Re: kern/126714: [carp] CARP interface renaming makes system no longer respond on the virtual IP address
Hey Artis, Thank you. It really works indeeed :) I haven't thought of such a workaround :) Regards, /S On Mon, Aug 25, 2008 at 12:10 PM, Artis Caune <[EMAIL PROTECTED]> wrote: > The following reply was made to PR kern/126714; it has been noted by GNATS. > > From: "Artis Caune" <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Cc: [EMAIL PROTECTED] > Subject: Re: kern/126714: [carp] CARP interface renaming makes system no > longer respond on the virtual IP address > Date: Mon, 25 Aug 2008 13:05:55 +0300 > > Same for me, but when I rename carp interface to original name, > everything works. > > > > > When you change carp0 name to new_name, ifconfig will: > - announce that carp0 is gone (departure) > - copy new_name to if_xname > - announce that new_name has arrived > > carp check only departure events. > > When you change name of carp interface, mac address also change: > from 00:00:5e:00:01:08 to 70:31:00:00:5e:00 (for me) > > And because new mac address is no longer CARP mac address, > carp_forus() fail, M_PROMISC flag is not cleared and frame is > discarded. > > > > > If you need change names at run time and not in rc.conf, then you > should reinitialize carp interface: > # ifconfig new_name vhid 1 pass testpass 192.168.0.2/24 > or set promisc flag on em0/em1 :) > > btw, don't change name to "carp" or your box will panic. > > p.s. > if you change name to underlying em0/em1/lagg/vlan interface, you > should also reinitialize carp interface or you will see: > carp_input: packet received on non-carp interface: bce0 > > > > > -- > regards, > Artis Caune > > <. CCNA > <| > <' didii FreeBSD > ___ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Carp renaming cuts the traffic off
Hi, Something weird is going on with renaming of carp interfaces. I use FreeBSD stable updated on August 18. My setup: ifconfig em0 up ifconfig em1 up ifconfig lagg0 create up laggproto failover laggport em0 laggport em1 ifconfig vlan4 create up vlan 4 vlandev lagg0 192.168.0.1/24 ifconfig carp1 create up vhid 1 pass testpass 192.168.0.2/24 I ping 192.168.0.2 (carp IP addres) from external host and get replies - works fine. Now do "ifconfig carp1 name something_else" and watch the magic. I get no traffic back from the carp IP address. Does someone have any clue what's going on and why? Thank you, /S ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
PF NAT and IPSec (ESP) not working
Hi, I probably do something wrong, and I can't seem to get NAT in PF working with IPSec tunnel mode. Here's the network diagram: (172.16.0.0/16) internal network-- remote end of tunnel AA.AA.AA.AA --- XX.XX.XX.XX re0 (Internet) - enc (IPSec) ZZ.ZZ.ZZ.ZZ gif1 --- tun0 --- YY.YY.YY.YY/24 OpenVPN clients I want OpenVPN clients to be NAT'ed to ZZ.ZZ.ZZ.ZZ and then enter the ipsec tunnel, be encrypted and land on the other side. When I've setup NAT using following PF rule: nat pass log on enc0 inet from YY.YY.YY.YY/24 to 172.16.0.0/16 -> ZZ.ZZ.ZZ.ZZ the packets go out on gif1 but are not encrypted (no traffic on enc0). Same for following NAT rule: nat pass log on enc0 inet from YY.YY.YY.YY/24 to 172.16.0.0/16 -> ZZ.ZZ.ZZ.ZZ Help, please! Thanks, /S ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Forcing 1000FD for bce
On 1/31/07, Slawek Zak <[EMAIL PROTECTED]> wrote: I have a question for someone familiar with this driver. I must enforce Gb/Full-duplex before the end of boot. I have IBM BladeCenter chassis which internally uses Nortel 2-3 switches which in turn do not allow for autonegotiation of internal interfaces. I want to run a diskless configuration so changing the bits with ifconfig is not an option. Tweaking settings in PXE boot agent doesn't help - the link preference is not preserved after kernel starts booting. I've implemented a half-baked solution just to make the darn thing work. Assuming you have gentbi PHY (check the dmesg), the following patch removes auto negotiation and half-duplex handling for SX interface, thus leaving 1000FD only. Tested on IBM LS21 blades. Enjoy. /S -- Sławek Żak / UNIX Systems Administrator gentbi.c.diff Description: Binary data ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Forcing 1000FD for bce
Hi, First of all thanks to Doug White for committing SerDes support for bce. I have a question for someone familiar with this driver. I must enforce Gb/Full-duplex before the end of boot. I have IBM BladeCenter chassis which internally uses Nortel 2-3 switches which in turn do not allow for autonegotiation of internal interfaces. I want to run a diskless configuration so changing the bits with ifconfig is not an option. Tweaking settings in PXE boot agent doesn't help - the link preference is not preserved after kernel starts booting. Thus the last resort remains I guess - fiddling with the source. Help anyone TIA, /S ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Rapid link state changes on bge(4) interface
On 9/21/06, Gleb Smirnoff <[EMAIL PROTECTED]> wrote:
On Thu, Sep 21, 2006 at 12:32:56PM +0200, Slawek Zak wrote:
S> >Please try to add hw.bge.fake_autoneg=1 to /boot/loader.conf. May be
S> >this will help.
S>
S> I did it, but sysctl doesn't show the value.
S>
S> w3-6# sysctl hw.bge
S> sysctl: unknown oid 'hw.bge'
S>
S> This sysctl seems to be defined in if_bge.c though:
S>
S> static int bge_fake_autoneg = 0;
S> TUNABLE_INT("hw.bge.fake_autoneg", &bge_fake_autoneg);
Not all tunables are exposed to the sysctl tree. Did the tunable help you?
No change. The link state is still floating.
/S
--
Sławek Żak / UNIX Systems Administrator
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Rapid link state changes on bge(4) interface
On 9/15/06, Gleb Smirnoff <[EMAIL PROTECTED]> wrote:
On Wed, Sep 13, 2006 at 03:09:56PM +0200, Slawek Zak wrote:
S> I'm testing network failover on IBM BladeCenter running FreeBSD 6.1
S> STABLE for Sep 6th.
S>
S> I suspect a problem with link state change detection in bge code. When
S> I disable internal port on chassis built-in ethernet switch, kernel
S> floods syslog with messages about link state changes and coalescing
S> them. Log snippet follows:
S>
S> Sep 13 14:58:28 w3-6 kernel: bge1: link state changed to DOWN
S> Sep 13 14:58:28 w3-6 kernel: bge1: link state changed to UP
S> Sep 13 14:58:29 w3-6 kernel: bge1: link state changed to DOWN
S> Sep 13 14:58:29 w3-6 kernel: bge1: link state changed to UP
S> Sep 13 14:58:29 w3-6 kernel: bge1: link state changed to DOWN
S> Sep 13 14:58:29 w3-6 kernel: bge1: 4 link states coalesced
S> Sep 13 14:58:29 w3-6 kernel: bge1: link state changed to DOWN
S> Sep 13 14:58:29 w3-6 kernel: bge1: 11 link states coalesced
S> Sep 13 14:58:29 w3-6 kernel: bge1: link state changed to UP
S> Sep 13 14:58:30 w3-6 kernel: bge1: link state changed to DOWN
S> Sep 13 14:58:30 w3-6 kernel: bge1: 3 link states coalesced
S> Sep 13 14:58:30 w3-6 kernel: bge1: link state changed to UP
S> Sep 13 14:58:30 w3-6 kernel: bge1: 7 link states coalesced
S> Sep 13 14:58:30 w3-6 kernel: bge1: link state changed to DOWN
S> Sep 13 14:58:30 w3-6 kernel: bge1: 4 link states coalesced
S> Sep 13 14:58:30 w3-6 kernel: bge1: link state changed to DOWN
S> Sep 13 14:58:30 w3-6 kernel: bge1: 2 link states coalesced
S>
S> As you can see, messages are generated in rapid succession and
S> therefore any probing of link state change by ng_one2many for
S> interface failover is meaningless. Ethernet switch doesn't register
S> and log any interface state changes after disabling this port. LS20
S> blades use chipset 8850. My firmware is 3.38, full changelog, if it is
S> of any help, is here:
S>
S>
http://www-307.ibm.com/pc/support/site.wss/license.do?filename=pc_servers/brcm_fw_nic_12021_anyos_anycpu.chg
S>
S> Any ideas what might be wrong?
Please try to add hw.bge.fake_autoneg=1 to /boot/loader.conf. May be
this will help.
I did it, but sysctl doesn't show the value.
w3-6# sysctl hw.bge
sysctl: unknown oid 'hw.bge'
This sysctl seems to be defined in if_bge.c though:
static int bge_fake_autoneg = 0;
TUNABLE_INT("hw.bge.fake_autoneg", &bge_fake_autoneg);
/S
--
Sławek Żak / UNIX Systems Administrator
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Rapid link state changes on bge(4) interface
On 9/13/06, David Christensen <[EMAIL PROTECTED]> wrote: I can't access the information on this web site through Mozilla after clicking "I Accept". Hm. I've just found out that posting direct links to documents is too Web 1.0 for ibm.com. Here is link to the parent page - works for me: http://www-307.ibm.com/pc/support/site.wss/document.do?lndocid=MIGR-53693 Is this a 5704 controller using a SerDes link? The above page says: - IBM BladeCenter LS20 (Type 8850) Dunno if it is Broadcom or IBM parlance. I'm familiar with some Blade Center problems in the past (which I think were related to Sigdet) though I'm not in the office and can't look into it right away. A comparison between the serdes code in the Linux driver vs. the FreeBSD driver is probably the first area to investigate. I have frankly no idea where to look. Thanks for any help, /S -- Sławek Żak / UNIX Systems Administrator ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Rapid link state changes on bge(4) interface
Hi, I'm testing network failover on IBM BladeCenter running FreeBSD 6.1 STABLE for Sep 6th. I suspect a problem with link state change detection in bge code. When I disable internal port on chassis built-in ethernet switch, kernel floods syslog with messages about link state changes and coalescing them. Log snippet follows: Sep 13 14:58:28 w3-6 kernel: bge1: link state changed to DOWN Sep 13 14:58:28 w3-6 kernel: bge1: link state changed to UP Sep 13 14:58:29 w3-6 kernel: bge1: link state changed to DOWN Sep 13 14:58:29 w3-6 kernel: bge1: link state changed to UP Sep 13 14:58:29 w3-6 kernel: bge1: link state changed to DOWN Sep 13 14:58:29 w3-6 kernel: bge1: 4 link states coalesced Sep 13 14:58:29 w3-6 kernel: bge1: link state changed to DOWN Sep 13 14:58:29 w3-6 kernel: bge1: 11 link states coalesced Sep 13 14:58:29 w3-6 kernel: bge1: link state changed to UP Sep 13 14:58:30 w3-6 kernel: bge1: link state changed to DOWN Sep 13 14:58:30 w3-6 kernel: bge1: 3 link states coalesced Sep 13 14:58:30 w3-6 kernel: bge1: link state changed to UP Sep 13 14:58:30 w3-6 kernel: bge1: 7 link states coalesced Sep 13 14:58:30 w3-6 kernel: bge1: link state changed to DOWN Sep 13 14:58:30 w3-6 kernel: bge1: 4 link states coalesced Sep 13 14:58:30 w3-6 kernel: bge1: link state changed to DOWN Sep 13 14:58:30 w3-6 kernel: bge1: 2 link states coalesced As you can see, messages are generated in rapid succession and therefore any probing of link state change by ng_one2many for interface failover is meaningless. Ethernet switch doesn't register and log any interface state changes after disabling this port. LS20 blades use chipset 8850. My firmware is 3.38, full changelog, if it is of any help, is here: http://www-307.ibm.com/pc/support/site.wss/license.do?filename=pc_servers/brcm_fw_nic_12021_anyos_anycpu.chg Any ideas what might be wrong? /S -- Sławek Żak / UNIX Systems Administrator ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: PPP callback and SecurID
On Thu, 24 Jan 2002, Brian Somers uttered the following: > You could probably ``set cd off'' to get the desired effect. > Alternatively, configure your machine to be able to receive incoming > connections and let the initial ppp session drop when the peer hangs > up. Okay. I've found a way to solve this. Below is the relevant section from my ppp.conf. callback: disable pap disable chap set speed 57600 set phone XXX set server /var/run/ppp-sock-%d ppp 177 set cd off set device /dev/cuaa1 allow users * set dial "ABORT BUSY ABORT NO\\sCARRIER \ TIMEOUT 10 \"\" ATZ OK ATDT\\T \ TIMEOUT 40 CONNECT" set login "TIMEOUT 5 sername: \ PASSCODE: \"!/usr/X11R6/bin/ssh-askpass\" \ TIMEOUT 15 Callback \"\" NO\\sCARRIER \"\" \ TIMEOUT 60 RING ATA CONNECT" There is an example in ppp.conf.sample which helped me to find the correct login chat string. Crucial parts are the cd off and disconnect in login chat. Running getty is not necessary in this case. Thanks to Joe Barbish, for helping me. /S -- hundred-and-one symptoms of being an internet addict: 4. Your eyeglasses have a web site burned in on them. * Suavek Zak / PGP: finger:[EMAIL PROTECTED] To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: PPP callback and SecurID
On Sat, 19 Jan 2002, Joe Barbish Fhe Barbish uttered the following: > Please clarify what you are trying to do. > Are you trying to use ppp to call your ISP and have them > call you back and then login to your FBSD box? > OR have some user call your FBSD box and you call them back? I call them, give my SecurID, they call me back so I could use the net without paying for call time. /S To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
PPP callback and SecurID
I've a problem with my callback. I'd like to automate it somehow, but there is a problem with LCP. The hard way is to do something like: # ppp ras ppp ON pf39> term deflink: Entering terminal mode on /dev/cuaa1 Type `~?' for help atdt CONNECT 57600 User Access Verification Username: Enter PASSCODE: Callback initiated - line is disconnected NO CARRIER RING RING ATA .. (the connection) I tried to do something like this: [ppp.conf] ... callback: disable pap disable chap set speed 57600 set phone set cd off set device /dev/cuaa1 allow users * set dial "ABORT BUSY ABORT NO\\sCARRIER TIMEOUT 10 \"\" ATZ OK ATDT\\T TIMEOUT 40 CONNECT" set login "TIMEOUT 15 sername: szak PASSCODE: \"!/usr/X11R6/bin/ssh-askpass\" Callback ATA" But it bails out, because the connection is apparently considered open by ppp after the disconnection, so I can't make the modem accept connections with ATA command in this state. Does anyone have other ideas how to make it work without typing the sequence everytime with term? Thanks, /S To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Dummynet problem
On Wed, 3 Jan 2001, Luigi Rizzo spake thusly: > So i believe you have done some mistake in your config or your > measurement (e.g. some other bottleneck in the net limiting > one flow to 60Kbit, leaving a full 60k to the other no matter how > weight are assigned). I really don't think so. Only those two transfers were active. Config is very simple and looks okay (see the counts for both rules). > Note that running this kind of experiments requires a bit of care -- > with a 10:1 speed ratio, one of the transfer might complete much faster > than the other leaving full bw to the the other flow for 90% > of the time, which in the end causes both flow to show > approx the same speed. Well. It is not the case I think. Both transfers were for big files (~200MB each). I've zeroed the counters after start. Measurments are acuurate according to both rules as well as lftp status messages. Regards, /S To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Dummynet problem
On Mon, 1 Jan 2001, Luigi Rizzo uttered the following: > it should not be equal provided the 'high weight' flow has sufficient > traffic going. Both FTP transfers I've used for testing were around 60Kbps each. One done by user dnld1, the other one by other user. > Can you do an 'ipfw zero' before the transfer, and provide the output of Sure. I've `ipfw zero'ed after both transfers were started. > ipfw show 00100 0 0 allow ip from any to any via lo0 00100 226 327495 queue 10 tcp from any to any uid dnld1 in 00200 0 0 deny ip from any to 127.0.0.0/8 00200 677 338406 queue 11 ip from any to any 65535 0 0 allow ip from any to any > ipfw queue show 1: 128.000 Kbit/s0 ms 50 sl. 0 queues (1 buckets) droptail mask: 0x00 0x/0x -> 0x/0x q00010: weight 1 pipe 1 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x/0x -> 0x/0x BKT Prot ___Source IP/port Dest. IP/port Tot_pkt/bytes Pkt/Byte Drp 0 tcp AAA.BBB.CCC.DDD/21 XXX.YYY.ZZZ.QQQ/12088 488 693234 00 0 q00011: weight 10 pipe 1 50 sl. 168 queues (64 buckets) droptail mask: 0xff 0x/0x -> 0x/0x BKT Prot ___Source IP/port Dest. IP/port Tot_pkt/bytes Pkt/Byte Drp 0 tcp AAA.BBB.CCC.DDD/22 XXX.YYY.ZZZ.QQQ/1022 1 44 00 0 4 tcpXXX.YYY.ZZZ.QQQ/12092 AAA.BBB.CCC.DDD/49186 31812724 00 0 5 tcpXXX.YYY.ZZZ.QQQ/12091 AAA.BBB.CCC.DDD/49185 46318524 00 0 5 tcpXXX.YYY.ZZZ.QQQ/12089 AAA.BBB.CCC.DDD/491845 204 00 0 15 tcp AAA.BBB.CCC.DDD/21 XXX.YYY.ZZZ.QQQ/120881 40 00 0 23 tcp AAA.BBB.CCC.DDD/21 XXX.YYY.ZZZ.QQQ/12084 30 2153 00 0 25 tcp AAA.BBB.CCC.DDD/49183 XXX.YYY.ZZZ.QQQ/12086 207 306124 00 0 30 tcp AAA.BBB.CCC.DDD/49182 XXX.YYY.ZZZ.QQQ/120854 1455 00 0 34 tcpXXX.YYY.ZZZ.QQQ/12084 AAA.BBB.CCC.DDD/21 34 1828 00 0 46 tcpXXX.YYY.ZZZ.QQQ/12088 AAA.BBB.CCC.DDD/21 24 1220 00 0 46 tcpXXX.YYY.ZZZ.QQQ/1022 AAA.BBB.CCC.DDD/22 2 84 00 0 48 tcp AAA.BBB.CCC.DDD/49186 XXX.YYY.ZZZ.QQQ/12092 317 469668 00 0 52 tcpXXX.YYY.ZZZ.QQQ/12086 AAA.BBB.CCC.DDD/49183 207 8284 00 0 53 tcpXXX.YYY.ZZZ.QQQ/12085 AAA.BBB.CCC.DDD/491825 204 00 0 > ipfw pipe show 1: 128.000 Kbit/s0 ms 50 sl. 0 queues (1 buckets) droptail mask: 0x00 0x/0x -> 0x/0x q00010: weight 1 pipe 1 50 sl. 1 queues (1 buckets) droptail mask: 0x00 0x/0x -> 0x/0x BKT Prot ___Source IP/port Dest. IP/port Tot_pkt/bytes Pkt/Byte Drp 0 tcp AAA.BBB.CCC.DDD/21 XXX.YYY.ZZZ.QQQ/12088 488 693234 00 0 q00011: weight 10 pipe 1 50 sl. 168 queues (64 buckets) droptail mask: 0xff 0x/0x -> 0x/0x BKT Prot ___Source IP/port Dest. IP/port Tot_pkt/bytes Pkt/Byte Drp 0 tcp AAA.BBB.CCC.DDD/22 XXX.YYY.ZZZ.QQQ/1022 1 44 00 0 4 tcpXXX.YYY.ZZZ.QQQ/12092 AAA.BBB.CCC.DDD/49186 31812724 00 0 5 tcpXXX.YYY.ZZZ.QQQ/12091 AAA.BBB.CCC.DDD/49185 46318524 00 0 5 tcpXXX.YYY.ZZZ.QQQ/12089 AAA.BBB.CCC.DDD/491845 204 00 0 15 tcp AAA.BBB.CCC.DDD/21 XXX.YYY.ZZZ.QQQ/120881 40 00 0 23 tcp AAA.BBB.CCC.DDD/21 XXX.YYY.ZZZ.QQQ/12084 30 2153 00 0 25 tcp AAA.BBB.CCC.DDD/49183 XXX.YYY.ZZZ.QQQ/12086 207 306124 00 0 30 tcp AAA.BBB.CCC.DDD/49182 XXX.YYY.ZZZ.QQQ/120854 1455 00 0 34 tcpXXX.YYY.ZZZ.QQQ/12084 AAA.BBB.CCC.DDD/21 34 1828 00 0 46 tcpXXX.YYY.ZZZ.QQQ/12088 AAA.BBB.CCC.DDD/21 24 1220 00 0 46 tcpXXX.YYY.ZZZ.QQQ/1022 AAA.BBB.CCC.DDD/22 2 84 00 0 48 tcp AAA.BBB.CCC.DDD/49186 XXX.YYY.ZZZ.QQQ/12092 317 469668 00 0 52 tcpXXX.YYY.ZZZ.QQQ/12086 AAA.BBB.CCC.DDD/49183 207 8284 00 0 53 tcpXXX.YYY.ZZZ.QQQ/12085 AAA.BBB.CCC.DDD/491825 204 00 0 Irrelevant udp/icmp traffic was snipped, IP's were masked to protect the innocent ;) `ipfw pipe show' and `ipfw queue show' look both very similar - hmm. Best regards, /S To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Dummynet problem
I tried to configure dummynet to allow for normal work when downloading files using queue mechanism (4.2-STABLE). IPFW rules are: add 100 queue 10 tcp from any to any uid dnld1 in add 200 queue 11 ip from any to any queue 10 config weight 1 pipe 1 queue 11 config weight 10 pipe 1 mask all pipe 1 config bw 128Kbit/s sysctl net.inet.ip.fw.one_pass is set to 1 Although the counters for both (100 and 200) rules show that they both are hit during two parallel downloads (one by user dnld1), the bandwidth for both is equal. It should not be, I guess. Is it a bug or maybe I've misconfigured something. All the best in New Year, /S To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
