Re: OpenBSD-based ISP

2018-04-09 Thread Guillermo Narvaez
Hello everyone! >From the last email of this thread (August 17 2017) I'm running 2 OpenBSD servers with 4x1G interfaces each one, configured with 2 trunk of 2G, routing and making NAT to more than 3000 customers each one. Thank you for the help! On Thu, Aug 17, 2017 at 4:45 PM, Hrvoje Popovski

Re: OpenBSD-based ISP

2017-08-19 Thread Stuart Henderson
On 2017-08-17, Juan Guillermo Narvaez wrote: > Stuart, > > Where I can set the port range of NAT? pf.conf. "nat-to $address port $low:$high"

Re: OpenBSD-based ISP

2017-08-19 Thread Stuart Henderson
On 2017-08-17, Hrvoje Popovski wrote: > On 17.8.2017. 21:23, Juan Guillermo Narvaez wrote: >> This is the dmesg.boot. > > nice box with nice cpu and interfaces ... :) > > if you can, disable Hyper Threading .. > >> In pf.conf: >> set debug notice > > default is error You might

Re: OpenBSD-based ISP

2017-08-17 Thread Juan Guillermo Narvaez
Stuart, Where I can set the port range of NAT? Greetings On Thu, Aug 17, 2017 at 5:04 AM, Stuart Henderson wrote: > On 2017-08-16, Juan Guillermo Narvaez wrote: > > *match out on bge0 inet from 172.21.0.0/19 to any > > nat-to

Re: OpenBSD-based ISP

2017-08-17 Thread Hrvoje Popovski
On 17.8.2017. 21:56, Juan Guillermo Narvaez wrote: > Sure Hrvoje, I'm applying every config and looking the performance > improvement. I will post my final configuration when finish. > > Thanks! > If you do not filter anything on the internal interfaces in pf.conf you could skip them set skip

Re: OpenBSD-based ISP

2017-08-17 Thread Juan Guillermo Narvaez
Sure Hrvoje, I'm applying every config and looking the performance improvement. I will post my final configuration when finish. Thanks! On Thu, Aug 17, 2017 at 4:45 PM, Hrvoje Popovski wrote: > On 17.8.2017. 21:23, Juan Guillermo Narvaez wrote: > > This is the dmesg.boot. > >

Re: OpenBSD-based ISP

2017-08-17 Thread Hrvoje Popovski
On 17.8.2017. 21:23, Juan Guillermo Narvaez wrote: > This is the dmesg.boot. nice box with nice cpu and interfaces ... :) if you can, disable Hyper Threading .. > In pf.conf: > set debug notice default is error when you do all that what people have told you, i would be interested if you see

Re: OpenBSD-based ISP

2017-08-17 Thread Juan Guillermo Narvaez
This is the dmesg.boot. In pf.conf: set debug notice On Thu, Aug 17, 2017 at 3:46 PM, Hrvoje Popovski wrote: > On 17.8.2017. 17:13, Chris Cappuccio wrote: > > Juan Guillermo Narvaez [guille...@nrvz.net] wrote: > >> # sysctl | grep ifq > >> net.inet.ip.ifq.len=0 > >>

Re: OpenBSD-based ISP

2017-08-17 Thread Hrvoje Popovski
On 17.8.2017. 17:13, Chris Cappuccio wrote: > Juan Guillermo Narvaez [guille...@nrvz.net] wrote: >> # sysctl | grep ifq >> net.inet.ip.ifq.len=0 >> net.inet.ip.ifq.maxlen=1024 >> net.inet.ip.ifq.drops=46068291 >> net.inet6.ip6.ifq.len=0 >> net.inet6.ip6.ifq.maxlen=256 >> net.inet6.ip6.ifq.drops=0

Re: OpenBSD-based ISP

2017-08-17 Thread Chris Cappuccio
Juan Guillermo Narvaez [guille...@nrvz.net] wrote: > # sysctl | grep ifq > net.inet.ip.ifq.len=0 > net.inet.ip.ifq.maxlen=1024 > net.inet.ip.ifq.drops=46068291 > net.inet6.ip6.ifq.len=0 > net.inet6.ip6.ifq.maxlen=256 > net.inet6.ip6.ifq.drops=0 > The drops are high. You probably want a higher

Re: OpenBSD-based ISP

2017-08-17 Thread Juan Guillermo Narvaez
# sysctl | grep ifq net.inet.ip.ifq.len=0 net.inet.ip.ifq.maxlen=1024 net.inet.ip.ifq.drops=46068291 net.inet6.ip6.ifq.len=0 net.inet6.ip6.ifq.maxlen=256 net.inet6.ip6.ifq.drops=0 # cat sysctl.conf net.inet.ip.forwarding=1 kern.bufcachepercent=90 net.ip.ifq.maxlen=1024 On Wed, Aug 16, 2017 at

Re: OpenBSD-based ISP

2017-08-17 Thread Stuart Henderson
On 2017-08-16, Juan Guillermo Narvaez wrote: > *match out on bge0 inet from 172.21.0.0/19 to any > nat-to 200.91.35.55* natting a whole /19 to a single address, especially with the default port range 50001-65535, isn't going to work well. I'd suggest

Re: OpenBSD-based ISP

2017-08-16 Thread Hrvoje Popovski
On 16.8.2017. 19:55, Juan Guillermo Narvaez wrote: > Hello everyone! > > I'm relative new using OpenBSD, I have just 4 years using this OS for dhcp > servers. > Today I have the mission of implement this OS in a cablemodem headend, in > my first try I get negative results with this rules: > >

Re: OpenBSD-based ISP

2017-08-16 Thread Robert Blacquiere
Just some more pointers? Please correct me if I am saying some thing wrong. Maybe also good to look at cpu interupts. I'me not sure how good if_bge today are. I found them in the past "slowly" eating interrupts when passing lot of small sized traffic. How is your avarage packet size? I could

Re: OpenBSD-based ISP

2017-08-16 Thread Juan Guillermo Narvaez
Thanks James, now I'm trying with 3K customers and 1M states. I will comments my results to the list when a finish. Guillermo. On Wed, Aug 16, 2017 at 4:01 PM, James Shupe wrote: > Have you raised states? 10K is the default I believe, the most likely > culprit. > > On

Re: OpenBSD-based ISP

2017-08-16 Thread James Shupe
Have you raised states? 10K is the default I believe, the most likely culprit. On 8/16/2017 12:55 PM, Juan Guillermo Narvaez wrote: > Hello everyone! > > I'm relative new using OpenBSD, I have just 4 years using this OS for dhcp > servers. > Today I have the mission of implement this OS in a