IPFW tables, dummynet and IPv6
Hi lists, Are there any plans to implement IPv6 tables in ipfw? It would seem that our gov. may want to force us into IPv6 in 6 months ;) Cheers. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: IPFW tables, dummynet and IPv6
Pawel Tyll wrote: Hi lists, Are there any plans to implement IPv6 tables in ipfw? It would seem that our gov. may want to force us into IPv6 in 6 months ;) I've got working implementation for IPv4+IPv6 and interface tables: 15:56 [0] zfsbase# /usr/obj/usr/src/sbin/ipfw/ipfw table 2 list 1.2.3.4/30 0 2a02:978::/64 0 15:16 [0] zfsbase# /usr/obj/usr/src/sbin/ipfw/ipfw table 4 list em4/em4 2 vlan144/vlan144 1 vlan145/vlan145 11000 vlan146/vlan146 12000 I plan to commit it today/tomorrow. 8.2-S diff will be available, too Cheers. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org signature.asc Description: OpenPGP digital signature
Re: IPFW tables, dummynet and IPv6
Hi Alexander, I've got working implementation for IPv4+IPv6 and interface tables: Lately every time I have some kind of problem, you come with a solution ready : Thanks for the heads-up! ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: ng_mppc_decompress: too many (4094) packets dropped, disabling node
Reference: From: Sami Halabi sodyn...@gmail.com Please do not top post. Sami Halabi wrote: Hi, I'm using FBSD8.2-R-p4, You omitted to say that in first post. i just commented that the only discussion i found is for old releases without fedback if that helped. I appreciate any help. Now people know it's a current problem, more may look at it. Good luck. Sami On Sat, Dec 17, 2011 at 7:48 PM, Julian H. Stacey j...@berklix.com wrote: Hi, Sami Halabi wrote: I dropped isp@ as it seems not relevant to list remit. any ideas? You'r using Obsolete FreeBSD. Try 8.2 or stable or 9.0-RC3 or current people could be interested. If you company forces you to use obsolete FreeBSD for commercial reasons, use their money for a solution: pay some BSD consultant somewhere on a world wide list: http://berklix.com/consultants/ Sami On Thu, Dec 15, 2011 at 9:51 PM, Sami Halabi sodyn...@gmail.com wrote: Hi, I've searched the net andfound basicly 2 threads talking about the message: ng_mppc_decompress: too many (4094) packets dropped, disabling node in FBSD 6.3 http://lists.freebsd.org/pipermail/freebsd-bugs/2008-April/030183.htmlits a pr 123045 and 5.4. http://markmail.org/message/lptpp4qmiwksazxc basicly suggested to set define MPPE_MAX_REKEY to a higher values and found somewhere a patch that changes it to variable rather than using it as macro i saw no answer indicating this really solves the problem. did anyone have a solution tothe problem? i'm suffering from it even i have about 200 concurrent connections, as i read MPD+FREEBSD usually can utilize thousands of sessions. Thanks in advance, -- Sami Halabi Information Systems Engineer NMS Projects Expert -- Sami Halabi Information Systems Engineer NMS Projects Expert ___ freebsd-...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to freebsd-isp-unsubscr...@freebsd.org Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, indent with . Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. EU tax to kill London Vetoed http://berklix.com/~jhs/blog/2011_12_11 -- Sami Halabi Information Systems Engineer NMS Projects Expert ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, indent with . Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. EU tax to kill London Vetoed http://berklix.com/~jhs/blog/2011_12_11 ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: ng_mppc_decompress: too many (4094) packets dropped, disabling node
Hi, i actually tried that (setting REKEY to 1500 instead of 1000) but i still see this message in the /var/log/messages... help, Sami On Sun, Dec 18, 2011 at 2:22 PM, Julian H. Stacey j...@berklix.com wrote: Reference: From: Sami Halabi sodyn...@gmail.com Please do not top post. Sami Halabi wrote: Hi, I'm using FBSD8.2-R-p4, You omitted to say that in first post. i just commented that the only discussion i found is for old releases without fedback if that helped. I appreciate any help. Now people know it's a current problem, more may look at it. Good luck. Sami On Sat, Dec 17, 2011 at 7:48 PM, Julian H. Stacey j...@berklix.com wrote: Hi, Sami Halabi wrote: I dropped isp@ as it seems not relevant to list remit. any ideas? You'r using Obsolete FreeBSD. Try 8.2 or stable or 9.0-RC3 or current people could be interested. If you company forces you to use obsolete FreeBSD for commercial reasons, use their money for a solution: pay some BSD consultant somewhere on a world wide list: http://berklix.com/consultants/ Sami On Thu, Dec 15, 2011 at 9:51 PM, Sami Halabi sodyn...@gmail.com wrote: Hi, I've searched the net andfound basicly 2 threads talking about the message: ng_mppc_decompress: too many (4094) packets dropped, disabling node in FBSD 6.3 http://lists.freebsd.org/pipermail/freebsd-bugs/2008-April/030183.htmlits a pr 123045 and 5.4. http://markmail.org/message/lptpp4qmiwksazxc basicly suggested to set define MPPE_MAX_REKEY to a higher values and found somewhere a patch that changes it to variable rather than using it as macro i saw no answer indicating this really solves the problem. did anyone have a solution tothe problem? i'm suffering from it even i have about 200 concurrent connections, as i read MPD+FREEBSD usually can utilize thousands of sessions. Thanks in advance, -- Sami Halabi Information Systems Engineer NMS Projects Expert -- Sami Halabi Information Systems Engineer NMS Projects Expert ___ freebsd-...@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to freebsd-isp-unsubscr...@freebsd.org Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, indent with . Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. EU tax to kill London Vetoed http://berklix.com/~jhs/blog/2011_12_11 -- Sami Halabi Information Systems Engineer NMS Projects Expert ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, indent with . Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. EU tax to kill London Vetoed http://berklix.com/~jhs/blog/2011_12_11 -- Sami Halabi Information Systems Engineer NMS Projects Expert ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: IPFW tables, dummynet and IPv6
On Sun, Dec 18, 2011 at 3:58 AM, Alexander V. Chernikov melif...@freebsd.org wrote: Pawel Tyll wrote: Hi lists, Are there any plans to implement IPv6 tables in ipfw? It would seem that our gov. may want to force us into IPv6 in 6 months ;) I've got working implementation for IPv4+IPv6 and interface tables: 15:56 [0] zfsbase# /usr/obj/usr/src/sbin/ipfw/ipfw table 2 list 1.2.3.4/30 0 2a02:978::/64 0 15:16 [0] zfsbase# /usr/obj/usr/src/sbin/ipfw/ipfw table 4 list em4/em4 2 vlan144/vlan144 1 vlan145/vlan145 11000 vlan146/vlan146 12000 I plan to commit it today/tomorrow. 8.2-S diff will be available, too Thanks! I've been wanting this for a long time as working around it involved some really, really ugly hacks if you must support IPv6 (which we do). -- R. Kevin Oberman, Network Engineer E-mail: kob6...@gmail.com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: Intel 82550 Pro/100 Ethernet and TSO troubles
On 12/16/11, Eugene Grosbein wrote: (Sorry Eugene, I didn't get your message until I searched the web). Do you use NAT? man ipfw clearly states: ipfw nat is not compatible with the TCP segmentation offloading (TSO). Thus, to reliably nat your net- work traffic, please disable TSO on your NICs using ifconfig(8) Yes, I'm using ipfw and NAT, so this is the problem. Thanks for solving me this. I'm just wondering if it was a good idea to enable TSO by default without at least a warning in the release notes or in UPDATING. This has caused me some headaches, which is ok, I'm just sorry I've also wasted some of YongHyeon's time; what's worse, I believe I won't be the only one hit by this. bye Thanks av. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: vlan without ip address
first of all, you should name and number you vlan same, if it's clan10 on the one side, then it's vlan10 on the other side and in betweeen. then (though you have to do it first of all), you should understand how vlan's work, and after that connect ports to each other according to your scheme. -- your sweet isn't ready yet On Sun, Dec 18, 2011 at 10:01 AM, saeedeh motlagh saeedeh.motl...@gmail.com wrote: i have 3 freebsd system: 0.28 , 0.25 and 0.12 which 28 is assumed to be switch here. one interface of 28 is connected to 25 and the other interface of 28 is connected to 12. as mentioned below, i've defined two vlan10 and 11 with the same vlan id on the 28 and bridge them. now i can't ping 0.25 from 0.12. what's wrong here? should i define vlan10 on 12 and 25? please tell me if i'm misunderstanding. this is the ifconfig for 0.28: vlan10: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=3RXCSUM,TXCSUM ether 00:27:0e:03:4b:2f media: Ethernet autoselect (1000baseT full-duplex) status: active vlan: 10 parent interface: gbeth0 vlan11: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=100TSO4 ether 00:30:4f:63:5a:bc media: Ethernet autoselect (none) status: active vlan: 10 parent interface: msk0 bridge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 ether d6:c4:f6:0f:5e:4f id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: vlan11 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 6 priority 128 path cost 55 member: vlan10 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 5 priority 128 path cost 2 On Sat, Dec 17, 2011 at 8:47 PM, Alireza Torabi alireza.tor...@gmail.comwrote: َAlso it's a good idea to to attach a ifconfig output. On 12/17/11, saeedeh motlagh saeedeh.motl...@gmail.com wrote: when i do that, the vlan is defined but from a system in a vlan, i can't ping the other one which is in the same vlan. so i think that the vlan is not working. am i right? On Sat, Dec 17, 2011 at 1:15 PM, Juli Mallett jmall...@freebsd.org wrote: You probably just need to do ifconfig vlanxxx up instead of assigning an IP. On Sat, Dec 17, 2011 at 00:08, saeedeh motlagh saeedeh.motl...@gmail.com wrote: hi every body i wanna configure a freebsd box as a switch. in order to do that, i bridged all my interfaces to have switching and it works fine. after that i want to have vlans on it. as you know, in a real switch, a vlan is configured just by assigning a port to it without any additional configuration and vlans are submitted just by name. but in freebsd a vlan just works when it has an ip address (i think). when i define vlan121 on two freebsd systems with ip address it works fine but without ip address i don't know how it should be worked. can sombody tell me if it is possible to simulate vlans in freebsd as they are in a real switch? i mean can we have vlans without ip addresses which works fine? maybe some kind of vlan which works by MAc address. is it possible? it's so necessary for me to do that:( yours, motlagh ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
What is the relationship between Intel and FreeBSD in regards to igb(4)?
I'm trying to wrap my head around the igb(4) drivers. As I've understood this driver is written by Intel and they distribute it from their Download Center. The driver also seems to be included in the default installation of FreeBSD (yet I can't seem to find anything relevant in src/sys/dev/igb). However, when comparing the igb(4) man page (of FreeBSD) and the readme for igb-2.2.3.tar.gz (of Intel) there are differences in supported devices. Am I right in suspecting that Intel does all the developing in-house and then, from time to time, their source gets pushed/synced with the FreeBSD source tree? Does that mean that current the man page for igb(4) lists fewer supported devices because igb(4) on FreeBSD itself is out of date? If that is the case, how often does FreeBSD pull new versions of igb from Intel? Any input is greatly appreciated, thanks! Regards, Tanel Rebane P.S: Please CC me as I'm not subscribed to this list. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re[2]: gif tunnel ipv4 over ipv4 don't work
15 декабря 2011, 05:08 от Bjoern A. Zeeb bzeeb-li...@lists.zabbadoz.net: On 14. Dec 2011, at 23:11 , Andrey Smagin wrote: Hi All! I found next issue with gif tunnels. gif3 work look's like mpd without tcpmssfix - google opened, but another sites waiting read forever Given it's RFC1918 addresses, this normally sounds like a firewall/NAT with ICMP filter breaking PMTU issue. Issue is: I only updated system from old 9current to 10current and gif3 don't work correctly after that. If I use ports/net/vtun to organize absolutely identical tunnel - all work good. I don't change firewall rules or NAT, only type of tunnel. ifaces with vtun MainBox tap3: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8LINKSTATE ether 00:bd:b3:b5:3a:03 inet 192.168.254.69 netmask 0xfffc broadcast 192.168.254.71 inet6 fe80::2bd:b3ff:feb5:3a03%tap3 prefixlen 64 scopeid 0x19 nd6 options=21PERFORMNUD,AUTO_LINKLOCAL Opened by PID 68549 Box3 tap3: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=8LINKSTATE ether 00:bd:2f:5e:33:01 inet6 fe80::2bd:2fff:fe5e:3301%tap1 prefixlen 64 scopeid 0xa inet 192.168.254.70 netmask 0xfffc broadcast 192.168.254.71 nd6 options=21PERFORMNUD,AUTO_LINKLOCAL Opened by PID 9319 -- Bjoern A. Zeeb You have to have visions! Stop bit received. Insert coin for new address family. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: What is the relationship between Intel and FreeBSD in regards to igb(4)?
On Wed, Dec 14, 2011 at 8:33 AM, Tanel Rebane ta...@rebane.se wrote: I'm trying to wrap my head around the igb(4) drivers. As I've understood this driver is written by Intel and they distribute it from their Download Center. The driver also seems to be included in the default installation of FreeBSD (yet I can't seem to find anything relevant in src/sys/dev/igb). However, when comparing the igb(4) man page (of FreeBSD) and the readme for igb-2.2.3.tar.gz (of Intel) there are differences in supported devices. Am I right in suspecting that Intel does all the developing in-house and then, from time to time, their source gets pushed/synced with the FreeBSD source tree? Does that mean that current the man page for igb(4) lists fewer supported devices because igb(4) on FreeBSD itself is out of date? If that is the case, how often does FreeBSD pull new versions of igb from Intel? Any input is greatly appreciated, thanks! Jack Vogel works for Intel and writes and maintains the em and igb drivers. He has recently mentioned that the Intel distribution may, on occasion, lead the version committed to FreeBSD, but they are usually identical. An inconsistency between supported device types is probably an oversight. Jack as a commit bit and he is the one who updates both FreeBSD and the Intel distributions. Jack posted information on this a week or two ago, but I don't seem to find it, though I m sure it's in the archive, somewhere and the right search terms will find it. -- R. Kevin Oberman, Network Engineer E-mail: kob6...@gmail.com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: What is the relationship between Intel and FreeBSD in regards to igb(4)?
Kevin is correct :) When it comes to the man pages the problem is that even though we have a docs group internally, they are not really independent, and doing development and support on the drivers keeps me fully occupied.. so the docs tend to lag a bit. If you have specific questions I am lurking about (even when I'm on vacation like right now :)) and am happy to do my best to answer. Happy Holidays! Jack On Sun, Dec 18, 2011 at 2:56 PM, Kevin Oberman kob6...@gmail.com wrote: On Wed, Dec 14, 2011 at 8:33 AM, Tanel Rebane ta...@rebane.se wrote: I'm trying to wrap my head around the igb(4) drivers. As I've understood this driver is written by Intel and they distribute it from their Download Center. The driver also seems to be included in the default installation of FreeBSD (yet I can't seem to find anything relevant in src/sys/dev/igb). However, when comparing the igb(4) man page (of FreeBSD) and the readme for igb-2.2.3.tar.gz (of Intel) there are differences in supported devices. Am I right in suspecting that Intel does all the developing in-house and then, from time to time, their source gets pushed/synced with the FreeBSD source tree? Does that mean that current the man page for igb(4) lists fewer supported devices because igb(4) on FreeBSD itself is out of date? If that is the case, how often does FreeBSD pull new versions of igb from Intel? Any input is greatly appreciated, thanks! Jack Vogel works for Intel and writes and maintains the em and igb drivers. He has recently mentioned that the Intel distribution may, on occasion, lead the version committed to FreeBSD, but they are usually identical. An inconsistency between supported device types is probably an oversight. Jack as a commit bit and he is the one who updates both FreeBSD and the Intel distributions. Jack posted information on this a week or two ago, but I don't seem to find it, though I m sure it's in the archive, somewhere and the right search terms will find it. -- R. Kevin Oberman, Network Engineer E-mail: kob6...@gmail.com ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: What is the relationship between Intel and FreeBSD in regards to igb(4)?
OH, and a bit further comment... I maintain all the Intel based 1 and 10G drivers, which means dev/e1000 and dev/ixgbe. ALL Intel released devices right up to the present are supported in these drivers as of the source in HEAD. Of course we (Intel) are always working on new hardware, and thus I am usually in development on new stuff at any given time as well, but I have been kept code as up to date as our policy allows now for over 5 years. Jack ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: Intel 82550 Pro/100 Ethernet and TSO troubles
On Sun, Dec 18, 2011 at 08:10:20PM +0100, Andrea Venturoli wrote: On 12/16/11, Eugene Grosbein wrote: (Sorry Eugene, I didn't get your message until I searched the web). Do you use NAT? man ipfw clearly states: ipfw nat is not compatible with the TCP segmentation offloading (TSO). Thus, to reliably nat your net- work traffic, please disable TSO on your NICs using ifconfig(8) Yes, I'm using ipfw and NAT, so this is the problem. Thanks for solving me this. I'm just wondering if it was a good idea to enable TSO by default without at least a warning in the release notes or in UPDATING. This has caused me some headaches, which is ok, I'm just sorry I've also wasted some of YongHyeon's time; what's worse, I believe I won't be the That's fine. This made me re-read fxp(4) TSO path and I was able to identify possible flaw in the implementation. Will commit the fix. only one hit by this. bye Thanks av. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: Problem on re0
On Sat, Dec 17, 2011 at 06:49:48PM +0200, Sami Halabi wrote: Hi, I've moved to a new server with bge card driver, similar configuration: /etc/sysctl.conf net.inet.flowtable.enable=0 net.inet.ip.fastforwarding=1 kern.ipc.somaxconn=8192 kern.ipc.shmmax=2147483648 kern.ipc.maxsockets=204800 kern.ipc.maxsockbuf=2097152 hw.intr_storm_threshold=9000 kern.maxfiles=256000 kern.maxfilesperproc=230400 net.inet.ip.dummynet.pipe_slot_limit=1000 #net.inet.ip.dummynet.io_fast=1 net.link.ether.ipfw=1 kern.ipc.nmbclusters=409600 net.graph.recvspace=40960 net.graph.maxdgram=40960 Kernel --- device lagg options IPFIREWALL options IPFIREWALL_FORWARD options IPFIREWALL_VERBOSE options DUMMYNET options HZ=1000 options TCP_SIGNATURE device crypto # core crypto support device cryptodev # /dev/crypto for access to h/w options IPSEC options DEVICE_POLLING device if_bridge /boot/loader.conf net.graph.maxalloc=128000 net.graph.maxdata=128000 net.graph.threads=4 and i have similar problem.. i check each minute for ping and i see sometimes loss of 50% or 100% (ping -c 2 -t 4 otherside.ip.com), here are the sysctl dev.bge.1.stats: dev.bge.1.stats.FramesDroppedDueToFilters: 0 dev.bge.1.stats.DmaWriteQueueFull: 2291350 dev.bge.1.stats.DmaWriteHighPriQueueFull: 0 dev.bge.1.stats.NoMoreRxBDs: 0 dev.bge.1.stats.InputDiscards: 0 dev.bge.1.stats.InputErrors: 0 dev.bge.1.stats.RecvThresholdHit: 124120300 dev.bge.1.stats.DmaReadQueueFull: 13470948 dev.bge.1.stats.DmaReadHighPriQueueFull: 962 dev.bge.1.stats.SendDataCompQueueFull: 0 dev.bge.1.stats.RingSetSendProdIndex: 349289174 dev.bge.1.stats.RingStatusUpdate: 260304688 dev.bge.1.stats.Interrupts: 260304688 dev.bge.1.stats.AvoidedInterrupts: 0 dev.bge.1.stats.SendThresholdHit: 0 dev.bge.1.stats.rx.ifHCInOctets: 2165908673 dev.bge.1.stats.rx.Fragments: 0 dev.bge.1.stats.rx.UnicastPkts: 237503495 dev.bge.1.stats.rx.MulticastPkts: 0 dev.bge.1.stats.rx.FCSErrors: 0 dev.bge.1.stats.rx.AlignmentErrors: 0 dev.bge.1.stats.rx.xonPauseFramesReceived: 0 dev.bge.1.stats.rx.xoffPauseFramesReceived: 0 dev.bge.1.stats.rx.ControlFramesReceived: 0 dev.bge.1.stats.rx.xoffStateEntered: 0 dev.bge.1.stats.rx.FramesTooLong: 0 dev.bge.1.stats.rx.Jabbers: 0 dev.bge.1.stats.rx.UndersizePkts: 0 dev.bge.1.stats.rx.inRangeLengthError: 0 dev.bge.1.stats.rx.outRangeLengthError: 0 dev.bge.1.stats.tx.ifHCOutOctets: 1956421618 dev.bge.1.stats.tx.Collisions: 0 dev.bge.1.stats.tx.XonSent: 0 dev.bge.1.stats.tx.XoffSent: 0 dev.bge.1.stats.tx.flowControlDone: 0 dev.bge.1.stats.tx.InternalMacTransmitErrors: 0 dev.bge.1.stats.tx.SingleCollisionFrames: 0 dev.bge.1.stats.tx.MultipleCollisionFrames: 0 dev.bge.1.stats.tx.DeferredTransmissions: 0 dev.bge.1.stats.tx.ExcessiveCollisions: 0 dev.bge.1.stats.tx.LateCollisions: 0 dev.bge.1.stats.tx.UnicastPkts: 347260508 dev.bge.1.stats.tx.MulticastPkts: 0 dev.bge.1.stats.tx.BroadcastPkts: 30306 dev.bge.1.stats.tx.CarrierSenseErrors: 0 dev.bge.1.stats.tx.Discards: 0 dev.bge.1.stats.tx.Errors: 0 this driver gives more statics... please help me, this causes us serious problems with customers. Given that you see the same issue with bge(4) it looks like the root cause is not in ethernet driver. I also see no evidence of dropped frames from bge(4) hardware MAC statistics. It seems you have really complex network configuration(ipfw(4), lagg(4), dummynet(4), bridge(4) and ipsec(4) etc). Finding out simplest network setup that shows the issue would be required here. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: kern/144572: [carp] CARP preemption mode traffic partially goes to backup node
The following reply was made to PR kern/144572; it has been noted by GNATS. From: Eugene M. Zheganin eug...@zhegan.in To: bug-follo...@freebsd.org, e...@norma.perm.ru Cc: Subject: Re: kern/144572: [carp] CARP preemption mode traffic partially goes to backup node Date: Mon, 19 Dec 2011 10:36:47 +0600 Please close this PR, looks like FreeBSD has nothing with it. In case someone will find this thread here, I should notice that I got this in setup like (A, B nodes with carp) ethernet--- catalyst -ethernet--- cisco 2811 Only the machines behind the 2811 router were affected. LAN was fine. In this scheme catalyst was correctly pointing the MAC address of the carp to the port of the master node, but the traffic from the cisco 2811 router was going straight to the MAC address of the backup node (not to the MAC address of the carp, which is rather weird, because the ARP cache entry for the target IP was also pointing to the carp MAC address). So I think this is the issue with cisco IOS, whic is, by the way, 12.4(17a). Thanks for the help and time. Sorry for the false alarm. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: vlan without ip address
you're right but we can't assign tow parent interface to one vlan in freebsd therefore i define two vlans with the one vlan id. although we can do it by blow command but it's not work too: ifconfig gbeth0.10 create ifconfig msk0.10 create ifconfig gbeth0.10: flags=8842BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=3RXCSUM,TXCSUM ether 00:27:0e:03:4b:2f media: Ethernet autoselect (1000baseT full-duplex) status: active vlan: 10 parent interface: gbeth0 msk0.10: flags=8842BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 options=100TSO4 ether 00:30:4f:63:5a:bc media: Ethernet autoselect (none) status: active vlan: 10 parent interface: msk0 you know when i define vlans with ip addressess they work as i expected but i want to know if i can define vlan without ip address as the switch beacuse i wanna configure a freebsd box as a real switch in my network. maybe it's impossible to do that :( On Sun, Dec 18, 2011 at 10:52 PM, Alexander Lunev sol...@gmail.com wrote: first of all, you should name and number you vlan same, if it's clan10 on the one side, then it's vlan10 on the other side and in betweeen. then (though you have to do it first of all), you should understand how vlan's work, and after that connect ports to each other according to your scheme. -- your sweet isn't ready yet On Sun, Dec 18, 2011 at 10:01 AM, saeedeh motlagh saeedeh.motl...@gmail.com wrote: i have 3 freebsd system: 0.28 , 0.25 and 0.12 which 28 is assumed to be switch here. one interface of 28 is connected to 25 and the other interface of 28 is connected to 12. as mentioned below, i've defined two vlan10 and 11 with the same vlan id on the 28 and bridge them. now i can't ping 0.25 from 0.12. what's wrong here? should i define vlan10 on 12 and 25? please tell me if i'm misunderstanding. this is the ifconfig for 0.28: vlan10: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=3RXCSUM,TXCSUM ether 00:27:0e:03:4b:2f media: Ethernet autoselect (1000baseT full-duplex) status: active vlan: 10 parent interface: gbeth0 vlan11: flags=8943UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST metric 0 mtu 1500 options=100TSO4 ether 00:30:4f:63:5a:bc media: Ethernet autoselect (none) status: active vlan: 10 parent interface: msk0 bridge0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST metric 0 mtu 1500 ether d6:c4:f6:0f:5e:4f id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: vlan11 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 6 priority 128 path cost 55 member: vlan10 flags=143LEARNING,DISCOVER,AUTOEDGE,AUTOPTP ifmaxaddr 0 port 5 priority 128 path cost 2 On Sat, Dec 17, 2011 at 8:47 PM, Alireza Torabi alireza.tor...@gmail.comwrote: َAlso it's a good idea to to attach a ifconfig output. On 12/17/11, saeedeh motlagh saeedeh.motl...@gmail.com wrote: when i do that, the vlan is defined but from a system in a vlan, i can't ping the other one which is in the same vlan. so i think that the vlan is not working. am i right? On Sat, Dec 17, 2011 at 1:15 PM, Juli Mallett jmall...@freebsd.org wrote: You probably just need to do ifconfig vlanxxx up instead of assigning an IP. On Sat, Dec 17, 2011 at 00:08, saeedeh motlagh saeedeh.motl...@gmail.com wrote: hi every body i wanna configure a freebsd box as a switch. in order to do that, i bridged all my interfaces to have switching and it works fine. after that i want to have vlans on it. as you know, in a real switch, a vlan is configured just by assigning a port to it without any additional configuration and vlans are submitted just by name. but in freebsd a vlan just works when it has an ip address (i think). when i define vlan121 on two freebsd systems with ip address it works fine but without ip address i don't know how it should be worked. can sombody tell me if it is possible to simulate vlans in freebsd as they are in a real switch? i mean can we have vlans without ip addresses which works fine? maybe some kind of vlan which works by MAc address. is it possible? it's so necessary for me to do that:( yours, motlagh ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
Re: Problem on re0
Hi, It seems you have really complex network configuration(ipfw(4), lagg(4), dummynet(4), bridge(4) and ipsec(4) etc). Finding out simplest network setup that shows the issue would be required here. hmm.. i actually don't use lagg nor bridge nor ipsec, i compile them for any future use that might be. however i use IPFW, the MPD port limit connected users via pptp/l2tp with ipfw rules via netgraph (i must admit i don't see them when I use ipfw show) and probably dummynet. Archetecture is simple: bge0 -- connected to border router, bge1 connected to cables company where customers connect we are routing 172.16.0.0/12 to bge1, default gateway is our peer in the other side of bge0. installed port as pptp/l2tp server is MPD. please help me its really making us troubles... Sami On Mon, Dec 19, 2011 at 4:26 AM, YongHyeon PYUN pyu...@gmail.com wrote: On Sat, Dec 17, 2011 at 06:49:48PM +0200, Sami Halabi wrote: Hi, I've moved to a new server with bge card driver, similar configuration: /etc/sysctl.conf net.inet.flowtable.enable=0 net.inet.ip.fastforwarding=1 kern.ipc.somaxconn=8192 kern.ipc.shmmax=2147483648 kern.ipc.maxsockets=204800 kern.ipc.maxsockbuf=2097152 hw.intr_storm_threshold=9000 kern.maxfiles=256000 kern.maxfilesperproc=230400 net.inet.ip.dummynet.pipe_slot_limit=1000 #net.inet.ip.dummynet.io_fast=1 net.link.ether.ipfw=1 kern.ipc.nmbclusters=409600 net.graph.recvspace=40960 net.graph.maxdgram=40960 Kernel --- device lagg options IPFIREWALL options IPFIREWALL_FORWARD options IPFIREWALL_VERBOSE options DUMMYNET options HZ=1000 options TCP_SIGNATURE device crypto # core crypto support device cryptodev # /dev/crypto for access to h/w options IPSEC options DEVICE_POLLING device if_bridge /boot/loader.conf net.graph.maxalloc=128000 net.graph.maxdata=128000 net.graph.threads=4 and i have similar problem.. i check each minute for ping and i see sometimes loss of 50% or 100% (ping -c 2 -t 4 otherside.ip.com), here are the sysctl dev.bge.1.stats: dev.bge.1.stats.FramesDroppedDueToFilters: 0 dev.bge.1.stats.DmaWriteQueueFull: 2291350 dev.bge.1.stats.DmaWriteHighPriQueueFull: 0 dev.bge.1.stats.NoMoreRxBDs: 0 dev.bge.1.stats.InputDiscards: 0 dev.bge.1.stats.InputErrors: 0 dev.bge.1.stats.RecvThresholdHit: 124120300 dev.bge.1.stats.DmaReadQueueFull: 13470948 dev.bge.1.stats.DmaReadHighPriQueueFull: 962 dev.bge.1.stats.SendDataCompQueueFull: 0 dev.bge.1.stats.RingSetSendProdIndex: 349289174 dev.bge.1.stats.RingStatusUpdate: 260304688 dev.bge.1.stats.Interrupts: 260304688 dev.bge.1.stats.AvoidedInterrupts: 0 dev.bge.1.stats.SendThresholdHit: 0 dev.bge.1.stats.rx.ifHCInOctets: 2165908673 dev.bge.1.stats.rx.Fragments: 0 dev.bge.1.stats.rx.UnicastPkts: 237503495 dev.bge.1.stats.rx.MulticastPkts: 0 dev.bge.1.stats.rx.FCSErrors: 0 dev.bge.1.stats.rx.AlignmentErrors: 0 dev.bge.1.stats.rx.xonPauseFramesReceived: 0 dev.bge.1.stats.rx.xoffPauseFramesReceived: 0 dev.bge.1.stats.rx.ControlFramesReceived: 0 dev.bge.1.stats.rx.xoffStateEntered: 0 dev.bge.1.stats.rx.FramesTooLong: 0 dev.bge.1.stats.rx.Jabbers: 0 dev.bge.1.stats.rx.UndersizePkts: 0 dev.bge.1.stats.rx.inRangeLengthError: 0 dev.bge.1.stats.rx.outRangeLengthError: 0 dev.bge.1.stats.tx.ifHCOutOctets: 1956421618 dev.bge.1.stats.tx.Collisions: 0 dev.bge.1.stats.tx.XonSent: 0 dev.bge.1.stats.tx.XoffSent: 0 dev.bge.1.stats.tx.flowControlDone: 0 dev.bge.1.stats.tx.InternalMacTransmitErrors: 0 dev.bge.1.stats.tx.SingleCollisionFrames: 0 dev.bge.1.stats.tx.MultipleCollisionFrames: 0 dev.bge.1.stats.tx.DeferredTransmissions: 0 dev.bge.1.stats.tx.ExcessiveCollisions: 0 dev.bge.1.stats.tx.LateCollisions: 0 dev.bge.1.stats.tx.UnicastPkts: 347260508 dev.bge.1.stats.tx.MulticastPkts: 0 dev.bge.1.stats.tx.BroadcastPkts: 30306 dev.bge.1.stats.tx.CarrierSenseErrors: 0 dev.bge.1.stats.tx.Discards: 0 dev.bge.1.stats.tx.Errors: 0 this driver gives more statics... please help me, this causes us serious problems with customers. Given that you see the same issue with bge(4) it looks like the root cause is not in ethernet driver. I also see no evidence of dropped frames from bge(4) hardware MAC statistics. It seems you have really complex network configuration(ipfw(4), lagg(4), dummynet(4), bridge(4) and ipsec(4) etc). Finding out simplest network setup that shows the issue would be required here. -- Sami Halabi Information Systems Engineer NMS Projects Expert ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to freebsd-net-unsubscr...@freebsd.org
