
em2: Intel(R) PRO/1000 Network Connection, Version - 1.7.35 port 
0x6000-0x603f mem 0xfdf8-0xfdfb,0xfdfe-0xfdff irq 97 at 
device 1.0 on pci10

em2: Ethernet address: 00:11:0a:57:73:6a
em2:  Speed:N/A  Duplex:N/A
em3: Intel(R) PRO/1000 Network Connection, Version - 1.7.35 port 
0x6040-0x607f mem 0xfdf6-0xfdf7 irq 98 at device 1.1 on pci10

em3: Ethernet address: 00:11:0a:57:73:6b
em3:  Speed:N/A  Duplex:N/A
-
ps ax | grep em
 84  ??  WL 0:00.00 [irq73: em1]
 85  ??  WL 0:00.00 [irq74: em0]
108  ??  WL 0:00.00 [irq97: em2]
109  ??  WL 0:00.00 [irq98: em3]
-- 


Ferdinand,
After giving up on the Intel cards in the DL380s I started using the onboard 
broadcom cards (bge).  They work great, although I don't seem to be able to 
get near line rate either.  I've been severing up  10 files from MFS via 
thttpd.  I get about 80MB/s only.  :( 


Regards,
Dave 



Jeremie Le Hen writes: 

Hi Benjamin, Ferdinant, 


(Please avoid top-posting, this reverts the flow of the conversation
and make the whole thread difficult to follow.) 

i have been messing with the em driver now for over a month, ive come to 
the conclusion is a piece of crap.  if you watch on this list every 
other day you have someone saying there em driver is causing some sort 
of error, this should not be on a nic from a company like intel.  im 
saddly contimplating moving over to fedora right now just so i can work 
until 6.0 comes out (which i doubt will solve the problem anyway since 
im using the drivers from 6.0 now and there not helping out either).  
somebody really needs to look into this and find out what the hell is 
going on as i consider this a major problem right now.


em(4) is known to be full of problems, it would indeed require someone
taking the maintainership of the driver and then reworking it a bit. 



After you experience your problems, can you do sysctl -w 
hw.em0.stats=1 and sysctl -w hw.em0.debug_info=1 and post what 
gets dumped to your syslog/dmesg output?



em0: Excessive collisions = 0
em0: Symbol errors = 0
em0: Sequence errors = 0
em0: Defer count = 11
em0: Missed Packets = 0
em0: Receive No Buffers = 0
em0: Receive length errors = 0
em0: Receive errors = 0
em0: Crc errors = 0
em0: Alignment errors = 0
em0: Carrier extension errors = 0
em0: XON Rcvd = 11
em0: XON Xmtd = 0
em0: XOFF Rcvd = 11
em0: XOFF Xmtd = 0
em0: Good Packets Rcvd = 283923273
em0: Good Packets Xmtd = 272613648
em0: Adapter hardware address = 0xc12cfb48
em0:CTRL  = 0x58f00249
em0:RCTL  = 0x8002 PS=(0x8402)
em0:tx_int_delay = 66, tx_abs_int_delay = 66
em0:rx_int_delay = 0, rx_abs_int_delay = 66
em0: fifo workaround = 0, fifo_reset = 0
em0: hw tdh = 173, hw tdt = 173
em0: Num Tx descriptors avail = 256
em0: Tx Descriptors not avail1 = 0
em0: Tx Descriptors not avail2 = 0
em0: Std mbuf failed = 0
em0: Std mbuf cluster failed = 0
em0: Driver dropped packets = 0

We're using polling on nearly all the servers, and don't see ierrs at 
all. 



Hm. That's strange. The above values were gathered with polling 
disabled. As soon as I enable polling, ierrs on the em0 interface are 
rising:


em0: Excessive collisions = 0
em0: Symbol errors = 0
em0: Sequence errors = 0
em0: Defer count = 11
em0: Missed Packets = 39
em0: Receive No Buffers = 2458
em0: Receive length errors = 0
em0: Receive errors = 0
em0: Crc errors = 0
em0: Alignment errors = 0
em0: Carrier extension errors = 0
em0: XON Rcvd = 11
em0: XON Xmtd = 4
em0: XOFF Rcvd = 11
em0: XOFF Xmtd = 43
em0: Good Packets Rcvd = 315880003
em0: Good Packets Xmtd = 303985941
em0: Adapter hardware address = 0xc12cfb48
em0:CTRL  = 0x58f00249
em0:RCTL  = 0x8002 PS=(0x8402)
em0:tx_int_delay = 66, tx_abs_int_delay = 66
em0:rx_int_delay = 0, rx_abs_int_delay = 66
em0: fifo workaround = 0, fifo_reset = 0
em0: hw tdh = 57, hw tdt = 57
em0: Num Tx descriptors avail = 249
em0: Tx Descriptors not avail1 = 0
em0: Tx Descriptors not avail2 = 0
em0: Std mbuf failed = 0
em0: Std mbuf cluster failed = 0
em0: Driver dropped packets = 0


Can you tell me 

Re: Which em(4) chips work/don't work? [Was: RE: dummynet, em driver, device polling issues :-((]

[Dave+Seddon]

Under 5.4 this revision of the em card doesn't work: 82546EB 



[EMAIL PROTECTED]:1:0:   class=0x02 card=0x00db0e11 chip=0x10108086 rev=0x01 
hdr=0x00

  vendor   = 'Intel Corporation'
  device   = '82546EB Dual Port Gigabit Ethernet Controller (Copper)'
  class= network
  subclass = ethernet
 

Dave 



Darren Pilgrim writes: 

[Reflowed] 


From: Benjamin Rosenblum

Darren Pilgrim wrote:


I'd be interested in finding out the specific chips with which people
are (not) having success.  As em(4) supports an entire family of
products, rather than a single chip, it may be that some chips have
quirks or other gotchas the driver needs to address.  It certainly
wouldn't be the first occurance of revision-specific bugs.


my non working card is 82547EI aka 1000CT.


Under which version(s) of FreeBSD is it not working? 


Would an official person care to chime in about putting together a card/chip
vs. em(4) bugs matrix? 



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: problems with em(4)

[Dave+Seddon]

Greetings, 


M The problem is:
M 
M  After the system run about 3 hours, there will be large Ierrs

M  The system is not heavy loaded, incoming rates of em0 is less
M than 150Mbits/s. em1 and em2 are not connected.
M 
M  After 3 hours, the ierrs raise quickly every 1 minutes!
M 
M  I think is a problem with em(4) driver.
M 
M  Anyone meet such condition?


Yes.  Lots of people.  3 hours does seem to be the magic number, regardless 
of the volumne of traffic. 

I'm interested in what you do sniffing 150MB/s.  Normally libpcap can't 
handle that amount of traffic. 


Regards,
Dave Seddon
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: tcpdump based packet generator

[Dave+Seddon]

Greetings, 

Yes I was wondering about doing that the other day.  I'd like to here how 
you go if you do get somewhere.  Perhaps this is how the load generators 
work?  I've been using one based on SmartBits, which seems to be linux. 

Dave 



Nickolay Kritsky writes: 

combination of tcpdump and nemesis may do the trick 

Nick 


-Original Message-
From: det_re [mailto:[EMAIL PROTECTED] 
Sent: Friday, September 30, 2005 7:53 AM

To: freebsd-net@freebsd.org
Subject: tcpdump based packet generator 


has anyone seen or implemented packet generator
capable of reading tcpdump trace file and resend the
packets back into the wire through bpf in freebsd box?
  

 



__ 
Yahoo! Mail - PC Magazine Editors' Choice 2005 
http://mail.yahoo.com

___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED] 


___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: arplookup problems

[Dave+Seddon]

There seem to be serious issues around this driver.  There have been many 
posts on this list in the last days particularly, as well as over the last 
few months.  People seem to be looking at it, and I guess once we all rush 
out and by other (e.g. broadcom) NICs intel might try to help. 

dave 



Daemon writes: 


I hope this is the correct list to post to, if not, I apologize.  I've
had an ongoing problem with arplookup for some months now and as of yet,
haven't been able to find anything on the web concerning my particular
problem.  Every 24 hours, almost to the minute, I get the following errors; 


*Note This proceeds each arplookup failure
em0: Link is Down
em0: Link is up 100 Mbps Full Duplex 


Sep 25 01:32:49 thisbox kernel: arplookup 169.0.0.1 failed: host is not
on local network
Sep 25 01:33:05 thisbox kernel: arplookup 10.32.240.171 failed: host is
not on local network
Sep 26 01:23:37 thisbox kernel: arplookup 169.0.0.1 failed: host is not
on local network
Sep 26 01:23:49 thisbox kernel: arplookup 10.32.240.171 failed: host is
not on local network
Sep 27 01:23:35 thisbox kernel: arplookup 169.0.0.1 failed: host is not
on local network
Sep 27 01:23:48 thisbox kernel: arplookup 10.32.240.171 failed: host is
not on local network 


When this happens, one by one, each of my (ssh, gaim, irc, etc.)
connections time out until every connection is dead.  I'm using
RoadRunner Business Class with a static IP on em0 and an internal subnet
172.16.XXX.XXX on em1.  I was getting the errors on two older nics I
had, so I bought new nics in hopes that would correct the problem.  I
was running FreeBSD 5.4-Release p7 and switched to FreeBSD 5.4-STABLE
about a week ago.  I'm running the most current DHCP server, IPFW2, and
NATD. 


I have the following in /etc/sysctl.conf
kern.polling.enable=1
net.inet.tcp.syncookies=0
net.inet.udp.blackhole=1
net.inet.tcp.blackhole=2
# TCP send and receive spaces
net.inet.tcp.sendspace=1048576
net.inet.tcp.recvspace=1048576
# Socket queue defense against SYN attacks
kern.ipc.somaxconn=1024
# Redirects
net.inet.icmp.drop_redirect=1
net.inet.icmp.log_redirect=1
net.inet.ip.redirect=0
# Subnet
net.link.ether.bridge_cfg=em0,em1
net.link.ether.bridge.enable=0
net.link.ether.bridge.ipfw=0
net.link.ether.ipfw=1
# ARP cleanup
net.link.ether.inet.max_age=1200
# Source routing
net.inet.ip.sourceroute=0
net.inet.ip.accept_sourceroute=0
# Broadcast ECHO response
net.inet.icmp.bmcastecho=0
# Other broadcast probes
net.inet.icmp.maskrepl=0
net.inet.ip.fw.dyn_ack_lifetime=3600
net.inet.ip.fw.dyn_buckets=1024
net.inet.ip.fw.one_pass=0 


I have the following in my kernel conf;
# Firewall Stuff
options IPFIREWALL_DEFAULT_TO_ACCEPT
options IPFIREWALL
options IPFIREWALL_FORWARD
options IPFIREWALL_FORWARD_EXTENDED
options IPFIREWALL_VERBOSE
options IPFIREWALL_VERBOSE_LIMIT=10
options IPDIVERT
options DUMMYNET
options BRIDGE
options IPSTEALTH
options HZ=1000
options DEVICE_POLLING 


It is probably a bad idea to post my /etc/rc.conf ifconfig info here,
but since I'm almost positive that in order for someone to help me track
this down, they're going to want/need to know what is in there, I'll
wait in hopes of a response first. 



Regards, 


Mark
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: em(4) receive part wedging randomly at moderate load

[Dave+Seddon]

Can we try running the windows drivers?  Wasn't that called project evil. 

Dave 



Scott M. Ferris writes: 


On 9/26/05, Petri Helenius [EMAIL PROTECTED] wrote:


Does anyone have the programming data for the chipsets so the driver
could be taken further? I've been unable to obtain them from Intel
despite of repeated attempts.


Intel released the 8254x Developer Manual in late July, so some
information is now available.  You can download a PDF from
SourceForge: 

http://www.sourceforge.net/projects/e1000/ 


Unfortunately that document doesn't appear to have any chip errata in it,
so you may have to search the Linux driver for the work-arounds it's using,
but it's better than having no documentation at all. 


--
Scott M. Ferris
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: wierd problems with openvpn [update]

[Dave+Seddon]

So ditch pf and let us know.  Or swap to ipf 

Z.C.B. writes: 


I am positive it is something to do with pf. I copied the exact same
config file from the vpn server over to another box and pointed the
client at it and it worked perfectly fine. Any one see any thing odd
in that pf setup or have any suggestions or the like? 


On Thu, 22 Sep 2005 20:55:05 -0500
Vulpes Velox [EMAIL PROTECTED] wrote: 


Just been messing around with openvpn and trying to get it up and
running using http://openvpn.net/static.html as a guide. It works,
but I run into a weird problem with data moving across the vpn. I
can send a ping across from the client to the server, but the server
never sends any thing back. I used tcpdump to make sure the server
is seeing it and it is. I see it going there on both machines, but I
never see a reply. 


I am running pf on the server... but it should not be doing any
thing... 



server pf.conf...
ext_if=fxp1
int_if=fxp0
internal_net=192.168.0.0/8
dcc = { 6115:6130 }
bittorrent = { 6881:6889 }
nat on $ext_if from $internal_net to any - ($ext_if)
rdr on $ext_if proto tcp from any to any port $dcc - 192.168.0.2
rdr on $ext_if proto tcp from any to any port $bittorrent -
192.168.0.2 rdr on $ext_if proto udp from any to any port 27960 -
192.168.0.2 pass in all
pass out all 

 


server config...
dev tun
secret vulpes-static.key
ifconfig 10.8.0.1 10.8.0.2
comp-lzo 

 


host config...
dev tun
secret vulpes-static.key
ifconfig 10.8.0.2 10.8.0.1
remote inari
comp-lzo
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to
[EMAIL PROTECTED]

___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: UDP dont fragment bit

[Dave+Seddon]

Greeting Sten, 

I'm a little worried about a couple of the things you've said: 



1.  It is more common to block icmp messages about reassembly problems than 
DF problems IF a message is generated in the first place. 

I think that's crap.  Most firewalls DO correctly and statefully accept the 
ICMP messages for existing sockets.  ipf and pf do, but I'm not sure about 
IPFW2, but I'd be surprised if it didn't.  I'd also be surprised if iptables 
in linux land didn't track the ICMP.  Most commercial firewalls, like 
Netscreen, Checkpoint, PIX, all do also. 



2.  Consider a client connected to an isp's network(1). The isp drops all
ICMP packets. That network is then connected to a third network(2) which
has a data path that has an MTU of 1400 bytes but also mangles tcp mss
to 1360, udp packets must get fragmented. On server size the firewall
must reassemble all udp fragments before passing them on to server. 

If your ISP doesn't understand the importance of ICMP and they just drop it, 
change ISPs.  ICMP is critical to efficient TCP, and your whole thread is 
about getting that ability for UDP.  If you ISP does drop ICMP then the 
don't defragment option will just result in packets disappearing anyway. 



Regards,
Dave Seddon
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Problems with SK and EM network cards/drivers on my system

[Dave+Seddon]

Greetings, 

There seems to be heaps of people on the list reporting errors with em cards 
and FreeBSD 5.4 -stable-ish (as in cvsup-ed within the last couple of 
months).  Are there many people running these ok?  Perhaps is not the 
network card so much as some other element of the computer? 

Regarding the below issue- what about spanning tree?  Is portfast enabled? 


Regards,
Dave 



Maxim Tuliuk writes: 


On Sun, Sep 18, 2005 at 14:15 -0400, Benjamin Rosenblum wrote:
...
now the EM problem. 

when i am running a very high network load (streaming video, dumping 
ALOT of data across the network, etc) the network card disconnects (i 
loose pings and all my transfers drop) and 15-20 seconds later it pops 
up on the console with em0: Link is up 1000 Mbps Full Duplex and then 
it starts working again.  again im at a dead wall and really want my 
network to work properly so i can do what i need to do.


Hello!
I've same problems on 5.4-STABLE:
/var/run/dmesg.boot:
FreeBSD 5.4-STABLE #5: Tue Sep 13 16:14:10 EEST 2005
em0: Intel(R) PRO/1000 Network Connection, Version - 1.7.35 port 
0xbc00-0xbc1f mem 0xff8e-0xff8f irq 18 at device 1.0 on pci1
em0: Ethernet address: 00:0c:f1:cf:7e:b6
em0:  Speed:N/A  Duplex:N/A 


/etc/rc.conf:
ifconfig_em0=inet ... netmask ... media 100baseTX mediaopt full-duplex 


/var/log/messages:
Sep 20 15:51:40 tak kernel: em0: Link is up 100 Mbps Full Duplex
Sep 20 17:01:40 tak kernel: em0: Link is up 100 Mbps Full Duplex
Sep 20 18:48:16 tak kernel: em0: Link is up 100 Mbps Full Duplex 


switch: Catalyst 3550
I changed ports: 100M to 1GB and back; changed cables, but...
no positive results :(
--
Maxim Tuliuk
WWW: http://primats.org.ua/~mt/
ICQ: 21134222 


The bike is absolute freedom of moving
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: iperf results

[Dave+Seddon]

Greetings, 

We would all be very interested to see the complete report.  Particularly if 
you fix up the results for FreeBSD :) 

Chucks right, we need waaay more info.  We don't even know what version of 
FreeBSD your running. 

There are lots of sysctl variables to adjust.  Here's a bunch I played with, 
importantly, you don't need to recompile the kernel to adjust most of the 
settings.  /etc/sysctl.conf  /boot/loader.conf should do it.  See defaults 
in /boot/defaults/loader.conf

-

cat /etc/sysctl.conf

#kern.polling.enable=1
kern.polling.enable=1 


#kern.polling.user_frac: 50
#kern.polling.reg_frac: 20
##kern.polling.user_frac=70
##kern.polling.reg_frac=40 


#kern.polling.burst: 5
#kern.polling.each_burst: 5
#kern.polling.burst_max: 150  #default for 100MB/s 


##kern.polling.burst=50
kern.polling.each_burst=50
kern.polling.burst_max=1500 


#example I found on the web
#kern.polling.burst: 1000
#kern.polling.each_burst: 80
#kern.polling.burst_max: 1000 


#net.inet.tcp.sendspace: 32768
#net.inet.tcp.recvspace: 65536
#net.inet.tcp.sendspace=65536
#net.inet.tcp.recvspace=65536
#DO NOT SET THIS HIGHER THAN 65536 * 2 (FREEBSD BUG_
net.inet.tcp.sendspace=131072
net.inet.tcp.recvspace=131072 

#sysctl net.inet.tcp.rfc1323=1  Activate window scaling and timestamp 
options according to RFC 1323.

#net.inet.tcp.rfc1323=1
net.inet.tcp.delayed_ack=0
net.inet.icmp.icmplim=1000 


#kern.ipc.maxsockbuf: 262144
###kern.ipc.maxsockbuf=2048 

#The kern.ipc.somaxconn sysctl variable limits the size of the listen queue 
for accepting new TCP connections. The default value of 128 is typically too 
low for robust handling of new connections in a heavily loaded web server 
environment.

#kern.ipc.somaxconn: 128
kern.ipc.somaxconn=1024 

#The TCP Bandwidth Delay Product Limiting is similar to TCP/Vegas in NetBSD. 
It can be enabled by setting net.inet.tcp.inflight.enable sysctl variable to 
1. The system will attempt to calculate the bandwidth delay product for each 
connection and limit the amount of data queued to the network to just the 
amount required to maintain optimum throughput.
#This feature is useful if you are serving data over modems, Gigabit 
Ethernet, or even high speed WAN links (or any other link with a high 
bandwidth delay product), especially if you are also using window scaling or 
have configured a large send window. If you enable this option, you should 
also be sure to set net.inet.tcp.inflight.debug to 0 (disable debugging), 
and for production use setting net.inet.tcp.inflight.min to at least 6144 
may be beneficial. 


#these are the defaults
#net.inet.tcp.inflight.enable: 1
#net.inet.tcp.inflight.debug: 0
#net.inet.tcp.inflight.min: 6144
#net.inet.tcp.inflight.max: 1073725440
#net.inet.tcp.inflight.stab: 20 

#Disable entropy harvesting for ethernet devices and interrupts.  There are 
optimizations present in 6.x that have not yet been backported that improve 
the overhead of entropy harvesting, but you can get the same benefits by 
disabling it.  In your environment, it's likely not needed. I hope to 
backport these changes in a couple of weeks to 5-STABLE.

kern.random.sys.harvest.ethernet=0
kern.random.sys.harvest.interrupt=0 



#3
#/boot/loader stuff 


#kern.ipc.maxsockets: 131072
#sysctl: Tunable values are set in /boot/loader.conf 

#sysctl kern.ipc.nmbclustersView maximum number of mbuf clusters. Used 
for storage of data packets to/from the network interface. Can only be set 
att boot time - see above.

#kern.ipc.nmbclusters: 25600
- 




Regards,
Dave 



Chuck Swiger writes: 


Matthew Jakeman wrote:
Some colleagues and myself have performed some simple tests on various 
OS's using iperf to simply fire packets from one pc to another over 
ethernet to test a few characteristics such as packet loss, jitter etc 
between IPv4 and IPv6. The configuration for all three OS's were 'out of 
the box' installs. The results we got back from that are strange for 
FreeBSD with regards to the packet loss iperf reports and I was wondering 
if anyone has any ideas why they might be as they are. The image at the 
link below shows the packet loss results for windows, Linux and FreeBSD 
for comparison! As you can see the packet loss for v6 is substantially 
less than v4 on FreeBSD, however this is still substantially larger than 
for the other two OS's, does anyone have any idea why this might be? 


http://www.mjakeman.co.uk/images/4v6tests.jpg


You're probably getting packet loss either because you are filling up the 
network buffer space without pausing until it drains, or are running into 
ICMP response limits.  If you're going to be testing latency around the 
millisecond level, you'll need to increase HZ to at least 1000, if not 
better. 

For example, set sysctl net.inet.icmp.icmplim=20 on a machine called 
shot. 


# ping -c 1000 -i 0.01 -s 1280 shot
PING shot 

Re: Problems with SK and EM network cards/drivers on my system

[Dave+Seddon]

It would also be interesting to know if you've got device polling enabled.  
If so, what sysctl settings do you have. 


Regards,
Dave Seddon 



Mike Tancsa writes: 


On Sun, 18 Sep 2005 14:15:51 -0400, in sentex.lists.freebsd.net you
wrote: 

Im having an issue with my new linksys eg1032 nic and the onboard intel 
82547EI on my new server.  ill go over both problems individually and 
include my dmesg below that.  

now the EM problem. 

when i am running a very high network load (streaming video, dumping 
ALOT of data across the network, etc) the network card disconnects (i 
loose pings and all my transfers drop) and 15-20 seconds later it pops 
up on the console with em0: Link is up 1000 Mbps Full Duplex and then 
it starts working again.  again im at a dead wall and really want my 
network to work properly so i can do what i need to do. 



Not sure about the sk issue, but there have been some changes to the
em driver since 5.4.  If you can, I would try moving to 6.0R when it
comes out.  Also, what is the em nic plugged into ? Does the port have
any logging facilities to see what might be going on from the switch's
perspective ? 


---Mike

Mike Tancsa, Sentex communications http://www.sentex.net
Providing Internet Access since 1994
[EMAIL PROTECTED], (http://www.tancsa.com)
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Efficient use of Dummynet pipes in IPFW

[Dave+Seddon]

skipto 

man ipfw - e.g. ipfw add 10 skipto 4000 all from any to any layer2 out 



Brett Glass writes: 

For years, we've used Dummynet in FreeBSD for bandwidth control. 
Unfortunately, the semantics of IPFW can, at times, make the use of 
Dummynet awkward and inefficient. For example, suppose you want to create 
a set of rules that does bandwidth limiting first
and then blocks certain ports (e.g. TCP ports 137 through 139). You want 
to throttle first and then block ports, so that (a) blocked packets count 
against the user's bandwidth limit and (b) a flood of packets will be 
bandwidth-limited before it runs
through the rest of the rules. 

If net.ip.fw.one_pass is set to 0, packets emerging from a Dummynet pipe 
or queue will re-emerge at the next rule. This is good, because the packet 
can be passed on to the rules that block ports. But there's a problem: you 
usually do not want to go to the next rule (which is likely to be one that 
tests the packet to see if it is to go into a different Dummynet pipe). 
Rather, you want the packet to next be tested against a rule farther down 
-- after all of the rules involving bandwidth limiting. 

Here's an example of what I mean. Suppose you have several groups of 
users, at IP addresses 0.0.0.1, 0.0.0.2, etc. Each group has a separate 
pipe regulating its bandwidth consumption. You might have rules like this: 

# First group 


${fwcmd} pipe 1 config bw 512kbit/s
${fwcmd} pipe 2 config bw 512kbit/s 


${fwcmd} add pipe 1 ip from 0.0.0.0/24{55,56,57} to any in via fxp1
${fwcmd} add pipe 2 ip from any to 0.0.0.0/24{55,56,57} out via fxp1 

# Second group 


${fwcmd} pipe 3 config bw 1024bit/s
${fwcmd} pipe 4 config bw 1024kbit/s 


${fwcmd} add pipe 3 ip from 0.0.0.0/24{35-40} to any in via fxp1
${fwcmd} add pipe 4 ip from any to 0.0.0.0/24{35-40} out via fxp1 

# Filtering here 

What you'd really like is to have any packet that satisfies one of the 
pipe rules jump down to the filtering rules after being reinjected into 
IPFW. 

Unfortunately, because IPFW doesn't have a not that can cover the and 
of all the conditions in the rule -- that is, you can't say not (ip from 
A to any in via fxp1) -- it's very difficult to do this with a single 
rule containing a skipto action. What's more, there's no resume at 
clause available in IPFW that would change where a packet was reinjected, 
and no such thing as a come from directive (something that's often joked 
about in programming classes). So, what's the best way get a packet to 
skip past the remaining bandwidth limiting rules once it was selected to 
go into a pipe? 

--Brett Glass 


___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Testing Ethernet Ports

[Dave+Seddon]

Greetings, 

You need a seperate routing table.  Try using Xen 
(http://www.cl.cam.ac.uk/Research/SRG/netos/xen/), or there's a patch 
floating around for FreeBSD4.9. 

Dave 



Barney Wolff writes: 


On Thu, Sep 01, 2005 at 09:58:14AM -0500, Will Maier wrote:

On Thu, Sep 01, 2005 at 10:36:04AM -0400, Ames, Jonathan (N-ENSCO) wrote:
 Can someone give me a hand with this? 

Here goes... 


 A PC has two ethernet ports, both directly on the motherboard.
 Can I connect them externally with an ethernet cable and ping from
 one port to the other to test them both?  How? 


Lemme see if I parsed your question correctly:
* box.A.nic.1 --cable-- box.A.nic.2 


Is that what you're talking about? Sure. Use a crossover cable,
assign each interface a different IP on the same subnet (eg 10.0.0.1
and 10.0.0.2) and ping from one to the other:


I don't believe this will do what's wanted - the packets will not actually
go thru the NICs, as the OS is smart enough to realize that the dest is
internal.  With a crossover cable (not required with gigabit nics) you
can't tell, so if you try it use a switch and look at the lights. 


--
Barney Wolff http://www.databus.com/bwresume.pdf
I never met a computer I didn't like.
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: VLANs / Bridging / BPDU

[Dave+Seddon]

Or just 


interface GigabitEthernet0/1
spanning-tree portfast 

Or disable spanning tree 

no spanning-tree vlan 1-100 



You could also do some MAC address filtering as the BPDUs are ethernet 
multicast, but that smacks of hard work.  :) 



Peter Wood writes: 

Sods law, after working on this for two weeks I ask for help, then 20 
minutes later I figure it out. The easiest solution was to disable BPDU on 
the machines port on the Cisco. 


interface GigabitEthernet0/1
 switchport mode trunk
 spanning-tree bpdufilter enable 

Thought I'd post it for reference, so it'll appear somewhere in a archive 
if others need it. 


Pete.
--
Peter Wood BSc (Hons) :: [EMAIL PROTECTED] :: Tel +44 1606 828010
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: dhclient and ADSL modem trouble...

[Dave+Seddon]

What ISP is it?  You sure the ISP doesn't use PPPeE? 

Dave 




Digital Brain writes: 

Hi Chuck and thanks for your reply -- unfortunately dhclient still fails 
to get an IP... 

Here's a copy of my dhclient.conf: 

 

#dhclient config for interface ed0 


interface ed0 {
  send host-name my.gateway.com;
  send dhcp-client-identifier my.client.com;
  request subnet-mask, broadcast-address, routers,
  domain-name-servers, domain-name, time-servers; 


  require domain-name-servers;
  media media autoselect;
} 

 

I've tried a program called dhcping which supposedly tries to ping the 
dhcp server.
All I get is No answer. Any idea why linux's dhcpd and Windows work :-| 
? 

And, any other ideas? 

Thanks 



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Aggregate network interfaces

[Dave+Seddon]

Greetings, 


- Gig cards are cheap.
- PCI bus throughput is really bad (like 32MB/s)
- There is no easy way to bond on FreeBSD, but you can just use multiple 
IP addresses.  It would be cool to have something like Etherchannel, but 
that doesn't work.  Solaris has Etherchannel. 


Regards,
Dave 



Gary D. Margiotta writes: 

Hello, 

Probably a stupid question, but I've not had much luck searching for the 
answers (probably because I'm not using the correct search terminology). 

Is there a way to bond multiple network cards together, so as to get a 
higher aggregate bandwith?  And also, if it is possible, is it recommended 
to do so, or am I looking at more trouble than its worth? 

Thanks to a liquidation of office equipment from a previous employer, I 
ended up with several Intel series 10/100 switches (530 host and 535 
member series), and a whole basket of Intel and 3Com 10/100 network cards. 

Rather than going out and buying new gigabit hardware, and since I have 
the spare PCI slots, switch ports and cards lying around, I'm curious to 
see if this could be a solution. 

Please cc: replies directly to me, as I'm not subscribed to this 
particular list (and if this really should belong on another list, please 
let me know as well, and I'll repost). 

Thanks for any info, 


-Gary
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Aggregate network interfaces

[Dave+Seddon]

Greetings, 

Oh wow!  That's cool.  I missed that somehow.  The 'man' page doesn't 
mention the hash functions options. 

On the Cat 6500s you can log into the Sup and change the hash function so 
it's not just IP, but rather IP+Port.  I've previously used this to balance 
the load across multiple gig links with traffic going to a sinlge backup 
host, for example.  (I you want to know how I'll have to look that up) 


Regards,
Dave Seddon 




Evgueni V. Gavrilov writes: 

In article [EMAIL PROTECTED] you wrote: 

IP addresses.  It would be cool to have something like Etherchannel, but 
that doesn't work.  Solaris has Etherchannel. 
you missed ng_fec(4) which runs fine for me with Catalyst 3750 stack (Cisco WS-C3750G-24TS) (gigabit ethernet) 


--
http://aquatique.rusunix.org 


___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: two dc cards on 5.4

[Dave+Seddon]

google = freebsd media rc.conf - 
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/config-network-set 
up.html

Section shows:
ifconfig_dc0=inet 192.168.1.3 netmask 255.255.255.0
ifconfig_dc1=inet 10.0.0.1 netmask 255.255.255.0 media 10baseT/UTP 


So you want:
ifconfig_dc0=100baseTX mediaopt full-duplex
ifconfig_dc1=100baseTX mediaopt full-duplex 


Regards,
Dave Seddon 





dave writes: 


Hello,
I'm trying to get a pair of netgear cards to work on a 5.4-RELEASE-p6
box. My rc.conf looks as follows: 


ifconfig_dc0=DHCP
ifconfig_dc1=inet 192.168.0.200 netmask 255.255.255.255 


When i only have one dc card in the box dc0 everything works, the box gets a
dhcp ip. Put the second one in regardless whether or not the ifconfig dc1
line is uncommented and two things happen, first i get continuous watchdog
timeouts from dc0, second dc0 does not get an IP. As i said the second card
doesn't have to be configured, just in the box and it happens, i've checked
i/o and irq's neither conflict between the two cards. One thing, with a
single dc card the media is set to ethernet autoselect 100base-TX
full-duplex and it's listed as active. Put the second card in and dc0 shows
media ethernet autoselect but for media type i have none and status is
listed as no carrier, i believe this is the reason for the lack of a dhcp
ip, my question is i don't understand why. I've tried:
ifconfig_dc0_mediaopt=100base-TX, full-duplex
but the system didn't like that. I'd like to tell fbsd specifically what
mode these cards are to be probed to in, but nothing seems to work, and this
only occurs when the second card is in the box. I've tried three separate
cards, all give the same behavior.
Some urgency! Any help greatly appreciated.
Dave. 


___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: two dc cards on 5.4

[Dave+Seddon]

google = freebsd media rc.conf - 
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/config-network-set 
up.html

Section shows:
ifconfig_dc0=inet 192.168.1.3 netmask 255.255.255.0
ifconfig_dc1=inet 10.0.0.1 netmask 255.255.255.0 media 10baseT/UTP 


So you want:
ifconfig_dc0=100baseTX mediaopt full-duplex
ifconfig_dc1=100baseTX mediaopt full-duplex 


Regards,
Dave Seddon 





dave writes: 


Hello,
I'm trying to get a pair of netgear cards to work on a 5.4-RELEASE-p6
box. My rc.conf looks as follows: 


ifconfig_dc0=DHCP
ifconfig_dc1=inet 192.168.0.200 netmask 255.255.255.255 


When i only have one dc card in the box dc0 everything works, the box gets a
dhcp ip. Put the second one in regardless whether or not the ifconfig dc1
line is uncommented and two things happen, first i get continuous watchdog
timeouts from dc0, second dc0 does not get an IP. As i said the second card
doesn't have to be configured, just in the box and it happens, i've checked
i/o and irq's neither conflict between the two cards. One thing, with a
single dc card the media is set to ethernet autoselect 100base-TX
full-duplex and it's listed as active. Put the second card in and dc0 shows
media ethernet autoselect but for media type i have none and status is
listed as no carrier, i believe this is the reason for the lack of a dhcp
ip, my question is i don't understand why. I've tried:
ifconfig_dc0_mediaopt=100base-TX, full-duplex
but the system didn't like that. I'd like to tell fbsd specifically what
mode these cards are to be probed to in, but nothing seems to work, and this
only occurs when the second card is in the box. I've tried three separate
cards, all give the same behavior.
Some urgency! Any help greatly appreciated.
Dave. 


___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Why Ierrs is so high?

[Dave+Seddon]

Greetings, 

Yeah I'd say there is something funny also.  I've stuffed around with HZ and 
polling settings heaps and could only manage about 120MB/s-ish of HTTP 
traffic.  I'm as running 5.4-stable from about 2-3 weeks ago. 


/etc/sysctl.conf
kern.polling.enable=1
kern.polling.each_burst=50
#need to edit /usr/src/sys/kern/kern_poll.c for set this
kern.polling.burst_max=1500
#DO NOT SET THIS HIGHER THAN 65536 * 2 (FREEBSD BUG)
net.inet.tcp.sendspace=131072
net.inet.tcp.recvspace=131072
kern.random.sys.harvest.ethernet=0
kern.random.sys.harvest.interrupt=0
kern.ipc.somaxconn=1024 

I still get lots of kern.polling.lost_polls and kern.polling.suspect. 



How do you edit the RXD is 256, TXD is 256?
How do you view the errors when you set sysctl hw.em0.stats=1? 



Regards,
Dave 



Mao Shou Yan writes: 

Hi, all, 

I have a machine with 3 Intel pro1000 cards. 


em0 is in promisc mode, whose MAC controller is 82543 using fiber line
connected. 

em1, em2 is not connected with cable. 

 Driver configuration is the default, RXD is 256, TXD is 256. 

  

Result of netstat -i: 

  

Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll 
em0 1500 Link#1 00:03:47:de:72:36 1701943600 369823630 1 0 0 
em1 1500 Link#2 00:10:dc:56:8b:b5 5561 0 4608 0 0 
em2 1500 Link#3 00:03:47:42:6d:17 0 0 0 0 0 

  

Pps of em0 is about 20k/pps, and bandwidth is no more than 150Mbps. 


When I use sysctl hw.em0.stats=1, I found the number of missed
packets is very high, which is about equal Ierrs. 


And I also found the number ofreceive with no buffersis raising with
about 10 per second. 

  


The machine is no extra load, only a raw system with em0 in promisc
mode! 

  

 I'm looking forward your help! 


___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Why Ierrs is so high?

[Dave+Seddon]

Greetings, 

Also, how were you measuring the packet and data rate?  What were you using 
to generate the traffic? 

I used /usr/ports/benchmark/siege and /usr/ports/www/thttpd. 


Regards,
Dave 




Mao Shou Yan writes: 

Hi, all, 

I have a machine with 3 Intel pro1000 cards. 


em0 is in promisc mode, whose MAC controller is 82543 using fiber line
connected. 

em1, em2 is not connected with cable. 

 Driver configuration is the default, RXD is 256, TXD is 256. 

  

Result of netstat -i: 

  

Name Mtu Network Address Ipkts Ierrs Opkts Oerrs Coll 
em0 1500 Link#1 00:03:47:de:72:36 1701943600 369823630 1 0 0 
em1 1500 Link#2 00:10:dc:56:8b:b5 5561 0 4608 0 0 
em2 1500 Link#3 00:03:47:42:6d:17 0 0 0 0 0 

  

Pps of em0 is about 20k/pps, and bandwidth is no more than 150Mbps. 


When I use sysctl hw.em0.stats=1, I found the number of missed
packets is very high, which is about equal Ierrs. 


And I also found the number ofreceive with no buffersis raising with
about 10 per second. 

  


The machine is no extra load, only a raw system with em0 in promisc
mode! 

  

 I'm looking forward your help! 


___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: running out of mbufs?

[Dave+Seddon]

%  0.10% httpd
4906 www   200  5040K  3256K lockf  1   0:36  0.10%  0.10% httpd
4542 www   200  5040K  3256K lockf  1   0:36  0.10%  0.10% httpd
607 www40  5040K  3252K sbwait 1   0:35  0.10%  0.10% httpd
4510 www40  5040K  3272K sbwait 1   0:35  0.10%  0.10% httpd
 



On both system the kern.polling.lost_polls is still increasing rapidly.  I'm 
not sure what to do about this.  ??


kern.polling.lost_polls: 9605569

Also the kern.polling.suspect is increasing similarly.  I'm not sure what to 
do about this either.  ??

--
kern.polling.suspect: 608527
-- 



Also thanks for the info on the VLAN searching.  I think the adjustment you 
suggested sounds good, but at bit out of my league.  It seems there are 
plent of things to tweak in the kernel still. 

BTW, I'd be interested to know people's thoughts on multiple IP stacks on 
FreeBSD.  It would be really cool to be able to give a jail it's own IP 
stack bound to a VLAN interface.  It could then be like a VRF on Cisco. 


Regards,
Dave Seddon 


___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: running out of mbufs?

[Dave+Seddon]

Perhaps a quick fix to the bug would be to output a message to the console 
when somebody tried to set the tcp.sendspace or tcp.recvspace space  65535 
* 2. 


Regards,
Dave Seddon 



Pieter de Boer writes: 

Mike Silbersack wrote: 


net.inet.tcp.sendspace=1024000
net.inet.tcp.recvspace=1024000
kern.ipc.maxsockbuf=2048
I don't think large socket buffers have been tested well, it's possible 
that you're exhausting almost all of your mbufs with just a few 
connections - if you're really stuffing that much data in.  I'd go back 
to the default settings for the above and try again.


With the added note that the send/recv spaces should be 65535 * 2^x (which 
1024000 isn't). I might add that there's still a bug in the calculation of 
the TCP window scale option with regards to the set window size, leading 
to a FreeBSD system advertising a too large recvspace, which makes setting 
this option right even more necessary. 
(http://www.freebsd.org/cgi/query-pr.cgi?pr=kern/82470) 


--
Pieter
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

running out of mbufs?

[Dave+Seddon]

#net.inet.tcp.inflight.min: 6144
#net.inet.tcp.inflight.max: 1073725440
#net.inet.tcp.inflight.stab: 20

#Disable entropy harvesting for ethernet devices and interrupts.  There are
optimizations present in 6.x that have not yet been backported that improve
the overhead of entropy harvesting, but you can get the same benefits by
disabling it.  In your environment, it's likely not needed. I hope to
backport these changes in a couple of weeks to 5-STABLE.
kern.random.sys.harvest.ethernet=0
kern.random.sys.harvest.interrupt=0
--
host228# sysctl -a | grep ipc | grep nm
kern.ipc.nmbclusters: 25600
host228# sysctl kern.ipc.nmbclusters=50
kern.ipc.nmbclusters: 25600 - 2147483647
host228# sysctl -a | grep ipc | grep nm
kern.ipc.nmbclusters: 2147483647
-
host228# sysctl -a | grep hz
kern.clockrate: { hz = 15000, tick = 66, profhz = 1024, stathz = 128 }
debug.psmhz: 20
--
THE PHYSCIAL INTERFACES ONLY (I'm only using 1 interface per 2 port card,
and only running performance tests on the em cards)
bge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
  options=1aTXCSUM,VLAN_MTU,VLAN_HWTAGGING
  inet 192.168.1.228 netmask 0xff00 broadcast 192.168.1.255
  ether 00:12:79:cf:d0:bf
  media: Ethernet autoselect (1000baseTX full-duplex)
  status: active
bge1: flags=8802BROADCAST,SIMPLEX,MULTICAST mtu 1500
  options=1aTXCSUM,VLAN_MTU,VLAN_HWTAGGING
  ether 00:12:79:cf:d0:be
  media: Ethernet autoselect (none)
  status: no carrier
em0: flags=18843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,POLLING mtu 1500
  options=4bRXCSUM,TXCSUM,VLAN_MTU,POLLING
  ether 00:11:0a:56:ab:3a
  media: Ethernet autoselect (1000baseTX full-duplex)
  status: active
em1: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
  options=4bRXCSUM,TXCSUM,VLAN_MTU,POLLING
  ether 00:11:0a:56:ab:3b
  media: Ethernet autoselect
  status: no carrier
em2: flags=18843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,POLLING mtu 1500
  options=4bRXCSUM,TXCSUM,VLAN_MTU,POLLING
  ether 00:11:0a:56:b2:4c
  media: Ethernet autoselect (1000baseTX full-duplex)
  status: active
em3: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500
  options=4bRXCSUM,TXCSUM,VLAN_MTU,POLLING
  ether 00:11:0a:56:b2:4d
  media: Ethernet autoselect
  status: no carrier
lo0: flags=8049UP,LOOPBACK,RUNNING,MULTICAST mtu 16384
  inet 127.0.0.1 netmask 0xff00
---

Regards,
Dave Seddon
[EMAIL PROTECTED]
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: running out of mbufs?

[Dave+Seddon]

So as for the system losing all network connectivity, do you have any 
suggestions? 


regards,
Dave 



Kris Kennaway writes: 


On Wed, Aug 03, 2005 at 01:49:32PM +1000, Dave+Seddon wrote:
Greetings, 


I'm trying to do some performance testing of a content filtering system, so
I'm trying to get very high HTTP throughput.  I've got 4 * HP DL380s with
3.4G Xeon processors (hyper threading) and 1 G RAM, 2 onboard BGEs, and 2 *
2 port EM.  Using FreeBSD5.4-stable (as of 2005/08/02) and device polling,
I've configured a large number (246) VLAN interfaces on two machines, and
have apache on one box and siege on the other.  Using 'siege -f
/home/my_big_list_of_urls -c 50 --internet' one host does a large number of
request from the other machine.  I've been trying to tune for maximum
performance and have been using lots of examples for /etc/sysctl.conf and so
on from the web.  Adjusting these settings and running the siege, I've found
the apache server completely loses network connectivity when device polling
is enabled.  I've adjusted the HZ lots and found the system survives the
longest set a 15000 (yes it seems very large doesn't it).  The problem now
seems to be that I'm running out of mbufs: 


--
4294264419 mbufs in use
4294866740/2147483647 mbuf clusters in use (current/max)


This is a FAQ..see the release errata.  The short answer is that it's
not a real leak, only a leak in the stats.  This is fixed in 7.0 and
might be fixed in 6.0-RELEASE. 


Kris
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]



___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: pfil 2.1.1 and Solaris Express: no IPv6

[Dave+Seddon]

Greetings, 

I thought that Sun were actually releasing ipfilter along with all the other 
GNU packages with version 10.  Maybe you should try to use the Sun version 
of ipfiler? 

Dave 

Laurent Blume writes: 

Hello all, 

I've noticed that when I replace Sun's oldeer pfil (part of SUNWipfu 
package) in Solaris 10 beta 2 (and also the previous, 2/04 build), IPv6 
just stops working: no IPv6 packet gets out of the box at all.
IPv4 continue to work (though there are other, unrelated, IP Filter 
problems that have already been reported). 

Anybody notice the same behaviour? 

For me, almost as annoying as the NAT problems, since I spent some time 
installing an IPv6 network at home (for fun :-), and it breaks it 
completely :-( 

Laurent
--
A hundred thousand lemmings can't be wrong!

Re: IP Filter rdr problem on Solaris 9

[Dave+Seddon]

Greetings, 

I'm not sure the rdr rule is correct.  The 192.168.131.125/32 should the 
destination address, usually people use something like:
--
From: http://www.unixcircle.com/ipf/ipf-howto.html#TOC_35 

rdr xl0 0.0.0.0/0 port 21 - 127.0.0.1 port 21 

This statement says that any packet coming in on the xl0 interface destined 
for any address (0.0.0.0/0) on the ftp port should be rewritten to connect 
it with a proxy that is running on the NAT system on port 21.
-- 

So many you want something similar to:
--
rdr bge2 x.y.128.2/32 port 2 - 1.2.3.4 port 2000 tcp
-- 

Regards, 

Dave Seddon 


KOVACS Krisztian writes: 

  Hi, 

  Some updates: I've tried a more conventional network setup: 

  ++ bge0 +---+ bge2++
  | server |--| proxy |-| client |
  ++  +---+ ++
   .128.2  .128.1.131.90   .131.49 

  The client has proxy set up as gateway. Proxy is a SUN Fire V210, with
four bge interfaces (only two of them used), running IP Filter 4.1.1 and
pfil 2.1 on Solaris 9. 

  Connections are redirected to 1.2.3.4:2000 on the proxy: 

rdr bge2 192.168.131.125/32 port 2 - 1.2.3.4 port 2000 tcp 

  Unfortunately, almost the same problem occurs, it works for a while,
but after some time (5 short-lived TCP sessions), all RDR NAT
sessions are screwed, all of them look like this: 

RDR 1.2.3.4 2000  - - 192.168.131.90  2 [192.168.131.49 51609] 

while the correct entry would be: 

RDR 1.2.3.4 2000  - - 192.168.131.125 2 [192.168.131.49 51609] 

  I wasn't able to reproduce the problem using the ARP-entry deletion
trick, however... Really strange. The strangest aspect of the whole
problem is that when things get stuck, _all_ of the NAT sessions get
their IP changed from 192.168.131.125 (correct) to (192.168.131.90),
even though all entries were correct before the problem occurs. 

--
 Regards,
   Krisztian KOVACS 

Re: no cheap routing?

[Dave+Seddon]

Greetings, 

If you use FreeBSD you'll be able to route based on packet matching rules, 
using IPFW/IPFW2 (you'll also be able to use DUMMYNET that will allow clever 
rate limiting).  FreeBSD will work fine on your Sun box (use the latest 
version). 

Hint:  Once you've got the routing sorted, if you NAT inbound traffic, such 
that traffic on one link is NATed to a different address to the other link, 
then you'll be able to make sure traffic coming in on each link leaves on 
the same link. 

Regards, 

Dave Seddon 

[EMAIL PROTECTED] writes: 

I think this question has been asked before, and
answered in the negative, but I thought I'd check
before setting up two separate firewalls: 

I have two external connections, a slow static 
expensive 384kb SDSL
and now a fast dynamic cheap 3mb cable. 

I have two internal subnets, a DMZ and one for 
individual hosts. 

Incoming requests on the static DSL go to the DMZ
for resolution (dns, smtp, http). ipnat on the 
firewall has rdr
rules to get those services from the static DSL
to the DMZ server. 

Outgoing requests from the internal individual
hosts have been going to the static DSL line
via ipnat map rules on the firewall.
I would like to send them to the fast cable 
interface instead. 

The problem is routing.Solaris allows multiple
default routes but not in a way useful with
firewalls. I don't really want general 
internet routing with redundancy, even if it were
possible with the cable and DSL routers.
I just want stuff coming in on DSL to go out
that way, and stuff intended for cable to get
there.

I can certainly do that with two routers,
and that's plan B.   I think every time variants
of this question have come up before, the answer
has been no, you can't do this with one router.
But I thought
I'd check one more time in case something new
has been added lately, or I didn't understand
the previous answers (quite possible). 

The firewall environment is a Sun Netra server
running Solaris 9 12/03 and ipfilter 3.4.33 

Thanks for any light you can shed. 

Re: ipnat - local redirection - ANSWER

[Dave+Seddon]

Greetings, 

A friend, more observant than I, noticed the destination address should not 
have /32.  The following works fine: 

rdr dmfe0 161.117.169.92/32 port 4888 - 161.117.169.92 port 4889 

Regards, 

Dave 

Dave+Seddon writes: 

Greetings,  

I'd like to do a local redirection, to redirect from TCP port 4888 to 4889 
(This is for Oracle Management Agent 10g).  

Here's what I've tried:

# cat /etc/ipnat.rules
rdr dmfe0 161.117.169.92/32 port 4888 - 127.0.0.1 port 4889  

# ipnat -CF -f /etc/ipnat.rules
0 entries flushed from NAT table
0 entries flushed from NAT list
localhost as destination not supported
4: syntax error in rdr
/etc/ipnat.rules: parse error (-1), quitting
  

I also tried using the non-lo interface address, even though the how-to 
says the packets must be redirect to a different interface than the one 
they come in on (ref. http://www.unixcircle.com/ipf/ipf-howto.html).

# cat /etc/ipnat.rules
rdr dmfe0 161.117.169.92/32 port 4888 - 161.117.169.92/32 port 4889  

# ipnat -CF -f /etc/ipnat.rules
0 entries flushed from NAT table
0 entries flushed from NAT list
5: can't resolve hostname: 161.117.169.92/32
5: syntax error in rdr
/etc/ipnat.rules: parse error (-1), quitting
  

Any ideas?  

Regards,  

Dave Seddon  

Re: IPFilter and P3Scan

[Dave+Seddon]

Greetings, 

ooops.  sorry the 'rdr' must be to a different interface. 

rdr fxp1 0.0.0.0/0 port 110 - 127.0.0.1 port 8110 

Regards, 

Dave 

Paul Armstrong writes: 

On Tue, Apr 27, 2004 at 08:34:36AM +0200, Fabrice wrote:
To: [EMAIL PROTECTED]
The example is :
ipfw add fwd 192.168.0.254,8110 tcp from 192.168.0.0/24 to any pop3
rdr fxp0 192.168.0.0/24 port 110 - 192.168.0.254 port 8110 tcp

ipnat - local redirection

[Dave+Seddon]

Greetings, 

I'd like to do a local redirection, to redirect from TCP port 4888 to 4889 
(This is for Oracle Management Agent 10g). 

Here's what I've tried:

# cat /etc/ipnat.rules
rdr dmfe0 161.117.169.92/32 port 4888 - 127.0.0.1 port 4889 

# ipnat -CF -f /etc/ipnat.rules
0 entries flushed from NAT table
0 entries flushed from NAT list
localhost as destination not supported
4: syntax error in rdr
/etc/ipnat.rules: parse error (-1), quitting
 

I also tried using the non-lo interface address, even though the how-to says 
the packets must be redirect to a different interface than the one they come 
in on (ref. http://www.unixcircle.com/ipf/ipf-howto.html).

# cat /etc/ipnat.rules
rdr dmfe0 161.117.169.92/32 port 4888 - 161.117.169.92/32 port 4889 

# ipnat -CF -f /etc/ipnat.rules
0 entries flushed from NAT table
0 entries flushed from NAT list
5: can't resolve hostname: 161.117.169.92/32
5: syntax error in rdr
/etc/ipnat.rules: parse error (-1), quitting
 

Any ideas? 

Regards, 

Dave Seddon 

Re: error with ipf..help!

[Dave+Seddon]

Greetings, 

I recommend downloading the package from: 

http://www1.maraudingpirates.org:8080/ipfilter/ 

If you install this it works straight away, without reboot.  Sadly, the 
default rule is allow, not block like you can have on BSD, but this is kind 
of good if you don't have serial access.  :) 

I'm not sure how to check if it's using 64bits or not, but I think it is. 

Regards, 

Dave Seddon 

Tirunagaram, Kiran Maye (Kiran Maye) writes: 

One has to install the pfil package first... 

I have the following rule that has syntax errors. 

pass in log quick from a.b.c.d/32 to w.x.y.z/32 port 7000 

can some one help???  


Hi,
I use solaris 9 ,I have built the ipfilters as a package and installed it and rebooted the machine
manually created the device files /dev/ipnat .etc
when I try a rule ipf -fa -f /etc/ipf.rules, I get the following error 

open device:No such file or directory
User /Kernel version check failed 

Any suggestions?
thanks in Advance,
Kiran 

RE: [vqadmin] Unable to add domain in vqadmin

[Dave Seddon]

Greetings,

I doubt it's a permission issue with the web pages.  There's likely to
be a permission issue in the /path/to/your/vpopmail/domains/directory.
Maybe it's /home/vpopmail/domains, like mine:

--
qmail# pwd
/usr/home/vpopmail
qmail# ll
total 4
drwx--  3 vpopmail  vchkpw  4096 Jul  7 12:02 domains
--

Dave Seddon 
Smarter Networks

#-Original Message-
#From: Kris Northern [mailto:[EMAIL PROTECTED]
#Sent: Tuesday, 30 December 2003 10:25 AM
#To: [EMAIL PROTECTED]
#Subject: [vqadmin] Unable to add domain in vqadmin
#
#Hello,
#In vqadmin I am unable to add a domain. The error message i receive is
#Can not make domains directory
#
#I checked the directory that i specified in the configure line and I
#chowned it to www-data.www-data
#Im not sure where its trying to write this directory or where i could
view
#an errorlog to figure it out.
#thanks in advance.
#
#--
#Kris Northern
#graphic design / sound design
#www.phidelity.com
#

RE: [vqadmin] problems when assigning quotas

[Dave Seddon]

Greetings,

When you say I set an OS disk usage limit on a user, then create the
domain under that user, do you mean create a directory in the users
home with a name like vpopmail, then link it to
/home/vpopmail/domains/new_user?  E.g  ln -s /home/new_user/vpopmail
/home/vpopmail/domains/new_user.

Thanks,

Dave Seddon 

#-Original Message-
#From: Ken Jones [mailto:[EMAIL PROTECTED]
#Sent: Wednesday, 17 December 2003 5:17 AM
#To: Payal Rathod; [EMAIL PROTECTED]
#Subject: Re: [vqadmin] problems when assigning quotas
#
#On Monday 15 December 2003 3:19 am, Payal Rathod wrote:
# Hi,
# When I use vqadmin I find that all users are housed in
# /home/vpopmail/domains. Can't it work for system users?
#
#No, it only talks to vpopmail type domains/users.
#
# The reason is
# taht I can assign a single sytem quota for each users and tehy can
# manage their mail, fpt, http sizes by themselves.
# Is it possible?
#
#It is possible per domain. I set an OS disk usage limit on a
#user, then create the domain under that user. Also put there
#web site, logs, etc under the users home directory. Then I
#give them qmailadmin to admin email accounts and ftp access
#(chrrooted to their docroot directory). Then the OS disk limit
#will be enforced on email, web, logs or whatever else goes
#in their home directory.
#
#Ken Jones
#

RE: [vqadmin] Load Balancing

[Dave Seddon]

Greetings,

Put a big NFS server at the back end and just mount vpopmail user dirs
across the NFS.  I strongly suggest a very good quality NFS server, eg.
Network Appliance Filer.  GigE is good too so you can do jumbo frames,
and therefore transfer a whole NFS chunk in one frame.  This works very
well since qmail uses Maildir.

Thanks,

Dave Seddon 
Systems Architect
Smarter Networks 

#-Original Message-
#From: Giuseppe Meniconi [mailto:[EMAIL PROTECTED]
#Sent: Thursday, 20 November 2003 1:35 AM
#To: [EMAIL PROTECTED]
#Subject: [vqadmin] Load Balancing
#
#Hi.
#
#I made a complete qmail installation (qmail, qmailadmin, vqadmin,
#vpopmail etc.) on two boxes and I want to put them in load balancing.
#The problem is that when I create a domain with the vqadmin web
#interface of the first server, I don't find it on the web interface of
#the second server even if they share the MySql database, installed on a
#third machine on the back-end. When I use command-line commands to
#manage the domain, I find it on both servers. Any suggestion?
#
#Thank you in advance
#--
#Giuseppe Meniconi - YH reply srl
#Viale Regina Margherita 8, 00198 Roma
#e-mail: [EMAIL PROTECTED]
#Tel. 0684434207
#Fax  0684434200
#
#

Doco update, FAQ 4.14 - mysql_rlm error.

[Dave Seddon]

Title: Message



Greetings,

It 
might be nice to update the FAQ, part 4.14 (It says "Could not link...file not 
found", what do I do?", to suggest that perhaps the reason the rlm_sql module 
doesn't work is because it wasn't actually compiled. I recently had a very 
late night rebuilding a box, and in my delierium in the morning, had forgotten 
to do the make properly. It would have been good if the FAQ had suggest 
this. In FreeBSD, using the ports, the correct line was "cd 
/usr/ports/net/freeradius; make WITH_MYSQL_VER=3 all install". Other 
mysql version are WITH_MYSQL_VER=40, and WITH_MYSQL_VER=41. This was for 
verion freeradius 0.8.1.
thanks,
Dave Seddon

/usr/ports/mail/courier-imap/ authvchkpw?

[Dave Seddon]

Greetings,

I can't get VPOPMAIL authentication to build with the latest port of
/usr/ports/mail/courier-imap/.  Several weeks ago I could with an older
version, but I can't reproduce this.  I've tried modifying the configure
arguments in the Makefile, and everything else I can think of.  Maybe
somebody has some ideas.  -- Should I email the ports list?

I do this:
---
cd /usr/ports/mail/courier-imap
make clean
make WITH_VPOPMAIL=yes all install
---

And off it goes...during the build process I see this flash up, which
indicates to that the configure arguments are ok.  Looks like
--with-authvchkpw is working.
---
configure: running /bin/sh './configure' --prefix=/usr/local
'--without-authshadow' '--sysconfdir=/usr/local/etc/courier-imap'
'--with-userdb=/usr/local/etc/userdb'
'--datadir=/usr/local/share/courier-imap'
'--libexecdir=/usr/local/libexec/courier-imap'
'--enable-workarounds-for-imap-client-bugs' '--enable-unicode'
'--disable-root-check' '--with-authvchkpw' '--without-authldap'
'--without-authmysql' '--without-authpgsql' '--with-authpam'
'--without-authcram' '--prefix=/usr/local'
'--build=i386-portbld-freebsd4.8' 'LDFLAGS=-I/usr/local/lib/mysql'
'CFLAGS=-O -pipe -march=pentiumpro'
'CPPFLAGS=-I/usr/local/include/mysql'
'build_alias=i386-portbld-freebsd4.8' 'CC=cc'
--with-authchangepwdir=/usr/local/libexec/courier-imap/authlib
--with-db=db
--with-makedatprog='/usr/local/libexec/courier-imap/makedatprog'
--with-mailuser=root --without-socks
--with-authchangepwdir=/var/tmp/dev/null --with-package=courier-imap
--with-version=2.0.0 --cache-file=/dev/null --srcdir=.
---

However, when it finishes without complaint there is no authvchkpw
authentication program.
---
qmail# ls /usr/local/libexec/courier-imap/authlib/
authdaemon  authdaemond authdaemond.plain
authuserdb
---

Several weeks ago with version 1.7.0 I did manage to get it to work, but
I can't reproduce it.  I did save my original Makefile, and tried
rolling the port back to 1.7 but it still won't build.

Here's the authentication daemons I got to build last time.  These are
what I want.
---
qmail# pwd
/usr/home/das/qmail_backup/courier-imap
qmail# ll
total 544
-rwxr-xr-x  1 root  wheel   85093 Jun 24 17:45 authcustom
-r-xr-xr-x  1 root  wheel   15672 Jun 19 11:06 authdaemon
-rwxr-xr-x  1 root  wheel 408 Jun 19 11:06 authdaemond
-r-xr-xr-x  1 root  wheel   68572 Jun 19 11:06 authdaemond.plain
-rwxr-xr-x  1 root  wheel   59973 Jun 24 17:45 authpam
-rwxr-xr-x  1 root  wheel  116737 Jun 24 17:45 authuserdb
-rwxr-xr-x  1 root  wheel  181293 Jun 24 17:45 authvchkpw
---

thanks,

Dave

___
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

[vqadmin] Create Domain: open .qmailadmin-limits failed?

[Dave Seddon]

Greetings,

I posted a question the other day and haven't had any response at all. 
Error relates to creating domains, and getting error Create Domain:
open .qmailadmin-limits failed.

I've since started trying to understand the source.  I'm not much of a C
person, but it looks to me like the domain gets created before the
error, so maybe I could just comment out the section that's giving me
the error?

This is part of /usr/ports/mail/vqadmin/work/vqadmin-2.3.5/domain.c

This little section precedes the section with the error.
---
  /* add the domain with defaults */
  ret = vadddomain(domain, VPOPMAILDIR, VPOPMAILUID, VPOPMAILGID );
  if (ret != VA_SUCCESS) {
global_warning(verror(ret));
t_open(T_MAIN, 1);
  } else {
global_warning(Created Domain);
  }
---
So it looks like the domain has been added ok.

Then this bit follows, with the error.
---
  /* setup the .qmailadmin-limits file */
  vget_assign(domain,dir,156,uid,gid);
  strncat(dir,/.qmailadmin-limits, 156);
  if ( (fs = fopen(dir,w+)) == NULL ) {
global_warning(Create Domain: open .qmailadmin-limits failed);
t_open(T_MAIN, 1);
  }
---
Looks like it's just trying to open a file, in append mode if it's
already there.  So I'm not sure why it would fail this.

The /usr/local/vpopmail/domains dir permissions look ok.
---
qmail# cd /home/vpopmail/domains/
qmail# ll
total 12
-rw---  1 vpopmail  vchkpw34 Jun 19 16:00 .dir-control
drwx--  2 vpopmail  vchkpw  4096 Jun 23 16:23 test.com.au
---

I discovered that perhaps the vqadmin.cgi is the wrong user.
---
qmail# pwd
/usr/local/www/cgi-bin.default/vqadmin
qmail# ll
total 82
-rw-r--r--  1 nobodyvchkpw113 May 28 16:49 .htaccess
-rw-r--r--  1 root  vchkpw113 May 28 16:49 .htaccess.backup
drwxr-xr-x  2 vpopmail  vchkpw   1024 Jun 23 16:23 html
-rw-r--r--  1 vpopmail  vchkpw882 May 28 16:49 vqadmin.acl
-rw-r--r--  1 vpopmail  vchkpw882 May 28 14:56 vqadmin.acl.backup
-rwsr-sr-x  1 root  wheel   73220 Jun 23 16:23 vqadmin.cgi
---
so I changed that...
---
qmail# chown vpopmail:vchkpw vqadmin.cgi 
qmail# ll
total 82
-rw-r--r--  1 nobodyvchkpw113 May 28 16:49 .htaccess
-rw-r--r--  1 root  vchkpw113 May 28 16:49 .htaccess.backup
drwxr-xr-x  2 vpopmail  vchkpw   1024 Jun 23 16:23 html
-rw-r--r--  1 vpopmail  vchkpw882 May 28 16:49 vqadmin.acl
-rw-r--r--  1 vpopmail  vchkpw882 May 28 14:56 vqadmin.acl.backup
-rwsr-sr-x  1 vpopmail  vchkpw  73220 Jun 23 16:23 vqadmin.cgi
---

And now things are even worse.  Still getting the same error, plus a
bunch more errors.
---
could not open lock file /var/qmail/users/assign.lock could not open
lock file /var/qmail/control/rcpthosts.lock could not open lock file
/var/qmail/control/virtualdomains.lock could not open lock file
/var/qmail/control/locals.lock
Created Domain
Create Domain: open .qmailadmin-limits failed
---

Clearly the CGI needs to run as root to get permissions to play with
/var/qmail stuff.

So what should I do?  Should I try commenting out the whole section that
creates this file?


  /* setup the .qmailadmin-limits file */
  vget_assign(domain,dir,156,uid,gid);
  strncat(dir,/.qmailadmin-limits, 156);
  if ( (fs = fopen(dir,w+)) == NULL ) {
global_warning(Create Domain: open .qmailadmin-limits failed);
t_open(T_MAIN, 1);
  }
  
  if (lusers!=NULLstrlen(lusers)0)
fprintf(fs, maxpopaccounts: %s\n, lusers);
  
  if (lalias!=NULLstrlen(lalias)0)
fprintf(fs, maxaliases: %s\n, lalias);
  
  if (lfor!=NULLstrlen(lfor)0)
fprintf(fs, maxforwards: %s\n, lfor);
   
  if (lresponder!=NULLstrlen(lresponder)0)
fprintf(fs, maxautoresponders: %s\n, lresponder);
  
  if (llists!=NULLstrlen(llists)0)
fprintf(fs, maxmailinglists: %s\n, llists);
   
  if (quota!=NULL  strlen(quota)0)
fprintf(fs,default_quota: %s\n,quota);
  
  if (upop!=NULL)  fprintf(fs, disable_pop\n);
  if (uimap!=NULL) fprintf(fs, disable_imap\n);
  if (udialup!=NULL) fprintf(fs, disable_dialup\n);
  if (upassc!=NULL) fprintf(fs, disable_password_changing\n);
  if (uweb!=NULL) fprintf(fs, disable_webmail\n);
  if (urelay!=NULL) fprintf(fs, disable_external_relay\n);
  fclose(fs);
--

thanks,

Dave

[vqadmin] vpopmail and vqadmin

[Dave Seddon]

Greetings,

I'm trying to setup vpopmail  vqadmin using MySQL authentication on
FreeBSD 4.8.  Seems to build ok from the ports, but when I try to add
domains with vqadmin I get this error:

Create Domain: open .qmailadmin-limits failed

I've found reference to this error in the mailing list, however I still
can't solve the problem.

The directory at /usr/local/vpopmail/domains/new_domain_name.example get
created, and /var/qmail/users/assign gets updated, but the MySQL
database does not get any entries in the vpopmail table (two tables are
created, vpopmail  dir_control).  The database server is a separate box
running mysql 3.23.56.  I also tried using a Solaris 9 box with MySQL
4.0, which didn't work either, but I wasn't sure about the MySQL version
compatibility. -- does it matter if the DB is 4.0?

I've tried defining and un-defining:
 # WITH_MYSQL_LIMITS - enables the MySQL mailbox limit code
WITH_MYSQL_LIMITS=yes
in the vpopmail Makefile, but I still get the same error either way.

The /usr/local/vpopmail/domains is mounted via NFS.

thanks,

Dave

Cisco AvPairs and MySQL (and VRF)

[Dave Seddon]

Greetings,

Thanks to those who responded to by questions about DSL billing I'll get
back to you no that.  However I have another issue.

We're trying to configure PPP sessions to authenticate within VRFs.

We want to do something like this, this is the non-MySQL version:
-
DEFAULT Suffix = @test1.vpdn, Strip-User-Name = No 
Hint = PPP,
Service-Type = Framed-User,
Framed-Protocol = PPP,
cisco-avpair = lcp:interface-config=ip vrf
forwarding vrf1\\n ip unnumbered loopback1\\n peer
default ip address pool vpn1
-
I don't know what the \ns are supposed do, perhaps these get
interpreted by freeradius or the cisco as new line or the enter key,
like in c.  -- not sure at all

So we've got this in the mysql:
-
+-+--+---+-+--+
| id  | UserName | Attribute | Value   
   | op   |
+-+--+---+-+--+
|   4 | shdslTST@SMARTER | Framed-IP-Address | xxx.x.xxx.x 
   | ==   |
|   5 | shdslTST@SMARTER | Framed-IP-Netmask | 255.255.255.255 
   | ==   |
|   6 | shdslTST@SMARTER | Framed-Route  | xxx..xxx.xx/29
xxx.x.xxx.x 1   | ==   |
| 209 | shdslTST@SMARTER | Cisco-AVPair  | lcp:interface-config=ip
vrf forwarding hocking\n ip unnumbered Loopback 3\n | ==   |
+-+--+---+-+--+

When the authentication happens we don't see any mention in the cisco
debug of ppp.

Should the lcp bit be there?  I would have lcp was over before any
interface commands.

thanks,

Dave Seddon

-
Would you like to receive faxes to your personal email address?
You can with mBox.  Visit http://www.mbox.com.au/fax

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DSL Accouting?

[Dave Seddon]

Greetings,

Yeah IP accouting is how I do it now.  I use a FreeBSD bridge box, so
nobody can even see it.  Works well, however it makes billing on-net
traffic difficult if you aren't billing the PPP sessions.

thanks,

Dave

- Original Message -
From: Simon White [EMAIL PROTECTED]
Date: Tuesday, January 28, 2003 7:55 pm
Subject: Re: DSL Accouting?

 28-Jan-03 at 12:20, Dave Seddon ([EMAIL PROTECTED]) wrote :
  Thanks for your responce.
  
If your DSL box produces RADIUS accounting packets, then I 
 don't see
   why this would be necessary.
  
  Most ISP billing packages are designed to bill stardard dialup, 
 where there is a start and a stop.  DSL ppp sessions stay up for 
 ages, so a
  seesion might go for more than a month.  Also, billing packages 
 usually show pretty graphs of usage, based on starts and stops.  
 Therefore, it
  would make billing really easy if for each 'Alive' recieved, a 
 start and
   a stop was sent to the Billing system.  It would appear as if 
 each DSL
  customer connected and disconnected every ten minutes.
  
  Maybe you have an idea of an easier way?
 
 The way I have heard of is to use Linux traffic shaping on a 2.4.x
 kernel, where iptables will keep track of how much bandwidth each 
 IP has
 used as long as you get the rules right. However that's not trivial
 either if DHCP allocates a different IP each time there is an on/off,
 but then that can be tracked in liaison with Radius logs.
 
 Good luck.
 
 -- 
 |-Simon White, Internet Services Manager, Certified Check Point CCSA.
 |-MTDS  Internet, Security, Anti-Virus, Linux and Hosting Solutions.
 |-MTDS  14, rue du 16 novembre, Agdal, Rabat, Morocco.
 |-MTDS  tel +212.3.767.4861 - fax +212.3.767.4863
 
 - 
 List info/subscribe/unsubscribe? See 
 http://www.freeradius.org/list/users.html

-
Would you like to receive faxes to your personal email address?
You can with mBox.  Visit http://www.mbox.com.au/fax

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DSL Accouting?

[Dave Seddon]

Thanks for your responce.

  If your DSL box produces RADIUS accounting packets, then I don't see
 why this would be necessary.

Most ISP billing packages are designed to bill stardard dialup, where
there is a start and a stop.  DSL ppp sessions stay up for ages, so a
seesion might go for more than a month.  Also, billing packages usually
show pretty graphs of usage, based on starts and stops.  Therefore, it
would make billing really easy if for each 'Alive' recieved, a start and
 a stop was sent to the Billing system.  It would appear as if each DSL
customer connected and disconnected every ten minutes.

Maybe you have an idea of an easier way?

  Generating new packets is always problematic.  I would suggest
 avoiding it if you can.

Why is generating new packets problematic?  Surely proxying generates
packets reliably?

The billing system we use backeds to oracle, so I guess I could do
inserts directly into that, however I thought the community would be
better served by a module like I'm suggesting, that could input standard
dail-up radius into any billing system.

This would be better don't you think?

  Why would it be necessary to create a new start/stop packet?
 
  Any thoughts on whether it should be a seperate module or a 
  modification to the proxy code?
 
  A module.

Cool.  It looks like I can just copy the rlm_detail module.

 
  Alan DeKok.
 
 - 
 List info/subscribe/unsubscribe? See 
 http://www.freeradius.org/list/users.html


thanks,

Dave Seddon


-
Would you like to receive faxes to your personal email address?
You can with mBox.  Visit http://www.mbox.com.au/fax

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DSL Accouting?

[Dave Seddon]

Greetings,

 OK. I have a Cisco Terminating PPPoX and it also sends accounting 
 updates. I found I had to modify the update sql statements for them 
 to 
 do anything. Normal sql accounting is one record per call. I havent 
 checked the detail files.

What modifications did you make?  Could you send me the sql.conf file?  

How did you cope with counter roll?  If you keep doing UPDATE and the
counter rolls, at 32bits, then you'll get an update of a low number and
miss out on one metic s#it load of data.  The boss wouldn't be very happy.

 If you have any method of graphing resulting data, I would 
 appreciate a 
 holler

There are lots of billing system and other programs to graph standard
dialup radius accounting.  I'm currently thinking a module could recieve
an 'alive' and generate a start and a stop, with the difference between
two 'alives' calculated.

thanks,

Dave Seddon

-
Would you like to receive faxes to your personal email address?
You can with mBox.  Visit http://www.mbox.com.au/fax

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DSL Accouting?

[Dave Seddon]

Greetings,

 What exactly is it that you want to do? Make Extent work better, or 
 switch to 
 freeradius.

I want to make it easy for small dailup based ISPs to bill DSL
customers.  Most small ISPs use billing systems based on stop starts, so
it would be good for DSL wholesalers to be able to generate simple
radius packets for smaller ISPs.

 It sounds like freeradius is doing exactly what it is 
 configured 
 to do by default, and that is to UPDATE and exisiting session 
 record when it 
 recieves a ALIVE packet, NOT add a new record. I suggest you have a 
 good read 
 of sql.conf (or mysql.conf of whatever) and understand the queries 
 that are 
 being executed at different stages.
 I myself am using Freeradius with a large VoIP setup, and I found 
 that the 
 default queries were useless to me as they would kill the database. 
 I 
 switched all queries to INSERTS, set different types of records to 
 go to 
 different tables, and and threw away most of the default fields 
 that were 
 being stored and replaced them with Cisco VoIP specific attributes 
 (VSAs).
 You should not have to use a cron script to parse your detail 
 files. Just 
 modify the freeradius queries so it stores the information that you 
 want.

Different tables for different types of session?  or was that for load
reasons?  Perhaps different tables for different realms?

 I also found that MySQL simply could not handle the load I was 
 throwing at it, 
 so I switched to Postgres and have been happy ever since. The fact 
 that 
 postgres can do sub selects and views, makes it much more usefull 
 if you have 
 split your radacct table up into multiple tables too.
 Not to mention that I use the start and stop times as reported by 
 the ciscos 
 instead of having freeradius timestamp the records, which is much 
 more 
 accurate, and postgres supports cisco timestamp format while mysql 
 does not.
 

Very intersting.  Thanks.  Also thanks to Kostas Kalevras for his
comment on MySQL.  Looks like Postgres could be the go for lots of reasons.

Which part of freeradius creates the timestamps?

thanks,

Dave

 On Sun, 26 Jan 2003 04:16 am, Dave Seddon wrote:
  Greetings,
 
  Still wondering how to convert DSL interum updates to standard 
 dail-up
  type radius accounting.
 
  I've done some digging through the source code, and have decided 
 that perhaps I need to create a module, perhaps 
 rlm_alive_to_dialup.  If
  the new module was based on rlm_detail, it would just be a matter of
  linking to a mysql database to see the last update, calculate the
  difference, then generate the new radius packets, for start and 
 stop.
  I'm also wondering if this should be part of the proxy (which 
 seems to
  be in the realm code) functionality, eg. Make the proxy feature 
 break RFC and allow it to modify the 'alive' and create a 'start' and
  a 'stop'.
 
  Any thoughts on whether it should be a seperate module or a
  modification to the proxy code?
 
  thanks,
 
  Dave Seddon
 
  - Original Message -
  From: Dave Seddon [EMAIL PROTECTED]
  Date: Saturday, January 25, 2003 4:20 pm
  Subject: DSL Accouting?
 
   Greetings,
  
   I'm new to the list.  I have two issues:
   -Problem logging accounting
   -Alive packet processing and integration with dial-up billing
  
   I use Freeradius(7.0) with MySQL(3.23.54) on FreeBSD(4.7) to
   authenticate lots of xDSL PPP sessions via an L2TP tunnel
   terminated on
   a big Cisco box.  It works very well, however for some reason
   accounting records do not get put in the 'radacct' mysql table.
   There
   are some records in the table, but no where near as many as their
   should be since Interim updates or Alive packets get sent by the
   Cisco
   every 10 minutes.  However I do get all the accouting records
   in /var/log/radacct/ip_address/detail.
  
   Here is some of the /usr/local/etc/raddb/radius.conf.  The
   accounting
   section seems correct.  The sql.conf is untouched from the example
   (except for the password and username).
   
   authorize {
  preprocess
  suffix
  sql
  files
   }
   authenticate {
   }
   preacct {
  preprocess
  suffix
  files
   }
   accounting {
  detail
   #   unix
  sql
  radutmp
   }
   
   So what could be wrong?
  
   To see what data I was getting in the detail log, I wote a little
   perl
   script to parse the detail log and stick the data in MySQL so I
   could
   easily do select statements.  I discovered that the records I
   created
   where structured differently, so perhaps that's why it's not going
   to
   the Freeradius radacct table?  Essentially, the difference is
   the Tunnel attributes.
  
   The database structure I created is:
   -
   drop database radiusaccounting;
   create database radiusaccounting;
   use radiusaccounting;
  
   CREATE TABLE radacct

Re: DSL Accouting?

[Dave Seddon]

 How did you cope with counter roll?  If you keep doing UPDATE and 
 thecounter rolls, at 32bits, then you'll get an update of a low 
 number and
 miss out on one metic s#it load of data.  The boss wouldn't be very 
 happy.

Sorry, I just checked and it seems that the counter roll is at 31 bits
(on a cisco).

dave

-
NEW to mBox, receive faxes to any email address!
Find out more http://www.mbox.com.au/fax

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Re: DSL Accouting?

[Dave Seddon]

Greetings,

Still wondering how to convert DSL interum updates to standard dail-up 
type radius accounting.

I've done some digging through the source code, and have decided that 
perhaps I need to create a module, perhaps rlm_alive_to_dialup.  If 
the new module was based on rlm_detail, it would just be a matter of 
linking to a mysql database to see the last update, calculate the 
difference, then generate the new radius packets, for start and stop.  

I'm also wondering if this should be part of the proxy (which seems to 
be in the realm code) functionality, eg. Make the proxy feature break 
RFC and allow it to modify the 'alive' and create a 'start' and 
a 'stop'.

Any thoughts on whether it should be a seperate module or a 
modification to the proxy code?

thanks,

Dave Seddon

- Original Message -
From: Dave Seddon [EMAIL PROTECTED]
Date: Saturday, January 25, 2003 4:20 pm
Subject: DSL Accouting?

 Greetings,
 
 I'm new to the list.  I have two issues:
 -Problem logging accounting 
 -Alive packet processing and integration with dial-up billing
 
 I use Freeradius(7.0) with MySQL(3.23.54) on FreeBSD(4.7) to 
 authenticate lots of xDSL PPP sessions via an L2TP tunnel 
 terminated on 
 a big Cisco box.  It works very well, however for some reason 
 accounting records do not get put in the 'radacct' mysql table.  
 There 
 are some records in the table, but no where near as many as their 
 should be since Interim updates or Alive packets get sent by the 
 Cisco 
 every 10 minutes.  However I do get all the accouting records 
 in /var/log/radacct/ip_address/detail.
 
 Here is some of the /usr/local/etc/raddb/radius.conf.  The 
 accounting 
 section seems correct.  The sql.conf is untouched from the example 
 (except for the password and username).
 
 authorize {
preprocess
suffix
sql
files
 }
 authenticate {
 }
 preacct {
preprocess
suffix
files
 }
 accounting {
detail
 #   unix
sql
radutmp
 }
 
 So what could be wrong?
 
 To see what data I was getting in the detail log, I wote a little 
 perl 
 script to parse the detail log and stick the data in MySQL so I 
 could 
 easily do select statements.  I discovered that the records I 
 created 
 where structured differently, so perhaps that's why it's not going 
 to 
 the Freeradius radacct table?  Essentially, the difference is 
 the Tunnel attributes.
 
 The database structure I created is:
 -
 drop database radiusaccounting;
 create database radiusaccounting;
 use radiusaccounting;
 
 CREATE TABLE radacct (
  RadAcctId int unsigned NOT NULL auto_increment,
  NASIPAddress varchar(15) NOT NULL default '',
  NASPortId tinyint unsigned default NULL,
  NASPortType varchar(32) default NULL,
  UserName varchar(64) NOT NULL default '',
  AcctStatusType varchar(20) NOT NULL default '',
  AcctAuthentic varchar(20) NOT NULL default '',
  ServiceType varchar(32) default NULL,
  AcctSessionID varchar(12) NOT NULL default '',
  FramedProtocol varchar(6) default NULL,
  TunnelServerEndpoint varchar(15) NOT NULL default '',
  TunnelClientEndpoint varchar(15) NOT NULL default '',
  TunnelType varchar(10) NOT NULL default '',
  TunnelClientAuthID varchar(25) NOT NULL default '',
  TunnelServerAuthID varchar(25) NOT NULL default '',
  AcctTunnelConnection int unsigned default NULL,
  FramedIPAddress varchar(15) NOT NULL default '',
  AcctInputOctets int unsigned default NULL,
  AcctOutputOctets int unsigned default NULL,
  AcctInputPackets int unsigned default NULL,
  AcctOutputPackets int unsigned default NULL,
  AcctSessionTime int unsigned default NULL,
  AcctDelayTime int unsigned default NULL,
  ClientIPAddress varchar(15) NOT NULL,
  TimeStamp bigint unsigned default NULL,
  HumanTime varchar(10) default NULL,
  PRIMARY KEY  (RadAcctId),
  KEY UserName (UserName)
 );
 -
 
 So I've kind of solved the problem of getting the accouting data 
 into 
 the MySQL database, however it's a bit crap cos I need to process 
 the 
 logs with a cron job, instead of automatically inserting from 
 FreeRadius.
 
 My company has lots of dialup also, and an ISP billing system 
 called 
 Extent (with built in radius) that works fine fo these dialup 
 customers, however is unaware of 'Alive' packets.  I'd really like 
 to 
 feed the accounting data from Freeradius to the Extent billing 
 package.  I'm thinking that for every Alive packet recieved from 
 the 
 RAS box perhaps I could calculate the difference in Octets between 
 now 
 and the last 'Alive', and then send a fake radius start and stop 
 record 
 to Extent, such that Extent would think the DSL user had dialed up 
 for 
 10 minutes, used X amount of data, and hungup.  This way the 
 standard 
 way of calculating usage would occur, and usage graphs, etc, would 
 all 
 work fine.  It would be very nice to build

DSL Accouting?

[Dave Seddon]

Greetings,

I'm new to the list.  I have two issues:
-Problem logging accounting 
-Alive packet processing and integration with dial-up billing

I use Freeradius(7.0) with MySQL(3.23.54) on FreeBSD(4.7) to 
authenticate lots of xDSL PPP sessions via an L2TP tunnel terminated on 
a big Cisco box.  It works very well, however for some reason 
accounting records do not get put in the 'radacct' mysql table.  There 
are some records in the table, but no where near as many as their 
should be since Interim updates or Alive packets get sent by the Cisco 
every 10 minutes.  However I do get all the accouting records 
in /var/log/radacct/ip_address/detail.

Here is some of the /usr/local/etc/raddb/radius.conf.  The accounting 
section seems correct.  The sql.conf is untouched from the example 
(except for the password and username).

authorize {
preprocess
suffix
sql
files
}
authenticate {
}
preacct {
preprocess
suffix
files
}
accounting {
detail
#   unix
sql
radutmp
}

So what could be wrong?

To see what data I was getting in the detail log, I wote a little perl 
script to parse the detail log and stick the data in MySQL so I could 
easily do select statements.  I discovered that the records I created 
where structured differently, so perhaps that's why it's not going to 
the Freeradius radacct table?  Essentially, the difference is 
the Tunnel attributes.

The database structure I created is:
-
drop database radiusaccounting;
create database radiusaccounting;
use radiusaccounting;

CREATE TABLE radacct (
  RadAcctId int unsigned NOT NULL auto_increment,
  NASIPAddress varchar(15) NOT NULL default '',
  NASPortId tinyint unsigned default NULL,
  NASPortType varchar(32) default NULL,
  UserName varchar(64) NOT NULL default '',
  AcctStatusType varchar(20) NOT NULL default '',
  AcctAuthentic varchar(20) NOT NULL default '',
  ServiceType varchar(32) default NULL,
  AcctSessionID varchar(12) NOT NULL default '',
  FramedProtocol varchar(6) default NULL,
  TunnelServerEndpoint varchar(15) NOT NULL default '',
  TunnelClientEndpoint varchar(15) NOT NULL default '',
  TunnelType varchar(10) NOT NULL default '',
  TunnelClientAuthID varchar(25) NOT NULL default '',
  TunnelServerAuthID varchar(25) NOT NULL default '',
  AcctTunnelConnection int unsigned default NULL,
  FramedIPAddress varchar(15) NOT NULL default '',
  AcctInputOctets int unsigned default NULL,
  AcctOutputOctets int unsigned default NULL,
  AcctInputPackets int unsigned default NULL,
  AcctOutputPackets int unsigned default NULL,
  AcctSessionTime int unsigned default NULL,
  AcctDelayTime int unsigned default NULL,
  ClientIPAddress varchar(15) NOT NULL,
  TimeStamp bigint unsigned default NULL,
  HumanTime varchar(10) default NULL,
  PRIMARY KEY  (RadAcctId),
  KEY UserName (UserName)
);
-

So I've kind of solved the problem of getting the accouting data into 
the MySQL database, however it's a bit crap cos I need to process the 
logs with a cron job, instead of automatically inserting from 
FreeRadius.

My company has lots of dialup also, and an ISP billing system called 
Extent (with built in radius) that works fine fo these dialup 
customers, however is unaware of 'Alive' packets.  I'd really like to 
feed the accounting data from Freeradius to the Extent billing 
package.  I'm thinking that for every Alive packet recieved from the 
RAS box perhaps I could calculate the difference in Octets between now 
and the last 'Alive', and then send a fake radius start and stop record 
to Extent, such that Extent would think the DSL user had dialed up for 
10 minutes, used X amount of data, and hungup.  This way the standard 
way of calculating usage would occur, and usage graphs, etc, would all 
work fine.  It would be very nice to build this functionality into 
Freeradius.  -- Perhaps I should email the developers list about how to 
do this?

thanks,

Dave Seddon 


-
Would you like to receive faxes to your personal email address?
You can with mBox.  Visit http://www.mbox.com.au/fax

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html