, but i had to let you know
Best,
--
Ronnie Garcia r.garcia at ovea dot com
that
it is not recommended, but its not clear.
Then, maybe i should switch to using ports ?
Best,
--
Ronnie Garcia r.garcia at ovea dot com
meaningless
(unless.. well, that's another story)
What other tool would you recommend, then ? The idea is to simulate
legit Internet traffic and/or DDoS traffic.
--
Ronnie Garcia r.garcia at ovea dot com
vendors.
So... which driver to go? sk? em?
Do you expect doing more than 100mbits with this hadware (with PF anabled) ?
I'm maxing a P4 2.4Ghz at 40mbits, with a dual em, and a ~300 lines pf.conf
--
Ronnie Garcia r.garcia at ovea dot com
Clint Pachl a icrit :
Ronnie Garcia wrote:
Chris C. a icrit :
I'm in the need to replace my two 100mbit fxp nic's in my firewall
with a 1000mbit one. The hardware is kinda old. (PIII)
I'm looking for an inexpensive but not bad (so I think no realtek
chips) nic.
Have looked at sk and bge
Bryan Vyhmeister a icrit :
On Apr 16, 2007, at 1:58 AM, Ronnie Garcia wrote:
Clint Pachl a icrit :
Ronnie Garcia wrote:
Do you expect doing more than 100mbits with this hadware (with PF
anabled) ?
I'm maxing a P4 2.4Ghz at 40mbits, with a dual em, and a ~300 lines
pf.conf
What is your
Kian Mohageri a icrit :
On 4/16/07, Ronnie Garcia [EMAIL PROTECTED] wrote:
Bryan Vyhmeister a icrit :
On Apr 16, 2007, at 1:58 AM, Ronnie Garcia wrote:
Clint Pachl a icrit :
Ronnie Garcia wrote:
Do you expect doing more than 100mbits with this hadware (with PF
anabled) ?
I'm maxing a P4
Hey,
I was expecting to stop pfsync with :
ifconfig pfsync0 down
But it did not.
I could stop pfsync by down'ing the physical device, but is there any
other way around ?
I'm using 4.0
Rgds,
--
Ronnie Garcia r.garcia at ovea dot com
,
unless somebody pays me so massively for it that I consider that a
sufficient solatium)
How much is massive ? ;)
--
Ronnie Garcia r.garcia at ovea dot com
below:
cpu0: Dual Core AMD Opteron(tm) Processor 280, 2394.36 MHz
cpu1: Dual Core AMD Opteron(tm) Processor 280, 8139.45 MHz
I don't know if that could be related, but look how your two cores are
probed. One is 4 times faster than the other.
--
Ronnie Garcia r.garcia at ovea dot com
for this, or how to debug the issue further ?
Did you tweek kernel parameters, like net.inet.ip.ifq.maxlen ?
What is the CPU usage during the transfer ?
Did you try with autonegotiation off, and with speed fixed at 1000base-T
FD on each port ?
--
Ronnie Garcia r.garcia at ovea dot com
in /etc/resolv.conf and an entry /etc/sysctl.conf has
been commented
out.
Which one ? net.inet.ip.forwarding ?
--
Ronnie Garcia r.garcia at ovea dot com
-location | Hosting
--
Ronnie Garcia r.garcia at ovea dot com
Directeur
ovea
Til : +33 4 6767
Gsm : +33 6 29500295
http://www.ovea.com
/routers_bol.html
While you are at it, and because i did not see it mentionned in this
list, there is a very good prez made by claudio@ :
Routing with OpenBSD using OpenOSPFD and OpenBGPD
http://www.openbsd.org/papers/linuxtag06-network.pdf
--
Ronnie Garcia r.garcia at ovea dot com
Hey Henning,
Henning Brauer a icrit :
* Ronnie Garcia [EMAIL PROTECTED] [2007-01-22 21:10]:
I'm graphing a lot of kernel/pf variables with cacti, and i'm clearly
seeing the box maxing at 15k interrupts/s.
that is not necessarily a problem.
I'm raising 15k interrupts/s when the box
Here is usefull details from Henning (thanks!)
Message original
Sujet: Re: Firewall, high interrupt load, is this a driver problem (dc) ?
Date: Tue, 23 Jan 2007 11:42:22 +0100
De: Henning Brauer [EMAIL PROTECTED]
Pour: Ronnie Garcia [EMAIL PROTECTED]
Rifirences: [EMAIL
Ronnie Garcia a icrit :
I recently switched one of our firewalls from Linux to oBSD 4.0.
Its handling approx 8-9 kpps (in+out) on both interfaces. It has a
D-Link DFE-570TX quad ports NIC (dc driver), two ports are used.
On Linux, the CPU was loaded at approx 20% when, and on oBSD, its
preferred the host
will be when choosing a master. The default is 0. Acceptable values are
from 1 to 254.
?
--
Ronnie Garcia r.garcia at ovea dot com
,
--
Ronnie Garcia r.garcia at ovea dot com
-WEBCONTENT (see 13.1)
--
Ronnie Garcia r.garcia at ovea dot com
to be the loopback
address of your other border router.
Your router-id parameter should also be the IP adress of your local
loopback interface.
Your loopback interfaces should have a /32 IP adress set.
Regards,
--
Ronnie Garcia r.garcia at ovea dot com
OSPF over the CARP interface.
Regards =]
--
Ronnie Garcia r.garcia at ovea dot com
Claudio Jeker a icrit :
On Tue, Oct 10, 2006 at 07:59:23PM +0200, Ronnie Garcia wrote:
I have an OSPF enabled backbone and want to insert two firewalls.
Each firewall will be connected to one different core router.
My idea is to setup OSPFd on the interfaces plugged to the core, and
CARP
in more practical anecdotes as to where it is really useful.
This is more or less the definition of a VPN, not VLANs.
--
Ronnie Garcia r.garcia at ovea dot com
FW2 and the corresponding
ACK packet go back thru FW1.
Will pfsync just handle the split sessions happily ? Will it handle the
load for, say, 10k pps ?
Kind regards,
--
Ronnie Garcia r.garcia at ovea dot com
routes?
Currently all as-external routes are announced with a default metric of
100 and as type 1 routes. I planned to add support for a set metric and
set type type option for the redistribute keyword but had no time to
finish the implementation.
That would just rock =]
--
Ronnie Garcia r.garcia
/connected routes into the IGP.
Regards,
--
Ronnie Garcia r.garcia at ovea dot com
Stuart Henderson a icrit :
On 2006/09/30 21:59, Ronnie Garcia wrote:
Is it planned at any time to implement a (cisco-like) network
parameter, to be able to tell ospfd which network it should annouce ?
Actually i need a mix of default and static/connected as i would
like my border routers
28 matches
Mail list logo
