Re: Network simulation using jails & vimage
On Fri, 2010-03-05 at 15:15 -0500, j...@sifferle.net wrote: > On March 5, 2010 at 7:34 PM Julian Elischer wrote: > > > j...@sifferle.net wrote: > > > > > > I just now had some time to put together a CURRENT box for testing. I'm > > > getting a 'Fatal trap 12: page fault while in kernel mode' whenever I > > > boot with pf_enable set to YES in rc.conf. Here's my current setup: > > > > > > > This is unfortunately one for Ermal, as I wouldn't know a pfctl > > command if it came up and kicked me in the shins. :-) > > > > We really should try get the new pf stuff into -current so that > > it gets more testing. > > > Thanks for your quick reply... > > I think my first problem is I didn't pull the sources from the folder Ermal > mentioned: http://svn.freebsd.org/base/user/eri/pf45/head/. > > I misunderstood and thought it had been put in CURRENT. I will download > the correct > sources and try again. > Hi Ermal, Forgive my ignorance, but how would you recommend I build my system to test the new pf code? Here's what I tried earlier today: 1) Start with a CURRENT system with sources from 2/25 2) Download the new sources from svn using the link you provided na-lab-wan-3# svn info Path: . URL: http://svn.freebsd.org/base/user/eri/pf45/head Repository Root: http://svn.freebsd.org/base Repository UUID: ccf9f872-aa2e-dd11-9fc8-001c23d0bc1f Revision: 204768 Node Kind: directory Schedule: normal Last Changed Author: eri Last Changed Rev: 204245 Last Changed Date: 2010-02-23 01:58:12 -0800 (Tue, 23 Feb 2010) 3) Build and install a new kernel with the updated sources. But, I could not compile with ALTQ support enabled. Is ALTQ available yet with the new pf, or is it still a work in progress like pflog and pfsync? cc -O2 -pipe -fno-strict-aliasing -Werror -D_KERNEL -DKLD_MODULE /usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c: In function 'pf_begin_altq': /usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c:894: error: 'altqs_inactive_open' undeclared (first use in this function) /usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c:894: error: (Each undeclared identifier is reported only once /usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c:894: error: for each function it appears in.) /usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c: In function 'pf_rollback_altq': /usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c:934: error: 'altqs_inactive_open' undeclared (first use in this function) /usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c: In function 'pf_commit_altq': /usr/src_new/head/sys/modules/pf/../../contrib/pf/net/pf_ioctl.c:1024: error: 'altqs_inactive_open' undeclared (first use in this function) *** Error code 1 4) Reboot, load pf module, attempt to run pfctl -f /etc/pf.conf with this error: No ALTQ support in kernel ALTQ related functions disabled pfctl: DIOCADDRULE: Operation not supported by device 5) Attempt to rebuild pfctl from /usr/src_new/sbin/pfctl to deal with the 'Operation not supported by device' error. I get this error: cc -O2 -pipe -Wall -Wmissing-prototypes -Wno-uninitialized -Wstrict-prototypes -I/usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl -DENABLE_ALTQ -std=gnu99 -fstack-protector -Wsystem-headers -Werror -Wall -Wno-format-y2k -Wno-uninitialized -Wno-pointer-sign -c /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c cc1: warnings being treated as errors In file included from /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:64: /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.h:119: warning: 'struct pfsync_state_peer' declared inside parameter list /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.h:119: warning: its scope is only this definition or declaration, which is probably not what you want /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.h:120: warning: 'struct pfsync_state' declared inside parameter list /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c: In function 'pfctl_clear_states': /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:393: error: 'struct pfioc_state_kill' has no member named 'psk_killed' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c: In function 'pfctl_kill_src_nodes': /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:532: error: 'struct pfioc_src_node_kill' has no member named 'psnk_killed' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:538: error: 'struct pfioc_src_node_kill' has no member named 'psnk_killed' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c: In function 'pfctl_net_kill_states': /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:638: error: 'struct pfioc_state_kill' has no member named 'psk_killed' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:644: error: 'struct pfioc_state_kill' has no member named 'psk_killed' /usr/src_new/head/sbin/pfctl/../../contrib/pf/pfctl/pfctl.c:
Re: Network simulation using jails & vimage
On March 5, 2010 at 7:34 PM Julian Elischer wrote: > j...@sifferle.net wrote: > > > > I just now had some time to put together a CURRENT box for testing. I'm > > getting a 'Fatal trap 12: page fault while in kernel mode' whenever I > > boot with pf_enable set to YES in rc.conf. Here's my current setup: > > > > This is unfortunately one for Ermal, as I wouldn't know a pfctl > command if it came up and kicked me in the shins. :-) > > We really should try get the new pf stuff into -current so that > it gets more testing. > Thanks for your quick reply... I think my first problem is I didn't pull the sources from the folder Ermal mentioned: http://svn.freebsd.org/base/user/eri/pf45/head/. I misunderstood and thought it had been put in CURRENT. I will download the correct sources and try again. Regards, Jim ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
Re: Network simulation using jails & vimage
j...@sifferle.net wrote: On February 23, 2010 at 10:11 AM "Ermal Luçi" wrote: > On Sun, Feb 21, 2010 at 6:14 PM, Julian Elischer wrote: > > > Bjoern A. Zeeb wrote: > > > >> On Sun, 21 Feb 2010, Julian Elischer wrote: > >> > >> Hi, > >> > >> Jim Sifferle wrote: > >>> > Hi, > > Does any FreeBSD branch / vimage release combination support separate pf > AND ipfw configurations per jail? I need ipfw+pf/altq for HFSC queuing > >>> > >>> -current (9) should be close, with patches for pf supplied by ceri. > >> > >> s,ceri,eri, (Ermal Luçi) > > > > it'd be nice if itcould get committed > > > > Ermal, is it ready? > > > It is usable look at http://svn.freebsd.org/base/user/eri/pf45/head/. > For vnet pfsync/pflow/pflog needs some fixes still. > I just now had some time to put together a CURRENT box for testing. I'm getting a 'Fatal trap 12: page fault while in kernel mode' whenever I boot with pf_enable set to YES in rc.conf. Here's my current setup: - FreeBSD CURRENT cvs snapshot as of 2/25/10, running AMD64 kernel - GENERIC kernel compiled with ALTQ and VIMAGE options, invariants and witness options disabled, plus Imunes patch for FreeBSD 8 RC3 available here: http://imunes.net/imunes-8.0-RC3.diff - pf loaded as module with very simple pass all pf.conf - ipfw not loaded The Fatal trap seems to occur when pfctl is run. This is unfortunately one for Ermal, as I wouldn't know a pfctl command if it came up and kicked me in the shins. :-) We really should try get the new pf stuff into -current so that it gets more testing. I am recompiling my kernel with all debugging options turned on. Hopefully I can get a good kernel dump. I will also try with fresh kernel sources skipping the Imunes patch. Anything else I should try? Thanks for your help, Jim ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
Re: Network simulation using jails & vimage
On February 23, 2010 at 10:11 AM "Ermal Luçi" wrote: > On Sun, Feb 21, 2010 at 6:14 PM, Julian Elischer wrote: > > > Bjoern A. Zeeb wrote: > > > >> On Sun, 21 Feb 2010, Julian Elischer wrote: > >> > >> Hi, > >> > >> Jim Sifferle wrote: > >>> > Hi, > > Does any FreeBSD branch / vimage release combination support separate pf > AND ipfw configurations per jail? I need ipfw+pf/altq for HFSC queuing > >>> > >>> -current (9) should be close, with patches for pf supplied by ceri. > >> > >> s,ceri,eri, (Ermal Luçi) > > > > it'd be nice if itcould get committed > > > > Ermal, is it ready? > > > It is usable look at http://svn.freebsd.org/base/user/eri/pf45/head/. > For vnet pfsync/pflow/pflog needs some fixes still. > I just now had some time to put together a CURRENT box for testing. I'm getting a 'Fatal trap 12: page fault while in kernel mode' whenever I boot with pf_enable set to YES in rc.conf. Here's my current setup: - FreeBSD CURRENT cvs snapshot as of 2/25/10, running AMD64 kernel - GENERIC kernel compiled with ALTQ and VIMAGE options, invariants and witness options disabled, plus Imunes patch for FreeBSD 8 RC3 available here: http://imunes.net/imunes-8.0-RC3.diff - pf loaded as module with very simple pass all pf.conf - ipfw not loaded The Fatal trap seems to occur when pfctl is run. I am recompiling my kernel with all debugging options turned on. Hopefully I can get a good kernel dump. I will also try with fresh kernel sources skipping the Imunes patch. Anything else I should try? Thanks for your help, Jim ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
Re: Network simulation using jails & vimage
On Sun, Feb 21, 2010 at 6:14 PM, Julian Elischer wrote: > Bjoern A. Zeeb wrote: > >> On Sun, 21 Feb 2010, Julian Elischer wrote: >> >> Hi, >> >> Jim Sifferle wrote: >>> Hi, I've used ipfw and Dummynet as well as ipfw + DSCP recognition patch and pf/altq to simulate Internet and MPLS WAN environments for several years. All of my setups have run under VMWare, which for many reasons isn't ideal. I would like to collapse all of these VMs into one FreeBSD box using jails and vimages. Does any FreeBSD branch / vimage release combination support separate pf AND ipfw configurations per jail? I need ipfw+pf/altq for HFSC queuing to simulate the queueing effects of MPLS provider edge and core routers. >>> >>> -current (9) should be close, with patches for pf supplied by ceri. >>> >> >> s,ceri,eri, (Ermal Luçi) >> > > err yeah.. > > it'd be nice if itcould get committed > > Ermal, is it ready? > > It is usable look at http://svn.freebsd.org/base/user/eri/pf45/head/. For vnet pfsync/pflow/pflog needs some fixes still. > > >> >> 8 can do separate ipfw but pf is not changed. >>> 9 has bugs fixed. but I'm not sure if the changes for pf went in.. >>> they do exis tif they are not in already. >>> >> >> No, pf hasn't gone in yet; it lives in user/eri/pf45/ in svn and I am >> not sure what the plans are. >> >> Apart from the latest changes 8 and 9 should be pretty much in sync >> wrt to VIMAGE I think. >> >> >> I'm hoping the latest 7.2-STABLE-201001 snapshot will work. The DSCP recognition patch for ipfw that I rely on doesn't seem to work with 8.0. If 7.2 won't work for my needs, but 8 or 9-CURRENT will, is anyone aware of an updated ipfw DSCP patch? I haven't seen anything on Google or the freebsd-ipfw mailing list. >>> >>> what is DSCP? >>> >> >> I guess Differentiated Services CodePoint (if talking MPLS). >> >> >> /bz >> >> > ___ > freebsd...@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > To unsubscribe, send any mail to "freebsd-pf-unsubscr...@freebsd.org" > -- Ermal ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
Re: Network simulation using jails & vimage
Bjoern A. Zeeb wrote: On Sun, 21 Feb 2010, Julian Elischer wrote: Hi, Jim Sifferle wrote: Hi, I've used ipfw and Dummynet as well as ipfw + DSCP recognition patch and pf/altq to simulate Internet and MPLS WAN environments for several years. All of my setups have run under VMWare, which for many reasons isn't ideal. I would like to collapse all of these VMs into one FreeBSD box using jails and vimages. Does any FreeBSD branch / vimage release combination support separate pf AND ipfw configurations per jail? I need ipfw+pf/altq for HFSC queuing to simulate the queueing effects of MPLS provider edge and core routers. -current (9) should be close, with patches for pf supplied by ceri. s,ceri,eri, (Ermal Luçi) err yeah.. it'd be nice if itcould get committed Ermal, is it ready? 8 can do separate ipfw but pf is not changed. 9 has bugs fixed. but I'm not sure if the changes for pf went in.. they do exis tif they are not in already. No, pf hasn't gone in yet; it lives in user/eri/pf45/ in svn and I am not sure what the plans are. Apart from the latest changes 8 and 9 should be pretty much in sync wrt to VIMAGE I think. I'm hoping the latest 7.2-STABLE-201001 snapshot will work. The DSCP recognition patch for ipfw that I rely on doesn't seem to work with 8.0. If 7.2 won't work for my needs, but 8 or 9-CURRENT will, is anyone aware of an updated ipfw DSCP patch? I haven't seen anything on Google or the freebsd-ipfw mailing list. what is DSCP? I guess Differentiated Services CodePoint (if talking MPLS). /bz ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
Re: Network simulation using jails & vimage
On Sun, 2010-02-21 at 01:14 -0800, Jim Sifferle wrote: > > what is DSCP? > > DSCP stands for Differentiated Services Code Point, a six byte field in I should have proofread better... the DSCP field is six bits, not bytes. :) Jim ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
Re: Network simulation using jails & vimage
On Sun, 2010-02-21 at 00:36 -0800, Julian Elischer wrote: > Jim Sifferle wrote: > > Hi, > > > > I've used ipfw and Dummynet as well as ipfw + DSCP recognition patch and > > pf/altq to simulate Internet and MPLS WAN environments for several > > years. All of my setups have run under VMWare, which for many reasons > > isn't ideal. I would like to collapse all of these VMs into one FreeBSD > > box using jails and vimages. > > > > Does any FreeBSD branch / vimage release combination support separate pf > > AND ipfw configurations per jail? I need ipfw+pf/altq for HFSC queuing > > to simulate the queueing effects of MPLS provider edge and core > > routers. > > -current (9) should be close, with patches for pf supplied by ceri. > > 8 can do separate ipfw but pf is not changed. > 9 has bugs fixed. but I'm not sure if the changes for pf went in.. > they do exis tif they are not in already. Hmmm... I think I need separate pf instances. I apply pf/altq QoS queues to both interfaces of the VM that simulates the MPLS provider edge router. The customer facing interface is a VLAN, and the QoS queues for this interface could be applied using the system-wide pf instance. The provider facing interface would be an eiface attached to the vimage and I don't believe available to pf at boot time. I will have to look around to see if the changes to support multiple pf instances have made it into 9-CURRENT. Where in the source tree should I look, or which mailing list would be best to ask this question on? > > I'm hoping the latest 7.2-STABLE-201001 snapshot will work. The DSCP > > recognition patch for ipfw that I rely on doesn't seem to work with > > 8.0. > > > > If 7.2 won't work for my needs, but 8 or 9-CURRENT will, is anyone aware > > of an updated ipfw DSCP patch? I haven't seen anything on Google or the > > freebsd-ipfw mailing list. > > what is DSCP? DSCP stands for Differentiated Services Code Point, a six byte field in the IP header used to differentiate between Classes of Service, and commonly used for CoS/QoS provisioning on MPLS WAN networks. The DSCP IP header field superceded the IP TOS field as of RFC 2474. Here's a pretty lightweight overview of how DSCP can be used: http://www.cisco.com/en/US/tech/tk543/tk757/technologies_tech_note09186a00800949f2.shtml For those who are interested, I've attached a simple ASCII diagram of the vimage layout I envision (and currently have using VMWare). Thanks for your help... Jim - |Cisco 2950 48 Port Switch: Site 1: Vlan 100: LAN, Vlan 101: Internet, Vlan 102: MPLS | | Site 2: Vlan 200: LAN, Vlan 201: Internet, Vlan 202: MPLS | | Site 3: Vlan 300: LAN, Vlan 301: Internet, Vlan 302: MPLS | | Site 4: Vlan 400: LAN, Vlan 401: Internet, Vlan 402: MPLS | | | | Trunk Trunk Trunk Trunk | |---|---|---| | | | | / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ / \ - | | | | | | | | | | | | | | | | | | | | | | -- | -- | -- | -- | | | || | || | || | || | | | | MPLS PE RTR Vimage | | | MPLS PE RTR Vimage | | | MPLS PE RTR Vimage | | | MPLS PE RTR Vimage | | | | | x2 Interface
Re: Network simulation using jails & vimage
On Sun, 21 Feb 2010, Julian Elischer wrote: Hi, Jim Sifferle wrote: Hi, I've used ipfw and Dummynet as well as ipfw + DSCP recognition patch and pf/altq to simulate Internet and MPLS WAN environments for several years. All of my setups have run under VMWare, which for many reasons isn't ideal. I would like to collapse all of these VMs into one FreeBSD box using jails and vimages. Does any FreeBSD branch / vimage release combination support separate pf AND ipfw configurations per jail? I need ipfw+pf/altq for HFSC queuing to simulate the queueing effects of MPLS provider edge and core routers. -current (9) should be close, with patches for pf supplied by ceri. s,ceri,eri, (Ermal Luçi) 8 can do separate ipfw but pf is not changed. 9 has bugs fixed. but I'm not sure if the changes for pf went in.. they do exis tif they are not in already. No, pf hasn't gone in yet; it lives in user/eri/pf45/ in svn and I am not sure what the plans are. Apart from the latest changes 8 and 9 should be pretty much in sync wrt to VIMAGE I think. I'm hoping the latest 7.2-STABLE-201001 snapshot will work. The DSCP recognition patch for ipfw that I rely on doesn't seem to work with 8.0. If 7.2 won't work for my needs, but 8 or 9-CURRENT will, is anyone aware of an updated ipfw DSCP patch? I haven't seen anything on Google or the freebsd-ipfw mailing list. what is DSCP? I guess Differentiated Services CodePoint (if talking MPLS). /bz -- Bjoern A. Zeeb It will not break if you know what you are doing.___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
Re: Network simulation using jails & vimage
Jim Sifferle wrote: Hi, I've used ipfw and Dummynet as well as ipfw + DSCP recognition patch and pf/altq to simulate Internet and MPLS WAN environments for several years. All of my setups have run under VMWare, which for many reasons isn't ideal. I would like to collapse all of these VMs into one FreeBSD box using jails and vimages. Does any FreeBSD branch / vimage release combination support separate pf AND ipfw configurations per jail? I need ipfw+pf/altq for HFSC queuing to simulate the queueing effects of MPLS provider edge and core routers. -current (9) should be close, with patches for pf supplied by ceri. 8 can do separate ipfw but pf is not changed. 9 has bugs fixed. but I'm not sure if the changes for pf went in.. they do exis tif they are not in already. I'm hoping the latest 7.2-STABLE-201001 snapshot will work. The DSCP recognition patch for ipfw that I rely on doesn't seem to work with 8.0. If 7.2 won't work for my needs, but 8 or 9-CURRENT will, is anyone aware of an updated ipfw DSCP patch? I haven't seen anything on Google or the freebsd-ipfw mailing list. what is DSCP? Thanks for your time, Jim ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org" ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
Network simulation using jails & vimage
Hi, I've used ipfw and Dummynet as well as ipfw + DSCP recognition patch and pf/altq to simulate Internet and MPLS WAN environments for several years. All of my setups have run under VMWare, which for many reasons isn't ideal. I would like to collapse all of these VMs into one FreeBSD box using jails and vimages. Does any FreeBSD branch / vimage release combination support separate pf AND ipfw configurations per jail? I need ipfw+pf/altq for HFSC queuing to simulate the queueing effects of MPLS provider edge and core routers. I'm hoping the latest 7.2-STABLE-201001 snapshot will work. The DSCP recognition patch for ipfw that I rely on doesn't seem to work with 8.0. If 7.2 won't work for my needs, but 8 or 9-CURRENT will, is anyone aware of an updated ipfw DSCP patch? I haven't seen anything on Google or the freebsd-ipfw mailing list. Thanks for your time, Jim ___ freebsd-virtualization@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
