Re: How to analyse excessive PF states?

Le Sat, 22 Oct 2016 18:12:37 +0200, Federico Giannici a écrit : > We have a firewall with OpenBSD 6.0 amd64 that handles about 1.5 Gbps > of traffic. > > I noticed that from a few weeks the number of states is increased > from around 250.000 to almost 2 millions (no change

Re: pf, bridge and vether: interface with no group

Le Tue, 16 Feb 2016 13:05:51 +0100, Clemens Goessnitzer a écrit : Ok I think : the pf.conf rule ### rules for internal network ### pass inet proto { tcp, udp } from internal:network to port $udp_services is expanded to pass inet proto udp from 10.0.0.0/24 to

Re: pf, bridge and vether: interface with no group

Le Tue, 16 Feb 2016 00:10:41 +0100, Clemens Goessnitzer a écrit : > Hello misc, Hi ... > So, if I specify a group for re1, everything is working as expected. > However, if re1 is not a member of any group, DHCP request are blocked > by pf, as tcpdump shows. Is

Re: Firewall cluster.

Le Wed, 09 Jul 2014 20:33:47 +0200, Mxher o...@mxher.fr a écrit : Hello, I'm doing few more tests and now I'm wondering if this is possible to disallow CARP to have some resources on serverA and others on serverB? You can use ifstated to implement your own logic. I have a pair of

Re: unlink utility

Le Wed, 26 Mar 2014 12:19:25 +0100, Dmitrij D. Czarkoff czark...@gmail.com a écrit : Hello, For some reason POSIX X/Open Systems Interfaces option requires 'unlink' utility to be present in operating system. Sure, it does nothing that 'rm' doesn't already do, but given that 'unlink' is

Re: Snmpd question

Le Wed, 12 Feb 2014 11:25:58 -0600, Bales, Tracy tracy.ba...@williams.com a écrit : Hello, Is it possible to have a shell script modify the contents of a user defined OID that is setup in snmpd.conf? I would like to have a cron event run a shell script and that script modify the OID values

Re: OpenBSD as a router on Oracle T5120

Le Mon, 20 Jan 2014 18:59:02 -0200, Eduardo Meyer dudu.me...@gmail.com a écrit : hello, I am doing some basic testings on the above mentioned scenario and I am stuck on some limits which I consider to be very low: I cannot get more than 27Kpps and 200Mbit/s routing performance without

Re: (5.3) load problem on em(4) MSI / interrupt ?

Le Tue, 1 Oct 2013 08:37:09 + (UTC), Stuart Henderson s...@spacehopper.org a écrit : Hello, On 2013-10-01, Patrick Lamaiziere patf...@davenulle.org wrote: Hello, With OpenBSD 5.3, our firewall does not handle our network load well. We loose around 5% of packets and netstat shows

Re: (5.3) load problem on em(4) MSI / interrupt ?

Le Mon, 09 Dec 2013 12:31:04 +, Stuart Henderson s...@spacehopper.org a écrit : Hello, I don't think msi can be re-enabled for this part in OpenBSD, the reason it's disabled is that there is a bug in the 82571/2 chips (errata 63 in

Re: OpenBSD and NetFlow

Le Tue, 03 Dec 2013 17:05:59 +0100, Alexis VACHETTE avache...@sisteer.com a écrit : Hi everyone, Hello, I would like to share an issue with one of my OpenBSD Firewall which is present in my company. Everything was working fine until a server crash this last week-end. We have setup

(5.3) load problem on em(4) MSI / interrupt ?

Hello, With OpenBSD 5.3, our firewall does not handle our network load well. We loose around 5% of packets and netstat shows a lot of Ierr. That worked much better with 5.1. There was a change to not enable MSI on 82572 chipset on our Intel card ( Intel PRO/1000 QP (82571EB) rev 0x06) in 5.2 :

carp demote count in 5.3 (change since 5.1)

Hello, I'm upgrading our firewalls to OpenBSD 5.3 (with erratas) from 5.1 : As far I can see now, the firewall (without any problem) starts with a carp demote count = 33. On 5.1 the demote count was = 0 looks like the 33 comes with a pfsync bulk start Jul 29 13:51:01 ucop2 /bsd: carp: pfsync0

Re: Management of pf.conf

Le Thu, 11 Jul 2013 13:18:13 +0200 (CEST), Jummo jum...@yahoo.de a écrit : This works quiet good for me and my firewalls with one exception, my big fat central router/firewall. This firewall has around 2000 lines of pf.conf, is attached with 12 VLAN interfaces and get slowly unmanageable with

Re: PF sync doesn't not work very well

Le Wed, 03 Jul 2013 07:11:08 -0500, Mark Felder f...@feld.me a écrit : On Wed, 03 Jul 2013 07:00:02 -0500, Loïc Blot loic.b...@unix-experience.fr wrote: Hello, no carp is used at this time. pfsync needs to be used with carp... without it you're just playing whack-a-mole with your

Re: bad rule, or special filtering needed for bootp packets?

Le Wed, 27 Mar 2013 19:28:08 -0700, David Ruggiero thatseattle...@gmail.com a écrit : Thanks! No, it didn't occur to me, so very appreciated. I didn't remember that you could do that form of the table command to show explicit members in a list, so that's also really helpful. FWIW,

Re: Why to use packages?

Le Sat, 16 Mar 2013 12:36:35 +0400, Alexander Nusov alexander.nu...@gmail.com a écrit : Hello, I'm trying to get why to use binary packages if they are not updated? I don't see any reason to use packages too (IMHO). For example, this package confuses me: lighttpd

Re: carp + 5.1/5.2 woes

Le Wed, 2 Jan 2013 13:39:25 +0100, Toni Mueller openbsd-m...@oeko.net a écrit : Hello, With this setup, carp1 will stay in BACKUP mode when I say ifconfig carp1 advskew 120 on A, while on B, it would go into MASTER immediately. Hmm, did you check the value of the carp demote counter? #

Re: [5.1] pflow(4) flow with starttime *after* endtime

Le Fri, 27 Jul 2012 11:13:21 +0200, Hrvoje Popovski hrv...@srce.hr a écrit : On 26.7.2012. 18:31, Patrick Lamaiziere wrote: Hello, We have just noticed that pflow (v5) sometime (but often) uses a StartTime value which is later than the EndTime. So the duration is interpreted

Re: OBSD51: using macros with reply-to

Le Thu, 1 Nov 2012 13:28:18 -0200, Fernando Braga fermbr...@gmail.com a écrit : Hello, pass in on $int_if from VoIP to ! redeOscar route-to $cosmo@$int_if However, when I issue a pfctl -sr, I get pass in on trunk1 inet from VoIP to ! redeOscar flags S/SA route-to 172.16.99.249@$int_if

[PF 5.1] strange unreachable icmp reply from firewall

(openbsd 5.1/amd64) Hello, I filter icmp echoreq for one host, but on output. The rules are : pass in quick on $ext_if inet proto icmp from any to any icmp-type echoreq keep state (floating) block out quick on $int_if inet proto icmp from any to $host When I ping this $host from out, I see

Re: Ports security updates in 5.1 or 5.2

Le Wed, 29 Aug 2012 09:59:46 +0200, Sebastien Marie semarie-open...@latrappe.fr a écrit : Hello, I currently follow STABLE branch for openbsd (and so, for ports too), which is OPENBSD_5_1. But, I saw that the last security updates for ports go to OPENBSD_5_2 and not to OPENBSD_5_1. Any

Re: Broken pfctl ..... ? I not understand my

Le Thu, 26 Jul 2012 12:44:40 +0430, Bahador NazariFard bahador.nazarif...@gmail.com a écrit : block in quick on msk0 proto tcp *to* port ssh whats this? instead of above wrong statement, you can use block in quick on msk0 proto tcp from any to any port ssh This is the same thing. The from

[5.1] pflow(4) flow with starttime *after* endtime

Hello, We have just noticed that pflow (v5) sometime (but often) uses a StartTime value which is later than the EndTime. So the duration is interpreted 4294966.29600 secondes. This confuses our collector (nfsen). (wireshark) pdu 19/30 SrcAddr: 194.57.169.116 (194.57.169.116)

[4.9-5.1] smtpd does not work anymore without resolver?

Hello, On 4.8 I was using smtpd to relay periodic mails. The box is a firewall and the resolver is not configured at all. smtp.conf # This is the smtpd server system-wide configuration file. # See smtpd.conf(5) for more information. listen on lo0 map aliases { source db /etc/mail/aliases.db }

Re: [4.9-5.1] smtpd does not work anymore without resolver?

Le Tue, 24 Jul 2012 15:50:30 +0200, Gilles Chehade gil...@poolp.org a écrit : Hello, That worked fine on 4.8, but with 4.9 the box does not send any mail : /var/log/mailog: smtpd[4269]:1317598201.5Tsv7GvPDRFc1Ozt:from=root@Y, size=6325, nrcpts=1, proto=ESMTP, relay=0@localhost

Re: More bgpd problems

Le Wed, 30 May 2012 09:27:23 + (UTC), Matt Hamilton ma...@netsight.co.uk a icrit : Hello, I'd be very interested to see your ifstated config and how you use that to verify peers being up as we could do with some better monitoring here. Here we use bgpctl show summary terse with a grep on

Re: Router project on OpenBSD questions

Le Mon, 27 Feb 2012 19:38:45 +, Kaya Saman kayasa...@gmail.com a icrit : Hello, I have currently only used OpenBSD as a test vector setup on VirtualBox and 2x Sun Fire V240's as a DNS server (master/slave) using Bind9. So basically in short am an OpenBSD newbee :-) Ok so here goes;

Re: Router project on OpenBSD questions

Le Mon, 27 Feb 2012 16:58:05 -0300, Christiano F. Haesbaert haesba...@haesbaert.org a icrit : Hello, With a decent hardware, I think you can reach 1mpps (that's million packets per second). I don't think. As far I can see here with a rate of 50K packets through the system, it already spents

Re: Router project on OpenBSD questions

Le Wed, 29 Feb 2012 13:13:30 +0100, Peter Hessler phess...@theapt.org a icrit : Hello, On 2012 Feb 29 (Wed) at 11:54:13 +0100 (+0100), Patrick Lamaiziere wrote: :OpenBSD is not perfect too, it would be nice that pflow handles ipv6 pflow now handles ipv6 (in 5.1) That's cool! Thanks

[PF] bug in port range.

Hello, happy new year. I think there is a off-by-one error in Packet Filter port ranges, for example with an exclude boundary range : port1 port2 PF or pfctl does not check that port1 = port2 and if port1 port2 the port range is not correct. For example 82 80 is not the same as 80 82 (but

Re: [PF] bug in port range.

Le Tue, 3 Jan 2012 17:54:18 +0100, Henning Brauer lists-open...@bsws.de a icrit : Hello, * Patrick Lamaiziere patf...@davenulle.org [2012-01-03 17:45]: I think there is a off-by-one error in Packet Filter port ranges, for example with an exclude boundary range : port1 port2 nope

Re: network bandwith with em(4)

Le Tue, 22 Feb 2011 18:09:32 +0100, Patrick Lamaiziere patf...@davenulle.org a icrit : (4.8/amd64) I'm using two ethernet cards Intel 1000/PRO quad ports (gigabit) on a firewall (one fiber and one copper). The problem is that we don't get more than ~320 Mbits/s of bandwith beetween

[5.0] pkg_add too many FTP connections

Hello, I'm trying to update packages with pkg_add via ftp : # pkg_add -ui Error from ftp://ftp.irisa.fr/pub/OpenBSD/5.0/packages/amd64/gperf-3.0.4.tgz 421 There are too many connections from your internet address. ftp: Can't connect or login to host `ftp.irisa.fr' Error from

Re: [5.0] pkg_add too many FTP connections

Le Wed, 30 Nov 2011 12:35:40 +0100, Marc Espie es...@nerim.net a icrit : Fix your proxy/connection. pkg_add keeps one ftp connection alive, not more, but it does interrupt connections brutally as soon as it has the information it wants. All such problems come from stale ftp connections,

Re: Multiple ISPs: send packets to the interface they came from

Le Tue, 08 Nov 2011 15:27:02 -0500, Guillaume Filion g...@logidac.com a icrit : Hi all, Hello, I also tried using pf route-to but that seems to only work with NAT... No it does routing. I use it without nat. So basically my question is how to tell OpenBSD to send packets to the interface

Re: PF.CONF - with DMZ and packet tagging example

Le Mon, 7 Nov 2011 16:58:29 -0500, Bentley, Dain dbent...@nas.edu a icrit : Hello, block in on $ext from bastards #NAT INBOUND TO DMZ pass in on $ext proto tcp from any to any port $web_services rdr-to $webserver tag INET_TO_DMZ pass in on $ext proto tcp from any to any port $mail_services

Re: why skip is not shown in pfctl -s rules ?

Le Thu, 20 Oct 2011 15:41:51 +0600, PP;QQ P(P8P?P8QP8P= chipits...@gmail.com a C)crit : Hello, but I do not find skip in pfctl -s rules output: Yes, you can check that the interface is skiped with # pfctl -vs Interfaces -i lo0 lo0 (skip) Regards.

[4.9] smtpd does not work anymore without resolver?

Hello, On 4.8 I was using smtpd to relay periodic mails. The box is a firewall and the resolver is not configured at all. smtp.conf # This is the smtpd server system-wide configuration file. # See smtpd.conf(5) for more information. listen on lo0 map aliases { source db /etc/mail/aliases.db }

Re: bgpctl shiw rib out displaying incorrect information

Le Wed, 31 Aug 2011 07:19:15 +0200, Tony Sarendal t...@polarcap.org a C)crit : Hi, current1# cat /etc/bgpd.conf AS 65001 network 10.0.1.0/24 current1# bgpctl show rib nei 172.29.1.52 out flags: * = Valid, = Selected, I = via IBGP, A = Announced origin: i = IGP, e = EGP, ? = Incomplete

Re: Expected throughput in an OpenBSD virtual server

Le Tue, 23 Aug 2011 19:21:32 +0200, Per-Olov SjC6holm p...@incedo.org a C)crit : Hello, Here we reach 400 MBits/s with a CPU rate ~70% but we run OpenBSD 4.9. How fast is your CPU ? cpu0: Intel(R) Xeon(R) CPU E5520 @ 2.27GHz, 2261.30 MHz It's a Dell R610 with 4Go RAM.

Re: Expected throughput in an OpenBSD virtual server

Le Mon, 22 Aug 2011 22:49:47 +0200, Per-Olov SjC6holm p...@incedo.org a C)crit : Hello, Have not tried current, but will try current as soon as I can. Also... I will try to do some laborations with CPU speed of the core the OpenBSD virtual machine has. This to see how the interrupts and

Re: Expected throughput in an OpenBSD virtual server

Le Mon, 22 Aug 2011 20:04:50 + (UTC), Stuart Henderson s...@spacehopper.org a C)crit : Hello, OpenBSD has another way to handle this, MCLGETI. Is there a documentation (for the human being, not the developer) about how MCLGETI works? (don't find a lot about it) Thanks, regards.

Re: carp issues

Le Tue, 09 Aug 2011 15:29:17 +0200, Michael Lechtermann mich...@lechtermann.net a icrit : Hi all, hello, # ifconfig carp0 carp0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:5e:00:01:0a priority: 0 carp: carpdev em0 advbase 1

Re: fat32 interoperatibility issue

Le Mon, 01 Aug 2011 16:04:08 +0200, Daniel Gracia lists.d...@electronicagracia.com a icrit : Yep! That's it, and I totally agree with the discusion there but, as far as msdosfs is in OpenBSD for the very reason of portability -and now I'm supposing-, I wonder if this would be an any welcomed

net-snmp in 4.9 : does it work for you ?

Hello, I've updated my two pf firewalls today from 4.8 to 4.9 (worked fine, nice). But it looks there is a problem with net-snmp and the traffic reported (IF-MIB). This is not correct anymore (like 30 Mbits/s instead more than 150 Mbits/s). I've checked the interfaces indexes in the snmp tables

Re: net-snmp in 4.9 : does it work for you ?

Le Wed, 22 Jun 2011 09:23:01 +0200, Patrick Lamaiziere patf...@davenulle.org a C)crit : Hello, I've updated my two pf firewalls today from 4.8 to 4.9 (worked fine, nice). But it looks there is a problem with net-snmp and the traffic reported (IF-MIB). This is not correct anymore (like 30

Re: Need some input about: OpenBSD 4.9/amd64 and Dell PowerEdge Server R210,R410,R610,R710

Le Tue, 7 Jun 2011 20:49:50 -0700 (PDT), Stefan N stefanbsd...@yahoo.com a C)crit : Hi All, Hello, Have you ever tried to install OpenBSD 4.9/amd64 on the Dell PowerEdge Server R210,R410,R610,R710 (2.5 SAS Disk) with additional Intel. Gigabit ET Quad Port Server Adapter? If yes, are

Re: serious security improvement in OpenBSD

Le Mon, 06 Jun 2011 15:06:54 +0300, Kapetanakis Giannis bil...@edu.physics.uoc.gr a icrit : Who is this 'Charlie' guy anyway??? That is a good question. I've searched in the past looking old system passwd to find who decided this name for the root account but with no luck. Looks like Charlie

Re: Firewall sends wrong MAC address per ARP?

Le Tue, 22 Mar 2011 13:01:48 +0100, Marcus M|lb|sch muelbue...@as-infodienste.de a icrit : hello, carp3: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:00:5e:00:01:21 priority: 0 carp: carpdev bge0 advbase 1 balancing arp carppeer

(4.8) Missing pkg.conf in see also manual for pkg_add

Hello, Just noticed that pkg.conf(5) is missing in the see also section of pkg_add(1) and friends. Regards.

Re: network bandwith with em(4)

Le Sat, 26 Feb 2011 00:23:36 +0900, Ryan McBride mcbr...@openbsd.org a icrit : How about a _full_ dmesg, so someone can take a wild guess at what your machine is capable of? full dmesg : http://user.lamaiziere.net/patrick/dmesg-open48.txt The box is a Dell R610 server. This

Re: network bandwith with em(4)

Le Fri, 25 Feb 2011 08:41:20 +0900, Ryan McBride mcbr...@openbsd.org a icrit : On Wed, Feb 23, 2011 at 06:07:16PM +0100, Patrick Lamaiziere wrote: I log the congestion counter (each 10s) and there are at max 3 or 4 congestions per day. I don't think the bottleneck is pf. The congestion

Re: network bandwith with em(4)

Le Fri, 25 Feb 2011 13:51:32 +0100, Patrick Lamaiziere patf...@davenulle.org a icrit : (ooops, push the wrong button) How about a _full_ dmesg, so someone can take a wild guess at what your machine is capable of? full dmesg : http://user.lamaiziere.net/patrick/dmesg-open48.txt The box

Re: network bandwith with em(4)

Le Fri, 25 Feb 2011 13:51:32 +0100, Patrick Lamaiziere patf...@davenulle.org a icrit : systat mbufs: IFACELIVELOCKS SIZE ALIVE LWM HWM CWM What does these counters mean? Thanks.

Re: network bandwith with em(4)

Le Tue, 22 Feb 2011 18:09:32 +0100, Patrick Lamaiziere patf...@davenulle.org a icrit : (4.8/amd64) Hello, I'm using two ethernet cards Intel 1000/PRO quad ports (gigabit) on a firewall (one fiber and one copper). The problem is that we don't get more than ~320 Mbits/s of bandwith

Re: network bandwith with em(4)

Le Wed, 23 Feb 2011 22:09:18 +0100, Manuel Guesdon ml+openbsd.m...@oxymium.net a icrit : | Did you try to increase the number of descriptor? | #define EM_MAX_TXD 256 | #define EM_MAX_RXD 256 | | I've tried up to 2048 (and with MAX_INTS_PER_SEC = 16000) but it looks | worth. Thank you !

Re: network bandwith with em(4)

Le Tue, 22 Feb 2011 19:13:48 +0100, Manuel Guesdon ml+openbsd.m...@oxymium.net a icrit : Hello, We've got same problems (on a routeur, not a firewall). Increasing MAX_INTS_PER_SEC to 24000 increased bandwith and lowered packet loss. Our cards are Intel PRO/1000 (82576) and Intel PRO/1000 FP

Re: network bandwith with em(4)

Le Tue, 22 Feb 2011 10:22:16 -0800 (PST), James A. Peltier jpelt...@sfu.ca a icrit : Those documents do not necessarily apply any more. Don't go tweaking knobs until you know what they do. We have machines here that transfer nearly a gigabit of traffic/s without tuning in bridge mode

network bandwith with em(4)

(4.8/amd64) Hello, I'm using two ethernet cards Intel 1000/PRO quad ports (gigabit) on a firewall (one fiber and one copper). The problem is that we don't get more than ~320 Mbits/s of bandwith beetween the internal networks and internet (gigabit). As far I can see, on load there is a number

Re: network bandwith with em(4)

Le Tue, 22 Feb 2011 11:19:26 -0600, Mark Nipper ni...@bitgnome.net a icrit : The problem is that we don't get more than ~320 Mbits/s of bandwith beetween the internal networks and internet (gigabit). Have you already looked at: --- https://calomel.org/network_performance.html Yes

dump device

[4.8/amd64] Hello, Is there a way to change the dump device without rebuilding the kernel? That's not clear if config(8) -e is able to do this. Thanks, regards.

Re: PF: Route packets out specific interface with NAT

Le Mon, 31 Jan 2011 18:24:04 +0100, Joachim Tingvold joac...@tingvold.com a icrit : Hi, Hello, This does not work at all. If I change http://www.openbsd.org/faq/pf/carp.html#RulesetTips + Ruleset Tips Filter the physical interface. As far as PF is concerned, network traffic comes from the

netflow and ipv6?

Hello, Are there some plans to implement netflow v9 in pflow(4) (to be able to trace ipv6 flows)? Without, which collector can I use in userland? And is the load introduced by such userland tool a concern with a network traffic passing the firewall around ~500Mb/s? Thanks, regards.

Re: Another carp problem.

Le Fri, 31 Dec 2010 18:09:40 +0100, Alessandro Baggi alessandro.ba...@gmail.com a icrit : To exclude also pf rules problem, I've tried a rule set as: match...nat-to... pass all but the problem persists. Other Issue? Hmmm Ok, I don't know where is the problem. I've made recently a

Re: Another carp problem.

Le Thu, 30 Dec 2010 19:58:21 +0100, Alessandro Baggi alessandro.ba...@gmail.com a icrit : these are my pf rules for carp and pfsync: pass in quick proto pfsync pass in quick proto carp .. block in all ... And in output?

Re: soekris + openbsd server buy question

Le Fri, 3 Dec 2010 19:28:19 +0800 (CST), shweg...@gmail.com a icrit : Hello, I'm considering buying a Soekris net5501-70 and install OpenBSD on it to make myself a small server and use it as a proxy (ssh tunnel), it might serve as backup file sever as well. I guess at the most there will be

Re: soekris + openbsd server buy question

Le Fri, 3 Dec 2010 08:44:43 -0500, Adam M. Dutko dutko.a...@gmail.com a icrit : The specifications for the Soekris system you mentioned don't lead me to be believe they'd be great for file server duty. When I think of file servers I think of fast disk (5501 can use SATA so that's a plus) On

ifconfig and carp demote count

(4.8/amd4) Hello, Looks like the carp demote count is limited to 255 but the max value in ifconfig is less or equal to 128. # ifconfig -g carp carp: carp demote count 0 # ifconfig -g carp carpdemote 100 # ifconfig -g carp carpdemote 100 # ifconfig -g carp carp:

Re: (4.8) OpenBGPd sometimes does not send the routes to the peer.

Le Mon, 8 Nov 2010 20:03:11 +0100, Claudio Jeker cje...@diehard.n-r-g.com a icrit : Can you run a bgpctl show rib detail 129.20.0.0/16 and a bgpctl show table. For some reason none of the above routes got selected and so nothing is redistributed. It looks like the decision process is

(4.8) quagga and tcp-md5 signature

Hello, Do you know if Quagga in OpenBSD 4.8 implements the tcp-md5 signature (for BGP) ? Looks like it does not work. Thanks, regards.

Re: (4.8) quagga and tcp-md5 signature

Le Mon, 8 Nov 2010 15:14:49 +0100, David Coppa dco...@gmail.com a icrit : Do you know if Quagga in OpenBSD 4.8 implements the tcp-md5 signature (for BGP) ? Looks like it does not work. Why using quagga when you have bgpd (which is in the tree and supports md5 signatures as well)?

Re: (4.8) OpenBGPd sometimes does not send the routes to the peer.

Le Mon, 8 Nov 2010 16:07:06 +0100, Claudio Jeker cje...@diehard.n-r-g.com a icrit : Have you checked if the networks were actaully added to the RIB? Do you mean bgpctl show rib ? No. Well, it takes some time but I'm able to reproduce this: # bgpctl show rib flags: * = Valid, = Selected, I =

(4.8) OpenBGPd sometimes does not send the routes to the peer.

(4.8/amd64) Hello, I'm doing some tests with OpenBGPd and sometimes (but often), when I restart bgpd it does not send anymore the routes to the peer. The routes are static and configured into bgpd.conf How to repeat: # bgpd -d -v wait until the routes are sent to the peer. ^D shoot again

PF set skip on interface group

Hello, (snaphot 4.8/amd64) I'm trying to use a pf.conf hardware independent using some interface groups. PacketFilter Set skip does not look to work fine with interface group. # ifconfig IFPFSYNC bnx0: flags=8843UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST mtu 1500 lladdr 00:22:19:5b:ad:da

(snapshot 4.8) acpi button (on/off) not found on Dell Poweredge R610.

Hello, I'm using a snapshot of 4.8/amd64 (october, 6) and I'm not able to shutdown properly the box using the power on/off button. The machine is a Dell PowerEdge R610: bios bios0: vendor Dell Inc. version 2.1.9 date 05/21/2010 bios0: Dell Inc. PowerEdge R610 full dmesg :

carp and IPv6 duplicate IP6 address

Hello, (snapshot 4.8/amd64) I'm playing with carp in master/backup mode. When a server becomes inactive (from master to backup or from backup to master) there is a dupplicate IP6 address. Is it bad doctor? By example on the master: Oct 15 15:34:27 ucop1 /bsd: carp1: state transition: MASTER -

Re: Carp Master / Backup

Le Fri, 15 Oct 2010 15:29:30 +0100, Harrower Gary (NHS National Services Scotland) gary.harro...@nhs.net a icrit : Hi, Any ideas why they were both trying to be master? did you set carp preemption on both machines?