On Wed 04 Dec 2013 12:40:09 GMT, Stuart Henderson wrote:
On 2013/12/04 10:19, Andy wrote:
Yea I had the same problem with sasynd but I found a simple solution that
allows for faster failover than DPD.
The issue I found was that when isakmpd starts on the carp 'backup', the -S
stops it from
:43 PM, Chris Cappuccio ch...@nmedia.net wrote:
andy [a...@brandwatch.com] wrote:
Hi,
Could someone help me with this issue we have found where the OpenBGPd
rule 'match to bgppeerip set nexthop bgpcarpip' doesn't work if OpenBGPd is
started whilst the OpenBSD host is a carp master. It only works
structure;
http://quigon.bsws.de/papers/2012/eurobsdcon/
http://www.youtube.com/watch?v=CMv90lDHhB8
PS; This altq example is of the top of my head so will have errors but
should get you a bit further..
Google for more...
Andy
On Tue 03 Dec 2013 18:15:23 GMT, Laurent CARON wrote:
On Mon, Nov 25, 2013 at 10:53:24PM +0100, Laurent CARON wrote:
I added a new transit to my network (Level3) and this issue is back
(runnning OpenBSD 5.4 but tried current also).
Nov 25 22:43:55 bgpgw-002 bgpd[24271]: neighbor
queue stuff.. I still need to read all the man pages
and notes on it myself yet.
Andy
is removed completely in 5.5??
Cheers, Andy.
On Fri 29 Nov 2013 22:10:20 GMT, Hrvoje Popovski wrote:
On 29.11.2013. 17:08, Andy wrote:
PS; I hope you have reeaaaly fast servers..
NB; ALTQ is currently 32bit so you cannot queue faster than 4 and a bit
gig, unless you go for Hennings new queueing system
Giannis wrote:
On 29/11/13 19:16, Andy wrote:
On Fri 29 Nov 2013 16:19:26 GMT, Kapetanakis Giannis wrote:
Unfortunately on the Cisco part I don't SFP+.
I have XENPACK option only which give me 3 options:
SR ~ 3K GPL
LRM ~ 1.5K GPL (I can't find any LRM GBIC for Intel side)
CX4 ~ 600 GPL
I'd avoid
2013 15:52:07 GMT, Kapetanakis Giannis wrote:
On 02/12/13 17:15, Andy wrote:
Yea CX4 will work, its the chipset that matters. But CX4 is short
range and superseded, and by using SFP+ you can pick and choose your
transceivers for fibre or CAT cabling etc.
Well the Cisco CX4 costs ~ 600$ List
code to look so I can
try to comment out the code which is checking the state of carp? This is
desperately important for us for reasons discussed in this thread and
others.
Thanks for your time, Andy.
PS; Thanks to Henning and Claudio for their great work with OpenBGPd.
On Thu, 21 Nov 2013 16:44
of the official branded Direct Connect cables
(don't get real cheap ones) so get Cisco branded as you have a Cisco
switch.. Much cheaper than Cisco optics but the same end result.
Andy.
On Fri 29 Nov 2013 15:07:34 GMT, Kapetanakis Giannis wrote:
Hi,
I've just received a Cisco 6704 for my 10G uplinks
PS; I hope you have reeaaaly fast servers..
NB; ALTQ is currently 32bit so you cannot queue faster than 4 and a bit
gig, unless you go for Hennings new queueing system which I'm still yet
to do when I actually find time..
On Fri 29 Nov 2013 16:05:35 GMT, Andy wrote:
We bought the Intel x520
On Fri 29 Nov 2013 16:19:26 GMT, Kapetanakis Giannis wrote:
On 29/11/13 18:05, Andy wrote:
We bought the Intel x520-DA2 cards as they gives you the flexibility
of using any SFP+ transceiver.. If you buy the SR2 you are locked to
using short range fibre and the optics for the other end can get
/application_server.html?mod=prodname=SA1260A304Rcookies=acceptdo=Continue
Andy
On Fri 29 Nov 2013 16:08:39 GMT, deoxyt2 wrote:
Hello guys.
I need to install an IPS and of course I want to install this with
OpenBSD, the througput of network is 10Gbps on fiber-optic. would
recommend the hardware supported
On Fri 29 Nov 2013 17:24:15 GMT, Andy wrote:
Fastest you can buy!! Even then you probably struggle..
You'll need the fastest single core you can get your hands on for the
network stack/OBSD kernel, and the other cores for Snort etc..
3.5GHz Ivy Bridge-EP CPU (E5-2637v2). Their are other Ivy
On Wed, 27 Nov 2013 15:08:33 +, C. L. Martinez
carlopm...@gmail.com
wrote:
Hi all,
I am doing some tests with two openBSD 5.4 hosts configuring carp
features. All it is ok, except for pfsync0 interface: it doesn't
starts up at system boot or when both are rebooted. I need to start it
On Wed, 27 Nov 2013 15:31:49 +, C. L. Martinez
carlopm...@gmail.com
wrote:
On Wed, Nov 27, 2013 at 3:25 PM, andy a...@brandwatch.com wrote:
On Wed, 27 Nov 2013 15:08:33 +, C. L. Martinez
carlopm...@gmail.com
wrote:
Hi all,
I am doing some tests with two openBSD 5.4 hosts
On 15/11/13 16:50, Adam Thompson wrote:
On 13-11-15 04:17 AM, Andy wrote:
On 12/11/13 05:48, Chris Cappuccio wrote:
Two BGP sessions from different IPs (no CARP)
BGP next-hop pointing to CARP-protected IP
Hi Chris,
This sounds good.. Could you clarify further?
I can clarify for him, see
not.
-Adam
Andy a...@brandwatch.com wrote:
On 15/11/13 16:50, Adam Thompson wrote:
On 13-11-15 04:17 AM, Andy wrote:
On 12/11/13 05:48, Chris Cappuccio wrote:
Two BGP sessions from different IPs (no CARP)
BGP next-hop pointing to CARP-protected IP
Hi Chris,
This sounds good.. Could you
responsiveness when using OpenBSD.
Andy.
Thank you in advance,
On Fri, 15 Nov 2013 11:31:14 -0600, Adam Thompson athom...@athompso.net
wrote:
On 13-11-15 11:26 AM, Andy wrote:
You sir have just made my weekend! :)
I thought that nexthop directive was a PF rule.. D'oh.. Clearly a long
week ;)
What you *might* have to do is use ifstated(8) to ensure
On Fri, 15 Nov 2013 10:14:20 -0800, Chris Cappuccio ch...@nmedia.net
wrote:
Adam Thompson [athom...@athompso.net] wrote:
What have I missed? (Or is this yet another breakdown in OpenBSD's
documentation?)
If you find a deficiency in the documentation, please submit a patch.
Once I get
a true clean way of doing this without
configuring multiple BGP attributes in OpenBGPd based on CARP status :(
PS; For inbound path control which would you recommend? MED or padding
the AS path? I.e. is one potentially more responsive than another..
Cheers, Andy.
for
inside-facing while #2 is master for outside-facing will break pf(4).)
Absolutely.. I always put my carp interfaces into the same carp group
to ensure this.
Thank you very much, I will test this ASAP :)
Thanks again, Andy.
On Fri 15 Nov 2013 16:50:24 GMT, Adam Thompson wrote:
On 13-11-15
httpSite5
#forward to webcaches port 80 mode roundrobin check http
/monitoreo/relayd.txt code 200
#}
Haven't implemented this myself so can't comment!
Good luck :)
Andy.
[root@server ~]# dmesg
OpenBSD 5.4 (GENERIC) #37: Tue Jul 30 15:24:05 MDT 2013
dera...@amd64.openbsd.org:/usr
try removing
the 'in' or 'out' direction from the rules.
Otherwise I'd suggest investigating some more and post a new question to
misc.
Good luck.
Andy
Sent from my iPhone
On 14 Nov 2013, at 19:37, Leonardo Santagostini lsantagost...@gmail.com
wrote:
Well well well there is one thing its
...@gmail.com
Thanks a lot to all, i will give it a try and gives tou you feedback as
soon as it get implemented.
Saludos.-
Leonardo Santagostini
2013/11/14 Andy a...@brandwatch.com
On 14/11/13 15:21, Leonardo Santagostini wrote:
Hello misc,
Im doing my final approach to put
On Fri 08 Nov 2013 18:28:38 GMT, Chris Cappuccio wrote:
Andy [a...@brandwatch.com] wrote:
Hi Chris,
Yea that makes sense, as you say its pretty trivial and a divide by zero
check is a common coding practice...
I will try again as I only tried 'Max Performance' but it might mean until
On Sat 09 Nov 2013 15:57:14 GMT, athom...@athompso.net wrote:
PS; We are against 'sloppy state' so much because we cannot sanitize
the sessions anywhere else (these firewalls connect to raw Transit).
In the meantime I think we're going to be forced to use ifstated to
shutdown OpenBGPd on the
Hi back in the office now.
On Thu 07 Nov 2013 20:54:20 GMT, Chris Cappuccio wrote:
Andy Lemin [a...@brandwatch.com] wrote:
Hi, sadly OpenBSD does not boot with the latest Ivy Bridge EP (E5-2637v2) with
'Power Technology' in the supermicro BIOS set to 'Max Performance', on both 5.4
release
On Fri 08 Nov 2013 10:42:52 GMT, Peter Hessler wrote:
On 2013 Nov 08 (Fri) at 10:31:56 + (+), Andy wrote:
:On Thu 07 Nov 2013 20:54:20 GMT, Chris Cappuccio wrote:
:Andy Lemin [a...@brandwatch.com] wrote:
:Hi, sadly OpenBSD does not boot with the latest Ivy Bridge EP (E5-2637v2
attribute which you can already set now with values according to CARP state.
Cheers, Andy.
risk insecurity..
Thanks for reading :)
On Fri 08 Nov 2013 11:44:58 GMT, Andy wrote:
Hi,
We have upgraded to 5.4 in production and now have our OSPF routes
being announced from our CARP 'backup' with a max value metric, and
the CARP 'master' announcing with the default/defined metrics. This
works
hoping that Turbo+ would
work as that gives me a few hundred extra MHz on top of the default
3.5GHz Ivy clock in a single core etc.
Please let me know if a commit for this is done and I will test using a
snapshot :)
Thanks for your time, Andy.
On Fri 08 Nov 2013 17:05:33 GMT, Chris Cappuccio
to defaults I still see these errors though
during boot;
[demime 1.01d removed an attachment of type image/jpeg which had a name of
image.jpeg]
Cheers, Andy
Sent from my iPhone
Sent from my iPhone
On 5 Nov 2013, at 21:18, Pedro Federico pedfre...@gmail.com wrote:
Sorry for replying my own
.
Will be testing in the next week or two.
On Tue 05 Nov 2013 00:42:44 GMT, Chris Cappuccio wrote:
Pedro Federico [pedfre...@gmail.com] wrote:
Andy, did you finally get that server? If so, is OpenBSD running fine?
I am interested in that server too.
I have some Xeon 55xx with intel C6xx chipsets
the cold months
are here.. :)
Cheers, Andy.
at 12:54 PM, Andy a...@brandwatch.com
mailto:a...@brandwatch.com wrote:
Hi all,
Would any of the esteemed OpenBSD developers be interested in
adding support for BFD (Bidirectional Forward Detection) to OpenBSD.
The protocol itself seems pretty simple and provides a sub
Code snippets can be seen on;
http://sourceforge.net/projects/kbfd/
http://sourceforge.net/projects/bfdd/
Editing these to compile and work on OpenBSD and run 'bgpctl neighbor
$bfdpeer down' etc is beyond my skills..
Thanks for reading, Andy.
On Tue 29 Oct 2013 11:16:20 GMT, Andy wrote
Thanks for ideas and examples guys :)
Cheers, Andy.
On 24/10/13 14:18, Comète wrote:
I use ifstated for that. This is my config file:
init-state auto
carp_up = carp3.link.up carp10.link.up carp101.link.up
carp100.link.up carp254.link.up carp2.link.up carp7.link.up
carp4.link.up
On Tue 29 Oct 2013 14:55:05 GMT, Adam Thompson wrote:
On 13-10-28 11:54 AM, Andy wrote:
Would any of the esteemed OpenBSD developers be interested in adding
support for BFD (Bidirectional Forward Detection) to OpenBSD.
[...]
'+1's welcome from others who would be interested to show signs
this is an ICMP ping with some authentification (on the gateway of a
route) ??
Why is this not overkill ?
On Tue, Oct 29, 2013 at 11:01 AM, Andy a...@brandwatch.com wrote:
On Tue 29 Oct 2013 14:55:05 GMT, Adam Thompson wrote:
On 13-10-28 11:54 AM, Andy wrote:
Would any of the esteemed
can be torn down etc thus allowing for sub-second
re-convergence of i/eBGP!
I can only offer a crate of beer to anyone who has the skills and is
willing :)
'+1's welcome from others who would be interested to show signs of
support/interest..
Cheers, Andy.
is 100. This means that it would prefer the eBGP path, rather than use
the OSPF learnt routes.
How can I change this in OpenBGPD and OpenOSPFD?
Cheers, Andy.
, is this the right tool for this? and if so
could someone throw me an example if you have one?
Thanks, Andy.
On Mon 21 Oct 2013 10:45:41 BST, Henning Brauer wrote:
* Andy a...@brandwatch.com [2013-10-09 17:14]:
After-all the packets egress the physical underlying interface so I
wonder if its possible to 'queue' on the physical interface 'on emX'
for example underneath the 802.1Q tagging, such that all
notification))..
Good luck.. Andy
Sent from my iPhone
On 18 Oct 2013, at 18:50, Boris Goldberg bo...@twopoint.com wrote:
Hello Henning,
Friday, October 18, 2013, 5:37:23 AM, you wrote:
I extensively use cbq and very confused by the current queuing manual. It
seems that actual speed
which matches one of the queues on that interface the
queue will be used.
So you look ok to me. Try adding the 'upperlimit' property to your hfsc
properties.
NB; I haven't tested Hennings new queuing subsystem yet so just guessing.
Cheers, Andy.
On Tue, 15 Oct 2013 16:32:16 +0400, Wesley MOUEDINE
get my
new hardware in November.
Cheers, Andy.
On 09/10/13 16:14, Andy wrote:
On Wed 09 Oct 2013 13:53:06 BST, Andy wrote:
On Wed 09 Oct 2013 12:29:48 BST, Leonardo Lombardo wrote:
Thanks for your reply Andy.
What if I have:
- multiple VLANs on an internal IF
Just have a different set
in both directions with only one rule.
NB; I use '_local_kernel' for local CARP traffic etc, and '_local_data'
for traffic which is not distined for the WAN link but other local
networks and so can run at wire speed.
And _wan_* for the wan based traffic..
Hope this helps,
Andy.
On 09/10/13 07
On Wed 09 Oct 2013 12:29:48 BST, Leonardo Lombardo wrote:
Thanks for your reply Andy.
What if I have:
- multiple VLANs on an internal IF
Just have a different set of queues for each 'on vlanX' etc.
- have a limited bandwidth on external (say 10/10Mbit/s)
Do as was suggested, have
Hi,
It seems that OSPF starts quite early in the boot process before other
things have finished booting.
Is their a way to delay the start so that it only starts announcing once
all the start up scripts have run etc?
Cheers, Andy.
appreciate this problem is being born out of the fact that I am
trying to run the boxes as both firewalls /and/ routers.
Does this make sense, and does anyone have an idea of how to cope with
this dual-stack scenario?
Cheers, Andy.
PS; ignore all the slanderus bull It's impossible to make
On Wed 09 Oct 2013 13:53:06 BST, Andy wrote:
On Wed 09 Oct 2013 12:29:48 BST, Leonardo Lombardo wrote:
Thanks for your reply Andy.
What if I have:
- multiple VLANs on an internal IF
Just have a different set of queues for each 'on vlanX' etc.
- have a limited bandwidth on external (say 10
On 02/10/13 12:31, Stuart Henderson wrote:
On 2013/10/02 12:26, Andy wrote:
No, but does it matter anyway? - Good point.. What I should have
really asked is how can I ensure that the route with the lowest
metric/cost is the one pointing to the master..
ospfd does that anyway (and DR/BDR
In their tests the devs managed to get a single TCP connection to run
at upto 53Gbit across 6 10Bgit links.
The patch is very simple to apply.
Andy.
On Wed 02 Oct 2013 09:58:02 BST, Stuart Henderson wrote:
On 2013/10/01 23:02, Abel Abraham Camarillo Ojeda wrote:
On Fri, 23 Aug 2013 18:39:29
backup announces with a higher cost..)
Thanks for your thoughts everyone, would spend a lot more time walking
around in the dark if it wasn't for peoples insights on this list :)
Cheers, Andy.
On Tue 01 Oct 2013 22:42:15 BST, Stuart Henderson wrote:
On 2013-10-01, Andy a...@brandwatch.com
', but
this only shows an example where the internal LAN connection is a CARP.
I have no choice but to run these as both firewalls and routers and I
must have CARP for redundancy etc.
Any advice or good URLs would be greatly appreciated.
Thanks, Andy.
, and back-haul).
Thanks :)
Andy
On Tue 01 Oct 2013 09:19:20 BST, Andy wrote:
Hello,
I have started deploying OSPF in our test environment before deploying
it out to the production network.
We have two Cisco ASR 1002 IOS XE routers in the middle of our Area 0
which have the Transit connections
On 01/10/13 14:32, Brian Hechinger wrote:
On Tue, Oct 01, 2013 at 09:19:20AM +0100, Andy wrote:
Also is there no way to have the CARP IP be the IP which is advertised
as the neighbor ensuring that traffic is always sent to the CARP IP
instead (I would MUCH prefer this!).
I spent an enormous
On Tue 01 Oct 2013 15:01:32 BST, Andy wrote:
On 01/10/13 14:32, Brian Hechinger wrote:
On Tue, Oct 01, 2013 at 09:19:20AM +0100, Andy wrote:
Also is there no way to have the CARP IP be the IP which is advertised
as the neighbor ensuring that traffic is always sent to the CARP IP
instead (I
My vote - *HENQ
Chickens lined up..
On Thu 19 Sep 2013 11:34:03 BST, MERIGHI Marcus wrote:
pkesh...@gmail.com (patrick keshishian), 2013.09.19 (Thu) 09:39 (CEST):
On Thursday, September 19, 2013, Ted Unangst wrote:
On Thu, Sep 19, 2013 at 09:14, Henning Brauer wrote:
*ALTQ's replacement..
On Tue 17 Sep 2013 08:58:12 BST, Peter Hessler wrote:
On 2013 Sep 16 (Mon) at 16:42:26 +0100 (+0100), Andy wrote:
:I know that OpenBSD runs on any CPU which is based on the AMD64
:architecture, however someone has worried me and said that this CPU and
:chipset is different somehow and might
On Tue 17 Sep 2013 13:48:45 BST, Stuart Henderson wrote:
On 2013-09-16, Andy a...@brandwatch.com wrote:
Planning to test Hennings new ALTQ subsystem diff on OpenBSD 5.4 with
this hardware :D
pardon the pedantry, but it's not altq..
Lol, yes sorry ;)
*ALTQ's replacement..
Does it have
Oh yea, just look at the slides.. Dohh ;)
On Tue 17 Sep 2013 14:54:12 BST, Jiri B wrote:
On Tue, Sep 17, 2013 at 02:35:48PM +0100, Andy wrote:
On Tue 17 Sep 2013 13:48:45 BST, Stuart Henderson wrote:
On 2013-09-16, Andy a...@brandwatch.com wrote:
Planning to test Hennings new ALTQ subsystem
On Tue 17 Sep 2013 18:09:15 BST, Michael Chen wrote:
I'm considering bidding on this 48-core box:
http://www.ebay.com/itm/Supermicro-A-Server-1042G-TF-1U-H8QG6-4-CPUS-48-cores-2-2Ghz-128GB-RAM-/151119828428?pt=COMP_EN_Servershash=item232f7195cc
Does anyone have experience with it and can I
have the '82599ES' controller.
Quite excited at the thought of building a 3.5GHz Ivy Bridge-EP based
10GBit OpenBSD firewall with DDR3-1866MHz RAM :)
Planning to test Hennings new ALTQ subsystem diff on OpenBSD 5.4 with
this hardware :D
Thanks, Andy.
hostname as the identity of the local peer, if not
specified
by the srcid parameter.
Dynamic is required to negotiate PFS with the other side I believe.
Cheers, Andy
On Thu 12 Sep 2013 08:07:55 BST, Janne Johansson wrote:
You are going to see (if you debug the negotiations done by isakmpd
Thus said Michael W. Lucas on Wed, 11 Sep 2013 20:59:08 -0400:
This, well, kind of surprised me. I'm sure you folks have thought this
through in much more detail than I have, but I can't find anything on
the rationale behind it.
Is sudo enabled for any non-root users by default?
Andy
I love Henning's slides ;)
On Tue 10 Sep 2013 08:29:12 BST, Peter N. M. Hansteen wrote:
On Tue, Sep 10, 2013 at 11:17:58AM +0400, ?? ?? wrote:
where can I read more about set prio in pf?
man pf.conf tends to be the best source, you could also browse
PS; Thanks for your great work Henning (and others of course). Hoping
and keeping fingers crossed the new subsystem will make it into 5.4 :)
Andy
On 10/09/13 08:29, Peter N. M. Hansteen wrote:
On Tue, Sep 10, 2013 at 11:17:58AM +0400, ?? ?? wrote:
where can I read more about set
Ah I feared as much as its so close to the 5.4 release date.
Good things come to those who wait
Thanks, Andy
On Tue 10 Sep 2013 10:47:18 BST, Peter N. M. Hansteen wrote:
On Tue, Sep 10, 2013 at 10:37:17AM +0100, Andy wrote:
PS; Thanks for your great work Henning (and others of course
, Sep 7, 2013 at 8:13 AM, andy a...@brandwatch.com wrote:
Hi everyone,
I have a feeling that I may get some strong opinions on this question, so
please don't flame me or anything, I'm asking because I don't know.
Does this document still hold any truth with current OpenBSD;
https
-ortega-WP.pdf
Cheers, Andy.
On 04/09/13 21:33, Todd T. Fries wrote:
Penned by andy on 20130904 15:21.22, we have:
| Hi, one last question.
|
| I am reading through lots of examples and documentation on OpenBSD and v6
| and most seem to refer to adding the v6 address to /etc/hostname.X as an
| 'alias', e.g.;
| inet 10.0.0.1
and
OpenBGPd (will be our WAN edge), and so to add active-active CARP load
balancing could prove very problematic??? Anyone with any experience on BGP
and OSPF with active-active?
Cheers, andy.
On 09/02/2013 09:53 AM, Andy wrote:
If only you could 'buy' more time or make days longer.. ;)
Because I
up and down, and CARP (v4 and v6) up and down.. (I.e, RFC1918
internally so v4 with NAT, but v6 fully routed).
All this considered I think we should stick with active-backup.
Andy
2013/9/4 andy a...@brandwatch.com
On Mon, 02 Sep 2013 09:56:46 -0400, John Jasen
jja...@realityfailure.org
an 'alias'
when it is not an alias address to the v4 address?
Sorry to obsess about the details on this but want to get this completely
correct in the eyes of the developers?
Cheers, Andy.
On Sun, 01 Sep 2013 13:55:27 +0100, Andy a...@brandwatch.com wrote:
Hi Stuart, yea I realised that after, it's
great success with for a reasonable price
(~2,000 GBP)?
Thanks for your time and I'm sorry for bringing this question up again,
but hardware changes regularly and I greatly value the opinions of
others on this list.
Regards, Andy.
briefly a few weeks back and he said I should ask for the code but
I cannot remember who in the team he said I should message for this?
I'm not a coder but I'm happy to contribute as and where I can :)
Andy.
On Mon 02 Sep 2013 13:02:42 BST, Kenneth R Westerback wrote:
On Mon, Sep 02, 2013 at 01:41
(does it improve the speed of CARP setup/detection etc)?
Thanks for your help :) Andy
On Sat 31 Aug 2013 23:25:12 BST, Stuart Henderson wrote:
On 2013-08-30, Andy a...@brandwatch.com wrote:
cat /etc/hostname.carp0
inet 18.2.32.10 255.255.255.0 18.2.32.255
inet6 a00:7e0::a 64
carpdev em0 carppeer
On 29/08/13 18:37, Todd T. Fries wrote:
Penned by Andy on 20130829 9:57.29, we have:
| Hi everyone,
|
| I'm hoping someone can help me as I'm not having much luck with adding
| IPv6 to the mix of our already working IPv4 setup.
|
| What should /etc/hostname.carpX look like for an IPv6 setup
GigabitEthernet0/0/1
ip address 18.2.32.1 255.255.255.0
ipv6 address a00:7e0::1/64
ipv6 unicast-routing
Cheers, Andy.
On 30/08/13 11:18, Stefan Sperling wrote:
On Fri, Aug 30, 2013 at 10:08:56AM +0100, Andy wrote:
Hi guys,
Adding the inet6 as an alias didn't work for me.
When the first line
for your time, Andy.
PS; I don't have MLD capable switches in all locations if that is a
factor here regarding CARP messages being via IPv6 Multicast.
On Thu 29 Aug 2013 15:57:29 BST, Andy wrote:
Hi everyone,
I'm hoping someone can help me as I'm not having much luck with adding
IPv6 to the mix of our already
Thanks, I'll give that a try.
I have got it working with separate CARP interfaces for v4 and v6 but
was hoping to have it working under one interface.
Cheers, Andy.
On Thu 29 Aug 2013 17:13:37 BST, Loïc Blot wrote:
Hello Andy,
here is on of my working configuration (OpenBSD 5.2)
inet
On Thu 29 Aug 2013 18:37:53 BST, Todd T. Fries wrote:
Penned by Andy on 20130829 9:57.29, we have:
| Hi everyone,
|
| I'm hoping someone can help me as I'm not having much luck with adding
| IPv6 to the mix of our already working IPv4 setup.
|
| What should /etc/hostname.carpX look like
On Mon, 26 Aug 2013 14:24:12 -0400, Andres Chavez
fluxboxtrem...@gmail.com wrote:
Hi, can anyone tell me the best or at least the most used real time
bandwith monitoring tool, when using the PF+ALTQ solution please?
thanks in advance.
We use Graphite for the display of data received by
This is a question with many solutions, each with their own benefits and
disadvantages and is a subject of some history.
If you are connecting two servers directly together without using a switch
in-between them, then round-robin is for you.
However if you need to have switches in the mix there
kernel lock, and reworking ALTQ and PF to name our worst and most
serious pain points than have them work on stuff that we can easily
'work around'.. :)
Andy
On Tue 13 Aug 2013 12:52:02 BST, Nick Holland wrote:
On 08/13/13 07:13, Marian Hettwer wrote:
...
This is sad :-/ For any mass deployment
ifconfig -g pfsync -carpdemote 3
NB; There are 3 physical interfaces (INT, EXT, and PFSYNC's pysical
interface).
Completely stabilises a flapping pfsync interface during reboots :)
Cheers, Andy.
On 22/07/13 22:26, Stuart Henderson wrote:
On 2013-07-22, Andy a...@brandwatch.com wrote
is plugged back in/WAN provider
resets/kills/asserts/misconfigures one of their WAN switches (we have
redundant connections across their switch fabric).
Cheers, Andy.
On 23/07/13 10:34, Henning Brauer wrote:
* Andy a...@brandwatch.com [2013-07-22 13:14]:
None the less I'm surprised that no one else
That would be really useful :)
One of the things that made it hard to debug was logging. I tried all
the net.inet.carp.log levels ;)
Andy.
On Tue 23 Jul 2013 17:00:58 BST, Theo de Raadt wrote:
I agree, that's why I spent a long time trying to get all the switches
configured correctly
base nearby I would really appreciate so
much if you could throw a sleep in after CARP moves to INIT.
Thanks everyone,
Andy.
On Thu 18 Jul 2013 13:04:01 BST, Andy wrote:
Ok, sadly adding the !sleep 5 is not helping and made it even worse :(
E.g. the reboot of the primary with the sleep
Hi,
I hope this is helpful to someone else and maybe a dev could add this
solution (or an improvement thereof) into the code as standard.
- I found an issue with IPSec and OpenBSD with CARP during fail-over,
whereby a fail over with the default recommended set-up results in
broken IPSec
a problem in
some locations) where they wont enable port fast/configure as static
access ports.
Andy.
On Mon 22 Jul 2013 12:44:08 BST, Marko Cupać wrote:
On Mon, 22 Jul 2013 12:12:30 +0100
Andy a...@brandwatch.com wrote:
I.e. When a firewall boots up, the connected switch port starts STP
have an unstable set-up.
Thanks for letting me know.
Andy.
On Mon 22 Jul 2013 13:46:35 BST, Camiel Dobbelaar wrote:
On 7/22/13 1:12 PM, Andy wrote:
I messed up and added '!sleep 5' to the hostname.carp instead of the
physical interface..
None the less I'm surprised that no one else has any
Hi,
Others have discussed our problem but I cannot see that this has been
implement (I cannot find a man page referring to this).
http://openbsd.7691.n7.nabble.com/carp-init-delay-td226187.html
I.e. When a firewall boots up, the connected switch port starts STP and
is initially blocked,
the obvious solution..
Thanks for your thoughts :)
Andy.
On Thu 18 Jul 2013 12:34:11 BST, Andy wrote:
Hi,
Others have discussed our problem but I cannot see that this has been
implement (I cannot find a man page referring to this).
http://openbsd.7691.n7.nabble.com/carp-init-delay-td226187.html
is
screwing with our VoIP traffic :(
Does anyone know of how I can view the pflow or even just the states for
/all/ traffic in just one queue?
Thanks in advance, Andy.
, Andy.
On Tue 16 Jul 2013 16:43:44 BST, Stuart Henderson wrote:
On 2013-07-16, Peter N. M. Hansteen pe...@bsdly.net wrote:
Andy a...@brandwatch.com writes:
I have an issue where one of my 'real-time' queues is much busier than
it should be. I suspect that someone is running something
201 - 300 of 414 matches
Mail list logo
