Hi,
On 2011-2-14, at 19:59, Darek M wrote:
Currently using 7.2-RELEASE, with ipnat/ipfilter.
Will I be setting up the NAT box in dual stack?
yes.
Will that allow me then to provide each private host with a v6 IP?
Yes.
Will that then make the private hosts run in dual stack?
If the OS
Hi,
am I correct in that multi-FIB support is currently only working for IPv4? At
least setfib x route add -inet6 addr gw adds the route into all FIBs,
not only FIB x. (For IPv4, it works correctly.)
Or am I missing something?
Thanks,
Lars
PS: Please CC me on replies.
On 2010-9-21, at 17:05, Andre Oppermann wrote:
It seems multi-FIB is incomplete for IPv6. Also radix multi-path
is incomplete for IPv6 at the moment.
Thanks all, for confirming what the status here is.
(Too bad though - this means I still can't properly get packets routed out of a
multihomed
Hi,
On 2010-9-22, at 14:31, Bjoern A. Zeeb wrote:
On Wed, 22 Sep 2010, Lars Eggert wrote:
The ipfw fwd command also doesn't do IPv6;
Hmm, that could possibly be fixed. Not sure it's a good idea in
general, but ...
I'd be happy to test patches.
setfib was my alternative hope. And pf
On 2010-9-24, at 12:06, Lasse Brandt wrote:
IPs: 2a01:::3183:: /64
Gateway: 2a01:::3180::1 /59
And this is my rc.conf:
ipv6_enable=”YES”
ipv6_static_routes=”defgw”
ipv6_route_defgw=”2a01:::3180:: -prefixlen 59 -iface re0”
On 2010-10-1, at 1:55, Doug Barton wrote:
My point about FreeBSD 9 is that if we add the 6rd code today, then
release 9.0 in about a year, then support the RELENG_9 branch for 4-6
years that we will still be maintaining code that no one has any use
for. Sorry if I wasn't clear.
You're
to RFC2401.
Our ID "Use of IPSEC Transport Mode for Virtual Networks" has more
information on this:
ftp://ftp.isi.edu/internet-drafts/draft-touch-ipsec-vpn-01.txt
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/
Garrett Wollman wrote:
On Tue, 13 Mar 2001 16:43:26 -0800, Lars Eggert [EMAIL PROTECTED] said:
I'm considering changing this, so that a select-to-write on a UDP socket
will block until queue space becomes available.
Impossible. The only way to find out whether a packet (or set
still have to handle
the old behaviour as well in userland.
Yes. But we're talking research here :-) (E.g. once UDP blocking is there,
I can use it to do other neat things in the networking stack...)
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http
static buffer around as a "fast-path"
for the common case makes sense.
I wanted to commit something for:
http://www.FreeBSD.org/cgi/query-pr.cgi?pr=25050
but I'm not convinced that the patch is spot on. I could determine
the data size and malloc memory dynamically I guess.
options) - UDP header length?
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/University of Southern California
S/MIME Cryptographic Signature
there were. Something like that, or the MAKEDEV way, would be great.
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/University of Southern California
S/MIME Cryptographic Signature
che doesn't help
you if the remote end still sends to the original MAC address, and you get
traffic on the "wrong" interface.
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/University of Southern California
S/MIME Cryptographic Signature
Is there:
- a way to make FreeBSD display a discovered PMTU?
or
- a userland tool that does PMTU discovery?
Thanks,
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/University of Southern California
S
net.inet.tcp.local_slowstart_flightsize=2
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/University of Southern California
S/MIME Cryptographic Signature
-ipsec-vpn-01.txt
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
S/MIME Cryptographic Signature
thought more about it, there are issues.
Maybe Kenjiro and Itojun (who have a much better understanding of the
details of the networking stack than me) have some ideas how to make
this work?
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse
networking features eats up a lot of time. That's what we're for
(wanting to use these things over VPNs :-). And the KAME people are
extremely helpful and accessible when it comes to getting bug fixes (or
feature-enabling mods) into their tree.
Lars
--
Lars Eggert [EMAIL PROTECTED
decided against it.
I have no experience with pipsecd.
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
S/MIME Cryptographic Signature
the
traffic. There's an ID that has more information on this:
ftp://ftp.isi.edu/internet-drafts/draft-touch-ipsec-vpn-01.txt
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
S/MIME
FreeBSDlover FreeBSDlover wrote:
Can i setup configured tunneling between a router and host which are in the
same network?If possible pls explain me.
Yes, for network and app-layer tunnels. Not sure for lower layers. What
are you setting up?
Lars
--
Lars Eggert [EMAIL PROTECTED
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-net in the body of the message
the tunnel to the Cisco working,
since it's faster.
Finally, I can connect to both the RAS and the Cisco server using
Windows PPTP, and Macintosh NTS Tunnelbuilder. Heck, if the Mac can do
it, so must FreeBSD! :-)
Thanks,
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
:36:54.255376 ifc.isi.edu dee.isi.edu: (frag 53580:102@2960) (ttl
64, len 122)
Any clues?
Thanks,
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
To Unsubscribe: send mail to [EMAIL
Lars Eggert wrote:
we're seeing a strange thing happening, related to ARP and IP fragments.
It seems that Bill Paul saw the same thing back in 1998
(http://www.geocrawler.com/mail/msg.php3?msg_id=822366list=165) but I
couldn't find wheter this was ever resolved or not.
Correction:
The IP
is there a way to build multipoint vpn's, using the FreeBSD's ipsec??
The X-Bone does that, a port is in /usr/ports/net/xbone. Also see its web
site at http://www.isi.edu/xbone/.
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse
: I may be biased here, because I think implementing
multi-homing at the transport layer (like SCTP tries to) is a bad idea
in general. It's a network layer concept, reimplementing it at the
transport layer gives you no new capabilities.
Lars
--
Lars Eggert [EMAIL PROTECTED
: I may be biased here, because I think implementing
multi-homing at the transport layer (like SCTP tries to) is a bad idea
in general. It's a network layer concept, reimplementing it at the
transport layer gives you no new capabilities.
Lars
--
Lars Eggert [EMAIL PROTECTED
tunnel, which is trivial (one or
two system commands, and can be easily automated.)
But we should probbaly move this discussion over to tsvwg... :-)
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/ University of Southern
asking on [EMAIL PROTECTED]
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-net in the body of the message
in INFOCOM '99
(http://www.isi.edu/~faber/pubs.html).
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-net in the body
with the payload data. The only
one I know of that most NATs support is FTP - maybe sendmail puts
network info into the payload, too?
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
To Unsubscribe
not
done this, we simply returned the Cisco box :-)
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-net in the body
Tom Peck wrote:
How would this work? The two web servers aren't accessible straight
from the Internet - traffic goes via the gateway box.
I bet he forgot to mention that the gateway is also a NAT box. Since
squid does app-level relaying, HTTP isn't affected.
Lars
--
Lars Eggert [EMAIL
but precisely because of the side effect
that Louis mentioned. A clean solution would user *either* IPIP tunnels
(i.e. gif devices) and IPsec transport mode *or* IPsec tunnel mode (and
no gifs). See the KAME IMPLEMENTATION file for details, or
draft-touch-ipsec-vpn-02.txt (shameless plug :-).
Lars
--
Lars
a few bucks is good... :-)
Thanks,
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
smime.p7s
Description: application/pkcs7-signature
Hi,
this doesn't look like the same bug described in the link you posted.
The other bug caused negotiation to completely fail, while it succeeds
in your case.
Looks like there's something else wring. What does your ifconfig look
like after the link is up?
Lars
--
Lars Eggert [EMAIL PROTECTED
administration, but if I could
tell the support people go look at page X in Cisco manual Y, that'd
probably allow them to fix it.)
Thanks,
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
that adding a host route can prevent this?
Thanks,
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
smime.p7s
Description: S/MIME Cryptographic Signature
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
smime.p7s
Description: S/MIME Cryptographic Signature
driver, because it also offloads
checksum generation to the NIC.
that makes total sense. I'd like to see the paragraph above in big, bold
letters in the xl(4) man page then - so far it doesn't discuss checksum
offloading at all. :-)
Thanks,
Lars
--
Lars Eggert [EMAIL PROTECTED
aren't interfaces, at least on
FreeBSD). Try tcpdumping and tell me what you get.
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
smime.p7s
Description: S/MIME Cryptographic Signature
gateways, because transit packets have the correct source addresses
(check with tcpdump if you like). Only stuff originating on the gateways
has this problem.
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/ University
, and talking about -STABLE here),
but it's not too much work to add.
Not sure if this is really useful though. Ususally the NIC doesn't limit
your transmission speed, it's losses inside the network that do. Also,
why a new system call? Is it that much more efficient than RawIP?
Lars
--
Lars Eggert
there. There
currently is no such mechanism (AFAIK, and talking about -STABLE here),
but it's not too much work to add.
if you could suggest a few modifications that would be required, i'd like
to pursue this further.
Look at tsleep/wakeup on ifnet of if_snd.
Lars
--
Lars Eggert [EMAIL
Lars Eggert wrote:
Matthew Luckie wrote:
Is there a mechanism to tell when ip_output should be called again?
Ideally, I would block until such time as i could send it via ip_output
You probably get that because the outbound interface queue gets full,
so you want to block your caller
problem than you describe. What Archie saw
was an ENOBUFS being handled like a loss inside the network, even though
the sender has information locally that can allow it to make smarter
retransmission decisions.
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http
etc...
Ports are part of the system in some sense. Do you mean part of the
default installation? I'm not sure load-balancing would be useful for
the majority of users. (Although it can be very useful for a minority.)
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences
and the config scripts. Ping me again in a few days if you
haven't heard from me :-)
What is required to make this work though is that you can get a few
static IPs inside the 216.6.6.129/25 net (in your example) to relay.
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
128.9/16) that is willing to hand you a
sublock, and let you run one end of the relay on their system. It can't
magically make your NAT'ed machines globally routable.
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/ University
-browsable at http://www.kame.net/).
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
smime.p7s
Description: S/MIME Cryptographic Signature
Dennis Pedersen wrote:
But uhm is there a 'simple' way of doing this?
Did you look at the KAME newsletters? (URL in a previous email)
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
configuration for IPsec
http://www.kame.net/newsletter/19991007/
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
smime.p7s
Description: S/MIME Cryptographic Signature
to assign remote peers its own IP address, which
would cause routing loops if mpd didn't catch it. (Note that this could
be due to misconfiguration; I still haven't been able to find the
support staff person who is in charge of the box...)
Lars
--
Lars Eggert [EMAIL PROTECTED
came across like that.
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
http://www.isi.edu/larse/ University of Southern California
smime.p7s
Description: S/MIME Cryptographic Signature
and the length of the encapsulation header...
Lars
--
Lars Eggert [EMAIL PROTECTED] Information Sciences Institute
smime.p7s
Description: application/pkcs7-signature
!= AF_INET)
+ if (dst-sa_family != AF_INET dst-sa_family != AF_INET6)
#endif
{
m_freem(m0);
Thanks,
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
, which platform? from cc: it seems to be freebsd,
but which revision?
Sorry, yes, FreeBSD-4.5, but from looking at the CVS tree, it also seems
to be present in -CURRENT still.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S
the address family on
the front of each packet (see bundle_Create() in
src/usr.sbin/ppp/bundle.c).
Ah, that makes sense. The tag is so the tun device knows who to toss the
packet to when it comes back from the process? Guess I'll have to patch
vtund, then...
Thanks,
Lars
--
Lars Eggert [EMAIL
patching net/vtund so it uses multi-af mode.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
mode is
allowed between a host pair only.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: application/pkcs7-signature
receivers (the problem John Hay described), there's TCP mounts.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
protocol as well, including TCP.
If you can create collisions at the right time, you can disable all
retransmission schemes. The kicker is - how?
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
by device
So I guess I have two questions:
1. Is there some other netgraph documentation out
there that I don't knowe about?
2. Why can't I listen on a ksocket?
Thanks,
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
this (I
hope, still evaluating), and should also have the additional benefit of
being an in-kernel mechanism, thus saving two user/kernelmode switches
per packet. Maybe netgraph might work for you, too.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
,timestamp 14033891 14033881,nop,nop,cc 384 (DF)
I don't know enough about the netgraph internals to debug this further
myself, but I'd be more than happy to do any tests that'd help you or
someone else look into this. (I should probably mention that I'm using
4.5-RELEASE.)
Thanks,
Lars
--
Lars
that extra uplink bandwidth would remain unused in this setup, right? Is
it possible to do WFQ when the uplink bandwidth is unknown/unspecified?
Thanks,
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
transmissions together. For clarification, do you expect one if_tx_rdy()
call per packet or one per batch? Per packet may result in a burst of
these calls, does dummynet handle this?
Thanks,
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S
Lars Eggert wrote:
I'm trying to merge this into the sis driver, which seems to batch
transmissions together. For clarification, do you expect one if_tx_rdy()
call per packet or one per batch? Per packet may result in a burst of
these calls, does dummynet handle this?
Oh, I'm also using
, I'm really glad the folks on freebsd-small have
pointed us at them. Only downside is that you go blind if you look at
the case for too long :-)
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
in sis_txeof(), after the mbuf is freed.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
Hi,
anyone know of a netgraph node that implements decent-strength
encryption (Blowfish, etc.)?
Thanks,
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
I'd like to feed to an encryption node
are UDP (and soon TCP and IP). Or am I wrong?
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
in ?? ()
#24 0x8048fc1 in ?? ()
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
vs. UDP performance over
the link? (If so, you'll need to use a TCP tunnel.)
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
,
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
that, see ipfw (8), esp. the fwd action.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
leaving the
addresses unconfigured? Maybe you can still use ipfw like this:
route add DUMMY_NEXT_HOP -interface GIF
ipfw add fwd DUMMY_NEXT_HOP all from SOURCE to any
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME
, as I would need one for
each tunnel I have set up, and the number of tunnels I set up is dependent
on the number of mobile's that come into the system (which is somewhat of an
unknown).
This makes (2) look infeasible, but (1) may still be an option.
Lars
--
Lars Eggert [EMAIL PROTECTED
by default to begin with
(as required by RFC what-was-the-number-again, the one that updates that
piece of RFC 1812).
Have you *seen* your box forward directed broadcasts with a default
configuration?
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
, but it will add some
protection against this particular DOS attack.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
!
That's about $300 above where I'm willing to consider it.
Soren's boxes (http://www.soekris.com/) are half that price and work
great for our purposes. (Although the current models are also a bit less
powerful than the one above.)
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information
chipset problems. I recently replaced a
P120 with a Celeron 333 - the performance improvement was surprising.
Regards,
David
To Unsubscribe: send mail to [EMAIL PROTECTED]
with unsubscribe freebsd-net in the body of the message
--
Lars Eggert [EMAIL PROTECTED] USC
doesn't change, you may want
to ask this on the vtun mailing list, too: http://vtun.sourceforge.net/
What's the load on the box when the ping times go up? Vtun is userland.
I'd also try not compressing, it doesn't save much.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences
interface though,
according to tcpdump
What's the TTL on the broadcast packets?
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
reasons, all of which people can only speculate on until they see
your code, a description of your setup and experimental procedure, and a
commented packet dump.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic
this been tested with the new natd?
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
to be.Am i doing anything wrong?
I have read the docs well and i thought the above
commands should work for me.
What does your topology look like?
What are your other firewall rules?
How do you measure bandwidth?
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
ip from any to 10.0.1.0/24
ipfw pipe 1 config bw 100Kbit/s
That looks OK. What does ipfw show print?
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
the tree?
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
up between two FreeeBSD machines no problem, but not
between the two OSes.
Yes, we've been using IPIP tunnels between the two systems without
problems since at least 1998. (No idea about GRE.) What's the problem?
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
get you the list. MAC addresses will
then be either in your cache, or use net/arping from ports to get them.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
Luigi Rizzo wrote:
than move to a different board, or use polling (i have polling
patches for the intel gigabit adapter)
If you mean em(4) - I'd love to test them :-)
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME
way to build one, no?)
Thanks,
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
Garrett Wollman wrote:
On Wed, 09 Oct 2002 18:18:41 -0700, Lars Eggert [EMAIL PROTECTED] said:
anyone know of an in-kernel traffic generator similar to UDPgen
(http://www.fokus.gmd.de/research/cc/glone/employees/sebastian.zander/private/udpgen/)
for Linux? Userland traffic generators have
?
RFC2414 seems to indicate it should be higher. Solaris in version 8 and
later default to 4 for this value.
I've been running with 4 for years w/o problems. so i'm all for the change.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S
card and
4K datagrams on a 2.4Ghz P4.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
it over multiple packets. (But there are different issues
that can limit TCP throughput.)
I´ll try changing the packet sizes to figure out optimum.
I think I remember that 4K packets were fastest with the em hardware in
our case.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information
.
Reading his first post, the original poster wants to IPsec NAT'ed
packets, not vice versa.
Lars
--
Lars Eggert [EMAIL PROTECTED] USC Information Sciences Institute
smime.p7s
Description: S/MIME Cryptographic Signature
1 - 100 of 134 matches
Mail list logo