Re: Multiple Instances of NSD
The -P or -d flags don't make a difference. The interesting thing is that if I rename /etc/rc.d/nsd-internal to /etc/rc.d/nsd it works fine. If copy the original /etc/rc.d/nsd to /etc/rc.d/nsd-internal, it doesn't work. It seems like something is preventing it from starting because the rc script is named something different. On Mon, Aug 31, 2015 at 7:11 PM, Edgar Pettijohn <ed...@pettijohn-web.com> wrote: > Might need to add the -P flag to specify a different pid. What happens if > you start the second instance with the -d flag? > > > On 08/31/15 19:04, Gabriel Kuri wrote: > >> In migrating from bind to nsd, I currently have split views in bind and >> need to run multiple instances of nsd to accomplish the same thing. What's >> the best way to start multiple instances of nsd? I tried copying >> /etc/rc.d/nsd to /etc/rc.d/nsd-internal and in the rc script I changed >> daemon_flags to "-c /var/nsd/etc/nsd-internal.conf" to reflect the new >> config name, but it doesn't work, that instance of nsd doesn't start and >> there's no errors in /var/log/daemon and I have no idea why it's not >> starting. I also updated nsd-internal.conf to use a different port, >> different PID file and DB name, so they wouldn't conflict with the primary >> instance of nsd, but no luck. >> >> Anyone else running multiple instances of nsd, if so, what did you do to >> get it to work?
Re: Multiple Instances of NSD
Thanks, it was the dash. I changed it to an underscore and it works great. I also linked it to /etc/rc.d/nsd and set the options in /etc/rc.conf.local. On Mon, Aug 31, 2015 at 11:49 PM, Antoine Jacoutot <ajacou...@bsdfrog.org> wrote: > On Mon, Aug 31, 2015 at 05:04:09PM -0700, Gabriel Kuri wrote: > > In migrating from bind to nsd, I currently have split views in bind and > > need to run multiple instances of nsd to accomplish the same thing. > What's > > the best way to start multiple instances of nsd? I tried copying > > /etc/rc.d/nsd to /etc/rc.d/nsd-internal and in the rc script I changed > > daemon_flags to "-c /var/nsd/etc/nsd-internal.conf" to reflect the new > > config name, but it doesn't work, that instance of nsd doesn't start and > > there's no errors in /var/log/daemon and I have no idea why it's not > > starting. I also updated nsd-internal.conf to use a different port, > > different PID file and DB name, so they wouldn't conflict with the > primary > > instance of nsd, but no luck. > > > > Anyone else running multiple instances of nsd, if so, what did you do to > > get it to work? > > Extract from the rc.subr man page: > > <...> > Apart from a few notable exceptions, rc scripts must follow this > naming > policy: > <...> > 2. Dashes (â-â) have to be converted to underscores (â_â). > > You should read both rc.d and rc.subr man pages. > Also, usually it's easier to just link to the original rc.d script instead > of copying it, so that you can benefit from updates to the original script. > > -- > Antoine
Multiple Instances of NSD
In migrating from bind to nsd, I currently have split views in bind and need to run multiple instances of nsd to accomplish the same thing. What's the best way to start multiple instances of nsd? I tried copying /etc/rc.d/nsd to /etc/rc.d/nsd-internal and in the rc script I changed daemon_flags to "-c /var/nsd/etc/nsd-internal.conf" to reflect the new config name, but it doesn't work, that instance of nsd doesn't start and there's no errors in /var/log/daemon and I have no idea why it's not starting. I also updated nsd-internal.conf to use a different port, different PID file and DB name, so they wouldn't conflict with the primary instance of nsd, but no luck. Anyone else running multiple instances of nsd, if so, what did you do to get it to work?
Re: Poor CARP Interface Performance with NAT
Here it is.
em0 - external interface (facing ISP)
em1 - internal interface, layer3, (facing switch running OSPF)
em4 - pfsync interface
pf.conf:
tcpflags = S/SA
# macros
ext_if = em0
carp_ip = removed
int_nets = { removed }
router = removed
# reject = black hole
table reject file /etc/pf/reject
# nat/rdr
match out on em0 from $int_nets to any nat-to $carp_ip
#**
#**
# Rules start here
#**
#**
# anything goes on the loopback interface
pass in quick on lo0 all
pass out quick on lo0 all
# anything goes on em1
pass in quick on em1 all
pass out quick on em1 all
# anything goes on em4
pass in quick on em4 all
pass out quick on em4 all
###
# All the IN rules go here.
# allow ssh/smtp/dns to router
pass in quick on $ext_if proto udp from any to $router port 53 keep state
pass in quick on $ext_if proto tcp from any to $router port {25 53} flags
$tcpflags keep state
pass in quick on $ext_if proto tcp from any to $router port 22 flags
$tcpflags keep state (max-src-conn-rate 5/60)
###
# all the OUT rules go here.
# allow router out
pass out quick on $ext_if from ip_removed to any flags $tcpflags keep
state
# allow nat interface out
pass out quick on $ext_if from $carp_ip to any flags $tcpflags keep state
# block the rest
block out log quick all
block in log quick all
On Tue, Jan 21, 2014 at 11:21 PM, mxb m...@alumni.chalmers.se wrote:
You PF rules are needed too for this.
On 22 jan 2014, at 00:51, Gabriel Kuri gk...@ieee.org wrote:
I am running obsd 5.4 as my NAT router. I decided to setup a second obsd
box and run carp between the two for the external NATed interface (facing
the ISP). After I setup everything and switched pf to NAT using the
address
on the carp interface, I'm seeing about 12Mbps - 13Mbps on the download,
I
have a 60Mbps pipe (down). When I switch pf back to NAT using the address
on the physical interface, I get my full 60Mbps. Any ideas as to what I
could be doing wrong that would limit performance through the carp
interface to around 12Mbps - 13Mbps ?
Thanks ...
Poor CARP Interface Performance with NAT
I am running obsd 5.4 as my NAT router. I decided to setup a second obsd box and run carp between the two for the external NATed interface (facing the ISP). After I setup everything and switched pf to NAT using the address on the carp interface, I'm seeing about 12Mbps - 13Mbps on the download, I have a 60Mbps pipe (down). When I switch pf back to NAT using the address on the physical interface, I get my full 60Mbps. Any ideas as to what I could be doing wrong that would limit performance through the carp interface to around 12Mbps - 13Mbps ? Thanks ...
Re: Poor CARP Interface Performance with NAT
Intel 82801I PCIE rev 0x02: msi pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 2 Intel 82801I PCIE rev 0x02: msi pci2 at ppb1 bus 2 em0 at pci2 dev 0 function 0 Intel 82574L rev 0x00: msi, address 00:30:18:a2:fd:ad ppb2 at pci0 dev 28 function 3 Intel 82801I PCIE rev 0x02: msi pci3 at ppb2 bus 3 em1 at pci3 dev 0 function 0 Intel 82574L rev 0x00: msi, address 00:30:18:a2:fd:ae ppb3 at pci0 dev 28 function 4 Intel 82801I PCIE rev 0x02: msi pci4 at ppb3 bus 4 ASMedia ASM1042 xHCI rev 0x00 at pci4 dev 0 function 0 not configured uhci3 at pci0 dev 29 function 0 Intel 82801I USB rev 0x02: apic 4 int 23 uhci4 at pci0 dev 29 function 1 Intel 82801I USB rev 0x02: apic 4 int 19 uhci5 at pci0 dev 29 function 2 Intel 82801I USB rev 0x02: apic 4 int 18 ehci1 at pci0 dev 29 function 7 Intel 82801I USB rev 0x02: apic 4 int 23 usb1 at ehci1: USB revision 2.0 uhub1 at usb1 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb4 at pci0 dev 30 function 0 Intel 82801BA Hub-to-PCI rev 0x92 pci5 at ppb4 bus 5 em2 at pci5 dev 4 function 0 Intel 82541GI rev 0x05: apic 4 int 18, address 00:30:18:a0:f5:ad em3 at pci5 dev 6 function 0 Intel 82541GI rev 0x05: apic 4 int 19, address 00:30:18:a0:f5:ae em4 at pci5 dev 7 function 0 Intel 82541GI rev 0x05: apic 4 int 16, address 00:30:18:a0:f5:af pcib0 at pci0 dev 31 function 0 Intel 82801IR LPC rev 0x02 ahci0 at pci0 dev 31 function 2 Intel 82801I AHCI rev 0x02: msi, AHCI 1.2 scsibus0 at ahci0: 32 targets sd0 at scsibus0 targ 0 lun 0: ATA, INTEL SSDSA2CT04, 4PC1 SCSI3 0/direct fixed naa.500151795967c650 sd0: 38166MB, 512 bytes/sector, 78165360 sectors, thin ichiic0 at pci0 dev 31 function 3 Intel 82801I SMBus rev 0x02: apic 4 int 18 iic0 at ichiic0 sdtemp0 at iic0 addr 0x19: stts2002 spdmem0 at iic0 addr 0x51: 2GB DDR3 SDRAM PC3-8500 SO-DIMM with thermal sensor usb2 at uhci0: USB revision 1.0 uhub2 at usb2 Intel UHCI root hub rev 1.00/1.00 addr 1 usb3 at uhci1: USB revision 1.0 uhub3 at usb3 Intel UHCI root hub rev 1.00/1.00 addr 1 usb4 at uhci2: USB revision 1.0 uhub4 at usb4 Intel UHCI root hub rev 1.00/1.00 addr 1 usb5 at uhci3: USB revision 1.0 uhub5 at usb5 Intel UHCI root hub rev 1.00/1.00 addr 1 usb6 at uhci4: USB revision 1.0 uhub6 at usb6 Intel UHCI root hub rev 1.00/1.00 addr 1 usb7 at uhci5: USB revision 1.0 uhub7 at usb7 Intel UHCI root hub rev 1.00/1.00 addr 1 isa0 at pcib0 isadma0 at isa0 com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo com0: probed fifo depth: 15 bytes com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo com1: probed fifo depth: 15 bytes pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 mtrr: Pentium Pro MTRR support uhidev0 at uhub7 port 1 configuration 1 interface 0 DELL Dell USB Entry Keyboard rev 1.10/1.78 addr 2 uhidev0: iclass 3/1 ukbd0 at uhidev0: 8 variable keys, 6 key codes wskbd1 at ukbd0 mux 1 wskbd1: connecting to wsdisplay0 vscsi0 at root scsibus1 at vscsi0: 256 targets softraid0 at root scsibus2 at softraid0: 256 targets root on sd0a (26fc1bec1c21d8ca.a) swap on sd0b dump on sd0b carp0: state transition: BACKUP - MASTER carp0: state transition: BACKUP - MASTER pfsync: failed to receive bulk update wskbd1: disconnecting from wsdisplay0 wskbd1 detached ukbd0 detached uhidev0 detached hostname.em0: ip_removed netmask 255.255.255.240 up hostname.carp0: inet ip_removed 255.255.255.240 gateway_removed vhid 1 advbase 3 advskew 0 carpdev em0 pass hash_removed hostname.em4: inet 10.50.1.1 255.255.255.0 NONE hostname.pfsync0: up syncdev em4 On Tue, Jan 21, 2014 at 3:51 PM, Gabriel Kuri gk...@ieee.org wrote: I am running obsd 5.4 as my NAT router. I decided to setup a second obsd box and run carp between the two for the external NATed interface (facing the ISP). After I setup everything and switched pf to NAT using the address on the carp interface, I'm seeing about 12Mbps - 13Mbps on the download, I have a 60Mbps pipe (down). When I switch pf back to NAT using the address on the physical interface, I get my full 60Mbps. Any ideas as to what I could be doing wrong that would limit performance through the carp interface to around 12Mbps - 13Mbps ? Thanks ...
em driver OACTIVE flag
we have two Pentium III Xeon, OpenBSD 3.8 boxes running pf in transparent bridging mode on our primary and backup Internet links, which is currently fed via an OC-3 (155Mbps) connection to the Internet. On an average day we run 70Mbps/50Mbps (14K pps/13K pps) in/out. after upgrading to OpenBSD 3.8 and swapping out our original SysKonnect cards for a single Intel Dual Port Gigabit Server Adapter, we've been experiencing a problem where the inside interface (em0) stops transmitting, but continues to receive traffic - verified via tcpdump output on the interface. when this occurs, the output of an 'ifconfig em0' shows the OACTIVE flag set on em0. the only way to get the box to continue bridging (and passing traffic) is to manually bring the interface down and up via ifconfig - which also clears the OACTIVE flag from the interface. the frequency of occurrence is anywhere from every few hours to every couple days and I am unable to correlate it with a burst of traffic based on Cricket graphs. nothing of relevance appears in the /var/log/*. anyone running in a similar setup seen this behavior with the em driver under OpenBSD 3.8? I cannot verify whether this behavior occurs with earlier versions of OpenBSD, as I just upgraded the cards at app! roximately the same time I upgraded to 3.8. thanks much... - Gabriel Kuri | Sr. Network Analyst Instructional and Information Technology Division California State Polytechnic University, Pomona http://www.csupomona.edu/~iit | +1 909 979 6363
