pretty performant these days
https://issue.freebsdfoundation.org/publication/?i=660151
Benoit
> Le sam. 25 nov. 2023 à 00:33, Jim Thompson nov. 2023 à 00:33, Jim Thompson <> a écrit :
>
>
>
> On Nov 24, 2023 at 12:48:07 AM, Benoit Chesneau <
> beno...@enki-multimedia.e
ng_hub(4)On Nov 25, 2023, at 8:34 AM, Benoit Chesneau wrote: Is there a way to cross-connect 2 interfaces without using a bridge . Something similar to the command ˋl2 xconnect` in vpp (or cisco) :https://docs.fd.io/vpp/16.12/vnet_vnet_l2.htmlThis could be quite handy to create a patch between
On Nov 24, 2023 at 12:48:07 AM, Benoit Chesneau
wrote:
> netgraph and vpp looks similar in their intent. Both are graphs to
> process packets.
>
> I thought that usinv netgraph sounds interresting to build a modern
> router or cpe. What about the perforance? Did anyone compRe? Also is there
>
FreeBSD has always been free to have a VRRP implementation.
The smoke and mirrors FUD managed to prevent same to this point, but it was
always FUD.
Jim
> On Jan 26, 2023, at 10:08 AM, Nicolas MASSE
> wrote:
>
> Hi all,
>
> Currently, i'm investigating solutions in order to ensure some
(When did FreeBSD-net become about antenna theory?)
The answer (of course) is, “it depends”. Mostly on “what bands” though your
antenna and cables will have some effect as well.
Some WiFi cards these days employ a form of beamforming or even MIMO. Older
cards could use selection diversity
> On May 13, 2021, at 7:02 AM, Francois ten Krooden wrote:
>
>
>>
>>
>> Thank you. I did set this to 1 specifically now and it still works. So
>> then it
>> should be running in native mode.
>>
>> I will dig a bit into the function that processes the incoming packets.
>> The code I
> On May 11, 2021, at 7:04 AM, Mark Johnston wrote:
>
> On Tue, May 11, 2021 at 12:43:10PM +, Francois ten Krooden wrote:
>> On Monday, 10 May 2021 16:10 Konstantin Belousov wrote:
>>
>>
>>> On Mon, May 10, 2021 at 11:08:18AM +, Francois ten Krooden wrote:
3. What are suitable
> El mié., 26 sept. 2018 a las 18:51, David Cornejo ()
> escribió:.
>>
>>
>> I'm not sure how willing the upstream is to support FreeBSD is either,
>> so, as George said, a port will be tedious to create, but also onerous
>> to maintain. Not saying we shouldn't, but hoping some masochists come
You're not running AES-GCM, you're running AES-CBC + HMAC-SHA256
>E: rijndael-cbc 221239cf e0ddedc5 88f1f711 5e744723
>A: hmac-sha2-256 bf214e0e 73b27e42 1090a067 eaed9e2a d36d3ae7
529a40a1 bf5ea2c9 0e3f5f27
Try running AES-GCM. Example (from the work that gnn@ and I did back
> On Mar 27, 2018, at 5:56 PM, Rodney W. Grimes
> wrote:
>
>> I have posted a revision which removes support for token-ring networking
>> from the tree. There have been no such devices for some time.
>>
>> https://reviews.freebsd.org/D14875
>>
>
>
https://lists.freebsd.org/pipermail/freebsd-wireless/2015-January/005345.html
> On Jan 1, 2018, at 11:33 PM, Victor Sudakov wrote:
>
> Dear Colleagues,
>
> I would like to run multiple instances of hostapd, each per a wlanX
> interface. I see some provisions for multiple
> On Dec 14, 2017, at 12:00 PM, Ming Fu wrote:
>
> Hi,
>
> I am trying to explore the possibility to build a network SPAN/TAP from
> netmap. Similar to the bridge sample, but all packet going through the bridge
> also get copied to a SPAN port. How do I duplicate or
feature etc). But maybe there is some huge advantage of IPSec I've
>>> skipped?
>>>
>> Hi,
>>
>> partners/customers with Cisco IOS or ASA wont be able to partner up
>> without IPSEC.
>
> Sure, that's why I wrote "and others compatible with O
Performance is better with IPsec. It’s a standard, too.
> On Nov 18, 2017, at 10:58 AM, Victor Sudakov wrote:
>
> Dear Colleagues,
>
> Is there any reason to prefer IPSec over OpenVPN for building VPNs
> between FreeBSD hosts and routers (and others compatible with
> On Jun 14, 2017, at 9:48 AM, John Jasen wrote:
>
> Our goal was to test whether or not FreeBSD currently is viable, as the
> operating system platform for high speed routers and firewalls, in the
> 40 to 100 GbE range.
We recently showed IPsec running at 36.32Gbps (8
> In it's initial state if_ipsec allows to use only one set of encryption
> parameters (because only one sainfo anonyumous is possible), so at this time
> it doesn't allow to create multiple tunnels with VPN hubs that use different
> cipers and/or transform sets, but as far as I understand this
(I'm not subscribed to -hpc or -performance, so I've trimmed the
recipients.)
You're running iperf3 on an Ivy Bridge Xeon at 2.4GHz.
-N (--no-delay) only applies to TCP, it disables Nagle's algorithm, so it
doesn't apply for "-u" (--udp).
In any case, iperf3 still attempts to use large enough
> On Aug 27, 2016, at 11:50 AM, Hooman Fazaeli wrote:
>
> Second have you considered replacing the existing radix tree with a faster
> data structure, specially the Luigi DXR
> tables?
DXR only supports IPv4. FYI.
___
Luiz Otavio O Souza (loos@) developed these for igb(4) and, by extension, em(4)
for use in netmap-fwd.
He’s just gone back to Brazil with 82599 ixgb(4) hardware. I’m sure he’ll
develop similar patches for ixgb(4) in the near future.
Chelsio is also “on the list”, but I figured I’d speak to
Works fine on recent -CURRENT (r297237M), (Thinkpad x230, em0).
> On Apr 1, 2016, at 2:41 PM, bugzilla-nore...@freebsd.org wrote:
>
> https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208389
>
> --- Comment #4 from Shawn Webb ---
> On one box, it's em0, on another,
VALE is in 10.3, the netmap backend: IDK. It's in pfSense 2.3 (based on 10.3).
-- Jim
> On Mar 22, 2016, at 8:44 AM, Sami Halabi <sodyn...@gmail.com> wrote:
>
> is it builtin already in 10.3? or in current only?
>
> בתאריך 19 במרץ 2016 18:55, "Jim Thomps
> On Mar 19, 2016, at 10:55 AM, John Nielsen wrote:
>
>> On Mar 19, 2016, at 8:12 AM, Sami Halabi wrote:
>>
>> hi,
>> are there ongoing job on taking bhyve further steps toward enterprise scale
>> like:
>> 1. high availability, rules on vms (like
> On Oct 16, 2015, at 12:06 AM, Ian Smith wrote:
>
>> On Thu, 15 Oct 2015 17:03:55 +0800, Julian Elischer wrote:
>>> On 10/10/15 10:59 PM, Luigi Rizzo wrote:
>>> the nice folks at cloudflare implemented a nice feature
>>> in netmap that puts some queues of the NIC in
> Before we spend money, I'd love to hear someone report success with capturing
> a single flow at >4Mpps, >20Gbps using netmap on Linux and
> what NIC they use.
You said linux, and this is freebsd-net, but this blog post (from yesterday) is
probably apt.
> On Oct 9, 2015, at 7:14 AM, Archy Cho wrote:
>
> I think I must misunderstand something , could anyone send me advise?
> Or any documents could help to build a NETMAP IPFW firewall box ?
See the last several paragraphs of:
On Jul 27, 2015, at 7:57 PM, John-Mark Gurney j...@funkthat.com wrote:
I would like to remove it from HEAD immediately as I don't see a use
for it. Some time ago I proposed removing Skipjack from the OCF in 12, but
personally, now that I think about how long 12 is, we deprecate these
On Jul 27, 2015, at 10:41 PM, John-Mark Gurney j...@funkthat.com wrote:
Jim Thompson wrote this message on Mon, Jul 27, 2015 at 20:24 -0500:
On Jul 27, 2015, at 7:57 PM, John-Mark Gurney j...@funkthat.com wrote:
I would like to remove it from HEAD immediately as I don't see a use
Do we even know that Karl’s APU(s) aren’t running the current version of
firmware (which was released last September)?
jim
On Jun 12, 2015, at 11:53 AM, Adrian Chadd adr...@freebsd.org wrote:
Hi,
If this works for people then we should document this somewhere and
include the
What you’re looking for is “transport mode” IPsec.
Dan Langille wrote this 14 years ago, it may still be accurate.
http://www.freebsddiary.org/ipsec.php http://www.freebsddiary.org/ipsec.php
This is a bit more recent (14 months ago), and should be easy to adapt to two
FreeBSD hosts:
While it is a true statement that, You can do anything in the kernel that you
can do in user space.”, it is not a helpful statement. Yes, the kernel is just
a program.
In a similar way, “You can just pop it into any kernel and it works.” is also
not helpful. It works, but it doesn’t work
events, and 3) they don't have properly tuned ethernet
drivers.
BC
On Monday, May 4, 2015 12:37 PM, Jim Thompson j...@netgate.com wrote:
While it is a true statement that, You can do anything in the kernel that
you can do in user space.”, it is not a helpful statement. Yes
On May 4, 2015, at 10:07 PM, Julian Elischer jul...@freebsd.org wrote:
Jim, and Barney. I hate to sound like a broken record, but we really need
interested people in the network stack.
The people who make the decisions about this are the people who stand up and
say I have a few hours I
have you considered that there might not be a relevant patch because FreeBSD’s
implementation isn’t affected?
Jim
On Apr 2, 2015, at 9:15 PM, Eitan Adler li...@eitanadler.com wrote:
+ FreeBSD lists since I haven't seen any relevant patches (although I
might have missed them).
--
On Feb 11, 2015, at 4:51 AM, Julian Elischer jul...@freebsd.org wrote:
On 2/11/15 5:55 PM, Matt Churchyard wrote:
I appreciate that it might be 'valid' as a binary mask, but I'm struggling
to find any documentation anywhere that actually suggests that it's valid as
a network
On Feb 5, 2015, at 1:13 PM, Adrian Chadd adr...@freebsd.org wrote:
On 5 February 2015 at 11:03, Sean Bruno sbr...@ignoranthack.me
mailto:sbr...@ignoranthack.me wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
Some questions came up around the office and we ended up doing some
On Feb 5, 2015, at 2:23 PM, hiren panchasara hi...@strugglingcoder.info
wrote:
On 02/05/15 at 12:31P, Scott Long via freebsd-net wrote:
Welcome to our workload. Granted, we don?t involve pf, but the majority of
our CPU processing right now is spent in TCP (with the rest being spent
On Jan 27, 2015, at 2:28 PM, Olivier Cochard-Labbé oliv...@cochard.me wrote:
On Tue, Jan 27, 2015 at 9:15 PM, Michael Sierchio ku...@tenebras.com
mailto:ku...@tenebras.com wrote:
On small, embedded computers running ipfw w/kernel nat and device polling
enabled (on em ether adapters),
On Jan 27, 2015, at 4:08 PM, Antoine Beaupré anar...@koumbit.org wrote:
On 2015-01-27 13:57:20, wishmaster wrote:
Have you consider to use netmap-based ipfw instead pf in DDoS mitigation? I
think you should. And without any network ''haks'' like polling.
My understanding of netmap was
On Jan 27, 2015, at 11:28 AM, Antoine Beaupré anar...@koumbit.org wrote:
(Please CC, as i am not on the list.)
I was surprised to read this article in the pfSense blog:
https://blog.pfsense.org/?p=115 https://blog.pfsense.org/?p=115
That article is from June 2007. It’s over seven
On Nov 5, 2014, at 9:47 AM, Andrey V. Elsukov bu7c...@yandex.ru wrote:
Sorry, I showed wrong numbers here. IPSEC kernel in this test gives 2.4
Mpps, but with encryption only 180 kpps.
This is more in-line with what I'd expect, assuming AES-CBC-HMAC.
Improving the situation wrt encryption
On Sep 22, 2014, at 5:15 PM, Adrian Chadd adr...@freebsd.org wrote:
On 22 September 2014 13:39, Elof Ofel elof...@hotmail.com wrote:
Hi Adrian!
Now this sounds promising! All my sensors use the ixgbe driver.
However, my skills in programming/compiling isn't vast. I know how to patch
and
On Sep 21, 2014, at 10:41, Olivier Cochard-Labbé oliv...@cochard.me wrote:
On Sun, Sep 21, 2014 at 12:08 PM, Paul S. cont...@winterei.se wrote:
Hi folks,
I plan to make an edge router out of a freebsd system with OpenBGPD +
FreeBSD 10, or such.
I've been reading up, and noticed
Jaye,
I’d really like to see this work happen.
Let me know if I can help.
Jim
On Sep 17, 2014, at 9:39 PM, upyzl zj262...@gmail.com wrote:
Hi,
I think it's right place to talk about FreeBSD 10 - netmap question
(location at FreeBSD 10: /usr/src/tools/tools/netmap ; with kernel device
On Sep 16, 2014, at 6:53 PM, Brett Glass br...@lariat.net wrote:
At 05:27 PM 9/16/2014, Chris Hill wrote:
On Tue, 16 Sep 2014, Brett Glass wrote:
So, what is the best solution? I cannot throw out the machine, and
because I am using a VLAN switch to multiplex the port to three LANs
I
pfSense has a bunch of PHP scripts that do this. :-)
-Original Message-
From: owner-freebsd-...@freebsd.org [mailto:owner-freebsd-...@freebsd.org]
On Behalf Of Lev Serebryakov
Sent: Sunday, August 24, 2014 12:38 PM
To: freebsd-net@freebsd.org
Subject: Does anybody have set of scripts to
On Aug 13, 2014, at 8:24, Barney Cordoba via freebsd-net
freebsd-net@freebsd.org wrote:
Negative Progress is inevitable.
Many here undoubtedly consider the referenced effort to be the opposite.
Jim
___
freebsd-net@freebsd.org mailing list
Barney,
I think everyone on-list understand you’re upset. You’ve made that clear.
However, (and I’ll put my vendor hat on), the project does not exist solely for
the benefit of the companies who choose to use it in their product(s).
Given same, your statement that “the commercial use of
On Jul 18, 2014, at 23:34, Adrian Chadd adr...@freebsd.org wrote:
It upsets the ALTQ people too.
I'm an ALTQ person (pfSense, so maybe one if the biggest) and I'm not upset.
That cr*p needs to die in a fire.
___
freebsd-net@freebsd.org mailing
But only 8 per VF.
-- Jim
On Jul 15, 2014, at 19:04, Ryan Stone ryst...@gmail.com wrote:
The oldest hardware supported by the ixgbe driver is the 82598, which
supports up to 16 RSS queues (see Table 3-48 in the 82598 datasheet).
I believe that the 82599 and X520 are more capable.
I
On Aug 18, 2013, at 8:48 AM, Barney Cordoba barney_cord...@yahoo.com wrote:
I could fill a tx queue with 10gb of traffic with yesteryear's cpus. It's
not an achievement. Being able to bridge
real traffic at 10gb/s with 2 cores is
Or forward at layer 3.
Or filter packets.
Or IPSEC.
On Aug 18, 2013, at 4:16 PM, Luigi Rizzo ri...@iet.unipi.it wrote:
The mistake, i think,
is to expect that there is one magic solution to handle all the useful
cases.
AKA: not all the world is Yahoo.
___
freebsd-net@freebsd.org mailing list
On Jun 5, 2013, at 7:50 AM, Ivan Voras ivo...@freebsd.org wrote:
On 04/06/2013 23:06, Chao Xu wrote:
Hello,
Is it possible to hacking some wireless NIC driver (carl9170 for example)
to enable netmap on it? I guess this is possible because wireless drivers
also manage packets using ring
On Apr 27, 2013, at 12:53 AM, Gleb Smirnoff gleb...@freebsd.org wrote:
Unfortunately, as you see, most people avoid running head, waiting at least
for 10.0-RELEASE, or even for pfSense catching up on FreeBSD 10. So probably
this change won't be tested soon, and thus won't happen soon,
On Apr 14, 2013, at 5:25 PM, Mark Martinec mark.martinec+free...@ijs.si wrote:
... and as far as I can tell none of them is currently usable
on an IPv6-only FreeBSD (like protecting a host with sshguard),
none of them supports stateful NAT64, nor IPv6 prefix translation :(
pfSense 2.1 has a
On Jan 22, 2013, at 10:32 AM, Julian Elischer jul...@freebsd.org wrote:
On 1/22/13 8:43 AM, Eggert, Lars wrote:
Hi,
on Linux, various NICs (e.g., ixgbe) support Data Center Bridging. Is this
also available under FreeBSD? Do *any* NICs support DCB under FreeBSD?
Thanks,
Lars
55 matches
Mail list logo