Re: Change netmask with /etc/rc.d/network restart or reboot the machine?
On Tue, Sep 16, 2008 at 01:05:47PM +0200, Jordi Espasa Clofent wrote: I've a lot of boxes in production with a lot of associated services (http, ftp, ssh, smtp, mysql...). Because of internal administration reasons I need to ampliate my internal IPs range from /24 to /16; so I need to change my internal NIC settings. The last goal is make the change with _security_. I prefer a reboot with thier 2/4 minutes downtime than a odd miss-function in several production services. I tend to think that the use of ifconfig(8) will be enough; of course, I'll also modify /etc/rc.conf 'ifconfig_nic_id' record for posterior reboots. Or maybe I has more sense to modify directly the /etc/rc.conf record and next use the '/etc/rc.d/netif restart'; or maybe make the change in /etc/rc.conf and reboot the machines. ?What do you tink about? Like you said, ifconfig is the simplest way to do it. Just make sure your default gateway doesn't need a change neither. Foolproof should be: - Modify /etc/rc.conf - shutdown -r +3 - ifconfig nic0 1.2.3.4 netmask 255.255.0.0 - killall -TERM shutdown That way even if the ifconfig goes wrong for some reason (it will happen if you do 700 machines) the machine will come back after the reboot. Don't forget about possible ipfw rule changes! Edwin -- Edwin Groothuis |Personal website: http://www.mavetju.org [EMAIL PROTECTED]| Weblog: http://www.mavetju.org/weblog/ ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's the status of parallel netisr?
Interesting. I did a test on local UDP throughput. I was surprised to find out the performance with a SMP kernel was worse than UP. (~74MB/s v.s. 96 MB/s). I had though parallel netisr might be a solution. Anyway, thanks for the info. On Tue, Sep 16, 2008 at 3:46 PM, Kris Kennaway [EMAIL PROTECTED] wrote: Jian Qiu wrote: I noticed there was a project trying to parallelize netisr in SMP. But I cannot find the relevant codes in either stable 7 or current 8. I'm wondering what's the current status of this project? When will it be merged into FreeBSD source tree? It's available in a perforce branch owned by rwatson (sorry, I don't have the branch name handy), but in my tests it either produced no benefits, or actually reduced performance. This is surprising and the reasons for this are still unknown. Kris ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: help with code to determine external IP address on FreeBSD gateway machine
Debarshi, Yes, I would be interested in seeing the code. I would hope that this task isn't too complicated, but I have my suspicions that it will be a fair number of steps. Thanks, Chris On Tue, Sep 16, 2008 at 7:33 AM, Debarshi Ray [EMAIL PROTECTED]wrote: I have some PF_ROUTE based code, which shows the routing table of a FreeBSD system. If you are interested, I can show it to you once I get back home tonight. Happy hacking, Debarshi ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: help with code to determine external IP address on FreeBSD gateway machine
Here is the code: http://rishi.fedorapeople.org/gnu/inetutils-1.5.tar.gz You will be interested in route/bsd_show.c and the function in that file named bsd_show. It uses a combination of sysctl and PF_ROUTE to retrieve the information. Please ask if you encounter any problem. :-) Happy hacking, Debarshi ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: What's the status of parallel netisr?
Date: Tue, 16 Sep 2008 22:43:25 +0800 From: Jian Qiu [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] Interesting. I did a test on local UDP throughput. I was surprised to find out the performance with a SMP kernel was worse than UP. (~74MB/s v.s. 96 MB/s). Look at CPU affinity. I have seen significant jumps in performance when things switch between CPUs. It's best to lock the UDP cannon to a single CPU and that the CPU not be CPU0. (This applies to both BSD and Linux systems that I have worked with.) -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 pgpMpAQo1hYwj.pgp Description: PGP signature
Re: [CFT/R] IPv4 source address selection
On Sun, 24 Aug 2008, Bjoern A. Zeeb wrote: Hi, I have a patch, that was inspired by work from Y!, to do porper IPv4 source address selection for unbound sockets (with multi-IP jails). You can temporary find it here: http://people.freebsd.org/~bz/20080823-01-in_pcbladdr.diff People running my latest jail patches have been ``testing'' this without really knowing the last weeks. In case you wonder why, in the jail case, I loop over the ifa first before simply falling back to the primary jail IP (which is the only jail IP as in HEAD) -- this is because with the upcoming jail patches I have to check if any of possibly lots of IPs match any IP on an interface and only if none matches I have to fall back to the 'primary' jail IP. So the code has been prepared for upcoming changes already. Feel free to test it and report problems or unexpected behavior. Unless someone is going to cry it'll hit HEAD in a few days. Okay, there was close to zero feedback:( I had Kris test it performance wise and he found a performance regression and I talked to Robert about the general code a bit more then decided that I can simplify it. After that I re-ran some performance tests myself and found that passing in pointers improves things and now we are at the following with unbound udp sockets: x cvs-plain2 + bz-laddr ++ |++ + + x x x + x| | |__A_M|___|_A|| ++ N Min MaxMedian AvgStddev x 5 498932.16 500399.34 499727.93 499724.08 668.35243 + 5 496178.62 500190.01 498391.13 497996.98 1649.8572 No difference proven at 95.0% confidence x cvs-plain2-jailed + bz-laddr-jailed ++ |x + * + xx + x +| |||_M_AA__M||| ++ N Min MaxMedian AvgStddev x 5 493049.99 499015.59 497250.89 496364.37 2305.2757 + 5 493335.46 499712.52 496067.19 496411.24 2431.479 No difference proven at 95.0% confidence For jails this already has the loops, though I was still trying with a single (extra) IP only. So the latest patch is here: http://people.freebsd.org/~bz/20080831-01-in_pcbladdr.diff I'd really like some review before this goes in especially as it changes the semantics for jails a bit more. I'll probably time out by Sunday (UTC) or so; in case you want to look at it but need more time, let me know and I'll wait. /bz PS: I'll also post an updated jail patch for HEAD with this change in case people want to try that with multi-IP jails. PS: in case you review this properly (not only glance at it or test it) let me know so I can punish you in the Reviewed by: line;-) -- Bjoern A. Zeeb Stop bit received. Insert coin for new game. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: kern/122331: panic's on KDE-launches (but only in WPA Wifi area)
On Monday 15 September 2008 06:24:14 pm Matthias Apitz wrote: El día Monday, September 15, 2008 a las 04:08:06PM -0400, John Baldwin escribió: Can you go to frame 7 in kgdb and 'p *fdp'? (kgdb) frame 7 #7 0xc0788b98 in kern_select (td=0xc49d5630, nd=9, fd_in=0x298ad840, fd_ou=0x298ad9c4, fd_ex=0x298adb48, tvp=0x0) at filedesc.h:136 return (fd 0 || fd = fdp-fd_nfiles ? NULL : fdp-fd_ofiles[fd]); (kgdb) p *fdp Variable fdp is not available. (kgdb) If 'td' is available then you can do 'p *td-td_proc-p_fd' (kgdb) frame 7 #7 0xc0788b98 in kern_select (td=0xc49d5630, nd=9, fd_in=0x298ad840, fd_ou=0x298ad9c4, fd_ex=0x298adb48, tvp=0x0) at filedesc.h:136 136 return (fd 0 || fd = fdp-fd_nfiles ? NULL : fdp-fd_ofiles[fd]); (kgdb) p td $7 = (struct thread *) 0xc49d5630 (kgdb) p *td-td_proc-p_fd $8 = {fd_ofiles = 0x0, fd_ofileflags = 0x0, fd_cdir = 0x0, Well, fd_ofiles being NULL here is really odd. It's also odd that you have no current directory. Because fd_nfiles is 20, fd_ofiles should be pointing to the static file descriptor array. Off the top of my head I don't see how this is happening. It might help if you can narrow down exactly what WPA operation you are doing that causes the panic. -- John Baldwin ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to [EMAIL PROTECTED]
Re: [CFT/R] IPv4 source address selection
Bjoern A. Zeeb wrote: On Sun, 24 Aug 2008, Bjoern A. Zeeb wrote: Hi, I have a patch, that was inspired by work from Y!, to do porper IPv4 source address selection for unbound sockets (with multi-IP jails). You can temporary find it here: http://people.freebsd.org/~bz/20080823-01-in_pcbladdr.diff People running my latest jail patches have been ``testing'' this without really knowing the last weeks. In case you wonder why, in the jail case, I loop over the ifa first before simply falling back to the primary jail IP (which is the only jail IP as in HEAD) -- this is because with the upcoming jail patches I have to check if any of possibly lots of IPs match any IP on an interface and only if none matches I have to fall back to the 'primary' jail IP. So the code has been prepared for upcoming changes already. Feel free to test it and report problems or unexpected behavior. Unless someone is going to cry it'll hit HEAD in a few days. Okay, there was close to zero feedback:( sorry I'm flat out, but very interested.. I had Kris test it performance wise and he found a performance regression and I talked to Robert about the general code a bit more then decided that I can simplify it. After that I re-ran some performance tests myself and found that passing in pointers improves things and now we are at the following with unbound udp sockets: x cvs-plain2 + bz-laddr ++ |++ + + x x x + x| | |__A_M|___|_A|| ++ N Min MaxMedian Avg Stddev x 5 498932.16 500399.34 499727.93 499724.08 668.35243 + 5 496178.62 500190.01 498391.13 497996.98 1649.8572 No difference proven at 95.0% confidence x cvs-plain2-jailed + bz-laddr-jailed ++ |x + * + xx + x +| |||_M_AA__M||| ++ N Min MaxMedian Avg Stddev x 5 493049.99 499015.59 497250.89 496364.37 2305.2757 + 5 493335.46 499712.52 496067.19 496411.24 2431.479 No difference proven at 95.0% confidence For jails this already has the loops, though I was still trying with a single (extra) IP only. So the latest patch is here: http://people.freebsd.org/~bz/20080831-01-in_pcbladdr.diff I'd really like some review before this goes in especially as it changes the semantics for jails a bit more. I'll probably time out by Sunday (UTC) or so; in case you want to look at it but need more time, let me know and I'll wait. /bz PS: I'll also post an updated jail patch for HEAD with this change in case people want to try that with multi-IP jails. PS: in case you review this properly (not only glance at it or test it) let me know so I can punish you in the Reviewed by: line;-) ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to [EMAIL PROTECTED]