On Mon, 18 Dec 2023 14:08:04 +0100
Claudio Jeker wrote:
> On Mon, Dec 18, 2023 at 01:53:50PM +0100, Marko Cupać wrote:
> > What OpenBSD FAQ https://www.openbsd.org/faq/faq6.html#Multipath
> > says for a bit different scenario applies to some extent for this
> > one as well:
> >
> > "It's worth
On Mon, Dec 18, 2023 at 01:53:50PM +0100, Marko Cupać wrote:
> On Sat, 16 Dec 2023 18:53:29 +0100
> Petr Ročkai wrote:
>
> > Hi,
> >
> > On Sat, Dec 16, 2023 at 06:37:54PM +0100, Marko Cupać wrote:
> > > pass in on em0 from (em0:network) to probability 50%
> > > rtable 1 pass in on em0 from
On Sat, 16 Dec 2023 18:53:29 +0100
Petr Ročkai wrote:
> Hi,
>
> On Sat, Dec 16, 2023 at 06:37:54PM +0100, Marko Cupać wrote:
> > pass in on em0 from (em0:network) to probability 50%
> > rtable 1 pass in on em0 from (em0:network) to probability
> > 50% rtable 2
>
> IIUIC these two only add
On 2023-12-16, Petr Ročkai wrote:
> Hi,
>
> On Sat, Dec 16, 2023 at 06:37:54PM +0100, Marko Cupać wrote:
>> pass in on em0 from (em0:network) to probability 50% rtable 1
>> pass in on em0 from (em0:network) to probability 50% rtable 2
>
> IIUIC these two only add up to 75% probability – you
Hi,
On Sat, Dec 16, 2023 at 06:37:54PM +0100, Marko Cupać wrote:
> pass in on em0 from (em0:network) to probability 50% rtable 1
> pass in on em0 from (em0:network) to probability 50% rtable 2
IIUIC these two only add up to 75% probability – you presumably want
probability 50% on the second
Normally, standard pc conf, I would suggest to browse Peter or my blog
suggestion:
20230929 15:16 ( https://bsdload.com/bsd/?blogSP=30 )
My solution taken from "Building Linux and OpenBSD Firewalls" (see Internet
Archive) to solve the no traffic prb caused by inserting the default "block in
On Sat, 16 Dec 2023 10:25:07 - (UTC)
Stuart Henderson wrote:
> See "probability" in pf.conf(5).
Thank you for the tip.
My test ruleset:
---start---
block log all
pass in on em0 from (em0:network) to
pass in on em0 from (em0:network) to probability 50% rtable 1
pass in on em0 from
On 2023-12-15, Marko Cupać wrote:
> Hi,
>
> I have a router whose LAN interface is in default rdomain 0, ISP1 in
> rdomain 1 and ISP2 in rdomain 2. Reason for this is a bit complicated,
> involves wireguard tunneling, I will give more details if needed.
>
> LAN hosts can access Internet over ISP1
Hi,
I have a router whose LAN interface is in default rdomain 0, ISP1 in
rdomain 1 and ISP2 in rdomain 2. Reason for this is a bit complicated,
involves wireguard tunneling, I will give more details if needed.
LAN hosts can access Internet over ISP1 by means of:
pass in on $if_lan from
ge of multipath
> routing.
>
> Cheers
> --
> :wq Claudio
>
> > Thanks for your time, Andy.
> >
> > On Wed, Sep 29, 2021 at 5:21 PM Claudio Jeker
> > wrote:
> >
> > > On Wed, Sep 29, 2021 at 02:17:59PM +1000, Andrew Lemin wrote:
> > &
e and 25% of
your traffic will be dropped. This is another advantage of multipath
routing.
Cheers
--
:wq Claudio
> Thanks for your time, Andy.
>
> On Wed, Sep 29, 2021 at 5:21 PM Claudio Jeker
> wrote:
>
> > On Wed, Sep 29, 2021 at 02:17:59PM +1000, Andrew Lemin wrote:
> &g
t; I see this question died on its arse! :)
> >
> > This is still an issue for outbound load-balancing over multiple internet
> > links.
> >
> > PF's 'sticky-address' parameter only works on source IPs (because it was
> > originally designed for use when hosting your own server pools -
On Wed, Sep 29, 2021 at 02:17:59PM +1000, Andrew Lemin wrote:
> I see this question died on its arse! :)
>
> This is still an issue for outbound load-balancing over multiple internet
> links.
>
> PF's 'sticky-address' parameter only works on source IPs (because it was
>
I see this question died on its arse! :)
This is still an issue for outbound load-balancing over multiple internet
links.
PF's 'sticky-address' parameter only works on source IPs (because it was
originally designed for use when hosting your own server pools - inbound
load balancing).
I.e
Hi. Sorry for extremely slow reply!
Did you add the return routes for your internal subnets into each of the
per-tun rdomains?
To test your tunnels are setup correctly;
Once you have the external interface in rdomain 0, and each VPN instance's
tun interface is bound to different rdomains etc, you
> > On Apr 29, 2021, at 9:13 AM, Steven Surdock
> > wrote:
> >
> > I switched from trunk to aggr on a "OpenBSD 6.8 GENERIC.MP#5 amd64" and it
> > isn't load balancing across the two configured links. The remote side is a
> > Cisco ASR9k
> On Apr 29, 2021, at 9:13 AM, Steven Surdock
> wrote:
>
> I switched from trunk to aggr on a "OpenBSD 6.8 GENERIC.MP#5 amd64" and it
> isn't load balancing across the two configured links. The remote side is a
> Cisco ASR9k with the same configuration. Is t
I switched from trunk to aggr on a "OpenBSD 6.8 GENERIC.MP#5 amd64" and it
isn't load balancing across the two configured links. The remote side is a
Cisco ASR9k with the same configuration. Is that expected?
$ cat /etc/hostname.aggr0
trunkport bge0 trunkport bge1 description &qu
Hi smart people :)
The current implementation of ‘sticky-address‘ relates only to a sticky source
IP.
https://www.openbsd.org/faq/pf/pools.html
This is used for inbound server load balancing, by ensuring that all socket
connections from the same client/user/IP on the internet goes to the same
Many thanks for your help Giannis ... I am not using oVirt to manage this KVM
host, only default installed tools: libvirtd, virsh ... In any case there is
not any filter applied in libvirtd
On 12/1/21, 20:13, "owner-m...@openbsd.org on behalf of Kapetanakis Giannis"
wrote:
On
On 12/01/2021 18:58, Carlos Lopez wrote:
Thanks Gianni, but about what interface ? KVM bridges? In theory, MAC spoofing
is avoided using this option:
bridge.ageing-time: 300
On 12/1/21, 17:47, "owner-m...@openbsd.org on behalf of Kapetanakis Giannis"
wrote:
Check
r disabled on that interface.
G
On 12/01/2021 15:30, Carlos Lopez wrote:
> Hi David and misc@,
>
> Sorry to disturb with this.I have realized several tests this morning
with two OpenBSD 6.8 carp'ed firewalls (fully patched) as kvm guests and result
is the same:
is the
same: carp load balancing doesn't work. My host is a RedHat Enterprise Linux
8.3 with kernel .18.0-240.10.1.el8_3.x86_6 (fully patched also). I have tested
all ip load balancing options under these OpenBSD virtual guests: ip,
ip-unicast and ip-stealth.
When I use only "ip" for load balanc
Hi David and misc@,
Sorry to disturb with this.I have realized several tests this morning with two
OpenBSD 6.8 carp'ed firewalls (fully patched) as kvm guests and result is the
same: carp load balancing doesn't work. My host is a RedHat Enterprise Linux
8.3 with kernel .18.0-240.10.1.el8_3
;
> Regards,
> C. L. Martinez
Hi folks,
I run into exactly the same issue with my ldap proxy. When one node is master
for both carp nodes it responds to packets addressed to the carp ip. In load
balancing mode it sometimes responds depending on the source ip.
Please open a bug report.
--
wq: ~uw
d there be some kind of problem with the virtio driver on the
network interfaces in version 6.8?
>
> Regards,
> C. L. Martinez
Hi folks,
I run into exactly the same issue with my ldap proxy. When one node is
master
for both carp nodes it responds to packets addressed to
Hi all,
Before upgrade from OpenBSD 6.7 to OpenBSD 6.8, my pair firewalls was using
carp in IP balance mode without problems from several months. These firewalls
are installed in a RHEL 8.2 (fully patched) KVM host.
After upgrading to OpenBSD 6.8, carp ip balance mode doesn’t works. I have
Trying to replicate same setup with pairs and different rdomains for each tun
and also external interface, after a packet goes through pair interfaces
it's just disapears.
Any ideas?
routing in rdomain is set like:
route -T add default tun
route -T add
--
Sent from:
o deal with this - mlvpn comes to mind (it's in
> packages).
>
I gues a clean and simple solution here would be a
"Provider Independent" IPv6 Range and mulit-path routing or I´m missing
something with this concept?
> > 2. I tried to custumize this rules to also include vlan[3|4] to
traffic
to another machine on decent bandwidth using a multilink protocol
that knows how to deal with this - mlvpn comes to mind (it's in
packages).
> 2. I tried to custumize this rules to also include vlan[3|4] to the
> load-balancing.
> 2.1. use egress-group instead of the pppoe-group for
- distributes traffic per IP and not per
connection.
When I use [round-robin | least-state] sticky-address i´ve problems with my
VoIP.
An maybe some guests have problems with "secure" web apps* too.
Anybody an Idea how to do prober loadbalancing with almost only https
traffic?
2.
needing to define the interfaces as they are all
in rdomain 0).
So without requiring PF to do any rdomain jumping/tunnelling (leaving rdomain
tunnelling to the ‘pair’ interfaces), vpn load balancing is now working really
very well.
I can now utilise all the cpu cores on my router where I couldn’t
.1 } \
> > round-robin set prio (3,6)
> >
> > Have not tested exactly this, but similar to my current setup.
> > Might not need the static routes, if the right pf magic is happening.
> >
> >
> > -Phil
> >
> > On 28/11/18 8:18 am, Andrew Le
e right pf magic is happening.
>
>
> -Phil
>
> On 28/11/18 8:18 am, Andrew Lemin wrote:
>
> > Hi,
> >
> > So using the information Stuart and Andreas provided, I have been testing
> > this (load balancing across multiple VPN servers to improve bandwidth).
>
current setup.
Might not need the static routes, if the right pf magic is happening.
-Phil
On 28/11/18 8:18 am, Andrew Lemin wrote:
Hi,
So using the information Stuart and Andreas provided, I have been testing
this (load balancing across multiple VPN servers to improve bandwidth).
And I have
Hi,
So using the information Stuart and Andreas provided, I have been testing
this (load balancing across multiple VPN servers to improve bandwidth).
And I have multiple VPNs working properly within there own rdomains.
* However 'route-to' is not load balancing with rdomains :(
I have not been
t;
> Local connection is a few hundred mbps..
>
> So I had the idea of running multiple openvpn tunnels to different servers,
> and load balancing outbound traffic across the tunnels.
>
> Sounds simple enough..
>
> However every vpn tunnel uses the same subnet and nexthop gw. Thi
ese public VPN services, is the VPN servers are always
>> congested. The most I’ll get is maybe 10Mbits through one server.
>>
>> Local connection is a few hundred mbps..
>>
>> So I had the idea of running multiple openvpn tunnels to different servers,
&g
is maybe 10Mbits through one server.
>
> Local connection is a few hundred mbps..
>
> So I had the idea of running multiple openvpn tunnels to different servers,
> and load balancing outbound traffic across the tunnels.
>
> Sounds simple enough..
>
> However e
multiple openvpn tunnels to different servers, and
load balancing outbound traffic across the tunnels.
Sounds simple enough..
However every vpn tunnel uses the same subnet and nexthop gw. This of course
won’t work with normal routing.
So my question:
How can I use rdomains or rtables
Hi,
has anyone ever build this on relayd? If so, are you willing to share
your config?
E.g., I'd need users that use the Internet Exploder, Opera and Chrome
redirected to Server A, while I need clients running Safari, Firefox and
Vivaldi redirected to Server B.
Thanks,
Bernd
wrote:
Not sure you really want to do that but you could achieve some IP or MAC
Load Balancing using this kind of setup :
http://www.kernel-panic.it/openbsd/carp/carp4.html
-Message d'origine-
De : owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] De la part de
Aviolat Romain
@openbsd.org' (misc@openbsd.org)
Subject: Re: HA / load balancing / fail-over using CARP
Hi, You can already do active-active CARP with OpenBSD. I believe it hashes
by the MAC address (the MAC hash dictates which firewall responds to an ARP
for the gateway IP).
However you may have issues
; 'misc@openbsd.org' (misc@openbsd.org)
Subject: Re: HA / load balancing / fail-over using CARP
Hi, You can already do active-active CARP with OpenBSD. I believe it hashes by
the MAC address (the MAC hash dictates which firewall responds to an ARP for
the gateway IP).
However you may have issues
in the past, and we're pretty happy with this
setup; maintenance is easy and the setup is rock solid.
The only disadvantage IMHO is that there is no way to achieve load balancing
between the members of the CARP cluster, one machine is always working while
the other is idle. I could define some VLANs
; maintenance is easy and the setup is rock solid.
The only disadvantage IMHO is that there is no way to achieve load
balancing between the members of the CARP cluster, one machine is always
working while the other is idle. I could define some VLANs on top of CARP
interfaces to be MASTER on routerA
Not sure you really want to do that but you could achieve some IP or MAC Load
Balancing using this kind of setup :
http://www.kernel-panic.it/openbsd/carp/carp4.html
-Message d'origine-
De : owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] De la part de
Aviolat Romain
Envoyé
What you want is very similar to the load balancing example in
faq/pf/pools.html, but rather than using one route-to rule with
a round-robin address pool with multiple addresses used for
packets from $lan_net, you want two route-to rules, one for
from $wireless_lan_net using adsl wan 1
Hi,
I'm trying to handle dual wan connections on OpenBSD. I see the official PF
load balancing example at main site, clearly.
But my aim is not load balancing. I'm just trying to use first wan connection
for our labs and use second wan connection for wireless users.
Also NAT is needed cause i
Hey everybody,
After reading the man page of carp (4) and since I am currently working
with this protocol I have a question concerning the first bug mentioned
in the bug section and a more general one. I quote from the man page..
If load balancing is used in setups where the carpdev does
balancing is used in setups where the carpdev does not share an
IP in the same subnet as carp, it is not possible to use the IP of the
carp interface for self originated traffic.
If I understand this sentence well, it is not possible to use load
balancing in
cases where the carpdev does
On 11/13/12 08:57, Tomas Bodzar wrote:
On Mon, Nov 12, 2012 at 11:09 PM, Walter Netowsouz...@gmail.com wrote:
Hello guys,
I have two internet connections, and I want to make load balancing and
failover service, I had read about pf load balancing and multi-path route,
what is the difference
-Ursprüngliche Nachricht-
An: OpenBSD-misc list misc@openbsd.org;
Von:Imre Oolberg i...@auul.pri.ee
Gesendet: Di 13.11.2012 09:05
Betreff:Re: Internet Connection - Load Balancing and Failover
On 11/13/12 08:57, Tomas Bodzar wrote:
On Mon, Nov 12, 2012 at 11:09 PM
Hello,
I don't think that trunk is appropriate for this scenario.
It is use for OSI level 2 (Ethernet) fail over and/or load balancing but won't
be able to load balance traffic between two internet connection, witch involve
TCP/IP load balancing.
Tomas Bodzar tomas.bod...@gmail.com a écrit
On Mon, Nov 12, 2012 at 11:09 PM, Walter Neto wsouz...@gmail.com wrote:
Hello guys,
I have two internet connections, and I want to make load balancing and
failover service, I had read about pf load balancing and multi-path route,
what is the difference between them.
Which is the better
On 11/13/12 08:39, Pierre Marchal wrote:
Hello,
I don't think that trunk is appropriate for this scenario.
It is use for OSI level 2 (Ethernet) fail over and/or load balancing but won't
be able to load balance traffic between two internet connection, witch involve
TCP/IP load balancing.
You
for outbound traffic (eg. send SSH traffic over uplink A,
Web traffic over uplink B).
Reyk
Am Montag, 12. November 2012 schrieb Walter Neto :
Hello guys,
I have two internet connections, and I want to make load balancing and
failover service, I had read about pf load balancing and multi-path
Hello guys,
I have two internet connections, and I want to make load balancing and
failover service, I had read about pf load balancing and multi-path route,
what is the difference between them.
Which is the better to use in my scenario?
And for failover, the best solution is ifstated(8
On Mon, Nov 12, 2012 at 11:09 PM, Walter Neto wsouz...@gmail.com wrote:
Hello guys,
I have two internet connections, and I want to make load balancing and
failover service, I had read about pf load balancing and multi-path route,
what is the difference between them.
Which is the better
good :) hopefully I have given you enough clues to work the rest out
for yourself, this is much better for you as you get a better understanding
so it will be easier for you to diagnose any problems you run into later.
The script I wrote worked as expected. (i.e - Fialover happened ,
Now, the interesting thing is this ( Taken from openbsd website)
# keep https traffic on a single connection; some web applications,
# especially secure ones, don't allow it to change mid-session
pass in on $int_if proto tcp from $lan_net to port https \
route-to ($ext_if1 $ext_gw1)
On 2012-05-17, Indunil Jayasooriya induni...@gmail.com wrote:
why you not try the relayd way ?
look at
http://gouloum.fr/doc/multilink.html
the part with relayd
I found that URL yesterday, I will have to learn it. I just try to
do it with a shell script.
This can be useful as
Route lookups are based on the *destination* address not the source
address, you could add a route for a certain destination via a
certain interface to send packets out that way.
Hmm. that sounds good to me. Since I have 2 interfaces for 2 different WAN
connections. It is possible to add
On 2012/05/17 13:20, Indunil Jayasooriya wrote:
Route lookups are based on the *destination* address not the source
address, you could add a route for a certain destination via a
certain interface to send packets out that way.
Hmm. that sounds good to me. Since I have 2
hi
why you not try the relayd way ?
look at
http://gouloum.fr/doc/multilink.html
the part with relayd
holger
On 2012/05/17 13:20, Indunil Jayasooriya wrote:
Route lookups are based on the *destination* address not the source
address, you could add a route for a certain destination
why you not try the relayd way ?
look at
http://gouloum.fr/doc/multilink.html
the part with relayd
holger
On 2012/05/17 13:20, Indunil Jayasooriya wrote:
Route lookups are based on the *destination* address not the source
address, you could add a route for a
why you not try the relayd way ?
look at
http://gouloum.fr/doc/multilink.html
the part with relayd
I found that URL yesterday, I will have to learn it. I just try to
do it with a shell script.
anyway, Thanks a lot.
--
Thank you
Indunil Jayasooriya
No, your script or ifstated config will need to adjust this rule,
you can do this by using a macro to write the rule, something like this:
GATEWAYS=1.1.1.1@em0 2.2.2.2@em1
pass in on $int_if from $lan_net route-to { $GATEWAYS }
This helps because you can override the macro on the pfctl
Hi,
I am looking for a Load balancing and fail-over setup. So I am working on
below 2 subjects
How can I do equal-cost multipath routing?
http://www.openbsd.org/faq/faq6.html
Load Balance Outgoing Traffic
http://www.openbsd.org/faq/pf/pools.html#outexample
My first question is how to do
On Wed, May 16, 2012 at 9:40 AM, Indunil Jayasooriya
induni...@gmail.com wrote:
Hi,
I am looking for a Load balancing and fail-over setup. So I am working on
below 2 subjects
How can I do equal-cost multipath routing?
http://www.openbsd.org/faq/faq6.html
Load Balance Outgoing Traffic
On Wed, May 16, 2012 at 9:40 AM, Indunil Jayasooriya
induni...@gmail.com wrote:
If yes, How to ping external internet host when that link is DOWN? I find
it difficult?
I tried it with below commands
ping -I WAN1_if_ip www.google.lk
ping -I WAN2_if_ip www.google.lk
Some times it
I have been asked by management a few times about why some pings fail
when you ping things like google servers and core routers at the ISP.
The short answer I give is that things like that are too busy being
the Internet to respond to all the ping traffic that doesn't do
anything to enable
On 2012-05-16, Russell Garrison russell.garri...@gmail.com wrote:
On Wed, May 16, 2012 at 9:40 AM, Indunil Jayasooriya
induni...@gmail.com wrote:
If yes, How to ping external internet host when that link is DOWN? I find
it difficult?
I tried it with below commands
ping -I WAN1_if_ip
Hello, I'm currently having some troubles with 4.6 configuration for a
load-balancing configuration.
$ext_if is the external interface to the Internet
$vip is a valid routable IP address, but not bound to any interface,
just used as a 'virtual' IP
$server1, $server2 are also real routable IP
Never mind, had a 'no state' rule that crept in. Gah, that was many
hours wasted.
On 2/4/2012 7:11 PM, Han Hwei Woo wrote:
Hello, I'm currently having some troubles with 4.6 configuration for
a load-balancing configuration.
$ext_if is the external interface to the Internet
$vip is a valid
Hi List,
I am trying to load balance outgoing web traffic ( http , https ) with
failover feature with PF.
i.e - Load balance port 80 and 443 web traffic from our LAN between both
ISP's. If one ISP goes down the other will take on 100% of the web traffic
My PF firewall (OpenBSD 5 - 64 bit) has
Hello list,
is it possible to make outgoing traffic load-balance in a way that
connections from the same internal IP to the same external IP always use
the same WAN-connection (at least until the
The example under
http://www.openbsd.org/faq/pf/pools.html#outexample
circumvents it by
On 2011-04-09, Paul Suh paul@ps-enable.com wrote:
Folks,
I've been looking at the pf FAQ and there are instructions for symmetric load
balancing for outgoing traffic. Is there a way to do *asymmetric* load
balancing? E.g., I have a 20 Mbps FIOS line and a 6 Mbps ADSL line. I'd like
Folks,
I've been looking at the pf FAQ and there are instructions for symmetric load
balancing for outgoing traffic. Is there a way to do *asymmetric* load
balancing? E.g., I have a 20 Mbps FIOS line and a 6 Mbps ADSL line. I'd like
to either (A) send all outgoing traffic up to 20 Mbps through
, Apr 9, 2011 at 8:36 AM, Paul Suh paul@ps-enable.com wrote:
Folks,
I've been looking at the pf FAQ and there are instructions for symmetric
load
balancing for outgoing traffic. Is there a way to do *asymmetric* load
balancing? E.g., I have a 20 Mbps FIOS line and a 6 Mbps ADSL line. I'd
Hello list,
I have this page trying to load balance my some of my devices (for now
my laptop as a test) to my second internet connection but have been
unable to make it work.
http://www.openbsd.org/faq/pf/pools.html#outgoing
I would be grateful if someone could explain my own mistakes in that
On Sat, Jan 29, 2011 at 8:12 PM, roberth rob...@openbsd.pap.st wrote:
I'll point out the most obvious:
Since there are no tagged states, everyone of those three match rules
matches and the last one wins.
Hello Robert,
Thanks for responding, I have changed the rules to tag packets coming
from
On Wed, 19 Jan 2011 06:40:59 +0700, David Gwynne l...@animata.net wrote:
On 18/01/2011, at 11:25 PM, Insan Praja SW wrote:
My november 21st i386.MP -current handles 1.3Mpps inbound and 1.3Mpps
outbound packet during rootkits attacks on one of our collocated
costumer, on an 80Mbps
On Wed, 19 Jan 2011 07:10:33 +0700, Ted Unangst ted.unan...@gmail.com
wrote:
On Tue, Jan 18, 2011 at 6:40 PM, David Gwynne l...@animata.net wrote:
On 18/01/2011, at 11:25 PM, Insan Praja SW wrote:
My november 21st i386.MP -current handles 1.3Mpps inbound and 1.3Mpps
outbound packet during
that 4Gbps of traffic was leaving the switch to the OpenBSD
box, but only 1Gbps was coming back. Therefore, I'm guessing that the
load-balancing algorithm for OpenBSD does not behave the same way as my
Juniper switching gear. Does anybody know the LACP hash that the trunk
interface in OpenBSD uses
back. Therefore, I'm guessing that the
load-balancing algorithm for OpenBSD does not behave the same way as my
Juniper switching gear. Does anybody know the LACP hash that the trunk
interface in OpenBSD uses to load-balance the outgoing traffic? I didn't have
time to do more than a cursory
On Jan 18, 2011, at 6:51 AM, Claudio Jeker wrote:
165kpps is fairly low. Please add a dmesg so there is a chance to see what
is causing this low rate. Modern HW with good nics should handle around
500kpps.
Good to know. Right now we're only on a 45Mbps connection at about 5kpps, so
that
that 4Gbps of traffic was leaving the switch to the
OpenBSD
box, but only 1Gbps was coming back. Therefore, I'm guessing that the
load-balancing algorithm for OpenBSD does not behave the same way as my
Juniper switching gear. Does anybody know the LACP hash that the trunk
interface in OpenBSD uses
On 18/01/2011, at 11:25 PM, Insan Praja SW wrote:
My november 21st i386.MP -current handles 1.3Mpps inbound and 1.3Mpps
outbound packet during rootkits attacks on one of our collocated costumer, on
an 80Mbps traffic, via a vlan interface. CPU is 1% idle, system still
responsive (I get to ssh-ed
On Tue, Jan 18, 2011 at 6:40 PM, David Gwynne l...@animata.net wrote:
On 18/01/2011, at 11:25 PM, Insan Praja SW wrote:
My november 21st i386.MP -current handles 1.3Mpps inbound and 1.3Mpps
outbound packet during rootkits attacks on one of our collocated costumer, on
an 80Mbps traffic, via a
I found out
my switches LACP hash algorithm I was able to spread the traffic out by
randomizing the port numbers.
I then confirmed that 4Gbps of traffic was leaving the switch to the OpenBSD
box, but only 1Gbps was coming back. Therefore, I'm guessing that the
load-balancing algorithm for OpenBSD
On 2010-09-08, dontek don...@gmail.com wrote:
I have a small issue with a particular website a client uses that does not
like the outbound load balancing I have put in place on their firewall. The
issue is, that form authentication to the site fails from the internal
network if the many
misc@
I have a small issue with a particular website a client uses that does not
like the outbound load balancing I have put in place on their firewall. The
issue is, that form authentication to the site fails from the internal
network if the many requests the login generates get split between
Both. Redundancy, and mostly, because they are both relativity slow links
it helps speed things up.
On Wed, Sep 8, 2010 at 10:46 AM, Adam M. Dutko dutko.a...@gmail.com wrote:
Are you using two ISP's for redundancy or throughput because I would
probably opt for a Virtual IP to make sure the
Are you seeing proper responses after requests or are some responses getting
lost. That would seem more probable. Have you done a tcpdump to check for
timeouts or missing ACKs?
On Wed, Sep 8, 2010 at 11:56 AM, dontek don...@gmail.com wrote:
Both. Redundancy, and mostly, because they are both
: mardi 29 juin 2010 14:47
@ : misc@openbsd.org
Objet : Re: Load balancing incoming trafic with BGP
On 2010-06-29, BARDOU Pierre bardo...@mipih.fr wrote:
Hello,
I tried to follow your advices, and I set :
network 1.1.1.0/24
network 1.1.1.0/25 set prepend-self 5
hmm, I meant that you should
:13
@ : misc@openbsd.org
Objet : Re: Load balancing incoming trafic with BGP
On 2010-06-29, BARDOU Pierre bardo...@mipih.fr wrote:
Hello,
I did this on router A :
network 217.109.108.0/24
network 217.109.108.128/25
neigbor...
allow from any
match to any prefix 217.109.108.128/25 set
...
Many thanks for the help
--
Cordialement,
Pierre BARDOU
-Message d'origine-
De : Stuart Henderson [mailto:s...@spacehopper.org]
Envoyi : samedi 26 juin 2010 12:18
@ : misc@openbsd.org
Objet : Re: Load balancing incoming trafic with BGP
On 2010-06-25, BARDOU Pierre bardo...@mipih.fr
Hello,
Have you tried a filter based config for your prepends ?
.
Many thanks for the help
--
Cordialement,
Pierre BARDOU
-Message d'origine-
De : Stuart Henderson [mailto:s...@spacehopper.org]
Envoyi : samedi 26 juin 2010 12:18
@ : misc@openbsd.org
Objet : Re: Load balancing incoming trafic with BGP
On 2010-06-25, BARDOU Pierre bardo
1 - 100 of 308 matches
Mail list logo