Re: Re : Re: netgraph and vpp

pretty performant these days https://issue.freebsdfoundation.org/publication/?i=660151 Benoit > Le sam. 25 nov. 2023 à 00:33, Jim Thompson nov. 2023 à 00:33, Jim Thompson <> a écrit : > > > > On Nov 24, 2023 at 12:48:07 AM, Benoit Chesneau < > beno...@enki-multimedia.e

Re: how to cross-connect 2 interfaces

ng_hub(4)On Nov 25, 2023, at 8:34 AM, Benoit Chesneau wrote: Is there a way to cross-connect 2 interfaces without using a bridge . Something similar to the command ˋl2 xconnect` in vpp (or cisco) :https://docs.fd.io/vpp/16.12/vnet_vnet_l2.htmlThis could be quite handy to create a patch between

Re: netgraph and vpp

On Nov 24, 2023 at 12:48:07 AM, Benoit Chesneau wrote: > netgraph and vpp looks similar in their intent. Both are graphs to > process packets. > > I thought that usinv netgraph sounds interresting to build a modern > router or cpe. What about the perforance? Did anyone compRe? Also is there >

Re: Any reason to not implement VRRP in FreeBSD?

FreeBSD has always been free to have a VRRP implementation. The smoke and mirrors FUD managed to prevent same to this point, but it was always FUD. Jim > On Jan 26, 2023, at 10:08 AM, Nicolas MASSE > wrote: > > Hi all, > > Currently, i'm investigating solutions in order to ensure some

Re: Splitting antenna

(When did FreeBSD-net become about antenna theory?) The answer (of course) is, “it depends”. Mostly on “what bands” though your antenna and cables will have some effect as well. Some WiFi cards these days employ a form of beamforming or even MIMO. Older cards could use selection diversity

Re: Vector Packet Processing (VPP) portability on FreeBSD

> On May 13, 2021, at 7:02 AM, Francois ten Krooden wrote: > >  >> >> >> Thank you. I did set this to 1 specifically now and it still works. So >> then it >> should be running in native mode. >> >> I will dig a bit into the function that processes the incoming packets. >> The code I

Re: Vector Packet Processing (VPP) portability on FreeBSD

> On May 11, 2021, at 7:04 AM, Mark Johnston wrote: > > On Tue, May 11, 2021 at 12:43:10PM +, Francois ten Krooden wrote: >> On Monday, 10 May 2021 16:10 Konstantin Belousov wrote: >> >> >>> On Mon, May 10, 2021 at 11:08:18AM +, Francois ten Krooden wrote: 3. What are suitable

Re: Status of Vector Packet Processing (VPP) portability into FreeBSD

> El mié., 26 sept. 2018 a las 18:51, David Cornejo () > escribió:. >> >> >> I'm not sure how willing the upstream is to support FreeBSD is either, >> so, as George said, a port will be tedious to create, but also onerous >> to maintain. Not saying we shouldn't, but hoping some masochists come

Re: Is if_ipsec/ipsec - AESNI accelerated ?

You're not running AES-GCM, you're running AES-CBC + HMAC-SHA256 >E: rijndael-cbc 221239cf e0ddedc5 88f1f711 5e744723 >A: hmac-sha2-256 bf214e0e 73b27e42 1090a067 eaed9e2a d36d3ae7 529a40a1 bf5ea2c9 0e3f5f27 Try running AES-GCM. Example (from the work that gnn@ and I did back

Re: removal of token-ring infrastructure coming soon

> On Mar 27, 2018, at 5:56 PM, Rodney W. Grimes > wrote: > >> I have posted a revision which removes support for token-ring networking >> from the tree. There have been no such devices for some time. >> >> https://reviews.freebsd.org/D14875 >> > >

Re: Multiple instances of hostapd?

https://lists.freebsd.org/pipermail/freebsd-wireless/2015-January/005345.html > On Jan 1, 2018, at 11:33 PM, Victor Sudakov wrote: > > Dear Colleagues, > > I would like to run multiple instances of hostapd, each per a wlanX > interface. I see some provisions for multiple

Re: Netmap: Build a network SPAN/TAP from netmap

> On Dec 14, 2017, at 12:00 PM, Ming Fu wrote: > > Hi, > > I am trying to explore the possibility to build a network SPAN/TAP from > netmap. Similar to the bridge sample, but all packet going through the bridge > also get copied to a SPAN port. How do I duplicate or

Re: OpenVPN vs IPSec

feature etc). But maybe there is some huge advantage of IPSec I've >>> skipped? >>> >> Hi, >> >> partners/customers with Cisco IOS or ASA wont be able to partner up >> without IPSEC. > > Sure, that's why I wrote "and others compatible with O

Re: OpenVPN vs IPSec

Performance is better with IPsec. It’s a standard, too. > On Nov 18, 2017, at 10:58 AM, Victor Sudakov wrote: > > Dear Colleagues, > > Is there any reason to prefer IPSec over OpenVPN for building VPNs > between FreeBSD hosts and routers (and others compatible with

Re: state of packet forwarding in FreeBSD?

> On Jun 14, 2017, at 9:48 AM, John Jasen wrote: > > Our goal was to test whether or not FreeBSD currently is viable, as the > operating system platform for high speed routers and firewalls, in the > 40 to 100 GbE range. We recently showed IPsec running at 36.32Gbps (8

Re: [RFC/RFT] projects/ipsec

> In it's initial state if_ipsec allows to use only one set of encryption > parameters (because only one sainfo anonyumous is possible), so at this time > it doesn't allow to create multiple tunnels with VPN hubs that use different > cipers and/or transform sets, but as far as I understand this

Re: netmap, netmap-fwd, and how many M packets-per-second?

(I'm not subscribed to -hpc or -performance, so I've trimmed the recipients.) You're running iperf3 on an Ivy Bridge Xeon at 2.4GHz. -N (--no-delay) only applies to TCP, it disables Nagle's algorithm, so it doesn't apply for "-u" (--udp). In any case, iperf3 still attempts to use large enough

Re: projects/routing announcement/status

> On Aug 27, 2016, at 11:50 AM, Hooman Fazaeli wrote: > > Second have you considered replacing the existing radix tree with a faster > data structure, specially the Luigi DXR > tables? DXR only supports IPv4. FYI. ___

Re: Netmap Checksum Offloading

Luiz Otavio O Souza (loos@) developed these for igb(4) and, by extension, em(4) for use in netmap-fwd. He’s just gone back to Brazil with 82599 ixgb(4) hardware. I’m sure he’ll develop similar patches for ixgb(4) in the near future. Chelsio is also “on the list”, but I figured I’d speak to

Re: [Bug 208389] Netmap Panic

Works fine on recent -CURRENT (r297237M), (Thinkpad x230, em0). > On Apr 1, 2016, at 2:41 PM, bugzilla-nore...@freebsd.org wrote: > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208389 > > --- Comment #4 from Shawn Webb --- > On one box, it's em0, on another,

Re: Taking bhyve step forward enterprise grade

VALE is in 10.3, the netmap backend: IDK. It's in pfSense 2.3 (based on 10.3). -- Jim > On Mar 22, 2016, at 8:44 AM, Sami Halabi <sodyn...@gmail.com> wrote: > > is it builtin already in 10.3? or in current only? > > בתאריך 19 במרץ 2016 18:55,‏ "Jim Thomps

Re: Taking bhyve step forward enterprise grade

> On Mar 19, 2016, at 10:55 AM, John Nielsen wrote: > >> On Mar 19, 2016, at 8:12 AM, Sami Halabi wrote: >> >> hi, >> are there ongoing job on taking bhyve further steps toward enterprise scale >> like: >> 1. high availability, rules on vms (like

Re: nice stuff from cloudflare (and, we need something like ethtool!)

> On Oct 16, 2015, at 12:06 AM, Ian Smith wrote: > >> On Thu, 15 Oct 2015 17:03:55 +0800, Julian Elischer wrote: >>> On 10/10/15 10:59 PM, Luigi Rizzo wrote: >>> the nice folks at cloudflare implemented a nice feature >>> in netmap that puts some queues of the NIC in

Re: netmap: recommended NIC for 40GbE capture on Linux?

> Before we spend money, I'd love to hear someone report success with capturing > a single flow at >4Mpps, >20Gbps using netmap on Linux and > what NIC they use. You said linux, and this is freebsd-net, but this blog post (from yesterday) is probably apt.

Re: Freebsd 10.2 amd64 netmap ipfw

> On Oct 9, 2015, at 7:14 AM, Archy Cho wrote: > > I think I must misunderstand something , could anyone send me advise? > Or any documents could help to build a NETMAP IPFW firewall box ? See the last several paragraphs of:

Re: remove IPsec SKIPJACK support...

On Jul 27, 2015, at 7:57 PM, John-Mark Gurney j...@funkthat.com wrote: I would like to remove it from HEAD immediately as I don't see a use for it. Some time ago I proposed removing Skipjack from the OCF in 12, but personally, now that I think about how long 12 is, we deprecate these

Re: remove IPsec SKIPJACK support...

On Jul 27, 2015, at 10:41 PM, John-Mark Gurney j...@funkthat.com wrote: Jim Thompson wrote this message on Mon, Jul 27, 2015 at 20:24 -0500: On Jul 27, 2015, at 7:57 PM, John-Mark Gurney j...@funkthat.com wrote: I would like to remove it from HEAD immediately as I don't see a use

Re: Realtek Issues (re) on PC Engines APU1 Board...

Do we even know that Karl’s APU(s) aren’t running the current version of firmware (which was released last September)? jim On Jun 12, 2015, at 11:53 AM, Adrian Chadd adr...@freebsd.org wrote: Hi, If this works for people then we should document this somewhere and include the

Re: IPsec on a LAN?

What you’re looking for is “transport mode” IPsec. Dan Langille wrote this 14 years ago, it may still be accurate. http://www.freebsddiary.org/ipsec.php http://www.freebsddiary.org/ipsec.php This is a bit more recent (14 months ago), and should be easy to adapt to two FreeBSD hosts:

Re: netmap-ipfw on em0 em1

While it is a true statement that, You can do anything in the kernel that you can do in user space.”, it is not a helpful statement. Yes, the kernel is just a program. In a similar way, “You can just pop it into any kernel and it works.” is also not helpful. It works, but it doesn’t work

Re: netmap-ipfw on em0 em1

events, and 3) they don't have properly tuned ethernet drivers. BC On Monday, May 4, 2015 12:37 PM, Jim Thompson j...@netgate.com wrote: While it is a true statement that, You can do anything in the kernel that you can do in user space.”, it is not a helpful statement. Yes

Re: netmap-ipfw on em0 em1

On May 4, 2015, at 10:07 PM, Julian Elischer jul...@freebsd.org wrote: Jim, and Barney. I hate to sound like a broken record, but we really need interested people in the network stack. The people who make the decisions about this are the people who stand up and say I have a few hours I

Re: [oss-security] CVE Request : IPv6 Hop limit lowering via RA messages

have you considered that there might not be a relevant patch because FreeBSD’s implementation isn’t affected? Jim On Apr 2, 2015, at 9:15 PM, Eitan Adler li...@eitanadler.com wrote: + FreeBSD lists since I haven't seen any relevant patches (although I might have missed them). --

Re: Invalid subnet masks

On Feb 11, 2015, at 4:51 AM, Julian Elischer jul...@freebsd.org wrote: On 2/11/15 5:55 PM, Matt Churchyard wrote: I appreciate that it might be 'valid' as a binary mask, but I'm struggling to find any documentation anywhere that actually suggests that it's valid as a network

Re: Silly experiments with netisr

On Feb 5, 2015, at 1:13 PM, Adrian Chadd adr...@freebsd.org wrote: On 5 February 2015 at 11:03, Sean Bruno sbr...@ignoranthack.me mailto:sbr...@ignoranthack.me wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Some questions came up around the office and we ended up doing some

Re: Silly experiments with netisr

On Feb 5, 2015, at 2:23 PM, hiren panchasara hi...@strugglingcoder.info wrote: On 02/05/15 at 12:31P, Scott Long via freebsd-net wrote: Welcome to our workload. Granted, we don?t involve pf, but the majority of our CPU processing right now is spent in TCP (with the rest being spent

Re: is polling still a thing?

On Jan 27, 2015, at 2:28 PM, Olivier Cochard-Labbé oliv...@cochard.me wrote: On Tue, Jan 27, 2015 at 9:15 PM, Michael Sierchio ku...@tenebras.com mailto:ku...@tenebras.com wrote: On small, embedded computers running ipfw w/kernel nat and device polling enabled (on em ether adapters),

Re: is polling still a thing?

On Jan 27, 2015, at 4:08 PM, Antoine Beaupré anar...@koumbit.org wrote: On 2015-01-27 13:57:20, wishmaster wrote: Have you consider to use netmap-based ipfw instead pf in DDoS mitigation? I think you should. And without any network ''haks'' like polling. My understanding of netmap was

Re: is polling still a thing?

On Jan 27, 2015, at 11:28 AM, Antoine Beaupré anar...@koumbit.org wrote: (Please CC, as i am not on the list.) I was surprised to read this article in the pfSense blog: https://blog.pfsense.org/?p=115 https://blog.pfsense.org/?p=115 That article is from June 2007. It’s over seven

Re: netmap in GENERIC, by default, on HEAD

On Nov 5, 2014, at 9:47 AM, Andrey V. Elsukov bu7c...@yandex.ru wrote: Sorry, I showed wrong numbers here. IPSEC kernel in this test gives 2.4 Mpps, but with encryption only 180 kpps. This is more in-line with what I'd expect, assuming AES-CBC-HMAC. Improving the situation wrt encryption

Re: How do I balance bandwidth over several virtual NICs?

On Sep 22, 2014, at 5:15 PM, Adrian Chadd adr...@freebsd.org wrote: On 22 September 2014 13:39, Elof Ofel elof...@hotmail.com wrote: Hi Adrian! Now this sounds promising! All my sensors use the ixgbe driver. However, my skills in programming/compiling isn't vast. I know how to patch and

Re: IP fast forwarding and setkey

On Sep 21, 2014, at 10:41, Olivier Cochard-Labbé oliv...@cochard.me wrote: On Sun, Sep 21, 2014 at 12:08 PM, Paul S. cont...@winterei.se wrote: Hi folks, I plan to make an edge router out of a freebsd system with OpenBGPD + FreeBSD 10, or such. I've been reading up, and noticed

Re: [netmap/vale-ctl] when could process packet

Jaye, I’d really like to see this work happen. Let me know if I can help. Jim On Sep 17, 2014, at 9:39 PM, upyzl zj262...@gmail.com wrote: Hi, I think it's right place to talk about FreeBSD 10 - netmap question (location at FreeBSD 10: /usr/src/tools/tools/netmap ; with kernel device

Re: jme interface bounces up and down, up and down....

On Sep 16, 2014, at 6:53 PM, Brett Glass br...@lariat.net wrote: At 05:27 PM 9/16/2014, Chris Hill wrote: On Tue, 16 Sep 2014, Brett Glass wrote: So, what is the best solution? I cannot throw out the machine, and because I am using a VLAN switch to multiplex the port to three LANs I

RE: Does anybody have set of scripts to support two uplink connections (with two ISPs) without AS and BGP?

pfSense has a bunch of PHP scripts that do this. :-) -Original Message- From: owner-freebsd-...@freebsd.org [mailto:owner-freebsd-...@freebsd.org] On Behalf Of Lev Serebryakov Sent: Sunday, August 24, 2014 12:38 PM To: freebsd-net@freebsd.org Subject: Does anybody have set of scripts to

Re: Intel Support for FreeBSD

On Aug 13, 2014, at 8:24, Barney Cordoba via freebsd-net freebsd-net@freebsd.org wrote: Negative Progress is inevitable. Many here undoubtedly consider the referenced effort to be the opposite. Jim ___ freebsd-net@freebsd.org mailing list

Re: Intel Support for FreeBSD

Barney, I think everyone on-list understand you’re upset. You’ve made that clear. However, (and I’ll put my vendor hat on), the project does not exist solely for the benefit of the companies who choose to use it in their product(s). Given same, your statement that “the commercial use of

Re: UDP sendto() returning ENOBUFS - No buffer space available

On Jul 18, 2014, at 23:34, Adrian Chadd adr...@freebsd.org wrote: It upsets the ALTQ people too. I'm an ALTQ person (pfSense, so maybe one if the biggest) and I'm not upset. That cr*p needs to die in a fire. ___ freebsd-net@freebsd.org mailing

Re: ixgbe and igb - how many queues?

But only 8 per VF. -- Jim On Jul 15, 2014, at 19:04, Ryan Stone ryst...@gmail.com wrote: The oldest hardware supported by the ixgbe driver is the 82598, which supports up to 16 RSS queues (see Table 3-48 in the 82598 datasheet). I believe that the 82599 and X520 are more capable. I

Re: it's the output, not ack coalescing (Re: TSO and FreeBSD vs Linux)

On Aug 18, 2013, at 8:48 AM, Barney Cordoba barney_cord...@yahoo.com wrote: I could fill a tx queue with 10gb of traffic with yesteryear's cpus. It's not an achievement. Being able to bridge real traffic at 10gb/s with 2 cores is Or forward at layer 3. Or filter packets. Or IPSEC.

Re: it's the output, not ack coalescing (Re: TSO and FreeBSD vs Linux)

On Aug 18, 2013, at 4:16 PM, Luigi Rizzo ri...@iet.unipi.it wrote: The mistake, i think, is to expect that there is one magic solution to handle all the useful cases. AKA: not all the world is Yahoo. ___ freebsd-net@freebsd.org mailing list

Re: netmap on wireless NIC

On Jun 5, 2013, at 7:50 AM, Ivan Voras ivo...@freebsd.org wrote: On 04/06/2013 23:06, Chao Xu wrote: Hello, Is it possible to hacking some wireless NIC driver (carl9170 for example) to enable netmap on it? I guess this is possible because wireless drivers also manage packets using ring

Re: pf performance?

On Apr 27, 2013, at 12:53 AM, Gleb Smirnoff gleb...@freebsd.org wrote: Unfortunately, as you see, most people avoid running head, waiting at least for 10.0-RELEASE, or even for pfSense catching up on FreeBSD 10. So probably this change won't be tested soon, and thus won't happen soon,

Re: ipfilter(4) needs maintainer

On Apr 14, 2013, at 5:25 PM, Mark Martinec mark.martinec+free...@ijs.si wrote: ... and as far as I can tell none of them is currently usable on an IPv6-only FreeBSD (like protecting a host with sshguard), none of them supports stateful NAT64, nor IPv6 prefix translation :( pfSense 2.1 has a

Re: Data Center Bridging?

On Jan 22, 2013, at 10:32 AM, Julian Elischer jul...@freebsd.org wrote: On 1/22/13 8:43 AM, Eggert, Lars wrote: Hi, on Linux, various NICs (e.g., ixgbe) support Data Center Bridging. Is this also available under FreeBSD? Do *any* NICs support DCB under FreeBSD? Thanks, Lars