Re: Upgrading OpenBSD
On Mon, May 21, 2012, at 06:43 PM, Richards, Toby wrote: > While my question involves other BSD's as well as Linux systems, I am > > Respectfully Submitted, Why do trolls always sign off this way? :) Or they open with,"I don't want to start a fight, but...".
Re: Upgrading OpenBSD
2012/5/22 Richards, Toby : > Outstanding point. The thing is this: With MS > PHP is clearly distinct from the OS. I go get it > from php.org. With BSD I must rely on the > package system. Or you download it and compile it yourself, so the word "must" up there is clearly false unless you have someone with a gun pointed against you, forcing you to use the packages/ports version. -- To our sweethearts and wives. May they never meet. -- 19th century toast
Re: ikev2 and a win7 road warrior host
I already read your posts ;-) and also man pages (ikectl, iked.conf and iked) But now it is for a road warrior configuration. I don't understand these parts : Parts that i don't understand, if someone can help me on : -For server, i need a certificate server for vpn.X.net ? or aa.bb.cc.dd ? ikectl ca vpn certificate ? create #(for server) ikectl ca vpn certificate ? install #(for server) -For win7, i need a certificate host for win7test ? or 192.168.0.77 ? ikectl ca vpn certificate ?? create #(for win7) ikectl ca vpn certificate ?? export #(for win7) -On the GW /etc/iked.conf: ikev2 esp \ from any to any peer any \ srcid vpn.X.net \ config address 192.168.0.77 Run /sbin/iked -dvv Finally : On the win7, open certmgr.msc to add the certificates add the 2 pfx certificates in the "Trusted Root Certification Authorities store" And create a IKEV2 connection without EAP. Thank you very much. Le 2012-05-22 10:28, Pavel Shvagirev a C)critB : Have a look at the discussion between me and Mike Belopuhov that took place not so long ago here... We have covered most of the troubles that you might have met following the man pages.
Re: ikev2 and a win7 road warrior host
Have a look at the discussion between me and Mike Belopuhov that took place not so long ago here... We have covered most of the troubles that you might have met following the man pages. 22.05.2012 10:14, Wesley P=P0P?P8QP0P;: > Hi, > > I'm trying to have this > 192.168.0.0/24--lan--5.1GW--egress--INTERNET--win7rw > working. > > Gw : (OpenBSD 5.1) hostname vpn.X.net > lan have 192.168.0.51/24 > egress have a static ip address : aa.bb.cc.dd > lan, egress are groups to easily manage PF. > > win7rw : Host Windows7 Road Warrior with > dynamic ip address > hostname : win7test > ikev2 ip address : 192.168.0.77/24 > > What i have done : > pkg_add zip > net.inet.ip.forwarding=1 > 2 groups for network cards : lan,egress > > PF.conf: > set block-policy drop > set skip on {lo,enc0} > match out on egress from lan:network to any nat-to egress > block log all > pass in on egress proto esp > pass in on egress proto udp from any to any port {500,4500} > pass in on egress proto tcp from any to any port 22 > pass out on egress > pass on lan > > Create certificates : > ikectl ca vpn create > ikectl ca vpn install > > Parts that i don't understand, if someone can help me on : > -For server, i need a certificate server for vpn.X.net ? or aa.bb.cc.dd ? > ikectl ca vpn certificate ? create #(for server) > ikectl ca vpn certificate ? install #(for server) > > -For win7, i need a certificate host for win7test ? or 192.168.0.77 ? > ikectl ca vpn certificate ?? create #(for win7) > ikectl ca vpn certificate ?? export #(for win7) > > -On the GW > /etc/iked.conf: > ikev2 esp \ > from any to any peer any \ > srcid vpn.X.net \ > config address 192.168.0.77 > > Run /sbin/iked -dvv > > Finally : > On the win7, open certmgr.msc to add the certificates > add the 2 pfx certificates in the "Trusted Root Certification > Authorities store" > And create a IKEV2 connection without EAP. > > Thank you very much for your help. > > Cheers, > > Wesley M.A. > -- Best regards, Pavel Shvagirev skype: pavel.shvagirev
ikev2 and a win7 road warrior host
Hi, I'm trying to have this 192.168.0.0/24--lan--5.1GW--egress--INTERNET--win7rw working. Gw : (OpenBSD 5.1) hostname vpn.X.net lan have 192.168.0.51/24 egress have a static ip address : aa.bb.cc.dd lan, egress are groups to easily manage PF. win7rw : Host Windows7 Road Warrior with dynamic ip address hostname : win7test ikev2 ip address : 192.168.0.77/24 What i have done : pkg_add zip net.inet.ip.forwarding=1 2 groups for network cards : lan,egress PF.conf: set block-policy drop set skip on {lo,enc0} match out on egress from lan:network to any nat-to egress block log all pass in on egress proto esp pass in on egress proto udp from any to any port {500,4500} pass in on egress proto tcp from any to any port 22 pass out on egress pass on lan Create certificates : ikectl ca vpn create ikectl ca vpn install Parts that i don't understand, if someone can help me on : -For server, i need a certificate server for vpn.X.net ? or aa.bb.cc.dd ? ikectl ca vpn certificate ? create #(for server) ikectl ca vpn certificate ? install #(for server) -For win7, i need a certificate host for win7test ? or 192.168.0.77 ? ikectl ca vpn certificate ?? create #(for win7) ikectl ca vpn certificate ?? export #(for win7) -On the GW /etc/iked.conf: ikev2 esp \ from any to any peer any \ srcid vpn.X.net \ config address 192.168.0.77 Run /sbin/iked -dvv Finally : On the win7, open certmgr.msc to add the certificates add the 2 pfx certificates in the "Trusted Root Certification Authorities store" And create a IKEV2 connection without EAP. Thank you very much for your help. Cheers, Wesley M.A.
Re: Upgrading OpenBSD
On Tue, May 22, 2012 at 3:43 AM, Richards, Toby wrote: > While my question involves other BSD's as well as Linux systems, I am > asking this here because OpenBSD's philosophy is the most attractive > to me. > > I've got about 50 servers to manage. OpenBSD does have an Upgrade > option, but does it upgrade the installed packages? As far as I can > tell, it does not. I do very much appreciate the technology that has > come from the OpenBSD project, yet it seems to me that most *free* > operating systems do not fully support an upgrade path. I can't [fully] > upgrade from one OpenBSD release to another (unless following STABLE > gets me from one RELEASE to another, but AFAIK it does not). I cannot > seamlessly upgrade from Free/PC-BSD 8.x to 9.x. Instead I must > re-install from scrach. The same goes for CentOS/RHEL 5.x to 6.x, and > for every version of Mint Linux. OpenBSD is only one free OS which supports full upgrade path without issues (confirmed with practice and use of various OS including Windows/Mac) and it's unbelievable easy and quick: 1) Upgrade base OS (from ISO or booting from bsd.rd) 2) reboot 3) sysmerge(8) step 4) upgrade.html 5) pkg_add -ui > > The two major commercial operating systems (considered to be evil by > the FOSS community) easily upgrade from one version to the next. That's > important in a real-life production environment. In 2001, I upgraded > 200 workstations and 7 servers from Windows NT 4.0 to Windows 2000 > without incident. I've had similar experience with all subsiquent > MicroEvil systems. I do hate MicroEvil, but I can make only limited > conclusions regarding the upgrade paths of other operating systems: If you are used to one platform for years then any other OS is hard from start ;-) Because you don't know proper tools/steps which leads you to thinking that those OSs are wrong. > > 1) Your project exists only for the sake of doing the project, and for > the technologies that it produces (such as OpenSSH). No it exists because devs need such an OS and a lot of us too. BTW a lot of other projects/companies is using fruit from OpenBSD like security technologies, OpenSSH, code, tmux, pf (look at Mac and other BSDs ;-) and so on. > > 2) Folks are expected to install a version of OpenBSD, but not upgrade > because there's no reason to fix something that isn't broken. Wrong. Folks are expected mostly to run current. If not then use supported releases. If they are not then they are on their own field. > > 3) OpenBSD is only for organizations who have so few servers or so many > IT folks that re-installing everything from scratch is not inviably > cumbersome. Fail. See eg. http://www.undeadly.org/cgi?action=article&sid=20110420080633 , there's more, but some of the uses can't be spoken up openly ;-) > > 4) I am oblivious to some upgrade path technique for FOSS operating > systems. See my 5 points above or download current sources and build current version (instead of point 1.) http://www.openbsd.org/cgi-bin/man.cgi?query=release&apropos=0&sektion=0&manpath=OpenBSD+Current&arch=i386&format=html . It's quick anyway on modern HW. > > Please enlighten me. > > Respectfully Submitted, > R. Toby Richards > Network Administrator > Superior Court of California > In and for the County of San Luis Obispo > (805) 781-4150
Re: Upgrading OpenBSD
Quoting "Richards, Toby" : > Okay, let's compare upgrading OpenBSD 4.9 + Nginx + PHP 5.2.x to > OpenBSD 5.0 + Nginx + PHP 5.3.x vice upgrading > Windows 2003 + IIS 6 + ASPDotNet 3.5 to Windows 2008 + > IIS 7.0 + ASPDotNet 4.0. Errmm, apples and oranges comparison here. Everything on your Microsoft platform is from errr, one supplier, Microsoft. Imagine you used PostgreSQL and ColdFusion with Apache running on Windows ... and then upgraded Windows. Would ColdFusion upgrade? PostgreSQL? Or let's go back a few years ... would classic ASP automatically upgrade to VB.Net? Sounds like you like the walled garden approach and it works for you. So might be best to stick to it. > > In my experience, the MicroEvil Upgrade works without breaking > any of my web apps. The OpenBSD upgrade gets confused about > Nginx versions and PHP versions. Maybe it gets less confused > if I happen to know about some system variable that describes > the version of PHP that I want. > > Granted: I do hold an MCSE certification, but I don't need it. > The upgrade just works. Well... despite occasional BSOD's ;) > > I really *really* want to go the BSD path, but it seems > so much more difficult. > > Respectfully Submitted, > R. Toby Richards > Network Administrator > Superior Court of California > In and for the County of San Luis Obispo > (805) 781-4150 > > From: Kenneth R Westerback [kwesterb...@rogers.com] > Sent: Monday, May 21, 2012 8:01 PM > To: Richards, Toby > Cc: misc@openbsd.org > Subject: Re: Upgrading OpenBSD > > On Mon, May 21, 2012 at 06:43:19PM -0700, Richards, Toby wrote: > > While my question involves other BSD's as well as Linux systems, I am > > asking this here because OpenBSD's philosophy is the most attractive > > to me. > > > > I've got about 50 servers to manage. OpenBSD does have an Upgrade > > option, but does it upgrade the installed packages? As far as I can > > tell, it does not. I do very much appreciate the technology that has > > come from the OpenBSD project, yet it seems to me that most *free* > > operating systems do not fully support an upgrade path. I can't > [fully] > > upgrade from one OpenBSD release to another (unless following STABLE > > gets me from one RELEASE to another, but AFAIK it does not). I cannot > > seamlessly upgrade from Free/PC-BSD 8.x to 9.x. Instead I must > > re-install from scrach. The same goes for CentOS/RHEL 5.x to 6.x, and > > for every version of Mint Linux. > > Not really sure what you mean by 'fully' upgrade. Doing the normal > upgrade and then 'pkg_add -ui' does it all for me. It does not > magically upgrade database structures, etc. of course, but what > does? > > > > > The two major commercial operating systems (considered to be evil by > > the FOSS community) easily upgrade from one version to the next. > That's > > important in a real-life production environment. In 2001, I upgraded > > 200 workstations and 7 servers from Windows NT 4.0 to Windows 2000 > > without incident. I've had similar experience with all subsiquent > > MicroEvil systems. I do hate MicroEvil, but I can make only limited > > conclusions regarding the upgrade paths of other operating systems: > > > > 1) Your project exists only for the sake of doing the project, and > for > > the technologies that it produces (such as OpenSSH). > > True, but not relevant to your case I think. > > > > > 2) Folks are expected to install a version of OpenBSD, but not > upgrade > > because there's no reason to fix something that isn't broken. > > Something is *always* broken. OpenBSD *strongly* recommends upgrading > every six months with every release. We give strong impetus for this > by not supporting more than 1 release back. We *expect* everyone to > be keeping up. > > > > > 3) OpenBSD is only for organizations who have so few servers or so > many > > IT folks that re-installing everything from scratch is not inviably > > cumbersome. > > Untrue. Many organizations have large number of OpenBSD boxes. A > full manual 'official method' upgrade (including a few hundred > packages!) usually takes me less than twenty minutes, including > backing up the old and new configuration (a.k.a. /etc, /var) > information. Certain *vastly* less time than it ever takes me or > those I watch (giggling) to upgrade any version of Windows and the > packages thereon. And that's including full bore enterprise situations > with outsourcing 'experts', SCM (or whatever MS calls it these > days), multi-gigabit network everywhere, etc. > > There are various automated install tools out there too, but not > (yet) officially part of the release. > > > > > 4) I am oblivious to some upgrade path technique for FOSS operating > > systems. > > Merely lacking experience I'd say. > > Ken > > > > > Please enlighten me. > > > > Respectfully Submitted, > > R. Toby Richards > > Network Administrator > > Superior Court of California > > In and for the County of San Luis Obispo > > (805
Re: Upgrading OpenBSD
On 5/21/12 9:34 PM, Matthew Weigel wrote: On 21.05.2012 22:45, Richards, Toby wrote: Granted: I do hold an MCSE certification, but I don't need it. The upgrade just works. Well... despite occasional BSOD's ;) I admit this kind of made me chuckle: http://www.linkedin.com/pub/toby-richards/37/71a/474 Oy vey, And this guy holds a degree from Santa Clara Univ? Toby, $40K/ year for this? Mehma
Re: Upgrading OpenBSD
> Outstanding point. The thing is this: With MS > PHP is clearly distinct from the OS. I go get it > from php.org. With BSD I must rely on the > package system. That is balony. On OpenBSD, you get PHP yourself, too. PHP is not part of OpenBSD. The package tree is a convenience. If you expect us to take care of everything (including wiping your bum) you've made a mistake. Even Microsoft won't wipe your bum, unless you pay a lot. To me it sounds like you are used to paying a lot, and now you expect the same from us, who you don't pay at all. That is a rude approach.
Re: Upgrading OpenBSD
On 21.05.2012 22:45, Richards, Toby wrote: Okay, let's compare upgrading OpenBSD 4.9 + Nginx + PHP 5.2.x to OpenBSD 5.0 + Nginx + PHP 5.3.x vice upgrading Windows 2003 + IIS 6 + ASPDotNet 3.5 to Windows 2008 + IIS 7.0 + ASPDotNet 4.0. In my experience, the MicroEvil Upgrade works without breaking any of my web apps. First, can we just call it Microsoft? Everyone knows what you're talking about. Second, can you confirm that you understand you are comparing the default web stack on Windows with a custom web stack on OpenBSD? The default web stack on OpenBSD (although I think it's changing or it has changed) is Apache + CGI. What was wrong with that? Third, can we agree that if you are choosing to use Nginx and PHP, you are trying to solve problems that IIS and ASP.Net can't, and if you are content with IIS and ASP.Net, there was no reason for you to go out of your way to use Nginx and PHP? Whether you feel you have "no choice" but to use packages... you do, PHP and Nginx are separate software developed by people not working on OpenBSD. The OpenBSD upgrade gets confused about Nginx versions and PHP versions. Maybe it gets less confused if I happen to know about some system variable that describes the version of PHP that I want. http://www.openbsd.org/faq/upgrade50.html#Pkgup I actually disagree with one of the other responders, that doing an OS upgrade and running "pkg_add -ui" is sufficient. Reading the upgrade guide painstakingly maintained by the developers, and following it, is pretty much always your best path. It's short, to the point, and not any different from the release notes that a responsible admin reads when upgrading Windows servers, or Solaris servers, or hundreds of desktops of any kind. The problem you describe was called out, emphasized, warned about. The specific (simple) steps you needed to take to mitigate this problem were documented, and documented in a place that's been consistent every six months for 8 years. Granted: I do hold an MCSE certification, but I don't need it. The upgrade just works. Well... despite occasional BSOD's ;) I admit this kind of made me chuckle: http://www.linkedin.com/pub/toby-richards/37/71a/474 -- Matthew Weigel hacker unique & idempot . ent
Nuevo Edificio en Miraflores. publicidad se git
[demime 1.01d removed an attachment of type image/jpeg which had a name of tintercelular.jpg] [demime 1.01d removed an attachment of type image/jpeg which had a name of tbiodinamica.jpg] [demime 1.01d removed an attachment of type image/jpeg which had a name of naferramiento.jpg]
Re: Upgrading OpenBSD
>Outstanding point. The thing is this: With MS >PHP is clearly distinct from the OS. I go get it >from php.org. With BSD I must rely on the >package system. This is taking up a lot of ink; is this a genuine enquiry or a provocation? Search for "Extraneous entries for Visual C++ Standard hotfixes" and ponder the litany of known issues. -- p
Re: Upgrading OpenBSD
Outstanding point. The thing is this: With MS PHP is clearly distinct from the OS. I go get it from php.org. With BSD I must rely on the package system. Respectfully Submitted, R. Toby Richards Network Administrator Superior Court of California In and for the County of San Luis Obispo (805) 781-4150 From: Ted Unangst [t...@tedunangst.com] Sent: Monday, May 21, 2012 8:41 PM To: Richards, Toby Cc: Mike Erdely; misc@openbsd.org Subject: Re: Upgrading OpenBSD On Mon, May 21, 2012 at 19:20, Richards, Toby wrote: > Will pkg_add -ui upgrade between major releases, such as php 5.2.x => 5.3.x? > When I upgraded OpenBSD 4.9 => 5.0, there was a huge issue because > it supported both PHP 5.2.x AND 5.3.x. I'd have loved to seamlessly > upgraded to 5.3.x, but the support of both made it nearly > impossible. If you had php 5.2 installed on Windows NT, would upgrading to win2k have upgraded php to 5.3 at the same time? I think your expectation that upgrading the OS will upgrade the applications is a little warped, because it's clearly not what happens with commercial operating systems.
Re: Upgrading OpenBSD
Okay, let's compare upgrading OpenBSD 4.9 + Nginx + PHP 5.2.x to OpenBSD 5.0 + Nginx + PHP 5.3.x vice upgrading Windows 2003 + IIS 6 + ASPDotNet 3.5 to Windows 2008 + IIS 7.0 + ASPDotNet 4.0. In my experience, the MicroEvil Upgrade works without breaking any of my web apps. The OpenBSD upgrade gets confused about Nginx versions and PHP versions. Maybe it gets less confused if I happen to know about some system variable that describes the version of PHP that I want. Granted: I do hold an MCSE certification, but I don't need it. The upgrade just works. Well... despite occasional BSOD's ;) I really *really* want to go the BSD path, but it seems so much more difficult. Respectfully Submitted, R. Toby Richards Network Administrator Superior Court of California In and for the County of San Luis Obispo (805) 781-4150 From: Kenneth R Westerback [kwesterb...@rogers.com] Sent: Monday, May 21, 2012 8:01 PM To: Richards, Toby Cc: misc@openbsd.org Subject: Re: Upgrading OpenBSD On Mon, May 21, 2012 at 06:43:19PM -0700, Richards, Toby wrote: > While my question involves other BSD's as well as Linux systems, I am > asking this here because OpenBSD's philosophy is the most attractive > to me. > > I've got about 50 servers to manage. OpenBSD does have an Upgrade > option, but does it upgrade the installed packages? As far as I can > tell, it does not. I do very much appreciate the technology that has > come from the OpenBSD project, yet it seems to me that most *free* > operating systems do not fully support an upgrade path. I can't [fully] > upgrade from one OpenBSD release to another (unless following STABLE > gets me from one RELEASE to another, but AFAIK it does not). I cannot > seamlessly upgrade from Free/PC-BSD 8.x to 9.x. Instead I must > re-install from scrach. The same goes for CentOS/RHEL 5.x to 6.x, and > for every version of Mint Linux. Not really sure what you mean by 'fully' upgrade. Doing the normal upgrade and then 'pkg_add -ui' does it all for me. It does not magically upgrade database structures, etc. of course, but what does? > > The two major commercial operating systems (considered to be evil by > the FOSS community) easily upgrade from one version to the next. That's > important in a real-life production environment. In 2001, I upgraded > 200 workstations and 7 servers from Windows NT 4.0 to Windows 2000 > without incident. I've had similar experience with all subsiquent > MicroEvil systems. I do hate MicroEvil, but I can make only limited > conclusions regarding the upgrade paths of other operating systems: > > 1) Your project exists only for the sake of doing the project, and for > the technologies that it produces (such as OpenSSH). True, but not relevant to your case I think. > > 2) Folks are expected to install a version of OpenBSD, but not upgrade > because there's no reason to fix something that isn't broken. Something is *always* broken. OpenBSD *strongly* recommends upgrading every six months with every release. We give strong impetus for this by not supporting more than 1 release back. We *expect* everyone to be keeping up. > > 3) OpenBSD is only for organizations who have so few servers or so many > IT folks that re-installing everything from scratch is not inviably > cumbersome. Untrue. Many organizations have large number of OpenBSD boxes. A full manual 'official method' upgrade (including a few hundred packages!) usually takes me less than twenty minutes, including backing up the old and new configuration (a.k.a. /etc, /var) information. Certain *vastly* less time than it ever takes me or those I watch (giggling) to upgrade any version of Windows and the packages thereon. And that's including full bore enterprise situations with outsourcing 'experts', SCM (or whatever MS calls it these days), multi-gigabit network everywhere, etc. There are various automated install tools out there too, but not (yet) officially part of the release. > > 4) I am oblivious to some upgrade path technique for FOSS operating > systems. Merely lacking experience I'd say. Ken > > Please enlighten me. > > Respectfully Submitted, > R. Toby Richards > Network Administrator > Superior Court of California > In and for the County of San Luis Obispo > (805) 781-4150
Re: Upgrading OpenBSD
On Mon, May 21, 2012 at 19:20, Richards, Toby wrote: > Will pkg_add -ui upgrade between major releases, such as php 5.2.x => 5.3.x? > When I upgraded OpenBSD 4.9 => 5.0, there was a huge issue because > it supported both PHP 5.2.x AND 5.3.x. I'd have loved to seamlessly > upgraded to 5.3.x, but the support of both made it nearly > impossible. If you had php 5.2 installed on Windows NT, would upgrading to win2k have upgraded php to 5.3 at the same time? I think your expectation that upgrading the OS will upgrade the applications is a little warped, because it's clearly not what happens with commercial operating systems.
Re: Upgrading OpenBSD
On Mon, May 21, 2012 at 06:43:19PM -0700, Richards, Toby wrote: > While my question involves other BSD's as well as Linux systems, I am > asking this here because OpenBSD's philosophy is the most attractive > to me. > > I've got about 50 servers to manage. OpenBSD does have an Upgrade > option, but does it upgrade the installed packages? As far as I can > tell, it does not. I do very much appreciate the technology that has > come from the OpenBSD project, yet it seems to me that most *free* > operating systems do not fully support an upgrade path. I can't [fully] > upgrade from one OpenBSD release to another (unless following STABLE > gets me from one RELEASE to another, but AFAIK it does not). I cannot > seamlessly upgrade from Free/PC-BSD 8.x to 9.x. Instead I must > re-install from scrach. The same goes for CentOS/RHEL 5.x to 6.x, and > for every version of Mint Linux. Not really sure what you mean by 'fully' upgrade. Doing the normal upgrade and then 'pkg_add -ui' does it all for me. It does not magically upgrade database structures, etc. of course, but what does? > > The two major commercial operating systems (considered to be evil by > the FOSS community) easily upgrade from one version to the next. That's > important in a real-life production environment. In 2001, I upgraded > 200 workstations and 7 servers from Windows NT 4.0 to Windows 2000 > without incident. I've had similar experience with all subsiquent > MicroEvil systems. I do hate MicroEvil, but I can make only limited > conclusions regarding the upgrade paths of other operating systems: > > 1) Your project exists only for the sake of doing the project, and for > the technologies that it produces (such as OpenSSH). True, but not relevant to your case I think. > > 2) Folks are expected to install a version of OpenBSD, but not upgrade > because there's no reason to fix something that isn't broken. Something is *always* broken. OpenBSD *strongly* recommends upgrading every six months with every release. We give strong impetus for this by not supporting more than 1 release back. We *expect* everyone to be keeping up. > > 3) OpenBSD is only for organizations who have so few servers or so many > IT folks that re-installing everything from scratch is not inviably > cumbersome. Untrue. Many organizations have large number of OpenBSD boxes. A full manual 'official method' upgrade (including a few hundred packages!) usually takes me less than twenty minutes, including backing up the old and new configuration (a.k.a. /etc, /var) information. Certain *vastly* less time than it ever takes me or those I watch (giggling) to upgrade any version of Windows and the packages thereon. And that's including full bore enterprise situations with outsourcing 'experts', SCM (or whatever MS calls it these days), multi-gigabit network everywhere, etc. There are various automated install tools out there too, but not (yet) officially part of the release. > > 4) I am oblivious to some upgrade path technique for FOSS operating > systems. Merely lacking experience I'd say. Ken > > Please enlighten me. > > Respectfully Submitted, > R. Toby Richards > Network Administrator > Superior Court of California > In and for the County of San Luis Obispo > (805) 781-4150
Re: Upgrading OpenBSD
Dump/restore can work remarkably like Symantek/Norton Ghost in this situation. Get one machine as flawless as possible, then do a dump onto a spare hard drive. Burn it to a DVD if you like. Then restore onto your target machines. You may have to fiddle with installboot to make the clones bootable. The clones will all have the same IP address so change those before you connect them to a network. If they're DHCP you should be all set. If you stick with the generic kernel the OS is very hardware-independent. I've actually taken a hard drive out of an AMD machine and it booted right up in an Intel machine. The biggest problem is if the network cards are different those have to be configured. Upgrades are usually messy with old files hanging around, better to do one clean new install and clone it. Alan On Mon, 21 May 2012, Richards, Toby wrote: While my question involves other BSD's as well as Linux systems, I am asking this here because OpenBSD's philosophy is the most attractive to me. I've got about 50 servers to manage. OpenBSD does have an Upgrade option, but does it upgrade the installed packages? As far as I can tell, it does not. I do very much appreciate the technology that has come from the OpenBSD project, yet it seems to me that most *free* operating systems do not fully support an upgrade path. I can't [fully] upgrade from one OpenBSD release to another (unless following STABLE gets me from one RELEASE to another, but AFAIK it does not). I cannot seamlessly upgrade from Free/PC-BSD 8.x to 9.x. Instead I must re-install from scrach. The same goes for CentOS/RHEL 5.x to 6.x, and for every version of Mint Linux. The two major commercial operating systems (considered to be evil by the FOSS community) easily upgrade from one version to the next. That's important in a real-life production environment. In 2001, I upgraded 200 workstations and 7 servers from Windows NT 4.0 to Windows 2000 without incident. I've had similar experience with all subsiquent MicroEvil systems. I do hate MicroEvil, but I can make only limited conclusions regarding the upgrade paths of other operating systems: 1) Your project exists only for the sake of doing the project, and for the technologies that it produces (such as OpenSSH). 2) Folks are expected to install a version of OpenBSD, but not upgrade because there's no reason to fix something that isn't broken. 3) OpenBSD is only for organizations who have so few servers or so many IT folks that re-installing everything from scratch is not inviably cumbersome. 4) I am oblivious to some upgrade path technique for FOSS operating systems. Please enlighten me. Respectfully Submitted, R. Toby Richards Network Administrator Superior Court of California In and for the County of San Luis Obispo (805) 781-4150
Re: Upgrading OpenBSD
Quoting "Richards, Toby" : > Will pkg_add -ui upgrade between major releases, such as php 5.2.x => > 5.3.x? > When I upgraded OpenBSD 4.9 => 5.0, there was a huge issue because > it supported both PHP 5.2.x AND 5.3.x. I'd have loved to seamlessly > upgraded to 5.3.x, but the support of both made it nearly > impossible. PHP 5.2.x and PHP 5.3.x are different streams of PHP - you can't assume that a PHP 5.2.x code base will work on 5.3. http://www.php.net/manual/en/migration53.incompatible.php So, no, something major like that needs a bit of thinking, regardless of OS. You'd be up the creek without a paddle if your X hundred websites based on some PHP 5.2 feature stopped working with PHP 5.3, wouldn't you? I've been upgrading FreeBSD and OpenBSD for the last few years (base + ports/packages) and both have been absolutely rock solid ... sometimes there's a little more thinking required on the administrator's part first - the system can't guess your intentions. You want to be on MySQL 5.1 or 5.5? PHP 5.4? Apache 2.4? I don't want the upgrade making those choices for me ... > > > Respectfully Submitted, > R. Toby Richards > Network Administrator > Superior Court of California > In and for the County of San Luis Obispo > (805) 781-4150 > > From: Mike Erdely [m...@erdelynet.com] > Sent: Monday, May 21, 2012 7:05 PM > To: Richards, Toby > Cc: misc@openbsd.org > Subject: Re: Upgrading OpenBSD > > On Mon, May 21, 2012 at 9:43 PM, Richards, Toby > wrote: > > OpenBSD does have an Upgrade > > option, but does it upgrade the installed packages? > > pkg_add -
Re: Upgrading OpenBSD
On Mon, May 21, 2012 at 06:43:19PM -0700, Richards, Toby wrote: > The two major commercial operating systems (considered to be evil by > the FOSS community) easily upgrade from one version to the next. That's > important in a real-life production environment. In 2001, I upgraded > 200 workstations and 7 servers from Windows NT 4.0 to Windows 2000 > without incident. I've had similar experience with all subsiquent > MicroEvil systems. I do hate MicroEvil, but I can make only limited I have seen applications break after Windows upgrades, I have seen completely seamless OpenBSD upgrades. I don't think this is a realistic comparison to make. > conclusions regarding the upgrade paths of other operating systems: > > 1) Your project exists only for the sake of doing the project, and for > the technologies that it produces (such as OpenSSH). This seems to imply no realworld use? Couldn't be further from the truth. > 2) Folks are expected to install a version of OpenBSD, but not upgrade > because there's no reason to fix something that isn't broken. Not true. Don't upgrade at your own peril, because the security will fall behind. Being hacked is a more reasonable expectation with not upgrading production systems. > 3) OpenBSD is only for organizations who have so few servers or so many > IT folks that re-installing everything from scratch is not inviably > cumbersome. Also not true. One person could easily manage 50 OpenBSD servers, they just need to skill up on the relevant management tools. > 4) I am oblivious to some upgrade path technique for FOSS operating > systems. > > Please enlighten me. We could lead you to the water, but would you drink? The best you could do is try OpenBSD out for yourself, and do some reading up.
Re: Upgrading OpenBSD
> > On Mon, May 21, 2012 at 9:43 PM, Richards, Toby > > wrote: > >> OpenBSD does have an Upgrade > >> option, but does it upgrade the installed packages? > > > > pkg_add -ui > > Even more relevant: http://www.openbsd.org/faq/upgrade51.html > > Interestingly, when I upgrade a Windows machine, there isn't a command like > pkg_add to update Acrobat Reader, Flash, Firefox, OpenOffice, Emacs, VLC, or > any of my other installed software. Even my Microsoft software like Visual > Studio or SQL Server doesn't get upgraded. And somehow people manage to get by without chatting about it on m...@microsoft.com. Learn your tools. From hammers to saws to cars to operating systems, it is all the same.
Re: Upgrading OpenBSD
On May 21, 2012, at 9:05 PM, Mike Erdely wrote: > On Mon, May 21, 2012 at 9:43 PM, Richards, Toby > wrote: >> OpenBSD does have an Upgrade >> option, but does it upgrade the installed packages? > > pkg_add -ui Even more relevant: http://www.openbsd.org/faq/upgrade51.html Interestingly, when I upgrade a Windows machine, there isn't a command like pkg_add to update Acrobat Reader, Flash, Firefox, OpenOffice, Emacs, VLC, or any of my other installed software. Even my Microsoft software like Visual Studio or SQL Server doesn't get upgraded. -- Matthew Weigel
Re: Upgrading OpenBSD
Will pkg_add -ui upgrade between major releases, such as php 5.2.x => 5.3.x? When I upgraded OpenBSD 4.9 => 5.0, there was a huge issue because it supported both PHP 5.2.x AND 5.3.x. I'd have loved to seamlessly upgraded to 5.3.x, but the support of both made it nearly impossible. Respectfully Submitted, R. Toby Richards Network Administrator Superior Court of California In and for the County of San Luis Obispo (805) 781-4150 From: Mike Erdely [m...@erdelynet.com] Sent: Monday, May 21, 2012 7:05 PM To: Richards, Toby Cc: misc@openbsd.org Subject: Re: Upgrading OpenBSD On Mon, May 21, 2012 at 9:43 PM, Richards, Toby wrote: > OpenBSD does have an Upgrade > option, but does it upgrade the installed packages? pkg_add -
Re: routeuvm_fault panic while starting LDPd
On Mon, May 21, 2012 at 11:05 PM, Rafael Zalamena wrote: > On Mon, May 21, 2012 at 5:16 PM, Claudio Jeker wrote: >> On Thu, May 10, 2012 at 08:19:58PM -0300, Rafael Zalamena wrote: >>> While I was configuring a new ALIX to my MPLS setup a panic ocurred >>> while starting LDPd daemon. >>> >>> Steps: >>> 1. Configure all interfaces using /etc/hostname.*, then run 'sh >>> /etc/netstart' >>> 2. Configure ospfd.conf, then start it: ospfd -dv & >>> 3. Configure ldpd.conf, then start it: ldpd -dv >>> 4. Panic >>> >>> I'll send the ospfd.conf and ldpd.conf next mail. I'm using OpenBSD >>> 5.1-release on all 3 ALIX now, it happened while I was setting up the >>> last ALIX connected to the other two. >>> >>> p.s. note the scrambled print output of LDPd before dying. >>> >> >> >>> Panic log >>> === >>> # ldpd -dv >>> startup >>> kernel add routeuvm_fault(0xd54e5bf4, 0x0, 0, 1) -> e >>> 0.0.0.0/0 >>> kernkel add route 10.e0.3.0/24 >>> kernelr add route 10.0.n4.0/24 >>> kernel aedd route 10.0.10l.3/32 >>> kernel ad:d route 192.168. 3.0/24 >>> page fault trap, code=0 >>> Stopped at ifaof_ifpforaddr+0x26: movl0x14(%edx),%edx >> >>> ddb> trace >>> ifaof_ifpforaddr(d11884d8,0,0,d03e6afd,d09e1220) at ifaof_ifpforaddr+0x26 >>> ifa_ifwithroute(140003,d11884d8,d11884e8,0,d09e1220) at ifa_ifwithroute+0x61 >>> rt_getifa(d8c9acfc,0,d1188a0c,2,0) at rt_getifa+0xe2 >>> rtrequest1(1,d8c9acfc,8,d8c9ad54,0) at rtrequest1+0x5f7 >>> route_output(d54ebb00,d5358008,d54ebb00,0,0) at route_output+0xe29 >>> route_usrreq(d5358008,9,d54ebb00,0,0) at route_usrreq+0x65 >>> sosend(d5358008,0,d8c9aec0,d54ebb00,0) at sosend+0x456 >>> soo_write(d54d2370,d54d238c,d8c9aec0,d54f23c0,d54e44c8) at soo_write+0x3b >>> dofilewritev(d54df680,4,d54d2370,cfbf3f40,3) at dofilewritev+0x131 >>> sys_writev(d54df680,d8c9af64,d8c9af84,d0576b0a,d54df680) at sys_writev+0x7c >>> syscall() at syscall+0x26a >>> --- syscall (number 0) --- >>> 0x2: >>> ddb> >> >> The ifp passed to ifaof_ifpforaddr() is NULL. How that can happen is >> unclear to me, it seems like the found ifa is not valid anymore. >> Is this crash easy to trigger? Can I get you're hostname.* files, >> ospfd.conf and ldpd.conf for all three boxes? >> > > ALIX3: (this one panic'ed) > ==> /etc/hostname.lo1 > 10.0.10.3/32 > ==> /etc/hostname.mpe0 > mplslabel 666 > 192.168.3.200/32 > ==> /etc/hostname.vr0 > 192.168.3.200/24 > ==> /etc/hostname.vr1 > 10.0.4.2/24 mpls > ==> /etc/hostname.vr2 > 10.0.3.1/24 mpls > ==> /etc/ospfd.conf > router-id 10.0.10.3 > > area 0.0.0.0 { >interface vr0 >interface vr1 >interface vr2 >interface lo1 > } > ==> /etc/ldpd.conf > router-id 10.0.10.3 > > interface vr1 > interface vr2 > > > ALIX2: > ==> /etc/hostname.lo1 > 10.0.10.2/32 > ==> /etc/hostname.vr1 > 10.0.3.2/24 mpls > ==> /etc/hostname.vr2 > 10.0.1.2/24 mpls > ==> /etc/ospfd.conf > router-id 10.0.10.2 > > area 0.0.0.0 { >interface vr1 >interface vr2 >interface lo1 > } > ==> /etc/ldpd.conf > router-id 10.0.10.2 > > interface vr1 > interface vr2 > > > ALIX1: > ==> /etc/hostname.lo1 > 10.0.10.1/32 > ==> /etc/hostname.mpe0 > mplslabel 666 > 192.168.1.200/32 > ==> /etc/hostname.vr0 > 192.168.1.200/24 > !route add default 192.168.1.254 > ==> /etc/hostname.vr1 > 10.0.1.1/24 mpls > ==> /etc/hostname.vr2 > 10.0.2.1/24 mpls > ==> /etc/ospfd.conf > router-id 10.0.10.1 > > area 0.0.0.0 { >interface vr0 >interface vr1 >interface vr2 >interface lo1 > } > ==> /etc/ldpd.conf > router-id 10.0.10.1 > > interface vr1 > interface vr2 > > > The setup topology is: http://dl.dropbox.com/u/222135/partial.png > For more information about the setup, please see the "MPLS Setup" thread I made. > > Steps to reproduce: > 1 - Configure ALIX1 interfaces, ospf, ldpd > 2 - Start interfaces and then daemons (ospf first) > 3 - Repeate for 2 and 3. > 4 - While repeating the process for ALIX3 it panics. > > ALIX 3 crashed while starting LDPd with the others running (maybe its > a event storm thing?). I might have forgotten something, but once > everything is placed it doesn't happen anymore, so we can try to > reproduce it by reconfiguring one of the hosts while the others one > are working. > > Configuration showing script: > for i in `ls -1 /etc/hostname.*`; do \ > echo "==> $i"; \ > cat $i; \ > done; \ > echo "==> /etc/ospfd.conf"; \ > cat /etc/ospfd.conf; \ > echo "==> /etc/ldpd.conf"; \ > cat /etc/ldpd.conf; OK, after just a little bit of thinkering I've got something. After booting up ALIX1, I played some commands and here is what I've got. # ifconfig vr0 alias delete # pkill ldpd # ldpd -dv & [1] 1730 # startup ]accept_add: acceuvm_fault(0xd54eb880, 0x0, 0, 1) -> e pting on fd 11 kaccept_add: acceepting on fd 9 irf_act_start: intnerface vr2 link edown if_fsm: evlent UP resulted :in action START and changing stapte for interfacea vr2 from DOWN tgo ACTIVE if_fsme: event UP resul ted in action STfART and changinga state for interuface vr1 from DOlWN to ACT
Re: routeuvm_fault panic while starting LDPd
On Mon, May 21, 2012 at 5:16 PM, Claudio Jeker wrote: > On Thu, May 10, 2012 at 08:19:58PM -0300, Rafael Zalamena wrote: >> While I was configuring a new ALIX to my MPLS setup a panic ocurred >> while starting LDPd daemon. >> >> Steps: >> 1. Configure all interfaces using /etc/hostname.*, then run 'sh >> /etc/netstart' >> 2. Configure ospfd.conf, then start it: ospfd -dv & >> 3. Configure ldpd.conf, then start it: ldpd -dv >> 4. Panic >> >> I'll send the ospfd.conf and ldpd.conf next mail. I'm using OpenBSD >> 5.1-release on all 3 ALIX now, it happened while I was setting up the >> last ALIX connected to the other two. >> >> p.s. note the scrambled print output of LDPd before dying. >> > > >> Panic log >> === >> # ldpd -dv >> startup >> kernel add routeuvm_fault(0xd54e5bf4, 0x0, 0, 1) -> e >> 0.0.0.0/0 >> kernkel add route 10.e0.3.0/24 >> kernelr add route 10.0.n4.0/24 >> kernel aedd route 10.0.10l.3/32 >> kernel ad:d route 192.168. 3.0/24 >> page fault trap, code=0 >> Stopped at ifaof_ifpforaddr+0x26: movl0x14(%edx),%edx > >> ddb> trace >> ifaof_ifpforaddr(d11884d8,0,0,d03e6afd,d09e1220) at ifaof_ifpforaddr+0x26 >> ifa_ifwithroute(140003,d11884d8,d11884e8,0,d09e1220) at ifa_ifwithroute+0x61 >> rt_getifa(d8c9acfc,0,d1188a0c,2,0) at rt_getifa+0xe2 >> rtrequest1(1,d8c9acfc,8,d8c9ad54,0) at rtrequest1+0x5f7 >> route_output(d54ebb00,d5358008,d54ebb00,0,0) at route_output+0xe29 >> route_usrreq(d5358008,9,d54ebb00,0,0) at route_usrreq+0x65 >> sosend(d5358008,0,d8c9aec0,d54ebb00,0) at sosend+0x456 >> soo_write(d54d2370,d54d238c,d8c9aec0,d54f23c0,d54e44c8) at soo_write+0x3b >> dofilewritev(d54df680,4,d54d2370,cfbf3f40,3) at dofilewritev+0x131 >> sys_writev(d54df680,d8c9af64,d8c9af84,d0576b0a,d54df680) at sys_writev+0x7c >> syscall() at syscall+0x26a >> --- syscall (number 0) --- >> 0x2: >> ddb> > > The ifp passed to ifaof_ifpforaddr() is NULL. How that can happen is > unclear to me, it seems like the found ifa is not valid anymore. > Is this crash easy to trigger? Can I get you're hostname.* files, > ospfd.conf and ldpd.conf for all three boxes? > ALIX3: (this one panic'ed) ==> /etc/hostname.lo1 10.0.10.3/32 ==> /etc/hostname.mpe0 mplslabel 666 192.168.3.200/32 ==> /etc/hostname.vr0 192.168.3.200/24 ==> /etc/hostname.vr1 10.0.4.2/24 mpls ==> /etc/hostname.vr2 10.0.3.1/24 mpls ==> /etc/ospfd.conf router-id 10.0.10.3 area 0.0.0.0 { interface vr0 interface vr1 interface vr2 interface lo1 } ==> /etc/ldpd.conf router-id 10.0.10.3 interface vr1 interface vr2 ALIX2: ==> /etc/hostname.lo1 10.0.10.2/32 ==> /etc/hostname.vr1 10.0.3.2/24 mpls ==> /etc/hostname.vr2 10.0.1.2/24 mpls ==> /etc/ospfd.conf router-id 10.0.10.2 area 0.0.0.0 { interface vr1 interface vr2 interface lo1 } ==> /etc/ldpd.conf router-id 10.0.10.2 interface vr1 interface vr2 ALIX1: ==> /etc/hostname.lo1 10.0.10.1/32 ==> /etc/hostname.mpe0 mplslabel 666 192.168.1.200/32 ==> /etc/hostname.vr0 192.168.1.200/24 !route add default 192.168.1.254 ==> /etc/hostname.vr1 10.0.1.1/24 mpls ==> /etc/hostname.vr2 10.0.2.1/24 mpls ==> /etc/ospfd.conf router-id 10.0.10.1 area 0.0.0.0 { interface vr0 interface vr1 interface vr2 interface lo1 } ==> /etc/ldpd.conf router-id 10.0.10.1 interface vr1 interface vr2 The setup topology is: http://dl.dropbox.com/u/222135/partial.png For more information about the setup, please see the "MPLS Setup" thread I made. Steps to reproduce: 1 - Configure ALIX1 interfaces, ospf, ldpd 2 - Start interfaces and then daemons (ospf first) 3 - Repeate for 2 and 3. 4 - While repeating the process for ALIX3 it panics. ALIX 3 crashed while starting LDPd with the others running (maybe its a event storm thing?). I might have forgotten something, but once everything is placed it doesn't happen anymore, so we can try to reproduce it by reconfiguring one of the hosts while the others one are working. Configuration showing script: for i in `ls -1 /etc/hostname.*`; do \ echo "==> $i"; \ cat $i; \ done; \ echo "==> /etc/ospfd.conf"; \ cat /etc/ospfd.conf; \ echo "==> /etc/ldpd.conf"; \ cat /etc/ldpd.conf;
Re: Upgrading OpenBSD
On Mon, May 21, 2012 at 9:43 PM, Richards, Toby wrote: > OpenBSD does have an Upgrade > option, but does it upgrade the installed packages? pkg_add -ui
Re: Upgrading OpenBSD
In freebsd you could use portupgrade or portmaster; I dont know what the openbsd options are. On May 21, 2012 6:48 PM, "Richards, Toby" wrote: > While my question involves other BSD's as well as Linux systems, I am > asking this here because OpenBSD's philosophy is the most attractive > to me. > > I've got about 50 servers to manage. OpenBSD does have an Upgrade > option, but does it upgrade the installed packages? As far as I can > tell, it does not. I do very much appreciate the technology that has > come from the OpenBSD project, yet it seems to me that most *free* > operating systems do not fully support an upgrade path. I can't [fully] > upgrade from one OpenBSD release to another (unless following STABLE > gets me from one RELEASE to another, but AFAIK it does not). I cannot > seamlessly upgrade from Free/PC-BSD 8.x to 9.x. Instead I must > re-install from scrach. The same goes for CentOS/RHEL 5.x to 6.x, and > for every version of Mint Linux. > > The two major commercial operating systems (considered to be evil by > the FOSS community) easily upgrade from one version to the next. That's > important in a real-life production environment. In 2001, I upgraded > 200 workstations and 7 servers from Windows NT 4.0 to Windows 2000 > without incident. I've had similar experience with all subsiquent > MicroEvil systems. I do hate MicroEvil, but I can make only limited > conclusions regarding the upgrade paths of other operating systems: > > 1) Your project exists only for the sake of doing the project, and for > the technologies that it produces (such as OpenSSH). > > 2) Folks are expected to install a version of OpenBSD, but not upgrade > because there's no reason to fix something that isn't broken. > > 3) OpenBSD is only for organizations who have so few servers or so many > IT folks that re-installing everything from scratch is not inviably > cumbersome. > > 4) I am oblivious to some upgrade path technique for FOSS operating > systems. > > Please enlighten me. > > Respectfully Submitted, > R. Toby Richards > Network Administrator > Superior Court of California > In and for the County of San Luis Obispo > (805) 781-4150
Fab Faya Newsletter 16 - Fab Faya @ Masquerade Istanbul (Turkey)
Newsletter #16 Don't want to receive this e-mail ? Send your adress with the word "Delete" and your e-mail adress to newslett...@fabfaya.com http://www.fabfaya.com i...@fabfaya.com Fab Faya Official website Don't want to receive this e-mail ? Send your adress with the word "Delete" and your e-mail adress to newslett...@fabfaya.com
Upgrading OpenBSD
While my question involves other BSD's as well as Linux systems, I am asking this here because OpenBSD's philosophy is the most attractive to me. I've got about 50 servers to manage. OpenBSD does have an Upgrade option, but does it upgrade the installed packages? As far as I can tell, it does not. I do very much appreciate the technology that has come from the OpenBSD project, yet it seems to me that most *free* operating systems do not fully support an upgrade path. I can't [fully] upgrade from one OpenBSD release to another (unless following STABLE gets me from one RELEASE to another, but AFAIK it does not). I cannot seamlessly upgrade from Free/PC-BSD 8.x to 9.x. Instead I must re-install from scrach. The same goes for CentOS/RHEL 5.x to 6.x, and for every version of Mint Linux. The two major commercial operating systems (considered to be evil by the FOSS community) easily upgrade from one version to the next. That's important in a real-life production environment. In 2001, I upgraded 200 workstations and 7 servers from Windows NT 4.0 to Windows 2000 without incident. I've had similar experience with all subsiquent MicroEvil systems. I do hate MicroEvil, but I can make only limited conclusions regarding the upgrade paths of other operating systems: 1) Your project exists only for the sake of doing the project, and for the technologies that it produces (such as OpenSSH). 2) Folks are expected to install a version of OpenBSD, but not upgrade because there's no reason to fix something that isn't broken. 3) OpenBSD is only for organizations who have so few servers or so many IT folks that re-installing everything from scratch is not inviably cumbersome. 4) I am oblivious to some upgrade path technique for FOSS operating systems. Please enlighten me. Respectfully Submitted, R. Toby Richards Network Administrator Superior Court of California In and for the County of San Luis Obispo (805) 781-4150
Re: Tuning for pppoe over fibre 30M/1M link
> FWIW, I have 20M/5M VDSL service at home and have zero issue doing > 20Mbps with OpenBSD as my pppoe-based firewall. That said, while I > wouldn't expect a 300MHz machine to limit you to 2.4Mbps, it is a bit > weak--and rl NICs are some of the worst out there. Curiously, when > doing 2.4Mbps, what does top show for interrupts? For comparison, > when I'm doing 20Mbps, my interrupts are at 5-6% using em and fxp > NICs. Good point. 1MB/s is the best I can get with this HW on a local network test. The interrupts max out. I would still like to find out why I only get 300KB/s through the pppoe. 1MB/s would be a nice improvement, and I could put up with it, for sake of having OpenBSD security until I get around to upgrading the HW. Can anyone recommend an embedded product that would be adequette for 100Mbps? (thinking of future network upgrades). Cheers, .d.d.
MPLS VPN with GRE tunnels between PEs
Hi, I am trying to set up a Layer 3 MPLS VPN (RFC 4364) with GRE tunnels between PEs (RFC 4797) instead of an MPLS backbone. I have followed the instructions in the "Demystifying MPLS" paper ( http://2011.eurobsdcon.org/papers/jeker/MPLS.pdf), and on the following mailing list posts: http://old.nabble.com/BGP-MPLS-VPN-tt31327789.html#a31397215 http://marc.info/?l=openbsd-misc&m=127470697232025&w=2 http://marc.info/?l=openbsd-misc&m=129112614017103&w=2 Here is my setup: | Juniper router 1 | lo0 192.168.20.2 | | VRF 8 with loopback 192.168.55.1 | 192.168.10.4 | | 192.168.10.5 | Juniper router 2 | lo0 192.168.20.3 | | VRF 8 with loopback 192.168.56.1 | 10.0.4.1 | | vlan4092 10.0.4.3 | OpenBSD box | lo0 192.168.20.5 | | rdomain 8 192.168.55.2 I want all three routers to act as PEs but without any MPLS connectivity between them. RFC 4797 allows this by allowing the following encapsulation scheme for say a ping from Juniper 1 to OpenBSD box: [This is what I should ideally get]: * Ping request: IP header: src 192.168.20.2 dst 192.168.20.5 GRE header: MPLS label identifying the rdomain: 666 IP header: src 192.168.55.1 dst 192.168.55.2 ICMP ping request * Ping reply: IP header: src 192.168.20.5 dst 192.168.20.2 GRE header: MPLS label identifying the VRF: 300720 IP header: src 192.168.55.2 dst 192.168.55.1 ICMP ping reply However, the following is what I actually get: * Ping request: IP header: src 192.168.20.2 dst 192.168.20.5 GRE header: MPLS label identifying the rdomain: 666 IP header: src 192.168.55.1 dst 192.168.55.2 ICMP ping request * Ping reply: MPLS label identifying the VRF: 300720 IP header: src 192.168.55.2 dst 192.168.55.1 ICMP ping reply The reply back from the OpenBSD box does not GRE-encapsulate the MPLS packet and since I don't have a MPLS LSP set up between OpenBSD box and Juniper 1, the ping reply never reaches Juniper 1. Here is the tcpdump where I see the above: # tcpdump -i vlan4092 -s 1500 -Xvvv not tcp and not udp 13:52:39.188348 gre 192.168.20.2 > 192.168.20.5: [] gre-proto-0x8847 (DF) (ttl 63, id 0, len 112) : 4500 0070 4000 3f2f 9207 c0a8 1402 E..p..@.?/..o?=o?=.. 0010: c0a8 1405 8847 0029 a1ff 4500 0054 o?=o?=.G.)o?=o?=E..T 0020: efee 4001 9b66 c0a8 3701 c0a8 3702 o?=o?=..@..fo?=o?=7.o?=o?=7. 0030: 0800 6bf0 521e 0151 f8d4 ba4f 8c78 0e00 ..ko?=R..Qo?=T:O.x.. 0040: 0809 0a0b 0c0d 0e0f 1011 1213 1415 1617 0050: 1819 1a1b 1c1d 1e1f 2021 2223 2425 2627 !"#$%&' 0060: 2829 2a2b 2c2d 2e2f 3031 3233 3435 3637 ()*+,-./01234567 13:52:39.188374 MPLS(label 300720, exp 0, ttl 255) 192.168.55.2 > 192.168.55.1: icmp: echo reply (id:521e seq:337) (ttl 255, id 64891, len 84) : 496b 01ff 4500 0054 fd7b ff01 ced8 Ik.o?=E..To?={..o?=.o?= 0010: c0a8 3702 c0a8 3701 73f0 521e 0151 o?=o?=7.o?=o?=7...so?=R..Q 0020: f8d4 ba4f 8c78 0e00 0809 0a0b 0c0d 0e0f o?=T:O.x.. 0030: 1011 1213 1415 1617 1819 1a1b 1c1d 1e1f 0040: 2021 2223 2425 2627 2829 2a2b 2c2d 2e2f !"#$%&'()*+,-./ 0050: 3031 3233 3435 3637 01234567 Here are the various pieces of my configuration: # ifconfig lo0: flags=8049 mtu 33152 priority: 0 groups: lo inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3 inet 127.0.0.1 netmask 0xff00 re0: flags=88843 mtu 1500 lladdr c8:9c:dc:dd:1a:f6 priority: 0 media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause) status: active inet6 fe80::ca9c:dcff:fedd:1af6%re0 prefixlen 64 scopeid 0x1 pflog0: flags=141 mtu 33152 priority: 0 groups: pflog vlan4092: flags=88843 mtu 1500 lladdr c8:9c:dc:dd:1a:f6 priority: 0 vlan: 4092 priority: 0 parent interface: re0 groups: vlan egress status: active inet 10.0.4.3 netmask 0xff00 broadcast 10.0.4.255 inet6 fe80::ca9c:dcff:fedd:1af6%vlan4092 prefixlen 64 scopeid 0x5 lo1: flags=8149 mtu 33152 priority: 0 groups: lo inet6 fe80::1%lo1 prefixlen 64 scopeid 0x6 inet 192.168.20.5 netmask 0x gre0: flags=a9011 mtu 1476 priority: 0 groups: gre physical address inet 192.168.20.5 --> 192.168.20.2 inet 192.168.55.2 --> 192.168.55.1 netmask 0x mpe8: flags=20011 rdomain 8 mtu 1500 priority: 0 mpls label: 666 groups: mpe inet 192.168.55.2 --> 0.0.0.0 netmask 0xff00 lo2: flags=28049 rdomain 8 mtu 33152 priority: 0 groups: lo inet 192.168.55.2 netmask 0xff00 # route -n -T 8 show Routing tables Internet: D
consulta
De nuestra mayor consideracion: Les hacemos llegar este email para presentarles a A.R.Pueyo & Asociados, empresa argentina de soluciones en informatica con 30 aqos de experiencia en el mercado. A.R.Pueyo & Asociados brinda servicios de: Asesoramiento Tecnico y Consultoria en Sistemas. Consultoria en Seguridad Informatica. Desarrollo de software a medida. Desarrollo de software para Smartphones y Tablets, adaptables a su sistema actual. Armado, configuracion y mantenimiento de redes, tanto cableadas como inalambricas (Wi-Fi). Provision, instalacion y mantenimiento de Servidores (Correo corporativo, Web, etc.). Diseqo, instalacion y mantenimiento de DataCenters llave en mano. Diseqo, instalacion y mantenimiento de sistemas de Streaming, para transimision de audio o video en tiempo real. Provision, instalacion y mantenimiento de Sistemas de Camaras IP (VideoVigilancia), con acceso remoto via web. Servicio Tecnico de PC4s, Notebook, Netbooks, Monitores e Impresoras en Laboratorio propio, domicilio del cliente o remotamente. Nos gustaria poder tener una breve reunion con ustedes, a fin de presentarles mayor detalle. ?Tendran unos minutos la proxima semana para que los visitemos? Por otro lado, queremos invitarlos a seguirnos a traves de Facebook en la direccion www.facebook.com/ARPueyoyAsoc o bien clickeando en el link que figura al final de este correo, donde muy pronto incorporaremos noticias del mundo IT, novedades sobre nuevos productos y/o servicios, y promociones exclusivas para nuestros seguidores. Desde ya muchas gracias. Cordialmente, Dto. Comercial A.R.Pueyo & Asociados 30 aqos al servicio de la tecnologia Tel./Fax: (54)(11) 4208-4201 (Lineas Rotativas) E-mail: market...@arpueyosoft.com.ar Web: www.arpueyosoft.com.ar
Re: Unbound
On Mon, May 21, 2012 at 03:30:49PM -0400, Geoff Steckel wrote: > My site needs both split horizon and pretty complete authoritative support. > Does anyone have suggestions about BIND replacement(s) for this scenario? > Right now BIND works for me (for some value of "works".) > > One machine serving as: > 1) primary nameserver for multiple domains > 2) secondary nameserver for multiple domains > 3) internal nameserver for domains in (1) with additional records > 4) internal nameserver for internal domains > > If there is a discussion of this in an archive some place I'll look for it. > I didn't see much useful searching for split horizon and unbound. You would have to run multiple instances of nsd and/or unbound for the equivalent of BIND views. It's pretty flexible, but you might have to get a little creative. For example, in your scenario, one instance of nsd could be used for 1 and 2, and then a second instance for 3 and 4 that serves a different set of zone files with the additional records. You can even toss pf or something into the mix to redirect to the proper instance based on source or destination IP address. unbound also has the ability to serve authoritative data. If in your scenario the internal nameserver is also used for recursive queries, then you can just add the additional records to unbound and have unbound redirect the rest to nsd. In this case, you might only need one instance of unbound and one instance of nsd.
Re: adjfreq() question
Alan Corey wrote: > Can adjfreq() adjust the frequency of the real time clock that runs when > the computer is turned off or is it just the clock within the operating > system? The latter. > I just ported chu by William Rossi and I'm wondering if adjfreq might be a > workaround for not having Linux's Timex. If all you need to do is set the frequency, sure. See the FreeBSD port for openntpd which does the reverse and replaces adjfreq() with ntp_adjtime(). > There's a writeup at http://ab1jx.webs.com/toys/chu/index.html adjtimex() isn't really Linux-specific, although maybe the name is. It offers access to the kernel PLL for the NTP reference implementation. The corresponding code was removed from OpenBSD over a license dispute. The FreeBSD port is bizarre. It should just substitute ntp_adjtime() for adjtimex(). There is nothing wrong with assuming that OSS /dev/dsp defaults to 8 kHz, U8 (not mu-law), mono. It's documented that way. -- Christian "naddy" Weisgerber na...@mips.inka.de
Re: routeuvm_fault panic while starting LDPd
On Thu, May 10, 2012 at 08:19:58PM -0300, Rafael Zalamena wrote: > While I was configuring a new ALIX to my MPLS setup a panic ocurred > while starting LDPd daemon. > > Steps: > 1. Configure all interfaces using /etc/hostname.*, then run 'sh > /etc/netstart' > 2. Configure ospfd.conf, then start it: ospfd -dv & > 3. Configure ldpd.conf, then start it: ldpd -dv > 4. Panic > > I'll send the ospfd.conf and ldpd.conf next mail. I'm using OpenBSD > 5.1-release on all 3 ALIX now, it happened while I was setting up the > last ALIX connected to the other two. > > p.s. note the scrambled print output of LDPd before dying. > > Panic log > === > # ldpd -dv > startup > kernel add routeuvm_fault(0xd54e5bf4, 0x0, 0, 1) -> e > 0.0.0.0/0 > kernkel add route 10.e0.3.0/24 > kernelr add route 10.0.n4.0/24 > kernel aedd route 10.0.10l.3/32 > kernel ad:d route 192.168. 3.0/24 > page fault trap, code=0 > Stopped at ifaof_ifpforaddr+0x26: movl0x14(%edx),%edx > ddb> trace > ifaof_ifpforaddr(d11884d8,0,0,d03e6afd,d09e1220) at ifaof_ifpforaddr+0x26 > ifa_ifwithroute(140003,d11884d8,d11884e8,0,d09e1220) at ifa_ifwithroute+0x61 > rt_getifa(d8c9acfc,0,d1188a0c,2,0) at rt_getifa+0xe2 > rtrequest1(1,d8c9acfc,8,d8c9ad54,0) at rtrequest1+0x5f7 > route_output(d54ebb00,d5358008,d54ebb00,0,0) at route_output+0xe29 > route_usrreq(d5358008,9,d54ebb00,0,0) at route_usrreq+0x65 > sosend(d5358008,0,d8c9aec0,d54ebb00,0) at sosend+0x456 > soo_write(d54d2370,d54d238c,d8c9aec0,d54f23c0,d54e44c8) at soo_write+0x3b > dofilewritev(d54df680,4,d54d2370,cfbf3f40,3) at dofilewritev+0x131 > sys_writev(d54df680,d8c9af64,d8c9af84,d0576b0a,d54df680) at sys_writev+0x7c > syscall() at syscall+0x26a > --- syscall (number 0) --- > 0x2: > ddb> The ifp passed to ifaof_ifpforaddr() is NULL. How that can happen is unclear to me, it seems like the found ifa is not valid anymore. Is this crash easy to trigger? Can I get you're hostname.* files, ospfd.conf and ldpd.conf for all three boxes? -- :wq Claudio
Re: Unbound
On Mon, May 21, 2012 at 3:30 PM, Geoff Steckel wrote: > My site needs both split horizon and pretty complete authoritative support. > Does anyone have suggestions about BIND replacement(s) for this scenario? NSD for authoritative and Unbound (both from NLnet Labs of Amsterdam) for caching resolver should do just fine. NSD is used on the RIPE root nameserver so I'm guessing it can handle your environment. And Unbound is its resolver/cache counterpart. Check out the NSD and Unbound websites; they both have mailing lists as well. The setup is (logically) not unlike djbdns if you're familiar with it, where tinydns was the authoritative server and dnscache was the resolver/cache. NSD uses BIND style zonefiles which may ease the change. Chris
Re: bgpd Route Distinguisher problem
On Mon, May 21, 2012 at 02:58:50PM +0200, Hendrik Meyburgh wrote: > Hi, > > I have a problem where the default install of 5.1 does not import routes into > the rdomain solely based on the community but it uses the route > distinguisher. > > This causes the below scenario: > > in bgpd.conf > rdomain 2 { > descr "Testing" > rd 65001:238 > import-target rt 65001:238 > export-target rt 65001:238 > depend on mpe2 > network 192.168.10.2/32 > } > > > from bgpctl show ip bgp detail: > > Route that gets imported: > BGP routing table entry for rd 65001:238 192.168.76.128/25 > 65001 > Nexthop 172.16.0.1 (via 10.10.10.4) from AS 65002 peer 1 (172.16.0.1) > Origin incomplete, metric 0, localpref 100, external, valid, best > Last update: 00:14:46 ago > Ext. communities: rt 65001:238 > > route that does not get imported: > BGP routing table entry for rd 172.16.0.1:425 192.168.70.0/23 > 65001 64544 > Nexthop 172.16.0.1 (via 10.10.10.4) from AS 65002 peer 1 (172.16.0.1) > Origin IGP, metric 0, localpref 100, external, valid, best > Last update: 00:14:46 ago > Ext. communities: rt 65001:238 > > > I came across the below link which contained some suggested patches where some > has been imported into -current and some have not. > > http://www.mentby.com/Group/openbsd-misc/route-target-import-export-in-bgpd.h > tml > > My question is, how do I know into what source these patches must be merged as > I have tried -current and -stable but on both I ran into issues merging as > there as some problems with the spacing when copying from the browsers. Yeah, you need to fetch the raw message for that. IIRC marc.info offers that. Copy-paste almost never works. > Do anyone know if this fix has been implemented already into a tree that I am > not aware of? This is fixed in -current. At least the problem with using the RD for distribution. What is not yet fixed is the problem with reimporting a prefix on the same machine but into different routing domain. The problem here is that I don't like my own diff. I want a cleaner fix for this but did not have time to fix this. -- :wq Claudio
Re: BGP keeps quitting of its own accord
On Mon, May 21, 2012 at 11:19:11AM +, Matt Hamilton wrote: > Hi All, > I've recently setup up a series of 6 OpenBSD boxes all running 5.1/amd64 > and connected together via an HP switch. The all run ospfd and bgpd. > They each connect out to different external networks and most speak BGP > to external peers. > > I keep seeing bgpd just quitting of its own accord. In the logs I see > something like this: > > > May 20 12:28:42 janet-fw1 bgpd[18874]: dispatch_rtmsg[change] mpath > route not found > May 20 12:28:42 janet-fw1 bgpd[32738]: neighbor 213.133.64.98 (Core > Router 2): sending notification: Cease, administratively down > May 20 12:28:42 janet-fw1 bgpd[32738]: neighbor 213.133.64.97 (Core > Router 1): sending notification: Cease, administratively down > May 20 12:28:42 janet-fw1 bgpd[32738]: neighbor 195.10.248.38 (Bristol > City Council): sending notification: Cease, administratively down > May 20 12:28:42 janet-fw1 bgpd[32738]: neighbor 195.10.248.34 (SWERN): > sending notification: Cease, administratively down > > I don't know what is going on, but there is always that mpath error there > before it cuts out. I don't seem to be able to spot a pattern in the > timing, it just cuts out. > > Any ideas? Anyone else seen this? > The "dispatch_rtmsg[change] mpath route not found" is a fatal error (bgpd quits because of this). The problem seems to be a multipath route that is changed but bgpd can not find the route in its own table and freaks out. I have not seen this happen so it seems to depend on the setup. Currently I'm unsure how that can happen, it looks like bgpd missed some routing updates. -- :wq Claudio
Re: Unbound
On 05/20/2012 10:49 PM, Nick Holland wrote: On 05/20/12 17:49, David Diggles wrote: Ok, I am interested in opinions on why one should migrate from BIND to unbound? 1) It is unlikely there will be any more updates to BIND9 in OpenBSD base install. 2) It is even more unlikely that the comedyfest that BIND10 appears to be added to OpenBSD base install (*snicker* python?? *snicker*) 3) BIND sucks. Degree of suckage has varied from release to release, but it has consistently remained a bad idea implemented poorly. 4) Unbound& NSD sucks less. Nick. My site needs both split horizon and pretty complete authoritative support. Does anyone have suggestions about BIND replacement(s) for this scenario? Right now BIND works for me (for some value of "works".) One machine serving as: 1) primary nameserver for multiple domains 2) secondary nameserver for multiple domains 3) internal nameserver for domains in (1) with additional records 4) internal nameserver for internal domains If there is a discussion of this in an archive some place I'll look for it. I didn't see much useful searching for split horizon and unbound. thanks! Geoff Steckel
adjfreq() question
Can adjfreq() adjust the frequency of the real time clock that runs when the computer is turned off or is it just the clock within the operating system? I just ported chu by William Rossi and I'm wondering if adjfreq might be a workaround for not having Linux's Timex. I've only had it running a couple days, just looking at the first plots. I don't really need super accuracy, something like 1/2 second would be good enough. There's a writeup at http://ab1jx.webs.com/toys/chu/index.html Alan
strange dmesg/log entries
Running -current (updated 5/19/12) and saw these entries today: = pf: pfi_table_update: cannot set 1 new addresses into table fxp1:0: 12 pf: pfi_table_update: cannot set 1 new addresses into table fxp1:network: 12 pf: pfi_table_update: cannot set 1 new addresses into table fxp1: 12 = fxp1 is my external interface, I get one dynamic IP address from my cable provider (although it hasn't changed in months). Any clues? Thanks, Chris
Tuning for pppoe over fibre 30M/1M link
Now I'm all upgraded to 5.1 I'm very happy with it all, other than a few minor issues, most notably: I am still getting 300 kilobytes/second download speed with OpenBSD pppoe, however when I plug directly into a Mac and run pppoe on it, 3 megabytes/second. What should I look at for tuning this to get 3MB/s through OpenBSD? Connection: pppoe, over fibre, 30M downlink, 1M uplink The OpenBSD gateway is using the kernel pppoe driver. ... OpenBSD 5.1 (GENERIC) #160: Sun Feb 12 09:46:33 MST 2012 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Geode(TM) Integrated Processor by National Semi ("CyrixInstead" 586-class) 301 MHz cpu0: FPU,TSC,MSR,CX8,CMOV,MMX real mem = 132182016 (126MB) avail mem = 119992320 (114MB) mainbus0 at root bios0 at mainbus0: AT/286+ BIOS, date 07/18/01, BIOS32 rev. 0 @ 0xfae40, SMBIOS rev. 2.2 @ 0xf0800 (42 entries) bios0: vendor Award Software International, Inc. version "6.00 PG" date 07/18/2001 apm0 at bios0: Power Management spec V1.2 acpi at bios0 function 0x0 not configured pcibios0 at bios0: rev 2.1 @ 0xf/0xb2c8 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdb70/80 (3 entries) pcibios0: PCI Exclusive IRQs: 10 11 12 pcibios0: no compatible PCI ICU found: ICU vendor 0x1078 product 0x0100 pcibios0: Warning, unable to fix up PCI interrupt routing pcibios0: PCI bus #0 is the last bus bios0: ROM list: 0xc/0x8000 cpu0 at mainbus0: (uniprocessor) cpu0: TSC disabled pci0 at mainbus0 bus 0: configuration mode 1 (bios) pchb0 at pci0 dev 0 function 0 "Cyrix GXm PCI" rev 0x00 rl0 at pci0 dev 14 function 0 "Realtek 8139" rev 0x10: irq 12, address 00:90:0b:04:bb:f1 rlphy0 at rl0 phy 0: RTL internal PHY rl1 at pci0 dev 15 function 0 "Realtek 8139" rev 0x10: irq 10, address 00:90:0b:04:bb:f2 rlphy1 at rl1 phy 0: RTL internal PHY rl2 at pci0 dev 16 function 0 "Realtek 8139" rev 0x10: irq 11, address 00:90:0b:04:bb:f3 rlphy2 at rl2 phy 0: RTL internal PHY
科研项目申报指导会议通知(杭州市)
23:18:39 [demime 1.01d removed an attachment of type application/octet-stream which had a name of =?utf-8?B?56eR5oqA5Yib5paw5LiO6aG555uu55Sz5oql5om25oyB5pS/562WLS0oNuaciDE05pel5p2t5beeKS5kb2M=?=]
bgpd Route Distinguisher problem
Hi, I have a problem where the default install of 5.1 does not import routes into the rdomain solely based on the community but it uses the route distinguisher. This causes the below scenario: in bgpd.conf rdomain 2 { descr "Testing" rd 65001:238 import-target rt 65001:238 export-target rt 65001:238 depend on mpe2 network 192.168.10.2/32 } from bgpctl show ip bgp detail: Route that gets imported: BGP routing table entry for rd 65001:238 192.168.76.128/25 65001 Nexthop 172.16.0.1 (via 10.10.10.4) from AS 65002 peer 1 (172.16.0.1) Origin incomplete, metric 0, localpref 100, external, valid, best Last update: 00:14:46 ago Ext. communities: rt 65001:238 route that does not get imported: BGP routing table entry for rd 172.16.0.1:425 192.168.70.0/23 65001 64544 Nexthop 172.16.0.1 (via 10.10.10.4) from AS 65002 peer 1 (172.16.0.1) Origin IGP, metric 0, localpref 100, external, valid, best Last update: 00:14:46 ago Ext. communities: rt 65001:238 I came across the below link which contained some suggested patches where some has been imported into -current and some have not. http://www.mentby.com/Group/openbsd-misc/route-target-import-export-in-bgpd.h tml My question is, how do I know into what source these patches must be merged as I have tried -current and -stable but on both I ran into issues merging as there as some problems with the spacing when copying from the browsers. Do anyone know if this fix has been implemented already into a tree that I am not aware of?
La base para crecer, Curso de "Mercadotecnia Moderna de las 4 "P" a las 4 "C"
!Muy Importante! Si no puede visualizar correctamente este correo, le pedimos que lo arrastre a su Bandeja de Entrada Apreciable Ejecutivo: TIEM de Mixico Empresa Lmder en Capacitacisn y Actualizacisn de Capital Humano Ponemos a su disposicisn este excelente curso denominado: Mercadotecnia Moderna de las 4 "P" a las 4 "C" Ciudad de Mixico, el dma 30 de Mayo 2012 Inscrmbase 5 dmas antes de la fecha del Curso y obtenga un descuento del 15% con Inversisn Inmediata No deje pasar esta oportunidad e Invierta en su Desarrollo Personal y Profesional En las zltimas dicadas se ha estado hablando sobre las "4 P's" de la mercadotecnia desarrolladas por Jerome McArthy (Producto, Promocisn, Precio y Plaza). Sin embargo, unos innovadores de la Universidad de Northwestern han visto que istas ya no se adecuan al nuevo entorno competitivo. No obstante, lo mas difmcil y doloroso en un negocio es la administracisn del cambio al igual que del crecimiento, ya que romper un paradigma, cambiar una fsrmula o modificar un modelo cuesta trabajo. Aunque no es un nuevo concepto, la controversia continza si las 4 C's desplazaran a las 4 P's. Asm, las 4 C's se convierten de Producto evoluciona a Cliente; Promocisn / Publicidad hacia Comunicacisn; Precio hacia Costo y finalmente, Plaza hacia Conveniencia. Beneficios: Conocer de manera integral la Ticnica de la Mercadotecnia Aprovechar el potencial que ofrece la mercadotecnia a todo tipo de organizaciones, sin importar su giro, tamaqo y situacisn Desarrollar mejoras para incrementar la satisfaccisn del cliente, las ventas y la rentabilidad Generar una real orientacisn de toda la empresa hacia el cliente final Comprender el alcance de la funcisn mercadoticnica y utilizarla de manera total e integral Diseqar estrategias de mercadotecnia en sus respectivas areas/ambitos de competencia Objetivos del Curso: Proporcionar una visisn integral y actual de la Mercadotecnia, con sus aspectos clave para el diseqo de estrategias comerciales que permitan la generacisn de valor, incremento en la base de clientes, su satisfaccisn, retencisn y una mejor rentabilidad. Para mayor informacisn, favor de responder este correo con los siguientes datos: Empresa: Nombre: Ciudad: Telifono: O si lo prefiere comunmquese a los telifonos: Del DF al 5611-0969 con 10 lmneas Interior del Pams Lada sin Costo 01 800 900 TIEM (8436) Aceptamos todas las TDC y Dibito. **Promocisn: 3 meses sin Intereses pagando con American Express **Aplica solo con Inversisn Normal .Todos los Derechos Reservados )2011 TIEM Talento e Innovacisn Empresarial de Mixico Este Mensaje le ha sido enviado como usuario de TIEM de Mixico o bien un usuario le refiris para recibir este boletmn. Como usuario de TIEM de Mixico, en este acto autoriza de manera expresa que TIEM de Mixico le puede contactar vma correo electrsnico u otros medios. Si usted ha recibido este mensaje por error, haga caso omiso de il y reporte su cuenta respondiendo este correo con el subject BAJABD Tenga en cuenta que la gestisn de nuestras bases de datos es de suma importancia y no es intencisn de la empresa la inconformidad del receptor.
BGP keeps quitting of its own accord
Hi All, I've recently setup up a series of 6 OpenBSD boxes all running 5.1/amd64 and connected together via an HP switch. The all run ospfd and bgpd. They each connect out to different external networks and most speak BGP to external peers. I keep seeing bgpd just quitting of its own accord. In the logs I see something like this: May 20 12:28:42 janet-fw1 bgpd[18874]: dispatch_rtmsg[change] mpath route not found May 20 12:28:42 janet-fw1 bgpd[32738]: neighbor 213.133.64.98 (Core Router 2): sending notification: Cease, administratively down May 20 12:28:42 janet-fw1 bgpd[32738]: neighbor 213.133.64.97 (Core Router 1): sending notification: Cease, administratively down May 20 12:28:42 janet-fw1 bgpd[32738]: neighbor 195.10.248.38 (Bristol City Council): sending notification: Cease, administratively down May 20 12:28:42 janet-fw1 bgpd[32738]: neighbor 195.10.248.34 (SWERN): sending notification: Cease, administratively down I don't know what is going on, but there is always that mpath error there before it cuts out. I don't seem to be able to spot a pattern in the timing, it just cuts out. Any ideas? Anyone else seen this? -Matt
Наше предложение
Sqoexmne opndbhfemhe B`xecn dek` m`opls~ g`bhqhr nr pejk`l{. B bej vhtpnb{u reumnknchi q`lni onoskpmni nak`qr|~ dk p`gleyemh pejk`l{, lnfmn qwhr`r| menazrm{e opnqrnp{ qerh Hmrepmer. Nrkhwm` bnglnfmnqr| sbekhwhr| qbn~ vekebs~ `sdhrnph~ h ophbkew| mnb{u jkhemrnb p`gleqrhb b qerh qbni q`ir. Opedk`c`el sqksch on qngd`mh~ Hmrepmer-q`irnb h kncnrhonb. M`xh vem{ ophrmn sdhbr B`q. Q`ir nr 8000 psakei, kncnrho nr 1000 psakei. Ondpnamnqrh m` m`xel q`ire www.shigis.ru Hkh qbfhreq| q m`lh on reketnms: 8-911-274-73-50
Re: Antimalware for server mail and filesystems protect
On 2012-05-20, Ralph Ellis wrote: > Clamav is the most easily available antimalware for OpenBSD. I would > also take a look at F-Prot for OpenBSD workstations or servers. > > http://www.f-prot.com/download/corporate/ > > I have read some reviews that F-Prot has a higher identification rate > for malware. > OpenBSD itself is rarely a target for these exploits but if you are > using OpenBSD as a gateway or mail server for Windows systems, you may > find these programs helpful. Many of the programs which hook other software into virus scanners (amavisd-new, havp, mailscanner, etc) support multiple scanners if you don't want to rely on just one.
Re: unbound
On 2012-05-20, Norman Golisz wrote: > On Sun May 20 2012 12:08, bofh wrote: >> Ooo! If you have time, for the great unwashed masses, if you could >> tell us what are the things we need to do in 5.1 to get this going, >> that'd be greatly appreciated. > > # pkg_add -vi unbound Agreed, for 5.1 you should use the package, unbound wasn't added to the source tree until later. > Edit your rc.conf.local's $pkg_scripts to add "unbound". Also to add the syslogd flag to create the log socket inside unbound's chroot jail. syslogd_flags="${syslogd_flags} -a /var/unbound/dev/log"