Re: ZFS...

[Don Lewis]

On  3 May, Michelle Sullivan wrote:
> 
> 
> Michelle Sullivan
> http://www.mhix.org/
> Sent from my iPad
> 
>> On 03 May 2019, at 03:18, N.J. Mann  wrote:
>> 
>> Hi,
>> 
>> 
>> On Friday, May 03, 2019 03:00:05 +1000 Michelle Sullivan
>>  wrote:
> I am sorry to hear about your loss of data, but where does the
> 11kV come from? I can understand 415V, i.e. two phases in contact,
> but the type of overhead lines in the pictures you reference are
> three phase each typically 240V to neutral and 415V between two
> phases.
> 
 Bottom lines on the power pole are normal 240/415 .. top lines are
 the 11KV distribution network.
>>> 
>>> Oh and just so you know,  it’s sorta impossible to get 415 down a
>>> 240v connection
>> 
>> No it is not.  As I said, if two phases come into contact you can
>> have 415v between live and neutral.
>> 
>> 
> 
> You’re not an electrician then..  the connection point on my house has
> the earth connected to the return on the pole and that also connected
> to the ground stake (using 16mm copper).  You’d have to cut that link
> before dropping a phase on the return to get 415 past the distribution
> board... sorta impossible... cut the ground link first then it’s
> possible... but as every connection has the same, that’s a lot of
> ground links to cut to make it happen... unless you drop the return on
> both sizes of your pole and your ground stake and then drop a phase on
> that floating terminal ...

A friend had a similar catastrophic UPS failure several years ago.  In
her case utility power was 120V single-phase, or 240V hot to hot.
Neutral was bonded to ground at the meter box.  Under normal
circumstances, any current imbalance between the two hot legs returns to
the utility distribution transformer center tap over the neutral wire.
In her case, the neutral connection failed at the pole end of her power
line.  In that case, the imbalance current was forced to return via the
ground rod outside her house and then through some combination of the
ground rods at neighboring houses and the transformer ground connection
at the base of the pole.  Any resistance in this path will reduce the
hot to neutral voltage of the heavily loaded side and increase the
voltage by the same amount on the lightly loaded side.  Fire code
specifies a maximum 25 ohm ground resistance, but it seems this is
seldom actually measured.  In addition her house was old, so there is no
telling what the ground resistance actually was.  If we assume a 25 ohm
resistance, it only takes 1 amp of imbalance current to increase the
voltage on the lightly loaded side by 25V.  At that rate, it doesn't
require much to exceed the continuous maximum voltage rating of the
protective MOVs in the UPS. Once you get past that point, the magic
smoke escapes.

The UPS was actually a spare that I had lent her.  I thought about
repairing it by replacing the MOVs after I got it back from her, but I
abandoned that plan after I opened the UPS and found this insides were
heavily coated with a layer of conductive-looking soot.  Two of the MOVs
were pretty much obliterated.  The third was intact, but charred a bit
by its neighbors.

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: ZFS...

[Michelle Sullivan]

Pete French wrote:



On 05/05/2019 04:06, Michelle Sullivan wrote:

Which I find interesting in itself as I have a machine running 9.3 
which started life as a 5.x (which tells you how old it is) and it’s 
still running on the same *compaq* raid5 with UFS on it... with the 
original drives, with a hot spare that still hasn’t been used... and 
the only thing done to it hardware wise is I replaced the motherboard 
12 months ago as it just stopped POSTing and couldn’t work out what 
failed...never had a drive corruption barring the fscks following 
hard power issues... it went with me from Brisbane to Canberra, back 
to Brisbane by back of car, then to Malta, back from Malta and is 
still downstairs...  it’s my primary MX server and primary resolver 
for home and handles around 5k email per day..


Heh, Ok, thats cool :-) Some of my old HP RAID systems started life as 
Compaq ones - you never installed the firmware update which simply 
changed the name it printed on boot then ?


Umm, does it change the big startup "COMPAQ" graphic?  If not then 
dunno... if it does... nope :)


My personal server with the dead battery has been going at least 12 
years. Had to replace the drives (and HP SAS drives are still silly 
prices sadly), one of the onboard ether ports has died, but otherwise 
still going strong.


IIRC i've put 3 new clock batteries in over the years... and it's all 
SCSI... 18GB (no SAS on the machine) :P ... (in fact, 32bit and not 
capable of driving a SAS card - unless you can get PCI or ISA SAS cards :P )




Not had the long distance travel of yours though. I did ship some 
machines to Jersey once, but boat, and all the drives which had been 
on the crossing failed one by one within a few months of arriving. 
Makes me wonder how rough the sea that crossing actually was.


The biggest issue I had was the idiots who unloaded the container at 
Customs.. not saying much except they loaded it backwards (literally) 
... a 3KVA ups (with batteries in it) was put at the top and by the time 
it got from Botany to me it had made its way to the bottom...


Those were in a Compaq RAID pedestal too. After that I shipped 
machines, but took the drives in my hand luggage on planes always. 
Actiually, not sure they would let me do that these days, havent 
triued in years.



Good question.

--
Michelle Sullivan
http://www.mhix.org/

___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"

Re: route based ipsec

[Andrey V. Elsukov]

On 02.05.2019 23:16, KOT MATPOCKuH wrote:
> I'm trying to make a full mesh vpn using route based ipsec between four
> hosts under FreeBSD 12.
> I'm used racoon from security/ipsec-tools (as it recommended in
> https://www.freebsd.org/doc/handbook/ipsec.html)
> Result looks work, but I got some problems:
> 0.The ipsec-tools port currently does not have a maintainer (C) portmaster
> ... Does this solution really supported? Or I should switch to use another
> IKE daemon?

I think it is unmaintained in upstream too.

> 1. racoon was 3 times crashed with core dump (2 times on one host, 1 times
> on another host):
> (gdb) bt
> #0  0x0024417f in isakmp_info_recv ()
> #1  0x002345f4 in isakmp_main ()
> #2  0x002307d0 in isakmp_handler ()
> #3  0x0022f10d in session ()
> #4  0x0022e62a in main ()
> 
> 2. racoon generated 2 SA for each traffic direction (from hostA to hostB).
> IMHO one SA for one each traffic direction should be enough.

Probably you have something wrong in your configuration.
Note, that if_ipsec(4) interfaces has own security policies and you need
to check that racoon doesn't create additional policies. Also,
if_ipsec(4) uses "reqid" parameter to distinguish IPsec SAs between
interfaces. I made a patch to add special parameter for racoon, so it is
possible to use several if_ipsec(4) interfaces. I think it should be in
port.

https://lists.freebsd.org/pipermail/freebsd-net/2018-May/050509.html

Also you can use strongswan, we use it for some time and have no problems.

> 3. ping and TCP taffic works over ipsec tunnels, but, for example,
...
> I think it's may be result of two SA's for each direction, and some traffic
> can be passed to kernel using second SA, but can't be associated with
> proper ipsecX interface.

Yes. Each SA has its SPI, that is used to encrypt/decrypt packets.
if_ipsec(4) interface uses security policies with specific reqid, IKEd
should install SAs with the same reqid, then packets that are going
trough if_ipsec(4) interface can be correctly encrypted and decrypted.

-- 
WBR, Andrey V. Elsukov



signature.asc
Description: OpenPGP digital signature

Re: ZFS...

[Pete French]

On 05/05/2019 04:06, Michelle Sullivan wrote:


Which I find interesting in itself as I have a machine running 9.3 which 
started life as a 5.x (which tells you how old it is) and it’s still running on 
the same *compaq* raid5 with UFS on it... with the original drives, with a hot 
spare that still hasn’t been used... and the only thing done to it hardware 
wise is I replaced the motherboard 12 months ago as it just stopped POSTing and 
couldn’t work out what failed...never had a drive corruption barring the fscks 
following hard power issues... it went with me from Brisbane to Canberra, back 
to Brisbane by back of car, then to Malta, back from Malta and is still 
downstairs...  it’s my primary MX server and primary resolver for home and 
handles around 5k email per day..


Heh, Ok, thats cool :-) Some of my old HP RAID systems started life as 
Compaq ones - you never installed the firmware update which simply 
changed the name it printed on boot then ?


My personal server with the dead battery has been going at least 12 
years. Had to replace the drives (and HP SAS drives are still silly 
prices sadly), one of the onboard ether ports has died, but otherwise 
still going strong.


Not had the long distance travel of yours though. I did ship some 
machines to Jersey once, but boat, and all the drives which had been on 
the crossing failed one by one within a few months of arriving. Makes me 
wonder how rough the sea that crossing actually was. Those were in a 
Compaq RAID pedestal too. After that I shipped machines, but took the 
drives in my hand luggage on planes always. Actiually, not sure they 
would let me do that these days, havent triued in years.


-pete.
___
freebsd-stable@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-stable
To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"