Re: npppd, framed_ip_address
Hi, On Thu, 27 Sep 2012 13:41:52 -0400 Andrew Ngo andrew@gmail.com wrote: Hm. I can't seem to get npppd to map users to static addresses in the npppd-users file, after trying various permutations of pool-address ##-## for static and such. The client is an iPhone running iOS 6.0, and is definitely able to set up a working vpn over l2tp/ipsec with the npppd server (many thx, btw), but the client is then always assigned a random address from the pool (and never the static one, incidentally... but that could just be chance). Did I screw something up in the configuration or has this particular feature not been implemented yet? Has anyone else had troubles with this? The feature was broken by the my configuration syntax change work. Thank you for your report. Attached diff will fix the problem. (By the way, the daemon goes absolutely bananas if you use a framed-ip-address on a different subnet than those in the pool. Bananas! I don't recommend this error. ^^) npppd will assign ip address dynamically on that case. Can you explain your recommendation? Index: npppd.c === RCS file: /cvs/src/usr.sbin/npppd/npppd/npppd.c,v retrieving revision 1.23 diff -u -p -r1.23 npppd.c --- npppd.c 20 Sep 2012 20:28:09 - 1.23 +++ npppd.c 28 Sep 2012 07:01:14 - @@ -1545,6 +1545,7 @@ npppd_assign_ip_addr(npppd *_this, npppd goto dyna_assign; return 1; } + ppp-assigned_pool = pool; ppp-ppp_framed_ip_address.s_addr = htonl(ip4); ppp-ppp_framed_ip_netmask.s_addr = htonl(ip4mask); Index: privsep.c === RCS file: /cvs/src/usr.sbin/npppd/npppd/privsep.c,v retrieving revision 1.6 diff -u -p -r1.6 privsep.c --- privsep.c 18 Sep 2012 13:14:08 - 1.6 +++ privsep.c 28 Sep 2012 07:01:14 - @@ -447,6 +447,9 @@ priv_get_user_info(const char *path, con n = strlcpy(cp, r.calling_number, sz); cp += ++n; sz -= n; + u-framed_ip_address = r.framed_ip_address; + u-framed_ip_netmask = r.framed_ip_netmask; + *puser = u; return 0; @@ -731,6 +734,8 @@ privsep_priv_on_sockio(int sock, short e a = (struct PRIVSEP_GET_USER_INFO_ARG *)rbuf; memset(r, 0, sizeof(r)); + r.framed_ip_address.s_addr = INADDR_NAS_SELECT; + r.framed_ip_netmask.s_addr = INADDR_NONE; db[0] = a-path; if (privsep_npppd_check_get_user_info(a)) {
Re: SSI
Op 27 sep. 2012 om 22:51 heeft Grumpy gru...@grumble-bubble.org het volgende geschreven: For starters, what is SSI? As many TLAs go, it can mean multiple things. I won't try to guess what you want. Obviously, SSI is a recursive acronym for ``SSI Shrinks Information''. I am surprised a CS veteran like you doesn't know this. Grumpy Veteran, yes. But as you know, the set of aquired acronyms depends much upon environment. I once had a meeting (fresh from university) with some IBM engineers on the subject of the introduction of the first RS/6000 models in .nl. I still feel the sense of alienation, not knowing what a DASD was. I was guessing it was some very special storage device, but in the end it just meant direct access storage device: just a disk. Maybe this wil trigger an EOG (end of grumpiness :-) -Otto
forgot to fdisk -i sd2
Hello, Yesterday, I have asked someone to install, disklabel, newfs and mount a disk on a small local server machine. I have forgotten to fdisk -i in the first place, it does however apparently work well. Please could you let me know which type of problem there could be or not at all if we do not fdisk -i this particular disk in the future, for normal storage use ... Thanks for help, Jean-François
Re: IPSEC VPN performance
On Thu, Sep 27, 2012 at 05:30:38PM -0400, Jim Miller wrote: Hi, I'm trying to determine if the performance I'm seeing between two OpenBSD 5.1 IPSEC VPN endpoints is typical (or expected). I recognize there are quite a few variables to consider and I'm sure I've not toggled each one but I could use a sanity check regardless. Question: With the configuration below when I disable ipsec I can route traffic between the two hosts (hosts A and B) at about 900mbps. When I add the VPN I am getting speeds of approx. 40mbps. The CPU load on the OpenBSD boxes spikes to about 80% on one of the cores but the other 3 are essentially unaffected. Enabling/Disabling AES-NI in the bios doesn't seem to actually do anything as the cpu message in dmesg still shows the AES flag. The test I'm using is this Host A: # nc -v -l 12345 | /dev/null Host B: # dd if=/dev/zero bs=1000 count=1 | nc -v host a 12345 The reason these performance numbers are concerning to me is that I wanted a solution that would allow me to get decent (a.k.a. 100mbps +/- 10%) without having to buy expensive cisco/juniper devices. I would start playing with different modes, to see if that makes a difference. It could very well be that AES-NI is only used in certain modes. Start with the iked defaults for a start. Am I dreaming or have others had better performance? Also, any recent data on AES-NI optimizations would be helpful. Thanks Jim Hardware Configuration: - (2) identical SuperMicro systems with quad core E31220 w/ AES-NI enabled amd64 or i386? Why strip info from dmesg? It *might* mkae a difference. -Otto cpu0: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz (GenuineIntel 686-class) 3.10 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,LAHF cpu1: .. cpu2: ... cpu3: ... - 2GB ram - AES-NI enabled in bios - (4) Intel PRO/1000 MT (82574L) Software Configuration: VPN A /etc/iked.conf ikev2 active esp \ from 172.16.1.0/24 to 172.16.2.0/24 \ local 10.0.0.1 peer 10.0.0.2 \ ikesa enc aes-256 auth hmac-sha2-512 group modp4096 \ childsa enc aes-256-gmac \ psk helpmeplease VPN B (reverse of A config) Host A - 172.16.1.2 (behind VPN A) Host B- 172.16.2.2 (behind VPN B) VPN A (10.0.0.1) talks to B (10.0.0.2) via a crossover cable. No switches/routers/hubs/etc in this test system. All hosts running linux with 1000mb phys.
Re: forgot to fdisk -i sd2
On Fri, Sep 28, 2012 at 10:15:55AM +0200, Jean-Fran?ois SIMON wrote: Hello, Yesterday, I have asked someone to install, disklabel, newfs and mount a disk on a small local server machine. I have forgotten to fdisk -i in the first place, it does however apparently work well. Please could you let me know which type of problem there could be or not at all if we do not fdisk -i this particular disk in the future, for normal storage use ... Thanks for help, Jean-Fran?ois I would say it does not make a difference, except it might surpise you later. You won't be able to boot from the disk (assuming i386/amd64). Also, running fdisk -u on the disk will likely make the data unavailable. -Otto
Re: IPSEC VPN performance
On Thu, Sep 27, 2012 at 11:30 PM, Jim Miller jmil...@sri-inc.com wrote: Hi, I'm trying to determine if the performance I'm seeing between two OpenBSD 5.1 IPSEC VPN endpoints is typical (or expected). I recognize there are quite a few variables to consider and I'm sure I've not toggled each one but I could use a sanity check regardless. Question: With the configuration below when I disable ipsec I can route traffic between the two hosts (hosts A and B) at about 900mbps. When I add the VPN I am getting speeds of approx. 40mbps. The CPU load on the OpenBSD boxes spikes to about 80% on one of the cores but the other 3 are essentially unaffected. Enabling/Disabling AES-NI in the bios doesn't seem to actually do anything as the cpu message in dmesg still shows the AES flag. The test I'm using is this Host A: # nc -v -l 12345 | /dev/null Host B: # dd if=/dev/zero bs=1000 count=1 | nc -v host a 12345 The reason these performance numbers are concerning to me is that I wanted a solution that would allow me to get decent (a.k.a. 100mbps +/- 10%) without having to buy expensive cisco/juniper devices. Am I dreaming or have others had better performance? Also, any recent data on AES-NI optimizations would be helpful. Thanks Jim Hardware Configuration: - (2) identical SuperMicro systems with quad core E31220 w/ AES-NI enabled cpu0: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz (GenuineIntel 686-class) 3.10 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,LAHF cpu1: .. cpu2: ... cpu3: ... - 2GB ram - AES-NI enabled in bios - (4) Intel PRO/1000 MT (82574L) Software Configuration: VPN A /etc/iked.conf ikev2 active esp \ from 172.16.1.0/24 to 172.16.2.0/24 \ local 10.0.0.1 peer 10.0.0.2 \ ikesa enc aes-256 auth hmac-sha2-512 group modp4096 \ childsa enc aes-256-gmac \ psk helpmeplease VPN B (reverse of A config) Host A - 172.16.1.2 (behind VPN A) Host B- 172.16.2.2 (behind VPN B) VPN A (10.0.0.1) talks to B (10.0.0.2) via a crossover cable. No switches/routers/hubs/etc in this test system. All hosts running linux with 1000mb phys. Hi, I have two suggestions: 1) try -current as forwarding performance was improved; 2) try aes-128-gcm for child sa (traffic encryption). aes-256-gmac-gmac means don't encrypt, just authenticate. I must say I'm curious about Xeon E3 AES-NI performance myself as we have tested only core i5, i7 and previous generation xeons, but the cpu you've picked should be the right choice. Cheers, Mike
Re: IPSEC VPN performance
On Fri, Sep 28, 2012 at 11:45 AM, Otto Moerbeek o...@drijf.net wrote: On Thu, Sep 27, 2012 at 05:30:38PM -0400, Jim Miller wrote: Hi, I'm trying to determine if the performance I'm seeing between two OpenBSD 5.1 IPSEC VPN endpoints is typical (or expected). I recognize there are quite a few variables to consider and I'm sure I've not toggled each one but I could use a sanity check regardless. Question: With the configuration below when I disable ipsec I can route traffic between the two hosts (hosts A and B) at about 900mbps. When I add the VPN I am getting speeds of approx. 40mbps. The CPU load on the OpenBSD boxes spikes to about 80% on one of the cores but the other 3 are essentially unaffected. Enabling/Disabling AES-NI in the bios doesn't seem to actually do anything as the cpu message in dmesg still shows the AES flag. The test I'm using is this Host A: # nc -v -l 12345 | /dev/null Host B: # dd if=/dev/zero bs=1000 count=1 | nc -v host a 12345 The reason these performance numbers are concerning to me is that I wanted a solution that would allow me to get decent (a.k.a. 100mbps +/- 10%) without having to buy expensive cisco/juniper devices. I would start playing with different modes, to see if that makes a difference. It could very well be that AES-NI is only used in certain modes. Start with the iked defaults for a start. aes-ni is used for all aes-related modes (aes-cbc, aes-ctr, aes-gcm and aes-gmac)... on amd64. Am I dreaming or have others had better performance? Also, any recent data on AES-NI optimizations would be helpful. Thanks Jim Hardware Configuration: - (2) identical SuperMicro systems with quad core E31220 w/ AES-NI enabled amd64 or i386? Why strip info from dmesg? It *might* mkae a difference. wow. it definitely makes a difference: aes-ni is not supported on i386. -Otto
Re: forgot to fdisk -i sd2
Le 28/09/2012 11:48, Otto Moerbeek a écrit : On Fri, Sep 28, 2012 at 10:15:55AM +0200, Jean-Fran?ois SIMON wrote: Hello, Yesterday, I have asked someone to install, disklabel, newfs and mount a disk on a small local server machine. I have forgotten to fdisk -i in the first place, it does however apparently work well. Please could you let me know which type of problem there could be or not at all if we do not fdisk -i this particular disk in the future, for normal storage use ... Thanks for help, Jean-Fran?ois I would say it does not make a difference, except it might surpise you later. You won't be able to boot from the disk (assuming i386/amd64). Also, running fdisk -u on the disk will likely make the data unavailable. -Otto Yes that is i386, sorry.
interfaces disappear when doing ospf6ctl reload
When running ospf6ctl reload, all interfaces disappear. It seems to come from IMSG_RECONF_IFACE message removal in rde.c v1.10 and ospf6d v1.8. Is another mechanism planned or should we re-add this IMSG_RECONF_IFACE message ? Manuel -- __ Manuel Guesdon - OXYMIUM
Re: SSI
On Fri, 28 Sep 2012 09:20:59 +0200, Otto Moerbeek wrote: Veteran, yes. But as you know, the set of aquired acronyms depends much upon environment. I once had a meeting (fresh from university) with some IBM engineers on the subject of the introduction of the first RS/6000 models in .nl. I still feel the sense of alienation, not knowing what a DASD was. I was guessing it was some very special storage device, but in the end it just meant direct access storage device: just a disk. Maybe this wil trigger an EOG (end of grumpiness :-) -Otto Heh, it reminds me of when I was teaching for IBM and we had an entire class of outsiders. The course notes (which the students had in front of them) referred to the DASD. They all looked puzzled and one asked me what it was. My reflex answer was: DAS D thing that spins very fast and the data comes off or on. The devil made me do it! 8-)) Rod/ *** NOTE *** Please DO NOT CC me. I am subscribed to the list. Mail to the sender address that does not originate at the list server is tarpitted. The reply-to: address is provided for those who feel compelled to reply off list. Thankyou. Rod/ --- This life is not the real thing. It is not even in Beta. If it was, then OpenBSD would already have a man page for it.
Re: IPSEC VPN performance
On 2012 Sep 27 (Thu) at 17:30:38 -0400 (-0400), Jim Miller wrote: :Hardware Configuration: :- (2) identical SuperMicro systems with quad core E31220 w/ AES-NI enabled : :cpu0: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz (GenuineIntel 686-class) :3.10 GHz :cpu0: :FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,LAHF :cpu1: .. :cpu2: ... :cpu3: ... :- 2GB ram :- AES-NI enabled in bios :- (4) Intel PRO/1000 MT (82574L) : Please, for the love of everythign that is holy and non, do NOT strip any info from dmesg. We want all of it, as some parts that you think don't matter DO. In this case: the arch will make a big difference. -- Happiness isn't something you experience; it's something you remember. -- Oscar Levant
Re: Open Source Routing @RIPE 65
On 2012-09-27, Kostas Zorbadelos kzo...@otenet.gr wrote: RIPE 65 is happening this week and the following came to my attention. I think it is of interest due to all the routing work happening in OpenBSD. OpenBGPd was mentioned and a new RIPE WG on open source (esp routing software) is being discussed https://ripe65.ripe.net/presentations/284-OS_Bof_Summary.pdf https://ripe65.ripe.net/archives/video/136 Regards, Kostas https://ripe65.ripe.net/archive/video/Martin_Winter-Summary_of_Open_Source_Quagga_Bird_BoF-20120927-143304.flv
Re: openbsd router performance (i know.. again)
On 2012-09-27, Anders Berggren and...@halon.se wrote: On Sep 26, 2012, at 10:05 PM, rik rikc...@gmail.com wrote: I haven't had yet the opportunity to upgrade it to -current, I'll do in the next few days. Perhaps this one will make a difference: http://marc.info/?l=openbsd-cvsm=134436237406664 yes, but you may need to set sysctl kern.pool_debug=0 if you're doing high traffic, this is normally disabled for releases but enabled for -current as a debugging tool (has an impact on forwarding performance).
Re: SSI
On 11:12 Fri 28 Sep , Darren Tucker wrote: On Thu, Sep 27, 2012 at 01:04:23PM -0700, Brian Empson wrote: Hello OpenBSD world, Has there been/are there plan to include some SSI functionality for BSD? Single System Image was one of the original design goals for DragonFly, but they seem to have backed away from that recently (or, at least, it's taking much longer than they expected). Matt Dillon wrote some time ago that they had still intended to implement that, though he didn't mention any details.
Re: forgot to fdisk -i sd2
On 09/28/12 04:15, Jean-François SIMON wrote: Hello, Yesterday, I have asked someone to install, disklabel, newfs and mount a disk on a small local server machine. I have forgotten to fdisk -i in the first place, it does however apparently work well. Please could you let me know which type of problem there could be or not at all if we do not fdisk -i this particular disk in the future, for normal storage use ... Thanks for help, Jean-François you got a time bomb. it may never go off, or it may cause you problems tomorrow. IF everyone managing the machine does everything right for the life of the machine, you are fine. Its unlikely OpenBSD itself will break this on a second disk in the future (though, we did consciously break it on boot disks in the past, so I'm not going to say we won't break your system in the future). However, since the machine is non-standard, it is exceptionally prone to user errors that could cause you loss of data. If you have just one person administering the machine, you can probably just put a sticker on it that says, warning: wd1 has no fdisk partitioning, and never have a problem. However, you obviously have more than one person working on the system, and since you got this far, I'm going to assume that at least one person managing this machine doesn't know what that sticker would mean. I would highly suggest fixing the problem (unload data, rebuild properly, reload data). Nick.
Re: Router project on OpenBSD questions
On Tue, Sep 25, 2012 at 05:51:42PM +0100, Stuart Henderson wrote: On 2012/09/25 18:24, Otto Moerbeek wrote: On Tue, Sep 25, 2012 at 11:11:19AM +, Stuart Henderson wrote: On 2012-09-25, Christoph Leser le...@sup-logistik.de wrote: Thank you for this hint. I indeed have ike.c r=1.76. So why did you say you were running 5.2? The art of problem reporting is much underappreciated, sadly. -Otto Quite. I even considered this as a possible problem, then saw that it was 5.2, so discounted it... So any news on this? -Otto
Re: IPSEC VPN performance
Sorry I was stingy on the dmesg output. Here's the full dump. I will test with other AES modes now. -Jim OpenBSD 5.1 (GENERIC.MP) #188: Sun Feb 12 09:55:11 MST 2012 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz (GenuineIntel 686-class) 3.10 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,LAHF real mem = 2119032832 (2020MB) avail mem = 2074247168 (1978MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/22/11, SMBIOS rev. 2.7 @ 0xeb4c0 (54 entries) bios0: vendor American Megatrends Inc. version 2.00 date 05/08/2012 bios0: Supermicro X9SCI/X9SCA acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC FPDT MCFG PRAD HPET SSDT SPMI SSDT SSDT SPCR EINJ ERST HEST BERT acpi0: wakeup devices PS2K(S4) PS2M(S4) UAR1(S4) UAR2(S4) P0P1(S4) USB1(S4) USB2(S4) USB3(S4) USB4(S4) USB5(S4) USB6(S4) USB7(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) RP06(S4) PXSX(S4) RP07(S4) PXSX(S4) RP08(S4) PEGP(S4) PEG0(S4) PEG1(S4) PEG2(S4) PEG3(S4) GLAN(S4) EHC1(S4) EHC2(S4) HDEF(S4) PWRB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 99MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz (GenuineIntel 686-class) 3.10 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,LAHF cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz (GenuineIntel 686-class) 3.10 GHz cpu2: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,LAHF cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz (GenuineIntel 686-class) 3.10 GHz cpu3: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,LAHF ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 6 (P0P1) acpiprt2 at acpi0: bus 1 (RP01) acpiprt3 at acpi0: bus -1 (RP02) acpiprt4 at acpi0: bus -1 (RP03) acpiprt5 at acpi0: bus -1 (RP04) acpiprt6 at acpi0: bus 2 (RP05) acpiprt7 at acpi0: bus 3 (RP06) acpiprt8 at acpi0: bus 4 (RP07) acpiprt9 at acpi0: bus 5 (RP08) acpiprt10 at acpi0: bus -1 (PEG0) acpiprt11 at acpi0: bus -1 (PEG1) acpiprt12 at acpi0: bus -1 (PEG2) acpiprt13 at acpi0: bus -1 (PEG3) acpiec0 at acpi0: Failed to read resource settings acpicpu0 at acpi0: C3, C1, PSS acpicpu1 at acpi0: C3, C1, PSS acpicpu2 at acpi0: C3, C1, PSS acpicpu3 at acpi0: C3, C1, PSS acpipwrres0 at acpi0: FN00 acpipwrres1 at acpi0: FN01 acpipwrres2 at acpi0: FN02 acpipwrres3 at acpi0: FN03 acpipwrres4 at acpi0: FN04 acpitz0 at acpi0: critical temperature is 95 degC acpitz1 at acpi0: critical temperature is 95 degC acpibat0 at acpi0: BAT0 not present acpibat1 at acpi0: BAT1 not present acpibat2 at acpi0: BAT2 not present acpibtn0 at acpi0: PWRB acpibtn1 at acpi0: LID0 acpivideo0 at acpi0: GFX0 acpivout0 at acpivideo0: DD02 bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1000 0xca000/0x1000 0xcb000/0x1000 ipmi at mainbus0 not configured cpu0: Enhanced SpeedStep 3093 MHz: speeds: 3101, 3100, 3000, 2900, 2800, 2700, 2600, 2500, 2300, 2200, 2100, 2000, 1900, 1800, 1700, 1600 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel Xeon E3-1200 Host rev 0x09 Intel 6 Series MEI rev 0x04 at pci0 dev 22 function 0 not configured vendor Intel, unknown product 0x1c3b (class communications subclass miscellaneous, rev 0x04) at pci0 dev 22 function 1 not configured ehci0 at pci0 dev 26 function 0 Intel 6 Series USB rev 0x05: apic 2 int 16 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb0 at pci0 dev 28 function 0 Intel 6 Series PCIE rev 0xb5: apic 2 int 16 pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 4 Intel 6 Series PCIE rev 0xb5: apic 2 int 16 pci2 at ppb1 bus 2 em0 at pci2 dev 0 function 0 Intel PRO/1000 MT (82574L) rev 0x00: msi, address 00:25:90:75:91:c0 ppb2 at pci0 dev 28 function 5 Intel 6 Series PCIE rev 0xb5: apic 2 int 17 pci3 at ppb2 bus 3 em1 at pci3 dev 0 function 0 Intel
Re: IPSEC VPN performance
On Fri, Sep 28, 2012 at 08:38:37AM -0400, Jim Miller wrote: Sorry I was stingy on the dmesg output. Here's the full dump. I will test with other AES modes now. And then install amd64 ;-) -Otto -Jim OpenBSD 5.1 (GENERIC.MP) #188: Sun Feb 12 09:55:11 MST 2012 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC.MP cpu0: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz (GenuineIntel 686-class) 3.10 GHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,LAHF real mem = 2119032832 (2020MB) avail mem = 2074247168 (1978MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 12/22/11, SMBIOS rev. 2.7 @ 0xeb4c0 (54 entries) bios0: vendor American Megatrends Inc. version 2.00 date 05/08/2012 bios0: Supermicro X9SCI/X9SCA acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC FPDT MCFG PRAD HPET SSDT SPMI SSDT SSDT SPCR EINJ ERST HEST BERT acpi0: wakeup devices PS2K(S4) PS2M(S4) UAR1(S4) UAR2(S4) P0P1(S4) USB1(S4) USB2(S4) USB3(S4) USB4(S4) USB5(S4) USB6(S4) USB7(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) RP06(S4) PXSX(S4) RP07(S4) PXSX(S4) RP08(S4) PEGP(S4) PEG0(S4) PEG1(S4) PEG2(S4) PEG3(S4) GLAN(S4) EHC1(S4) EHC2(S4) HDEF(S4) PWRB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: apic clock running at 99MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz (GenuineIntel 686-class) 3.10 GHz cpu1: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,LAHF cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz (GenuineIntel 686-class) 3.10 GHz cpu2: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,LAHF cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz (GenuineIntel 686-class) 3.10 GHz cpu3: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,NXE,LONG,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,LAHF ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 6 (P0P1) acpiprt2 at acpi0: bus 1 (RP01) acpiprt3 at acpi0: bus -1 (RP02) acpiprt4 at acpi0: bus -1 (RP03) acpiprt5 at acpi0: bus -1 (RP04) acpiprt6 at acpi0: bus 2 (RP05) acpiprt7 at acpi0: bus 3 (RP06) acpiprt8 at acpi0: bus 4 (RP07) acpiprt9 at acpi0: bus 5 (RP08) acpiprt10 at acpi0: bus -1 (PEG0) acpiprt11 at acpi0: bus -1 (PEG1) acpiprt12 at acpi0: bus -1 (PEG2) acpiprt13 at acpi0: bus -1 (PEG3) acpiec0 at acpi0: Failed to read resource settings acpicpu0 at acpi0: C3, C1, PSS acpicpu1 at acpi0: C3, C1, PSS acpicpu2 at acpi0: C3, C1, PSS acpicpu3 at acpi0: C3, C1, PSS acpipwrres0 at acpi0: FN00 acpipwrres1 at acpi0: FN01 acpipwrres2 at acpi0: FN02 acpipwrres3 at acpi0: FN03 acpipwrres4 at acpi0: FN04 acpitz0 at acpi0: critical temperature is 95 degC acpitz1 at acpi0: critical temperature is 95 degC acpibat0 at acpi0: BAT0 not present acpibat1 at acpi0: BAT1 not present acpibat2 at acpi0: BAT2 not present acpibtn0 at acpi0: PWRB acpibtn1 at acpi0: LID0 acpivideo0 at acpi0: GFX0 acpivout0 at acpivideo0: DD02 bios0: ROM list: 0xc/0x8000 0xc8000/0x1000 0xc9000/0x1000 0xca000/0x1000 0xcb000/0x1000 ipmi at mainbus0 not configured cpu0: Enhanced SpeedStep 3093 MHz: speeds: 3101, 3100, 3000, 2900, 2800, 2700, 2600, 2500, 2300, 2200, 2100, 2000, 1900, 1800, 1700, 1600 MHz pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 Intel Xeon E3-1200 Host rev 0x09 Intel 6 Series MEI rev 0x04 at pci0 dev 22 function 0 not configured vendor Intel, unknown product 0x1c3b (class communications subclass miscellaneous, rev 0x04) at pci0 dev 22 function 1 not configured ehci0 at pci0 dev 26 function 0 Intel 6 Series USB rev 0x05: apic 2 int 16 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb0 at pci0 dev 28 function 0 Intel 6 Series PCIE rev 0xb5: apic 2 int 16 pci1 at ppb0 bus 1 ppb1 at pci0 dev 28 function 4 Intel 6 Series PCIE rev 0xb5: apic 2 int 16 pci2 at ppb1 bus 2 em0 at pci2
Re: SSI
I remember asking Matt @ SC05 BSD BOF about SSI. He said it was a long term goal. That was 7 years ago, so maybe in another 7 years? diana PS How many acronyms can you use in an e-mail post? On Fri, 28 Sep 2012, sickm...@lavabit.com wrote: On 11:12 Fri 28 Sep , Darren Tucker wrote: On Thu, Sep 27, 2012 at 01:04:23PM -0700, Brian Empson wrote: Hello OpenBSD world, Has there been/are there plan to include some SSI functionality for BSD? Single System Image was one of the original design goals for DragonFly, but they seem to have backed away from that recently (or, at least, it's taking much longer than they expected). Matt Dillon wrote some time ago that they had still intended to implement that, though he didn't mention any details.
Re: IPSEC VPN performance
Good catch. I've since upgraded to the amd64 kernel. See the below dmesg. The performance jumped from 40mbps to approx. 70mbps. This is obviously a significant jump. I've tried switching the childsa from aes-256-gmac, aes-256-gcm, aes-128 and the times are fairly constant. I assume the AES-NI instructions are being used by the processor but I don't know for sure. Ideally I'd like to see if I could get performance up on par with a Cisco ASA 5505. I've had those devices with the same test hit 90mbps. Any ideas? Thanks everyone Jim OpenBSD 5.1 (GENERIC.MP) #207: Sun Feb 12 09:42:14 MST 2012 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP real mem = 2118471680 (2020MB) avail mem = 2047971328 (1953MB) mainbus0 at root bios0 at mainbus0: SMBIOS rev. 2.7 @ 0xeb4c0 (54 entries) bios0: vendor American Megatrends Inc. version 2.00 date 05/08/2012 bios0: Supermicro X9SCI/X9SCA acpi0 at bios0: rev 2 acpi0: sleep states S0 S1 S4 S5 acpi0: tables DSDT FACP APIC FPDT MCFG PRAD HPET SSDT SPMI SSDT SSDT SPCR EINJ ERST HEST BERT acpi0: wakeup devices PS2K(S4) PS2M(S4) UAR1(S4) UAR2(S4) P0P1(S4) USB1(S4) USB2(S4) USB3(S4) USB4(S4) USB5(S4) USB6(S4) USB7(S4) PXSX(S4) RP01(S4) PXSX(S4) RP02(S4) PXSX(S4) RP03(S4) PXSX(S4) RP04(S4) PXSX(S4) RP05(S4) PXSX(S4) RP06(S4) PXSX(S4) RP07(S4) PXSX(S4) RP08(S4) PEGP(S4) PEG0(S4) PEG1(S4) PEG2(S4) PEG3(S4) GLAN(S4) EHC1(S4) EHC2(S4) HDEF(S4) PWRB(S4) acpitimer0 at acpi0: 3579545 Hz, 24 bits acpimadt0 at acpi0 addr 0xfee0: PC-AT compat cpu0 at mainbus0: apid 0 (boot processor) cpu0: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz, 3093.40 MHz cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,NXE,LONG,LAHF cpu0: 256KB 64b/line 8-way L2 cache cpu0: apic clock running at 99MHz cpu1 at mainbus0: apid 2 (application processor) cpu1: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz, 3092.98 MHz cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,NXE,LONG,LAHF cpu1: 256KB 64b/line 8-way L2 cache cpu2 at mainbus0: apid 4 (application processor) cpu2: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz, 3092.98 MHz cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,NXE,LONG,LAHF cpu2: 256KB 64b/line 8-way L2 cache cpu3 at mainbus0: apid 6 (application processor) cpu3: Intel(R) Xeon(R) CPU E31220 @ 3.10GHz, 3092.98 MHz cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,SBF,SSE3,PCLMUL,MWAIT,DS-CPL,VMX,SMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,x2APIC,POPCNT,AES,XSAVE,AVX,NXE,LONG,LAHF cpu3: 256KB 64b/line 8-way L2 cache ioapic0 at mainbus0: apid 2 pa 0xfec0, version 20, 24 pins acpimcfg0 at acpi0 addr 0xf800, bus 0-63 acpihpet0 at acpi0: 14318179 Hz acpiprt0 at acpi0: bus 0 (PCI0) acpiprt1 at acpi0: bus 6 (P0P1) acpiprt2 at acpi0: bus 1 (RP01) acpiprt3 at acpi0: bus -1 (RP02) acpiprt4 at acpi0: bus -1 (RP03) acpiprt5 at acpi0: bus -1 (RP04) acpiprt6 at acpi0: bus 2 (RP05) acpiprt7 at acpi0: bus 3 (RP06) acpiprt8 at acpi0: bus 4 (RP07) acpiprt9 at acpi0: bus 5 (RP08) acpiprt10 at acpi0: bus -1 (PEG0) acpiprt11 at acpi0: bus -1 (PEG1) acpiprt12 at acpi0: bus -1 (PEG2) acpiprt13 at acpi0: bus -1 (PEG3) acpiec0 at acpi0: Failed to read resource settings acpicpu0 at acpi0: C3, C1, PSS acpicpu1 at acpi0: C3, C1, PSS acpicpu2 at acpi0: C3, C1, PSS acpicpu3 at acpi0: C3, C1, PSS acpipwrres0 at acpi0: FN00 acpipwrres1 at acpi0: FN01 acpipwrres2 at acpi0: FN02 acpipwrres3 at acpi0: FN03 acpipwrres4 at acpi0: FN04 acpitz0 at acpi0: critical temperature is 95 degC acpitz1 at acpi0: critical temperature is 95 degC acpibat0 at acpi0: BAT0 not present acpibat1 at acpi0: BAT1 not present acpibat2 at acpi0: BAT2 not present acpibtn0 at acpi0: PWRB acpibtn1 at acpi0: LID0 acpivideo0 at acpi0: GFX0 acpivout0 at acpivideo0: DD02 ipmi at mainbus0 not configured cpu0: Enhanced SpeedStep 3092 MHz: speeds: 3101, 3100, 3000, 2900, 2800, 2700, 2600, 2500, 2300, 2200, 2100, 2000, 1900, 1800, 1700, 1600 MHz pci0 at mainbus0 bus 0 pchb0 at pci0 dev 0 function 0 Intel Xeon E3-1200 Host rev 0x09 Intel 6 Series MEI rev 0x04 at pci0 dev 22 function 0 not configured vendor Intel, unknown product 0x1c3b (class communications subclass miscellaneous, rev 0x04) at pci0 dev 22 function 1 not configured ehci0 at pci0 dev 26 function 0 Intel 6 Series USB rev 0x05: apic 2 int 16 usb0 at ehci0: USB revision 2.0 uhub0 at usb0 Intel EHCI root hub rev 2.00/1.00 addr 1 ppb0 at pci0 dev 28 function 0 Intel 6 Series PCIE rev 0xb5: msi
Re: SSI
On Fri, Sep 28, 2012 at 08:32:02AM -0600, Diana Eichert wrote: I remember asking Matt @ SC05 BSD BOF about SSI. He said it was a long term goal. That was 7 years ago, so maybe in another 7 years? diana PS How many acronyms can you use in an e-mail post? Piffle. The *real* challenge is how many times can you use the *same* acronym to mean different things in one post. :-) Ken On Fri, 28 Sep 2012, sickm...@lavabit.com wrote: On 11:12 Fri 28 Sep , Darren Tucker wrote: On Thu, Sep 27, 2012 at 01:04:23PM -0700, Brian Empson wrote: Hello OpenBSD world, Has there been/are there plan to include some SSI functionality for BSD? Single System Image was one of the original design goals for DragonFly, but they seem to have backed away from that recently (or, at least, it's taking much longer than they expected). Matt Dillon wrote some time ago that they had still intended to implement that, though he didn't mention any details.
Re: Router project on OpenBSD questions
Thank you for asking. I refreshed my system to -current as of 24. Sep 2012, so I now have sbin/ipsecctl/ike.c 1.77 Following the suggestion of Stuard Henderson I start isakmpd as isakmpd -K -T Now I get the same behaviour as I have with OpenBSD 4.6. All configured VPNs get connected. So thanks for your help. I still have some problems with some of the VPNs, i.e. some fail to renegotiate after a while but I do not have the details yet for a decent problem report. Regards Christoph -Ursprüngliche Nachricht- Von: Otto Moerbeek [mailto:o...@drijf.net] Gesendet: Freitag, 28. September 2012 13:45 An: misc@openbsd.org Cc: Christoph Leser Betreff: Re: Router project on OpenBSD questions On Tue, Sep 25, 2012 at 05:51:42PM +0100, Stuart Henderson wrote: On 2012/09/25 18:24, Otto Moerbeek wrote: On Tue, Sep 25, 2012 at 11:11:19AM +, Stuart Henderson wrote: On 2012-09-25, Christoph Leser le...@sup-logistik.de wrote: Thank you for this hint. I indeed have ike.c r=1.76. So why did you say you were running 5.2? The art of problem reporting is much underappreciated, sadly. -Otto Quite. I even considered this as a possible problem, then saw that it was 5.2, so discounted it... So any news on this? -Otto
Re: SSI
I initially thought this thread was about Social Security Insurance, but instead it is about something like SGI UV.
Re: SSI
Before Al Gore invented the internet he invented the Super-Serial Interface. On Fri, Sep 28, 2012 at 10:50 AM, Russell Garrison russell.garri...@gmail.com wrote: I initially thought this thread was about Social Security Insurance, but instead it is about something like SGI UV.
Re: IPSEC VPN performance
Jim Miller jmil...@sri-inc.com wrote: The test I'm using is this Host A: # nc -v -l 12345 | /dev/null Host B: # dd if=/dev/zero bs=1000 count=1 | nc -v host a 12345 I increased the count a bit: 10 bytes transferred in 53.265 secs (18773882 bytes/sec) That's with AES-256-GCM between two Sandy Bridge Xeons (Intel Xeon CPU E5-2637 @ 3.00GHz), i.e., with AES-NI, running OpenBSD-current/amd64. -- Christian naddy Weisgerber na...@mips.inka.de
Re: IPSEC VPN performance
So I just realized another serious flaw in my testing. I was using a Mac Air w/ USB 100Mb ethernet adapter for one of the hosts behind the OpenBSD VPN devices. And it must have been limiting the speed more than I thought. So using another Mac w/ 1Gb ethernet adapter to a Linux box w/ 1Gb eth I was able to achieve approx. 600Mbps performance through the test setup (via iperf and my dd method). Still it baffles me as to why the ASA 5505 performed better with the Mac Air's USB 100mbps connection than the OpenVPN boxes. The ASA was able to do approx 88mbps while I never got above 72mbps on the OpenBSD test. Either way, case closed. I'd say that's fast enough. Lessons' learned: - Use the amd64 kernel not i386 - w/ AES-NI enabled AES-256-GMAC, AES-256-GCM, AES-128 all performed about the same - For some reason on my supermicro board disabling AES-NI doesn't have an effect as OpenBSD still seems to find the instructions - Don't use USB for testing performance. ;) Thanks to all that helped. -Jim On 9/28/12 3:10 PM, Christian Weisgerber wrote: Jim Miller jmil...@sri-inc.com wrote: The test I'm using is this Host A: # nc -v -l 12345 | /dev/null Host B: # dd if=/dev/zero bs=1000 count=1 | nc -v host a 12345 I increased the count a bit: 10 bytes transferred in 53.265 secs (18773882 bytes/sec) That's with AES-256-GCM between two Sandy Bridge Xeons (Intel Xeon CPU E5-2637 @ 3.00GHz), i.e., with AES-NI, running OpenBSD-current/amd64.
Re: SSI
Wow This mailing list is crazy From: noah pugsley noah.pugs...@gmail.com To: Russell Garrison russell.garri...@gmail.com Cc: misc@openbsd.org Sent: Friday, September 28, 2012 2:03 PM Subject: Re: SSI Before Al Gore invented the internet he invented the Super-Serial Interface. On Fri, Sep 28, 2012 at 10:50 AM, Russell Garrison russell.garri...@gmail.com wrote: I initially thought this thread was about Social Security Insurance, but instead it is about something like SGI UV.
Re: SSI
On Fri, Sep 28, 2012 at 01:28:02PM -0700, Brian Empson wrote: Wow This mailing list is crazy I must object. Mailinglists are not crazy, people are crazy. -Otto
Re: IPSEC VPN performance
Hi, On 28.9.2012 22:09, Jim Miller wrote: So using another Mac w/ 1Gb ethernet adapter to a Linux box w/ 1Gb eth I was able to achieve approx. 600Mbps performance through the test setup (via iperf and my dd method). 600Mbps via ipsec between two Intel E31220 ?
Re: IPSEC VPN performance
Yes. Let me double check everything again on Monday. Keep in mind that all devices had 1Gb ethernet interfaces and everything was directly cabled. No pf rules either. w/o ipsec I could get 900mbps through the openbsd boxes. Now you've got me thinking I need to recheck everything. -Jim On 9/28/12 5:19 PM, Hrvoje Popovski wrote: Hi, On 28.9.2012 22:09, Jim Miller wrote: So using another Mac w/ 1Gb ethernet adapter to a Linux box w/ 1Gb eth I was able to achieve approx. 600Mbps performance through the test setup (via iperf and my dd method). 600Mbps via ipsec between two Intel E31220 ?
Estudia Gastronom?a en Argentina
[IMAGE] Una vez más nos complace tomar contacto con aquellos que nos han conocido, ofreciendo lo que consideramos los mejores productos de nuestra labor educativa. Estas Carreras, se actualizan cada semestre, incorporando todas las novedades que la gastronomía europea nos deja saber, y las inquietudes de los numerosos grupos de estudiantes que asisten a clase. Invitamos entonces a todos los interesados, a que tomen contacto con nuestro Departamento de Informes, para ampliar la escueta información que enviamos en esta correspondencia. CARRERA ACELERADA DE COCINERO Y PASTELERO PROFESIONAL Se trata de una Carrera Intensiva de 5 meses de duración, pensada especialmente para alumnos no residentes en Buenos Aires, tanto argentinos como extranjeros. En forma intensiva se estudian los mismos contenidos que normalmente se ven en los dos años de la Carrera Regular. La asistencia a clases es de lunes a sábados durante 6 horas, en las cuales se trabajan todas las materias teóricas y prácticas. El 80% del tiempo de estudio se dedica a la práctica en Cocina. Inicio: Lunes 4 de Febrero de 2013. Más información [IMAGE] POSTGRADO EN ALTA COCINA Y MANAGEMENT GASTRONOMICO Este Postgrado tiene una duración de 5 meses sumamente intensivos y está dirigido a todos aquellos egresados, que acrediten estudios completos de la Carrera de Cocinero (o el nombre que localmente tengan estos estudios). De esta manera se define el perfil del profesional y su inserción en el mercado, tanto para trabajar en destacados restaurants, como para instalar su propia empresa gastronómica. Este programa de enseñanza proporciona conocimientos acabados en administración de negocios y prácticas en ejemplos reales. La asistencia a clases es de lunes a viernes, 5 horas cada día, en los cuales se trabajan todas las materias teóricas y prácticas. Inicio: Miércoles 6 de Febrero de 2013. Más información [IMAGE] CARRERA ACELERADA DE PASTELERO PROFESIONAL Este Carrera tiene una duración de 6 semanas y la asistencia a clases es de lunes a viernes durante 8 horas por día. Se trata de un recorrido intenso por un plan de estudios diseñado con lo más moderno de materias como Panadería, Petits Fours, Repostería, Postres de Restaurant, Chocolatería y otras. Inicio: Lunes 8 de Enero de 2013. Más información [IMAGE] ESPECIALIZACIÓN AVANZADA EN PASTELERÍA Este especialización tiene una duración de 2 semanas y esta dirigida a todos aquellos Pasteleros Profesionales que busquen adquiri conocimientos en la última tendencia en Pastelería. Se profundizara en Decoración de Pasteles, Chocolatería y Pastelería de Vanguardia. Inicio: Lunes 18 de Febrero de 2013. Más información [IMAGE] [IMAGE] contador de visitas
isakmpd message dropped message from IP port 4500 due to notification type Unknown 0
Hello, I have these messages that appear in my syslog on a regular basis Sep 27 05:52:51 obsd isakmpd[11819]: message_recv: bad message length Sep 27 05:52:51 obsd isakmpd[11819]: dropped message from REMOTE_IP port 4500 due to notification type Unknown 0 Sep 27 05:53:18 obsd isakmpd[11819]: transport_send_messages: giving up on exchange REMOTEHOST, no response from peer REMOTE_IP:500 ... Sep 27 14:20:59 obsd isakmpd[11819]: message_recv: bad message length Sep 27 14:20:59 obsd isakmpd[11819]: dropped message from REMOTE_IP port 4500 due to notification type Unknown 0 Sep 27 14:21:26 obsd isakmpd[11819]: transport_send_messages: giving up on exchange REMOTEHOST, no response from peer REMOTE_IP:500 ... Sep 27 21:48:43 obsd isakmpd[11819]: message_recv: bad message length Sep 27 21:48:43 obsd isakmpd[11819]: dropped message from REMOTE_IP port 4500 due to notification type Unknown 0 Sep 27 21:49:03 villa isakmpd[11819]: transport_send_messages: giving up on exchange REMOTEHOST, no response from peer REMOTE_IP:500 ... Sep 27 05:54:37 obsd isakmpd[11819]: message_recv: bad message length Sep 27 05:54:37 obsd isakmpd[11819]: dropped message from REMOTE_IP port 4500 due to notification type Unknown 0 Sep 28 05:55:04 obsd isakmpd[11819]: transport_send_messages: giving up on exchange REMOTEHOST, no response from peer REMOTE_IP:500 The frequency of these messages are grossly my phase1 lifetime (28800s). The remote firewalls are fortigates. My tunnels don't seem to cause problems but I'm wondering why these messages appear like something is misconfigured. I have searched on a search engine but didn't find something relevant about it. Does anyone know why are these messages appear ? Thank you
Re: IPSEC VPN performance
600Mbps seems about right, I tested a pair of E5649-based boxes to 550Mbps last year (with aes-128-gcm): http://marc.info/?l=openbsd-miscm=134033767126930 You'll probably get slightly more than 600 with with multiple TCP streams. Assuming PF was enabled for your test (the default configuration), the performance should be about the same with a proper ruleset. Traffic for existing states won't hit the ruleset at all. On Fri, Sep 28, 2012 at 06:39:14PM -0400, Jim Miller wrote: Yes. Let me double check everything again on Monday. Keep in mind that all devices had 1Gb ethernet interfaces and everything was directly cabled. No pf rules either. w/o ipsec I could get 900mbps through the openbsd boxes. Now you've got me thinking I need to recheck everything. -Jim On 9/28/12 5:19 PM, Hrvoje Popovski wrote: Hi, On 28.9.2012 22:09, Jim Miller wrote: So using another Mac w/ 1Gb ethernet adapter to a Linux box w/ 1Gb eth I was able to achieve approx. 600Mbps performance through the test setup (via iperf and my dd method). 600Mbps via ipsec between two Intel E31220 ?