Re: anyone tried the Multi routing table code yet?

[Rajkumar S]

On Sat, May 24, 2008 at 6:09 AM, Julian Elischer <[EMAIL PROTECTED]> wrote:
> subject says it all really..

I am using pf and rtable to setfib and get an pfctl: DIOCADDRULE:
Device busy when trying to load "pass in quick on fxp0 from any to any
keep state rtable 1"

I can successfully load "pass in quick on fxp0 all flags S/SA keep
state rtable 0" I am testing on FreeBSD CURRENT.

My routing tables are:


[EMAIL PROTECTED] /etc]# setfib -0 netstat -nrf inet
Routing tables

Internet:
DestinationGatewayFlagsRefs  Use  Netif Expire
default192.168.3.100  UGS 0 2025   fxp0
127.0.0.1  127.0.0.1  UH  00lo0
192.168.3.0/24 link#1 UC  00   fxp0
192.168.3.54   00:40:f4:b7:d7:ee  UHLW1   40   fxp0   1179
192.168.3.100  00:80:48:38:1a:df  UHLW2  149   fxp0   1173
192.168.4.0/24 link#1 UC  00   fxp0
192.168.4.400:80:48:1f:48:26  UHLW1  141   fxp0   1120
192.168.5.0/24 link#3 UC  00   rue0
[EMAIL PROTECTED] /etc]# setfib -1 netstat -nrf inet
Routing tables

Internet:
DestinationGatewayFlagsRefs  Use  Netif Expire
default192.168.5.4UGS 0   13   rue0
127.0.0.1  127.0.0.1  UH  00lo0
192.168.3.0/24 link#1 UC  00   fxp0
192.168.3.54   00:40:f4:b7:d7:ee  UHLW10   fxp0   1176
192.168.3.100  00:80:48:38:1a:df  UHLW15   fxp0   1170
192.168.4.0/24 link#1 UC  00   fxp0
192.168.4.400:80:48:1f:48:26  UHLW10   fxp0   1117
192.168.5.0/24 link#3 UC  00   rue0

btw, does the rtable syntax allow to set route for packets generated
by the pf host itself (like packets from squid). The catch is that
they cannot be matched via a "pass in" rule, they are matched only on
a "pass out" rule.

Thanks and regards,

raj
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

carp and vlan at the same time?

[Rudy]

Dear NET,

I have some questions!

[1] vlan & carp
I have 10.3.1.1/24  10.3.2.1/25 and a 10.3.3.129/25 as gateway IPs each in 
their own vlan.
How do I get CARP working, or are people using another method to get failover 
working?

[2] carp
Is there a way to get around the requirement to already have an IP in the same network as the IP 
you want to put on a carp device?   I don't think freevrrp required another IP...  For example, 
this command fails:

# ifconfig carp1 vhid 31 advbase 1 pass TEST 10.3.3.1/24
ifconfig: ioctl (SIOCAIFADDR): Can't assign requested address

Unless I put a 10.3.3.2/24 IP on my em0, and then make the carp IP 10.3.3.1/32.

[3] vlan
Final questions: is there any documentation on the "ifconfig em0.99 create" 
syntax?
Didn't find the dot notation in the man page.  Also, how do you set that up in 
your rc.conf?

 cloned_interfaces="em0.99"   # works.. clone is created
 ifconfig_em0.99="10.99.0.1/24"  # doesn't work... /etc/rc.d/netif start em0.99 
doesn't work...



Thanks in advance,
Rudy

___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: anyone tried the Multi routing table code yet?

[Julian Elischer]

Rajkumar S wrote:

On Sat, May 24, 2008 at 6:09 AM, Julian Elischer <[EMAIL PROTECTED]> wrote:

subject says it all really..


I am using pf and rtable to setfib and get an pfctl: DIOCADDRULE:
Device busy when trying to load "pass in quick on fxp0 from any to any
keep state rtable 1"



I'm not really familiar with the pf syntax
as I didn't do that part of the patch (max laier (CC'd) did)
and I don't use pf.

Max may be able to see if the patch to the pf code ahs an error.




I can successfully load "pass in quick on fxp0 all flags S/SA keep
state rtable 0" I am testing on FreeBSD CURRENT.

My routing tables are:


[EMAIL PROTECTED] /etc]# setfib -0 netstat -nrf inet
Routing tables

Internet:
DestinationGatewayFlagsRefs  Use  Netif Expire
default192.168.3.100  UGS 0 2025   fxp0
127.0.0.1  127.0.0.1  UH  00lo0
192.168.3.0/24 link#1 UC  00   fxp0
192.168.3.54   00:40:f4:b7:d7:ee  UHLW1   40   fxp0   1179
192.168.3.100  00:80:48:38:1a:df  UHLW2  149   fxp0   1173
192.168.4.0/24 link#1 UC  00   fxp0
192.168.4.400:80:48:1f:48:26  UHLW1  141   fxp0   1120
192.168.5.0/24 link#3 UC  00   rue0
[EMAIL PROTECTED] /etc]# setfib -1 netstat -nrf inet
Routing tables

Internet:
DestinationGatewayFlagsRefs  Use  Netif Expire
default192.168.5.4UGS 0   13   rue0
127.0.0.1  127.0.0.1  UH  00lo0
192.168.3.0/24 link#1 UC  00   fxp0
192.168.3.54   00:40:f4:b7:d7:ee  UHLW10   fxp0   1176
192.168.3.100  00:80:48:38:1a:df  UHLW15   fxp0   1170
192.168.4.0/24 link#1 UC  00   fxp0
192.168.4.400:80:48:1f:48:26  UHLW10   fxp0   1117
192.168.5.0/24 link#3 UC  00   rue0

btw, does the rtable syntax allow to set route for packets generated
by the pf host itself (like packets from squid). The catch is that
they cannot be matched via a "pass in" rule, they are matched only on
a "pass out" rule.


I don't know about pf, but in ipfw it definitely can be any packet at 
any time, but the outgoing packets have already made their routing 
decision before they hit the firewall so even though a table is 
associated with the packet, it's too late :-/ it has to be associated 
with the socket itself to really have effect.




Thanks and regards,

raj
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: anyone tried the Multi routing table code yet?

[Julian Elischer]

Julian Elischer wrote:

Rajkumar S wrote:
On Sat, May 24, 2008 at 6:09 AM, Julian Elischer <[EMAIL PROTECTED]> 
wrote:

subject says it all really..


I am using pf and rtable to setfib and get an pfctl: DIOCADDRULE:
Device busy when trying to load "pass in quick on fxp0 from any to any
keep state rtable 1"



I'm not really familiar with the pf syntax
as I didn't do that part of the patch (max laier (CC'd) did)
and I don't use pf.

Max may be able to see if the patch to the pf code ahs an error.




I can successfully load "pass in quick on fxp0 all flags S/SA keep
state rtable 0" I am testing on FreeBSD CURRENT.

My routing tables are:


[EMAIL PROTECTED] /etc]# setfib -0 netstat -nrf inet
Routing tables

Internet:
DestinationGatewayFlagsRefs  Use  Netif 
Expire

default192.168.3.100  UGS 0 2025   fxp0
127.0.0.1  127.0.0.1  UH  00lo0
192.168.3.0/24 link#1 UC  00   fxp0
192.168.3.54   00:40:f4:b7:d7:ee  UHLW1   40   fxp0   
1179
192.168.3.100  00:80:48:38:1a:df  UHLW2  149   fxp0   
1173

192.168.4.0/24 link#1 UC  00   fxp0
192.168.4.400:80:48:1f:48:26  UHLW1  141   fxp0   
1120

192.168.5.0/24 link#3 UC  00   rue0
[EMAIL PROTECTED] /etc]# setfib -1 netstat -nrf inet
Routing tables

Internet:
DestinationGatewayFlagsRefs  Use  Netif 
Expire

default192.168.5.4UGS 0   13   rue0
127.0.0.1  127.0.0.1  UH  00lo0
192.168.3.0/24 link#1 UC  00   fxp0
192.168.3.54   00:40:f4:b7:d7:ee  UHLW10   fxp0   
1176
192.168.3.100  00:80:48:38:1a:df  UHLW15   fxp0   
1170

192.168.4.0/24 link#1 UC  00   fxp0
192.168.4.400:80:48:1f:48:26  UHLW10   fxp0   
1117

192.168.5.0/24 link#3 UC  00   rue0

btw, does the rtable syntax allow to set route for packets generated
by the pf host itself (like packets from squid). The catch is that
they cannot be matched via a "pass in" rule, they are matched only on
a "pass out" rule.


I don't know about pf, but in ipfw it definitely can be any packet at 
any time, but the outgoing packets have already made their routing 
decision before they hit the firewall so even though a table is 
associated with the packet, it's too late :-/ it has to be associated 
with the socket itself to really have effect.


For this reason I'm considering whether to add a 'reroute' ipfw rule
that forces a redo of the routing decision... it may not work as 
expected however.. (it would be too late to change the selected src 
address).






Thanks and regards,

raj
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"


___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: carp and vlan at the same time?

[Niki Denev]

Hi Rudy,

On Fri, May 30, 2008 at 12:44 PM, Rudy <[EMAIL PROTECTED]> wrote:
>
> Dear NET,
>
> I have some questions!
>
> [1] vlan & carp
> I have 10.3.1.1/24  10.3.2.1/25 and a 10.3.3.129/25 as gateway IPs each in
> their own vlan.
> How do I get CARP working, or are people using another method to get
> failover working?
>

I'm currently using carp over VLANs over lagg and if works without problems.
So I think you should have no problems running carp over vlan interfaces.


> [2] carp
> Is there a way to get around the requirement to already have an IP in the
> same network as the IP you want to put on a carp device?   I don't think
> freevrrp required another IP...  For example, this command fails:
> # ifconfig carp1 vhid 31 advbase 1 pass TEST 10.3.3.1/24
> ifconfig: ioctl (SIOCAIFADDR): Can't assign requested address
>
> Unless I put a 10.3.3.2/24 IP on my em0, and then make the carp IP
> 10.3.3.1/32.
>

Yes, you need IP's for each of the gateways, and one "virtual" IP for the carp
interface. This is the way carp works.

> [3] vlan
> Final questions: is there any documentation on the "ifconfig em0.99 create"
> syntax?
> Didn't find the dot notation in the man page.  Also, how do you set that up
> in your rc.conf?
>
>  cloned_interfaces="em0.99"   # works.. clone is created
>  ifconfig_em0.99="10.99.0.1/24"  # doesn't work... /etc/rc.d/netif start
> em0.99 doesn't work...
>

You must use underscore instead of the dot. i.e. : ifconfig_em0_99=""
should work.

>
>
> Thanks in advance,
> Rudy
>

Regards,
Niki
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: carp and vlan at the same time?

[Niki Denev]

On Fri, May 30, 2008 at 1:06 PM, Rudy <[EMAIL PROTECTED]> wrote:
> Niki Denev wrote:
>>
>> I'm currently using carp over VLANs over lagg and if works without
>> problems.
>> So I think you should have no problems running carp over vlan interfaces.
>
> Could you send me a sample configuration or point me to a resource that
> covers carp over vlans?
>
> I'm interested in setting up a lagg as well... can you have your lagg
> devices (em0 and em1 for instance) plug into different cisco switches and
> then have those switches connected together?
>
> Thanks for you help!
> Rudy
>
>
>

There is nothing special about carp over vlans, and something like
this should work :


  cloned_interfaces="lagg0 vlan2 carp2"

  ifconfig_em0="up"
  ifconfig_em1="up"
  ifconfig_lagg0="laggport em0 laggport em1 laggproto failover up"

  ifconfig_vlan2="vlan 2 vlandev lagg0"
  ipv4_addrs_vlan2="192.168.0.2/24"
  ifconfig_carp2="vhid 1 pass PASS advskew 0 192.168.0.1/24 up"

About using lagg to two different switches. Yes, you can do that, and
this is the way I use it, but note that
in this setup you must use "proto failover". lacp/load-balancing modes
won't work.

Also note that when using vlans over lagg you must NOT use the
ifX.vlanY interface name style because of
the problem that i mentioned here, in this thread :
http://lists.freebsd.org/pipermail/freebsd-net/2008-May/018126.html

P.S.: I'm including the list in my reply.

Regards,
Niki
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

if_var.h micro-optimization

[rihad]

Not sure if this is a worthwhile optimization? FreeBSD 7.0

--- /usr/src/sys/net/if_var.h   2007-12-07 09:46:08.0 +0400
+++ if_var.h2008-05-30 18:10:25.0 +0500
@@ -282,7 +282,8 @@
if (m) {\
if (((ifq)->ifq_head = (m)->m_nextpkt) == NULL) \
(ifq)->ifq_tail = NULL; \
-   (m)->m_nextpkt = NULL;  \
+   else\
+   (m)->m_nextpkt = NULL;  \
(ifq)->ifq_len--;   \
}   \
 } while (0)
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: kern/124127: [msk] watchdog timeout (missed Tx interrupts) -- recovering

[remko]

Synopsis: [msk] watchdog timeout (missed Tx interrupts) -- recovering

Responsible-Changed-From-To: freebsd-bugs->freebsd-net
Responsible-Changed-By: remko
Responsible-Changed-When: Fri May 30 14:35:51 UTC 2008
Responsible-Changed-Why: 
Reassign to networking team.

http://www.freebsd.org/cgi/query-pr.cgi?pr=124127
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: if_var.h micro-optimization

[Bruce M. Simpson]

rihad wrote:

Not sure if this is a worthwhile optimization? FreeBSD 7.0

--- /usr/src/sys/net/if_var.h   2007-12-07 09:46:08.0 +0400
+++ if_var.h2008-05-30 18:10:25.0 +0500
@@ -282,7 +282,8 @@
if (m) {\
if (((ifq)->ifq_head = (m)->m_nextpkt) == NULL) \
(ifq)->ifq_tail = NULL; \
-   (m)->m_nextpkt = NULL;  \
+   else\
+   (m)->m_nextpkt = NULL;  \
(ifq)->ifq_len--;   \
}   \
 } while (0)


It could save dirtying an L2 data cache line at the expense of taking a 
conditional branch, but to evaluate your suggested change requires a lot 
more data. Do you plan to do this? Given how _IF_DEQUEUE() is normally 
used the impact is likely negligible.

___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: if_var.h micro-optimization

[rihad]

Bruce M. Simpson wrote:

rihad wrote:

Not sure if this is a worthwhile optimization? FreeBSD 7.0

--- /usr/src/sys/net/if_var.h   2007-12-07 09:46:08.0 +0400
+++ if_var.h2008-05-30 18:10:25.0 +0500
@@ -282,7 +282,8 @@
if (m) {\
if (((ifq)->ifq_head = (m)->m_nextpkt) == NULL) \
(ifq)->ifq_tail = NULL; \
-   (m)->m_nextpkt = NULL;  \
+   else\
+   (m)->m_nextpkt = NULL;  \
(ifq)->ifq_len--;   \
}   \
 } while (0)


It could save dirtying an L2 data cache line at the expense of taking a 
conditional branch,
Whoa, why don't you take it easy on me :) I'm not that much into kernel 
(or hardware) programming. It's just that reading Ch. 3 of TCP/IP 
Illustrated Vol.2 by Rich Stevens got me digging around FreeBSD source 
code dealing with struct ifnet, where this piece of code caught my 
attention.



but to evaluate your suggested change requires a lot 
more data. Do you plan to do this? 
Perhaps there is already a framework for trying out changes in -CURRENT 
and seeing their relative impact, so perhaps someone more experienced 
than I am can see to this?



Given how _IF_DEQUEUE() is normally 
used the impact is likely negligible.

Oh, I see. A nice first attempt of mine anyway ;) Thanks.
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: if_var.h micro-optimization

[Bruce M. Simpson]

rihad wrote:

Bruce M. Simpson wrote:


It could save dirtying an L2 data cache line at the expense of taking 
a conditional branch,
Whoa, why don't you take it easy on me :) I'm not that much into 
kernel (or hardware) programming. It's just that reading Ch. 3 of 
TCP/IP Illustrated Vol.2 by Rich Stevens got me digging around FreeBSD 
source code dealing with struct ifnet, where this piece of code caught 
my attention.


It could be red, it could be yellow. It could be 620nm. Who am I to say 
what is and what isn't? ;-)


There are bound to be situations where the change is a win, and even 
some where there isn't. Context is everything...


but to evaluate your suggested change requires a lot more data. Do 
you plan to do this? 
Perhaps there is already a framework for trying out changes in 
-CURRENT and seeing their relative impact, so perhaps someone more 
experienced than I am can see to this?


All educators are busy right now, please hold and the next available 
dogma merchant will be with you as soon as possible. ;-)


(Hint: No, there isn't a framework I know of, unless you wanna make one? 
Scientific process applies, reproducible results, etc. You could script 
stuff, figure out a way to run the kernel or parts of the network stack 
under Valgrind so it can be L2 profiled w/o running it on a real 
machine... or hack hwpmc so it can be done live.. anything is possible.)




Given how _IF_DEQUEUE() is normally used the impact is likely 
negligible.

Oh, I see. A nice first attempt of mine anyway ;) Thanks.


Don't take my word for it, down that road lies darkness.

Seriously though -- it's easy to introduce bugs doing things like this, 
if anything else it's an exercise in really thinking things through.


cheers
BMS

___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"