something wrong of ifconfig bridge0 addr - mac address appears on wrong interface

2012-06-21 Thread ProAce 
( untrust ) --- ( em0 , bridge0 , em1 ) --- ( trust )

Sometimes , I cannot connect to trust server from untrust.
I log some information from ifconfig bridge0 addr.
It seems some thing wrong of trust server's mac appear on em0.


trust serv1's mac: 00:50:56:af:2e:43
trust serv2's mac: 00:50:56:af:75:63


STEP1: The serv2 is not shown in bridge addr. table

   tp-fw [~] -root- ifconfig bridge0 addr
   00:50:56:af:2e:43 Vlan1 em1 1200 flags=0
   64:9e:f3:06:52:03 Vlan1 em0 1192 flags=0
   70:ca:9b:e3:a5:83 Vlan1 em0 1192 flags=0
   70:ca:9b:e3:a5:c3 Vlan1 em0 1200 flags=0

STEP2: I ping the serv2's ip from untrust , and I got 100% packet loss.

STEP3: show bridge addr. table again

   tp-fw [~] -root- ifconfig bridge0 addr
   00:50:56:af:75:63 Vlan1 em0 1198 flags=0
   00:50:56:af:2e:43 Vlan1 em1 1200 flags=0
   64:9e:f3:06:52:03 Vlan1 em0 1150 flags=0
   70:ca:9b:e3:a5:83 Vlan1 em0 1150 flags=0
   70:ca:9b:e3:a5:c3 Vlan1 em0 1200 flags=0

OMG! It's wrong of the 00:50:56:af:75:63 is shown with em0 interface.

STEP4: I ping the serv2's ip from tp-fw , and I got icmp reply.

STEP5: show bridge addr. table again

tp-fw [~] -root- ifconfig bridge0 addr
   00:50:56:af:75:63 Vlan1 em1 1197 flags=0
   00:50:56:af:2e:43 Vlan1 em1 1199 flags=0
   64:9e:f3:06:52:03 Vlan1 em0 1170 flags=0
   70:ca:9b:e3:a5:83 Vlan1 em0 1170 flags=0
   70:ca:9b:e3:a5:c3 Vlan1 em0 1200 flags=0

The 00:50:56:af:75:63 is shown with em1 interface correctly.

Why does STEP2 cause the wrong bridge addr table?
How to solve it?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

packet filter problem on transparent firewall using bridge and pf

2012-06-20 Thread ProAce 
I have some trouble with pf on freebsd bridge.

Network topology:
( untrust ) -- { em0 , bridge0 , em1 } -- ( trust )

Bridge Network: 10.1.1.0/24
bridge0 IP: 10.1.1.1 ( freebsd's ip )
default gw: 10.1.1.254 ( in untrust area )
server: 10.1.1.101 ~ 200 ( in trust area )

pf.conf on freebsd
   serv1=10.1.1.101
   client1=10.1.6.73
   block in all
   block out all
   pass in quick on lo0 all
   pass out quick on lo0 all
   pass in quick on bridge0 from 10.1.1.0/24 to any
   pass out quick on bridge0 from 10.1.1.0/24 to any
   pass in quick on bridge0 from $client1 to 10.1.1.1
   pass in quick on bridge0 from $client1 to $serv1

When I turn on the pf, I test some connection status.
1. client1 cannot connect to serv1.
2. gw cannot connect to serv1
3. client1 connect to freebsd ( 10.1.1.1 ) successfully
4. gw connect to freebsd ( 10.1.1.1 ) successfully

If I turn off the pf, all conneciton test are success.
What's wrong with the pf rules?



The following is some description of the bridge topology.

Freebsd and server are vmware guest in the vmware ESXi.

The ESXi has two virtual switchs,
   vSw1: connect to untrust
   vSw2: interconnect with freebsd and servers

freebsd has tow vNICs,
   em0: connect to vSw1
   em1: connect to vSw2.

servers has only one vNIC,
   em0: connect to vSw2

freebsd's rc.conf
   cloned_interfaces=bridge0
   ifconfig_bridge0=inet 10.1.1.1 netmask 255.255.255.0 addm em0 addm em1 up
   ifconfig_em0=up
   ifconfig_em1=up
   pf_enable=YES
   pf_rules=/etc/pf.conf

freebsd's sysctl
   net.link.bridge.ipfw: 0
   net.link.bridge.inherit_mac: 0
   net.link.bridge.log_stp: 0
   net.link.bridge.pfil_local_phys: 0
   net.link.bridge.pfil_member: 1
   net.link.bridge.pfil_bridge: 1
   net.link.bridge.ipfw_arp: 0
   net.link.bridge.pfil_onlyip: 1
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org

cache nfs file to local disk

2008-08-27 Thread ProAce 
Hello,

There are the cachefs on Solaris and FS-Cache on RedHat can cache file
from nfs to local disk, does any similar software can be run on
FreeBSD?

In order to reduce the throughput and ops for nas server, I just want
to cache file from nfs to local disk. And the cache system can
controller the total size of cache file automatically ( the capacity
of nas is more more more large than local disk ).
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: Is it reliable to increase the MAXCPU in param.h ?

2008-07-04 Thread ProAce 
Testing Report:

Server: HP DL785G5 , AMD Opteron 8356 * 8 ( 32 cores ) , 16G RAM
DB: PostgreSQL 8.3.3 ( install from ports , default option )
Test tool: super-smack ( install from ports )
Disk: 146G SAS * 2 ( RAID 1 on HP P400 )

OS kernel: Just change the 4BSD to ULE , and increase the MAXCPU to 32.
PGSQL's config : default postgresql.conf
super-smack's source: default source file  data

command: repeat 10 super-smack -d pg select-key.smack [# of client] 1
And I calculate the average of the 10 results for each execution.

# of client  |  query per sec.

01   |   5829
02   |   10663
03   |   14399
04   |   16713
05   |   19662
06   |   22434
07   |   25095
08   |   27464
09   |   29783
10   |   31697
11   |   33514
12   |   35298
13   |   36600
14   |   37721
15   |   38061
16   |   39065
17   |   40350
18   |   40525
19   |   41174
20   |   41721
21   |   41354
22   |   39321
23   |   37905
24   |   31794
25   |   29731
26   |   25782
27   |   26069
28   |   23780
29   |   19475
30   |   17867
31   |   17794
32   |   26065
33   |   35252
34   |   36010
35   |   34396
36   |   33878




2008/7/1, Kris Kennaway [EMAIL PROTECTED]:
 ProAce wrote:
  Server: HP DL785G5 with 8 CPU ( 32 cores ) , 16G RAM
  OS: FreeBSD 7.0-amd64
  Kernel 1: MAXCPU = 16 ( default )
  Kernel 2: MAXCPU = 32
 
  DL785G5 run with kernel 1 and kernel 2 both successfully, and the
  FreeBSD can detect the 16 CPUs and 32 CPUs normally ( using top -S
  command).
 
  If I use kernel 2 for postgresql 8.3,  is it reliable and stable?
 

 32 should be OK, but we haven't had access to such a machine yet (we briefly
 had access to a 16-core system but it melted) so we have not yet tuned for
 performance on it.  FreeBSD 8.0 will run better if you are willing to use a
 development version of FreeBSD.

 Kris

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Is it reliable to increase the MAXCPU in param.h ?

2008-06-30 Thread ProAce 
Server: HP DL785G5 with 8 CPU ( 32 cores ) , 16G RAM
OS: FreeBSD 7.0-amd64
Kernel 1: MAXCPU = 16 ( default )
Kernel 2: MAXCPU = 32

DL785G5 run with kernel 1 and kernel 2 both successfully, and the
FreeBSD can detect the 16 CPUs and 32 CPUs normally ( using top -S
command).

If I use kernel 2 for postgresql 8.3,  is it reliable and stable?
___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]