enabling if_bridge STP

2007-12-06 Thread Atrox 

Hello!

I've just built myself a VPN-network for testing bridge STP. I installed 3
FreeBSD boxes (2 FreeBSD-6.2 and 1 FreeBSD-6.1) and connected all of them
with OpenVPN with TAP-bridging:
* 1st box is OpenVPN server only and has tap0 bridged with its inner
interface (192.168.1.1).
* 2nd box is OpenVPN client only and has tap0 and tap1 bridged with its
inner interface (192.168.2.1).
* 3rd box is both OpenVPN client and server and has also bridged tap0, tap1
and its inner interface (192.168.3.1).

So now the question is on which interfaces should I enable STP in such
setup? I tried enabling it on all interfaces (well, besides the external
ones ;) like this:
=
ifconfig bridge0 create addm tap0 stp tap0 addm sk0 stp sk0 addm tap1 stp
tap1 up
=

But after doing so, all the interfaces just stay disabled, a'la:
=
bridge0: flags=28143UP,BROADCAST,RUNNING,PROMISC,MULTICAST,PPROMISC mtu
1500
ether ac:de:48:46:d3:ef
priority 32768 hellotime 2 fwddelay 15 maxage 20
member: tap0 flags=7LEARNING,DISCOVER,STP
port 7 priority 128 path cost 55 disabled
member: tap1 flags=7LEARNING,DISCOVER,STP
port 9 priority 128 path cost 55 disabled
member: sk0 flags=7LEARNING,DISCOVER,STP
port 1 priority 128 path cost 55 disabled
=

Am I doing smth wrong?

--
Silver
-- 
View this message in context: 
http://www.nabble.com/enabling-if_bridge-STP-tf4954594.html#a14188023
Sent from the freebsd-questions mailing list archive at Nabble.com.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: enabling if_bridge STP

2007-12-06 Thread Atrox 


Nikos Vassiliadis-2 wrote:
 
 On Thursday 06 December 2007 10:17:36 Atrox wrote:
 Am I doing smth wrong?
 
 Hm, are these FreeBSD boxes you are trying to bridge,
 on the same ethernet?
 

Yes, all these boxes are connected to our LAN with their ext_ifs. Also, one
of them has a switch and a PC connected to its int_if, other int_ifs are
status: no carrier.


 STP will create a tree by disabling some ports
 to eliminate loops in the topology. If you have
 a loop-free topology, all ports should be active.
 

Well, as I understand, in my case, STP should be enabled mainly on
TAP-interfaces as it would eliminate the scenario where, for an example,
ARP-requests from 192.168.1.1 for 192.168.3.1 reach 192.168.2.1. Have I
understood it correctly?



 ASCII art time! What's your topology?
 

Well, let's try ;)
The machines stand like this:

192.168.8.15/24
  - GW/NAT - 
192.168.1/24
   ||   192.168.8.16/24
== 192.168.8/24 == == - GW/NAT -
   ||192.168.2/24
192.168.8.17/24
 - GW/NAT -
192.168.3/24
-- 
View this message in context: 
http://www.nabble.com/enabling-if_bridge-STP-tf4954594.html#a14189511
Sent from the freebsd-questions mailing list archive at Nabble.com.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]

Re: No buffer space available error

2007-11-08 Thread Atrox 


Nejc Škoberne-2 wrote:
 
 Hello,
 
 I've been trying to solve this problem by myself for a long time now, but
 no luck.
 I run a few dozens of FreeBSD 5.3/5.4 machines, which serve as routers,
 NAT boxes,
 Apache, Postfix, OpenVPN, ... servers. Most of them are low-cost PC
 machines since
 they are usually deployed to SOHO environments and the loads are rather
 low.
 
 I am having problems with the No buffer space available error like this:
 
   Jul 18 08:49:36 Router openvpn[661]: write UDPv4: No buffer space
 available (code=55)
 
 so this is obviously when OpenVPN tries to send UDP packets. And also like
 this:
 
   Jun 23 06:27:38 Router pdns[2182]: Unable to send a packet to our
 recursing
   backend: No buffer space available
 
 when PowerDNS DNS server tries to do some recursive work. I have been
 searching Google
 for a solution and I found out that the error should appear when the mbuf
 (or sfbuf?)
 is full and that I can print the current buffer status with 'netstat
 -m'.
 
 Because the error would show up (and not only show up, but also block the
 network
 operability for that server) at random times, I set up the swatch daemon
 on all those
 servers, so that as soon as the error is logged in messages, I run this
 command:
 
 #!/usr/local/bin/bash
 LOG=/var/log/swatch.log
 
 datum=`date`
 echo == $datum ===
 sockstat  $LOG
 echo  
 $LOG
 netstat -n -a  $LOG
 echo  
 $LOG
 netstat -m  $LOG
 echo  
 $LOG
 ps ax  $LOG
 echo  
 $LOG
 
 Even though the log was growing as I assumed, I couldn't find anything
 particulary
 interesting, because the netstat -m command issued by swatch (at the
 time of the
 error) still shows something like this:
 
 2 mbufs in use
 1/17088 mbuf clusters in use (current/max)
 0/6/4528 sfbufs in use (current/peak/max)
 2 KBytes allocated to network
 0 requests for sfbufs denied
 0 requests for sfbufs delayed
 1819 requests for I/O initiated by sendfile
 7578 calls to protocol drain routines
 
 I am not sure, but as I understand it, this means that the buffers are
 quite OK.
 
 What would be the proper way to debug this problem? This is happening on
 machines
 with various hardware, from good old Pentium I with 32 MB RAM up to P4
 3GHz, 1GB RAM,
 various network cards (mostly rtl8139), with ADSL or VDSL, although the
 errors are
 very rare at the VDSL boxes (where the upstream bandwidth is substantially
 greater).
 
 So, usually the errors appear but the users don't bother really, so it
 looks like
 the problems goes away sometimes (the connection is restored), but
 sometimes reboot
 is needed.
 
 Thanks for your ideas.
 
 P.S.: If the output of the script above could be helpful, let me know, I
 can publish
 it somewhere.
 
 Cheers,
 Nejc
 

Hello Nejc!

Have you managed to solve this? I've just been having the same issue - I've
set up multiple OpenVPN connections with TAP-device (FreeBSD-5.3 as server,
5.4 as client, multiple 4.x as clients etc.) and the server gives the same
error regularly - I can't restart the server, the error occures every 30
minutes or so.. Do you know what's the deal with these buffers?

My netstat -m shows:
520 mbufs in use
515/128000 mbuf clusters in use (current/max)
0/5/6656 sfbufs in use (current/peak/max)
1160 KBytes allocated to network
0 requests for sfbufs denied
0 requests for sfbufs delayed
0 requests for I/O initiated by sendfile
9814 calls to protocol drain routines
-- 
View this message in context: 
http://www.nabble.com/No-buffer-space-available-error-tf1960830.html#a13644937
Sent from the freebsd-questions mailing list archive at Nabble.com.

___
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to [EMAIL PROTECTED]