Hi,
I'm running a pretty busy OpenBGPd router (~250 bgp sessions) with 4
IPv4 and 4 IPv6 full views, plus a few IX sessions.
# bgpctl show rib mem
RDE memory statistics
820983 IPv4 unicast network entries using 31.3M of memory
203228 IPv6 unicast network entries using 10.9M of memory
Le 30/06/2020 à 11:56, Claudio Jeker a écrit :
Can you check and monitor with ps aux | grep bgpd and or top the VSZ and
RSS of the RDE process. What is the maximum you notice. Also how do you
start bgpd? Make sure the limits from login.conf are actually applied
(using rcctl start should do that w
Hi,
I'm trying to achieve the following:
I have a RTBH peer configured (router from my ISP I access over multihop).
Config is the following:
group "eBGP_RTBH_COGENT" {
remote-as 174
holdtime30
holdtime min3
announce
eb 12 (Fri) at 14:23:08 +0100 (+0100), Laurent CARON wrote:
:Hi,
:
:I'm trying to achieve the following:
:
:I have a RTBH peer configured (router from my ISP I access over multihop).
:
:Config is the following:
:
:group "eBGP_RTBH_COGENT" {
:
:remote-as 174
Hi,
After upgrading a 7.3 to 7.4 OpenBSD box, I noticed OSPF adjacencies
using a password are not coming up with the following in /var/log/messages:
ospfd[55040]: recv_packet: authentication error, neighbor ID X.X.X.X
interface vlanXX
After removing the authentication, I was able to get adj
Le 07/11/2023 à 10:59, Claudio Jeker a écrit :
Ugh. My bad. I forgot that iface->auth_key is not really a string. So the
code setting the auth_key would copy too much if you use a password with 8
chars. Using a password with 7 or less chars works fine.
As a result of this overflow the checksum
Hi,
I tried to install OpenBSD on a RAID1 (perc H755) volume to no avail. No
disks available during install.
It seems the PCI-ID of the PERC H755 card is not present in OpenBSD.
vendor "Symbios Logic", unknown product 0x10e2 (class mass storage
subclass RAID, rev 0x00) at pci12 dev 0 functio
Hi,
I'm currently migrating a BGPd server.
Specs of "old" machine:
- Dell R720 with Intel(R) Xeon(R) CPU E5-2637 v2and 16GB RAM
- SMP Kernel (default)
- BGPd runs fine with 5 full views
- X710 NIC (ixl) 4 port interface
Specs of "new" machine:
- Dell R750xs with Intel(R) Xeon(R) Gold 6334
Hi Claudio,
Should you need remote access to the server, this is of course possible.
Le 27/11/2023 à 17:51, Laurent CARON a écrit :
Please find attached the relevant info:
vmstat-m_SP_with_bgpd -> vmstat -m SP with bgpd
vmstat-m_SMP_without_bgpd -> vmstat -m SMP without bgpd
Le 28/11/2023 à 12:12, Claudio Jeker a écrit :
So the problem is that the malloc space is filled by
a) 26540K of devbuf -- because of the multiqueue support in ixl
b) 63493K of ACPI -- what the heck ACPI?!?
and then there is not enough space for rtable. A full table requires
in your example 50816
Le 28/11/2023 à 17:46, Claudio Jeker a écrit :
The problem is that the symbol nkmempages moved into .bss and is therefor
no longer modifiable by config(8). I think you can still use ukc via
boot -c to alter it (but that is not sticky).
The alternative is to set "option NKMEMPAGES=131072" in yo
. :)
/Wouter
On Thu, Dec 14, 2023 at 3:08 PM Claudio Jeker
wrote:
On Tue, Nov 28, 2023 at 05:55:03PM +0100, Laurent CARON wrote:
>
> Le 28/11/2023 à 17:46, Claudio Jeker a écrit :
> > The problem is that the symbol nkmempages moved into .bss and
is therefor
&
Hi,
Just received my CDs in Paris.
Thanks
Hi,
I'm about to get my own AS to be able to get good redundancy from 2 ISP
(Fiber + DSL).
Since a cisco solution is not really cheap i'm wondering how a similar
solution could run on OpenBSD.
Requirements:
- Load balancing
- Failover
- Throughput (i know we should talk in pps...): 20Mb/s (
Alexander Farber wrote:
Hello,
our web proxy for 400 users (actually at the moment less than 100,
but we are going to switch the others to use it soon) is slow.
It is a HP Proliant DL385 running OpenBSD 4.4-stable with
the squid-2.7.STABLE3 from packages (dmesg below).
Does anybody please have
Pete Vickers wrote:
The bge driver sucks for these cards - just chuck in an em(4) NIC and
you should see instant improvement.
Those cards have always been unreliable for me under Linux and OpenBSD.
Steve Shockley wrote:
On 2/27/2009 8:43 AM, Laurent CARON wrote:
- Forcing speed on switch
- Forcing speed on nic
Why? This practice made sense when 10baseT gear from different vendors
wasn't compatible, but not for the last 15-20 years.
This practice still makes sense, at least
Henning Brauer wrote:
this is extremely stupid.
I know, I'm a very stupid guy ;)
Hi,
I'm having the following setup
2 em interfaces composing trunk0:
/etc/hostname.trunk0
up
trunkproto
lacp trunkport em4 trunkport em1
a vlan interface 'over' trunk0:
/etc/hostname.vlan34
inet 1.2.3.4 255.255.255.240 NONE vlan 3
On 17/11/2014 19:16, sven falempin wrote:
did you apply one of the patch about vlan ?
Sorry I forgot to mention this box is running stock 5.6 with no patch
applied.
Shall I have applied a patch to it ?
I'll apply errata shortly.
Laurent
On Mon, Nov 17, 2014 at 5:39 AM, Kevin Gee wrot
Hi,
I'm running what I would call a fairly basic setup composed of:
- 4 routers (OpenBGPd) / R{1..4}
- 2 transits AS{8218,13193}
- my AS: 49463
- BGP session over loopback interfaces (2a02:27d0:0:112::1 /
2a02:27d0:100:114::4)
- Several peering sessions (HE, ...)
R1 - bgpd.conf:
AS 49463
netwo
On Fri, Nov 09, 2012 at 12:23:45AM +0800, Patrick Coleman wrote:
> Is there any reason you need to restrict capabilities like this on
> iBGP? Have you tried removing the the announce IPv6 unicast lines (so
> the announce all inherits from the parent clause) to see what happens?
Hi,
announce
On Tue, Nov 06, 2012 at 12:52:10PM +0100, Laurent CARON wrote:
> On R1:
> # bgpctl show | egrep '(iv6_gw-001_to_004|ev6_gw-001_to_NERIM)'
> ev6_gw-001_to_NERIM 13193 302495 94094 0 01w3d21h 10543
> iv6_gw-001_to_004 49463 317993 154496 0 0
On 29/11/2012 08:01, James Shupe wrote:
I ran across this today after AboveNET upgraded some routers (I would
have appreciated a maintenance notice...)
I applied Claudio's patch and the sessions came back up and have been
stable for the last half hour. I'll check back in if there are any issues.
Hi,
I'm wondering what a good way of terminating bgpd would be.
Context: OpenBSD box (5.8 GENERIC.MP#1236 amd64) running ospfd, bgpd, ...
When terminating bgpd (pkill bgpd), routes installed by bgpd are not
being removed from the routing table (this server is getting 4 full
views and a lot of
how senile my finger memory is. In such cases, all routes are removed
from the kernel fib as bgpd stops running.
On 2016 Mar 15 (Tue) at 17:36:56 +0100 (+0100), Laurent CARON wrote:
:Hi,
:
:I'm wondering what a good way of terminating bgpd would be.
:
:Context: OpenBSD box (5.8 GE
Hi,
Setup:
OpenBSD 5.9 box
Network interface: ix (Intel 1G/10G X520)
ix0: flags=18843 mtu 1500
lladdr 90:e2:ba:ba:c5:cc
priority: 0
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
vlan4: flags=8843 mtu 1500
lladdr 90:e2:b
Hi,
Back to this issue:
Setup:
Source: Linux box: 2a02:27d0:100:115:6000::200
Destination: OpenBSD 5.9-stable box: 2a02:27d0:116::3
Source#: ping6 -M do -s 1232 2a02:27d0:100:114::3
PING 2a02:27d0:100:114::3(2a02:27d0:100:114::3) 1232 data bytes
1240 bytes from 2a02:27d0:100:114::3: icmp_seq=1
Hi,
After some more tests:
Source: Linux machine with IPv6: 2a02:27d0:0:5e0d:1a03:73ff:feba:50b4
Destination: Linux machine with IPv6: 2a02:27d0:0:5e0d:428d:5cff:fea5:501e
source# ping6 -M do -s 1300 2a02:27d0:0:5e0d:428d:5cff:fea5:501e
destination# tcpdump -ni enp3s0 host 2a02:27d0:0:5e0d:1a03:
Hi,
Does anybody have a clue about this issue ? Thanks
Setup:
Source: Linux box: 2a02:27d0:100:115:6000::200
Destination: OpenBSD 5.9-stable box: 2a02:27d0:116::3
Source#: ping6 -M do -s 1232 2a02:27d0:100:114::3
PING 2a02:27d0:100:114::3(2a02:27d0:100:114::3) 1232 data bytes
1240 bytes from
Hi,
While reviewing my BGP filters, i realized I don't filter private AS# in
the AS-PATH.
According to OpenBGPd's man page, it is possible to use:
deny from any AS { 64512 64513 65535 }
It would however be quite unmaintainable and not really clean.
Would it be possible to please implem
On 21/08/2014 00:01, Stuart Henderson wrote:
That would deny (reject) routes, it would not strip private ASN from the
AS-path, openbgp doesn't have a way to do that.
Hi Stuart,
That's exactly what I meant to do. The subject I chose is actually wrong
& misleading.
If you actually mean rejec
On Wed, Oct 10, 2012 at 12:13:44PM +0200, Laurent CARON wrote:
> Hi,
>
> I'm trying to establish a peering session with another member of an IX
> (France-IX).
>
> On my side I do have 2 OpenBSD (OpenBGPd) boxes.
(..snip..)
> In my logs I do observe this:
> Oct 9
On Mon, Nov 25, 2013 at 10:53:24PM +0100, Laurent CARON wrote:
> I added a new transit to my network (Level3) and this issue is back
> (runnning OpenBSD 5.4 but tried current also).
>
> Nov 25 22:43:55 bgpgw-002 bgpd[24271]: neighbor 2001:450:2001:1001::45
> (ev6_gw-002_t
On 03/12/2013 19:20, Andy wrote:
Can you provide an example of what you did/fixed in bgpd.conf so when
others google for this error they will have a pointer of what to do :)
Here it is.
** Note for future readers, don't copy and paste this config snippet as
it does *NOT* work as you would exp
On 04/12/2013 12:28, Janne Johansson wrote:
2013/12/3 Laurent CARON
** Note for future readers, don't copy and paste this config snippet as it
does *NOT* work as you would expect it. **
$PEERv6="dead:beef::1"
$MEv6="dead:beef::2"
Think of the vegans...
dead:potatoes:burn:in:hell::1 ? ;)
Hi,
I'm using cymru[1] bogon feed onto a router receiving several full tables.
On this router I have:
neighbor $CYMRU_PEER_v4 {
descr cymru-fullbogon-v4-001
local-address $NERIM_MY_v4
max-prefix 9550 restart 10
}
bgpctl sh
On 24/01/2014 00:38, Sebastian Benoit wrote:
This is normal behaivor (and perhaps a misunderstanding on your side):
bgpd will only put routes into the fib that are best and valid in the rib.
A route comming from an EBGP-peer is only valid if the nexthop is directly
connected. To make the route
Hi,
I'm currently experiencing what I would call a strange behavior (maybe a
total config fuck up on my side, who knows...).
I'm basically having 2 boxes acting as a CARP gateway for my servers.
Adressing:
- Box 1 (bge1): 46.21.116.1
- Box 2 (bge1): 46.21.116.2
- CARP116: 46.21.116.
Hi,
Any clue about this issue ?
Thanks
On Fri, Jan 31, 2014 at 06:13:15PM +0100, Laurent CARON wrote:
> Hi,
>
> I'm currently experiencing what I would call a strange behavior (maybe a
> total config fuck up on my side, who knows...).
>
> I'm basically having 2 bo
On Tue, Feb 11, 2014 at 10:17:46PM +, andy wrote:
> Hi,
>
> You should be able to ping the CARP IP addresses from any host (including
> the master), so something is wrong here.
>
> This can sometimes be due to a routing problem.
>
> Your routing table should look similar to;
>
> 10.0.0.1
On 17/04/2014 11:24, Tristan PILAT wrote:
Is there a way to make this work with "allow from any inet prefixlen 8 -
24" to accept /32 only for the blackhole ?
What about: allow from group customers prefixlen = 32 community 64514:888
Please pay attention of not allowing one of your customers to
On 22/04/2014 17:41, Tristan PILAT wrote:
Yes but how to do that without hard coded the network of the customer like
in this rule;
allow from group "customers" community 64514:888 prefix
192.0.33.0/24prefixlen = 32 set nexthope blackhole
Don't you already filter your customers announcements ?
Hi,
I'm happily running several OpenBGPd routers (Openbsd 7.0).
After having applied the folloxing filters (to blackhole traffic from
certain countries):
include "/etc/bgpd/deny-asn.ru.bgpd"
include "/etc/bgpd/deny-asn.by.bgpd"
include "/etc/bgpd/deny-asn.ua.bgpd"
# head /etc/bgpd/deny-asn.
Le 29/03/2022 à 12:10, Claudio Jeker a écrit :
I doubt it is the filters. You run into some sort of memory leak. Please
monitor 'bgpctl show rib mem' output. Also check ps aux | grep bgpd output
to see why and when the memory starts to go up.
With that information it may be possible to figure out
Le 29/03/2022 à 12:10, Claudio Jeker a écrit :
I doubt it is the filters. You run into some sort of memory leak. Please
monitor 'bgpctl show rib mem' output. Also check ps aux | grep bgpd output
to see why and when the memory starts to go up.
With that information it may be possible to figure out
Le 29/03/2022 à 14:50, Stuart Henderson a écrit :
Also: check the values for bgpd's login class (as root, "su -c bgpd -"
then "ulimit -a"), and are you starting bgpd from the rc-script or by hand?
Hi Stuart,
# ulimit -a
time(cpu-seconds) unlimited
file(blocks) unlimited
coredum
Le 01/04/2022 à 14:38, Claudio Jeker a écrit :
The numbers look reasonable with maybe the exception of prefix and BGP
path attrs. Unless this system is pushing or pulling lots of full feeds to
peers I would not expect such a high number of prefixes. Also the number
of path attributes is high b
Le 04/04/2022 à 15:43, Claudio Jeker a écrit :
On Tue, Mar 29, 2022 at 09:53:56AM +0200, Laurent CARON wrote:
Hi,
I'm happily running several OpenBGPd routers (Openbsd 7.0).
After having applied the folloxing filters (to blackhole traffic from
certain countries):
include "/etc
Le 04/04/2022 à 15:43, Claudio Jeker a écrit :
You should really use as-set for this:
as-set ru-set { 2148 2585 2587 ... }
And also not match any (at least I think you don't really want that to
match on ibgp sessions):
match from ebgp AS as-set ru-set set { localpref 250 nexthop blackhole }
Papo Napolitano a C)crit :
Hello all,
I got two ISP lines (1 Mb and 6 Mb) and was planning to route outgoing
"guest traffic" thru the smaller one.
Problem is my FW only has two NICs.
If both external routers are connected to a Cisco switch as well as the
external OpenBSD interface, is it possi
Hi,
I'm currently setting-up a fully redundant gateway under OpenBSD (4.3)
with IPSEC, CARP, PF, SA Sync, ...) and would like to benefit of
failover over 2 wans connections (for outgoing connections of course).
I already have a round robin on the 2 external links:
pass in log on $IntIf route-
Giancarlo Razzolini wrote:
I did setup several gateways like this, but only on one firewall. With 2
firewalls, you have the additional complexity of ifstated no only
checking if the wan link goes down, but you will have to put other thins
into account, like the migration of them. ifstated is a st
Hi,
I'm basically trying to setup a VPN between a linux box (debian) and an
OpenBSD one.
I'd like to use a PSK for that VPN.
Here are the config files:
Linux box:
conn jak-ha
left=PUBLICIP_OF_LINUX_BOX
leftsubnet=192.168.9.0/24
right=PUBLIC_IP_OF_BSD_BOX
rightsubnet=10.50.0.0
John Jackson wrote:
It may also be worth noting that Debian has OpenBSD's isakmpd packaged,
'apt-get install isakmpd'. I've had success using isakmpd on Debian to
create VPN's between OpenBSD and Debian gateways.
Since i'm using OpenSwan on 99% of my servers, i'd like to be able to
integrate O
John Jackson wrote:
It may also be worth noting that Debian has OpenBSD's isakmpd packaged,
'apt-get install isakmpd'. I've had success using isakmpd on Debian to
create VPN's between OpenBSD and Debian gateways.
Here is where I'm now:
Openswan's side:
conn lncjakarta-lncha
leftsubnet=1
Sean Malloy wrote:
It looks like you are trying to use different encryption algorithms and
hash functions for the phase 2 SA. They need to match at both end points.
It looks like the Linux box is configured to do 3DES and SHA1. The
OpenBSD box is configured to do AES and SHA256.
Hi,
Even with
Dirk Mast wrote:
This config works for me:
Hi,
OpenBSD 4.3 as GW and Debian Linux with OpenSWAN as client, and
the package ike is installed under Linux, too.
The openswan package is not sufficient to get a working IPsec between
Linux and OpenBSD ?
OpenBSD:
ike esp from any to 172.16.1
Dirk Mast wrote:
Linux /etc/ipsec.conf:
version 2.0
config setup
... (snip)
Hi,
I finally managed to get it up and working (without IKE).
OpenBSD:
/etc/ipsec.conf:
ike esp from 10.50.0.0/24 to 192.168.9.0/24 peer PUBLIC_LINUX quick \
auth hmac-sha1 enc aes group modp1024 psk
Hi,
Thanks to the help from this list I managed to set up a VPN between 2
machines (Linux & OpenBSD).
My next step is to provide high availability on the OpenBSD side.
I did set-up pf, carp, sasync.
Since my machines are having each one ip on the wan, one on the lan, and
2 carp ips (lan + w
Stefan Sczekalla wrote:
Hi,
I have a Problem with DNS while connecting two overlapping private
networks.
Now I'm looking for a DNS Server which will "remap" certain IP-addresses
according to a translation table or rule.
Hi,
What is the real problem you're trying to solve ?
Laurent
Stefan Sczekalla wrote:
Hi Laurent,
The Problem I like to solve is:
Hiding a Network by nat while keeping it accessible via DNS without
translating every natted IP manually on a local DNS-Server.
Maybe i'm completely stupid but i *really* don't see the goal of this.
- You've got a private ne
Stefan Sczekalla wrote:
Hi Lurent,
e.g. :
you join two companies ( lets name them "A" and "B" ) using overlapping
private adress-space.
Lets assume "A" has a Fileserver.A at 192.168.2.1.
Users on Company B like to acces Fileserver.A using - but at "B" they
have their Mailserver.B at 192.168
Marco Peereboom wrote:
Now *that* is nuts!
Not upgrading IOS every other day that is...
What about having the greatest downtime ?
Means running windows ?
Nope, sorry, just not having the computer plugged ...
Ain't that great ? ;)
Hi,
One of my /etc/hostname.??? contains:
inet .
inet6
! route add -inet6 dead:beef:100:f222:: -prefixlen 64 dead:beef:100:114::222
! route add -inet6 dead:beef:100:f205:: -prefixlen 64 dead:beef:100:114::205
! route add -inet6 dead:beef:100:: -prefixlen 64 dead:beef:100:115::1000
The
Hi,
I'm hit by a rather nasty OpenBGPd 'bug' causing sessions to flap
(basically go down/up/...).
One of the prefixes is: 81.169.0.0/17
Description of bug
https://puck.nether.net/pipermail/juniper-nsp/2012-July/023774.html
Is the included fix
(((s & 0xf0) & ~(ATTR_EXTLEN | (m))) == (t))
in
On Mon, Aug 06, 2012 at 11:15:13PM +0200, Claudio Jeker wrote:
> Only compile tested for now.
Hi Claudio,
I did compile/install a patched version of OpenBGPd from the patch you
provided. It seems stable so far. Will deploy it on 3 other boxes later
on today.
Cheers,
Laurent
On Mon, Aug 06, 2012 at 11:15:13PM +0200, Claudio Jeker wrote:
> I would prefer something like this. Since then we ensure that we do not
> forward crap (as in we regard the RFC and send nothing with reserved bits
> set). AFAIK there is nothing out there that started to use the reserved
> bits so I'
Hi,
I'd like to establish a session with a peer I don't want to accept any
route of.
My first guess would be to set "max-prefix 0"
It seems however "max-prefix 0" means no limit on the number of received
prefixes.
What is the best way to achieve this ?
Thanks
On Tue, Oct 09, 2012 at 10:18:24AM +0200, Sebastian Benoit wrote:
> deny from $peer
Thanks Sebastian
Hi,
I'm trying to establish a peering session with another member of an IX
(France-IX).
On my side I do have 2 OpenBSD (OpenBGPd) boxes.
Config:
group "peering" {
holdtime30
holdtime min3
announceself
set med
On 10/10/2012 16:40, Simon Perreault wrote:
What versions?
OpenBSD 5.1 (sorry for not mentionning it).
In my logs I do observe this:
A pcap dump would be useful...
Here it is:
http://elfe.lncsa.com/get?k=5Rya5Acaq26TqJ9MXG
FYI, subcode 8 has not yet been assigned by IANA:
http://www.i
On 10/10/2012 18:12, Simon Perreault wrote:
The pcap shows that the Cisco box is refusing your OPEN message. It
doesn't like it for some reason. You need to figure out why. Probably
because of the way it's configured. I see no reason to blame either side
so far.
I've gotten the config on the ci
On 10/10/2012 20:54, Claudio Jeker wrote:
Looking at the pcap I see one strange thing:
17:48:39.910152 193.105.232.181.21798 > 193.105.232.145.179: S [tcp sum ok]
35124087:35124087(0) win 16384 (DF) [tos 0xc0] [ttl 1] (id
53673, len 48)
17:48:39.910198 193.105.232.145.179 > 193.105.232.181.217
Hi,
I wonder if it is possible to remove a private AS from the AS path while
using OpenBGPd.
IOS black magic for this would be:
# neighbor $NEIGH remove-private-AS
Thanks
Laurent
Hi,
I'm currently implementing a multi ISP BGP solution:
2 BGP routers on a site, each hooked to a different ISP.
Problem: The rib of rtr-1/rtr-2 are having the following entries:
flags destination gateway lpref med aspath origin
*>1.0.4.0/22 EXTERNALGW_PROVID
Hi,
Just updated to current.
The system fails to boot with:
mpii_scsi_cmd_tmo
System is fine using kernel from Aug 8th 2011
Regards,
Laurent
On Tue, Oct 18, 2011 at 02:20:48PM +0200, Laurent CARON wrote:
> Hi,
>
> Just updated to current.
>
> The system fails to boot with:
>
> mpii_scsi_cmd_tmo
>
> System is fine using kernel from Aug 8th 2011
>
> Regards,
>
> Laurent
The dmesg of work
On Tue, Oct 18, 2011 at 09:33:21AM +, Stuart Henderson wrote:
> This is standard routing config, not openbgpd specific, so you should
> probably read some guides to setting up BGP.
Hi,
After applying Claudio's patch from Sept 16 2011:
messageid: 20110916123411.gb20...@diehard.n-r-g.com
every
Hi,
I'm currently wondering what is the best way to run pfsync between 4 hosts.
If I'm not mistaken, pfsync only has one interface, aka pfsync0
If I use it in unicast mode, i'm then stuck to 2 nodes.
The option would then be to have those 4 hosts exchange their states
over multicast.
Is it
On 19/10/2011 11:45, Mike Belopuhov wrote:
So i've finally have taken a look at this and i've found out
that Reply Post Queue depth is calculated incorrectly.
Laurent, can you please try this patch with -current:
Index: mpii.c
===
R
On Wed, Oct 19, 2011 at 12:46:49PM +0200, Laurent CARON wrote:
> Hi,
>
> I'm currently wondering what is the best way to run pfsync between 4 hosts.
>
> If I'm not mistaken, pfsync only has one interface, aka pfsync0
>
> If I use it in unicast mode, i'm th
On Thu, Oct 27, 2011 at 10:01:11AM -0500, Josh Hoppes wrote:
> pfsync has been using multicast by default for a long time, I think
> possibly from the start. You have to explicitly define a "syncpeer" if
> you want it unicast. The list probably ignored the question because
> the answer was clear in
On 27/10/2011 17:44, Theo de Raadt wrote:
NETWORK SYNCHRONISATION
States can be synchronised between two or more firewalls using this
interface, by specifying a synchronisation interface using ifconfig(8).
Heading back to my reading lessons ;) Thanks for pointing it out.
On 01/03/2010 18:26, tsg12...@gmx.de wrote:
What am I doing wrong? Any hints would be appreciated.
Thank you very much in advance.
Hi,
Has the external fw a route to 10.1.2.1/24 ?
Hi,
I did upgrade one of my BGP routers today with latest current.
Upon reboot I have no network.
pfctl returns the following error:
# pfctl -f /etc/pf.conf
pfctl: DIOCSETSTATUSIF
A default drop all in ruleset is loaded.
If I rollback to previous pfctl it loads my rules fine.
If i want to lo
On 01/07/2010 17:54, Ryan McBride wrote:
This sounds a lot like a kernel/userland mismatch. Please update both
kernel and userland from the same snapshot and try again.
I always upgrade both at the same time. Kernel + userland are in synch
On 01/07/2010 21:21, Ryan McBride wrote:
On Thu, Jul 01, 2010 at 09:00:18PM +0200, Laurent CARON wrote:
On 01/07/2010 17:54, Ryan McBride wrote:
This sounds a lot like a kernel/userland mismatch. Please update both
kernel and userland from the same snapshot and try again.
I always upgrade
On 01/07/2010 22:21, Ryan McBride wrote:
On Thu, Jul 01, 2010 at 10:15:26PM +0200, Laurent CARON wrote:
This incidentally made my other router (running openBGPd) crash with:
uvm_fault(0x80cc7320, 0xdeafb000, 0, 1) -> e
page fault trap, code=0
Stopped
Hi,
I'm experiencing a strange behavior since latest OpenBSD 4.6 current update
(yesterday).
My prefixes are not announced anymore.
OpenBGPd config:
AS 49463
router-id 213.215.49.242
holdtime 90
holdtime min 3
fib-update yes
log updates
network 213.215.28.0/23
network 2001:7a8:820::/44
neigh
On 04/12/2009 13:28, Claudio Jeker wrote:
Seems to be an error on my side. I guess the following diff fixes your
issue. Please test.
Thanks for your input. It is now working flawlessly as it used to.
Hi,
Since I did update OpenBGPd (complete system update today), I did notice
a strange behavior:
None of my eBGP sessions are being taken up wether IPv4 or IPv6
Jan 4 22:02:26 bgpgw-002 bgpd[9545]: neighbor 2001:470:14:98::1
(he-ipv6-bgp-peer): received notification: error in OPEN message,
Hi,
I'm happily using two R300 for a few months now but currently facing a
little issue.
I did upgrade one of the boxes today and the box was unable to boot.
It seems to be related to atapiscsi
It hangs just after scsibus1 at atapiscsi0: 2 targets
After disabling atapiscsi (boot -c, ) t
On 05/01/2010 00:36, Claudio Jeker wrote:
OK, I see a problem here. The session engine does not copy the bgpd_conf
struct but instead does it bit by bit missing some important ones.
This diff should fix the problem for now. It would be better to swap the
config but that is a bit more complex. Nee
Hi,
I'm currently facing a problem with a cisco peer.
Here is the config on the cisco peer (ISP's core router):
neighbor 2001:7A8:1:9FF2::2 remote-as 49463
no neighbor 2001:7A8:1:9FF2::2 activate
neighbor 2001:7A8:1:9FF2::2 activate
neighbor 2001:7A8:1:9FF2::2 soft-reconfiguration inbound
ne
On 05/01/2010 16:39, Laurent CARON wrote:
Strangeness:
On peer bgpgw-001: v4 and v6 networks are announced. On bgpgw-002 v6
networks are received from bgpgw-001 but not announced.
bgpgw-001:/var/log# bgpctl sho rib neigh nerim-ipv6-bgp-peer out
flags: * = Valid, > = Selected, I = via IBGP
Hi,
Background:
Two OpenBSD routers hooked each to two ISPs.
Announced networks:
2001:7a8:820::/44
213.215.28.0/23
Relevant config snippets on bgpgw-001:
http://pastebin.com/m77017bcd
Relevant config snippets on bgpgw-002:
http://pastebin.com/d74d05557
Strangeness:
On peer bgpgw-001: v4 and
On 06/01/2010 14:56, Daniel Bolgheroni wrote:
(I don't know what's happening but my message isn't getting the mailing
list. Third try.)
Hi,
Your messages are reaching the list. However, the date/time of your
computer is incorrectly set:
for ; Tue, 5 Jan 2010 08:56:52 -0700 (MST)
Date: Wed,
On 05/01/2010 03:16, Christopher Linn wrote:
i was having the same problem. i just built from cvs source
with the change and the kernel boots now.
That did the trick.
Thanks
On 05/01/2010 16:39, Laurent CARON wrote:
Hi,
Background:
Two OpenBSD routers hooked each to two ISPs.
Announced networks:
2001:7a8:820::/44
213.215.28.0/23
Relevant config snippets on bgpgw-001:
http://pastebin.com/m77017bcd
Relevant config snippets on bgpgw-002:
http://pastebin.com
1 - 100 of 130 matches
Mail list logo
