Traffic through default pf queue
Hi everyone, I have a question, could anyone give me an ideea how can I "see" (like tcpdump or something) the traffic that is passing throught the default queue of pf ? Thanks for your ideeas. -- Claudiu Pruna
Re: Creating route tables
On Thu, 2011-07-21 at 19:15 +0700, Insan Praja SW wrote: > Hi Josh, > On Thu, 21 Jul 2011 03:00:08 +0700, Josh Hoppes > wrote: > > > Hello Insan, > > > > I guess I'm not sure I understand that statement, or I'm > > miss-interpreting the rdomain configuration section and how it > > interacts with rtables. If I understand the documentation correctly > > additional rib tables defined in bgpd must exist inside the default > > routing domain. The error messages read as if I missed a step and need > > to create the additional routing table some how, which I'm having > > trouble finding how to do that. Are you suggesting I add a rdomain > > section in bgpd.conf in to create the rtable? > > You need at least an interface on a desired rdomain, rdomain and rtable > actually the same thing. You do that by using "ifconfig" to assign a > spesific interface to an rdomain. Then bgpd can use it. > > > > > On Tue, Jul 19, 2011 at 4:40 PM, Insan Praja SW > > wrote: > >> Hi, > >> > >> You missed rdomain. > >> On Wed, 20 Jul 2011 01:26:37 +0700, Josh Hoppes > >> wrote: > >> > >>> I'm trying to configure bgpd to run in an alternate routing table so I > >>> can use it to manage black holed prefixes. When trying to specify an > >>> alternate routing table I get the error message "rtable id 1 does not > >>> exist" when starting bgpd. I've gone through route(8) and route(4) but > >>> can't find any information on creating a routing table. My attempts at > >>> creating by just adding a prefix appear to be of no use. I'm sure I > >>> missed something in the documentation and I would appreciate any hints > >>> people can provide. > >>> > >>> This is on OpenBSD 4.9 GENERIC.MP#819 amd64 > >>> > >>> Basic bgpd.conf I'm using > >>> > >>> # global configuration > >>> AS 65100 > >>> fib-update no > >>> route-collector yes > >>> holdtime 10 > >>> > >>> # Alternate Routing Table > >>> rtable 1 > >>> > >>> Error output from bgpd: > >>> > >>> # bgpd -vnf bgpd.conf > >>> bgpd.conf:8: rtable id 1 does not exist > >>> > >>> error output from route: > >>> > >>> # route -T 1 add -inet 192.168.0.0/24 127.0.0.1 > >>> route: routing table 1: No such file or directory > >>> > >>> Thanks in advance, and sorry for the noise. > >>> > >> > >> > >> -- > >> Using Opera's revolutionary email client: http://www.opera.com/mail/ > > > > HTH, > > > Insan Praja > Hi Insan, You can use rtable from pf.conf and you don't have to use ifconfig rdomain, so you can do policy routing. Claudiu -- Claudiu Pruna
mount nullfs
Hi list, I was wondering, in OpenBSD is there an equivalent to FreeBSD's mount_nullfs or to Linux's mount -o bind ? -- Claudiu Pruna
Re: Routing all traffic through IPSEC VPN
$me to $mypeer peer $mypeer \ > > main auth hmac-sha1 enc 3des group modp1024 \ > > srcid $me dstid $mypeer \ > > psk $mypsk > > > > cat /etc/hostname.gre0: > > inet 172.16.254.2 255.255.255.252 172.16.254.1 > > tunnel E.F.G.H A.B.C.D > > !route add -net 10.40.60 -netmask 255.255.255.0 172.16.254.1 > > > > Firewall disabled for now - nothing other than sshd and isakmpd are > running. > > > > Thanks, > > Matt > > > > Matt > > did you put on the branch router a route like > route add A.B.C.D ? > > beware that if you issue just route add default 172.16.254.1 then your > router will tend to also route the vpn traffic through your tunnel, so > you get a race condition. > > claudiu. > > > -- > Claudiu Pruna > > > supposing, as I understood, yhay you want to route ALL the branch's traffic through vpn to main, and then on the internet, the route that I was saying is: On branch, *not* main: route add A.B.C.D 206.125.169.97 is it what you did ? -- Claudiu Pruna
Re: Routing all traffic through IPSEC VPN
On Tue, 2011-04-12 at 19:53 -0700, Matt S wrote: > Hello @misc: > > I am up against a stumper. I have a Site-to-Site IPSEC VPN working > beautifully. > However, I would like the remote site to route all of its traffic through > the > VPN. After googling, I seemed to come up with a suggestion to do a route > change > -net 0.0.0.0/0 which didn't work well. I think it might have to do > with NAT. The main office is doing the NAT. Perhaps I need to some sort of > NAT > traversal on the VPN?? > > Here is my setup: > > --Main Office-- > cat /etc/ipsec.conf: > me="A.B.C.D" > mypeer="E.F.G.H" > mypsk="mypsk" > > ike passive esp from $me to $mypeer peer $mypeer \ > main auth hmac-sha1 enc 3des group modp1024 \ > srcid $me dstid $mypeer \ > psk $mypsk > > cat /etc/hostname.gre0: > inet 172.16.254.1 255.255.255.252 172.16.254.2 > tunnel A.B.C.D E.F.G.H > !route add -net 10.40.65 -netmask 255.255.255.0 172.16.254.2 > > cat /etc/pf.conf: > set skip on {lo, gre0, enc0} > > anchor "ftp-proxy/*" > > block in log all > pass out all > > antispoof for tun0 > table persist > table {10.40.60.0/24, 10.40.65.0/24} > > match out on tun0 from to any nat-to (tun0) > > pass in quick proto tcp to port ftp rdr-to 127.0.0.1 port 8021 > pass in quick proto tcp from localhost to any port {http,https} rdr-to > 127.0.0.1 > port 3128 > pass quick proto {gre, esp, tcp, udp} from E.F.G.H to (tun0) > block log quick from > pass inet proto icmp all icmp-type {echoreq, unreach} > pass in on tun0 inet proto tcp from any to any port ssh keep state > (max-src-conn > 6, max-src-conn-rate 3/1, overload flush global) rdr-to > 10.40.60.1 > pass on em0 from to any > > > --Branch Office-- > cat /etc/ipsec.conf: > me="E.F.G.H" > mypeer="A.B.C.D" > mypsk="mypsk" > > ike esp from $me to $mypeer peer $mypeer \ > main auth hmac-sha1 enc 3des group modp1024 \ > srcid $me dstid $mypeer \ > psk $mypsk > > cat /etc/hostname.gre0: > inet 172.16.254.2 255.255.255.252 172.16.254.1 > tunnel E.F.G.H A.B.C.D > !route add -net 10.40.60 -netmask 255.255.255.0 172.16.254.1 > > Firewall disabled for now - nothing other than sshd and isakmpd are running. > > Thanks, > Matt > Matt did you put on the branch router a route like route add A.B.C.D ? beware that if you issue just route add default 172.16.254.1 then your router will tend to also route the vpn traffic through your tunnel, so you get a race condition. claudiu. -- Claudiu Pruna
geode
Hi there, Could anyone provide some personal experience about OpenBSD and AMD Geode based boards ? I am thinking of doing some piece of IPSEC router for a friend and I can't appreciate correctly what should I expect from it in matters of max bandwidth, pps, etc. Thanks, Claudiu -- Claudiu Pruna
Re: Happy Birthday OpenBSD
On Mon, 2010-10-18 at 13:13 -0400, STeve Andre' wrote: > 15 years! > Thanks you guys all for an absolutely outstanding OS. You Rock ! You have reinvented the OS concept. BRAVO !!! -- Claudiu Pruna
Re: Mobile VPN
On Mon, 2010-10-04 at 10:10 -0600, Shiu Lam wrote: > Does anyone knows any OpenVPN client for S60 mobile phones? > > Thanks > > Claudiu Pruna wrote: > > On Sat, 2010-10-02 at 11:56 +0300, Evgeniy Sudyr wrote: > > > >> I was able to get it working with 4.6/4.7 and E60/E65/E52 it works as > >> expected :) > >> > >> Nokia VPN config tool will save hours instead trial by error. > >> > >> On Fri, Oct 1, 2010 at 10:29 PM, Claudiu Pruna > >> wrote: > >> > >> On Fri, 2010-10-01 at 21:19 +0200, David Coppa wrote: > >> > On Fri, Oct 1, 2010 at 9:11 PM, Claudiu Pruna > >> wrote: > >> > >I was wondering has anyone got an S60 mobile phone > >> to connect to > >> > > OpenBSD Ipsec ? > >> > > > >> > >I did some tryies, but no luck. > >> > > >> > Maybe this is of some use: > >> > > >> > http://betabug.ch/wiki/VPNNotes > >> > > >> > I'm sorry, but I have no personal experiences with "mobile > >> vpns"... > >> > > >> > cheers, > >> > david > >> > >> > >> thanks a lot, sounds very interesting, I will test it and see > >> what > >> happens ;) > >> > >> -- > >> > >> Claudiu Pruna > >> > >> > >> > >> > >> > >> -- > >> -- > >> With regards, > >> Eugene Sudyr > >> > >> > > Well, I have tried that and ... it works > > Yes, it is working ok, but if your setup is like mine and after > > connecting to the ipsec, your internal network contains more branches > > connected through vpn and in conclusion the internal network "contains" > > more unroutable ip address classes, the problem appears because you > > appear in your network with the ip that your phone gets from the > > internet connection it has. So it is a little bit tricky to route your > > phone to other ip classes then the one you are directly connected. > > I have used in ipsecctl the "tag" option, and then in pf.conf I have > > created an nat pool which is just for the phones connecting from > > outside. > > > > But it is a start, I mean, from no vpn (except symbian pptp) until here > > we allready have a big progress. It would be nice if we could also get > > working the xauth and ip address assigning to phone through ipsec, but > > as I am not a developer, I hope it will happen someday. > > > > Cheers > > > There isn't any Openvpn client for any mobile phone. -- Claudiu Pruna
Re: Mobile VPN
On Sat, 2010-10-02 at 11:56 +0300, Evgeniy Sudyr wrote: > I was able to get it working with 4.6/4.7 and E60/E65/E52 it works as > expected :) > > Nokia VPN config tool will save hours instead trial by error. > > On Fri, Oct 1, 2010 at 10:29 PM, Claudiu Pruna > wrote: > > On Fri, 2010-10-01 at 21:19 +0200, David Coppa wrote: > > On Fri, Oct 1, 2010 at 9:11 PM, Claudiu Pruna > wrote: > > >I was wondering has anyone got an S60 mobile phone > to connect to > > > OpenBSD Ipsec ? > > > > > >I did some tryies, but no luck. > > > > Maybe this is of some use: > > > > http://betabug.ch/wiki/VPNNotes > > > > I'm sorry, but I have no personal experiences with "mobile > vpns"... > > > > cheers, > > david > > > thanks a lot, sounds very interesting, I will test it and see > what > happens ;) > > -- > > Claudiu Pruna > > > > > > -- > -- > With regards, > Eugene Sudyr > Well, I have tried that and ... it works Yes, it is working ok, but if your setup is like mine and after connecting to the ipsec, your internal network contains more branches connected through vpn and in conclusion the internal network "contains" more unroutable ip address classes, the problem appears because you appear in your network with the ip that your phone gets from the internet connection it has. So it is a little bit tricky to route your phone to other ip classes then the one you are directly connected. I have used in ipsecctl the "tag" option, and then in pf.conf I have created an nat pool which is just for the phones connecting from outside. But it is a start, I mean, from no vpn (except symbian pptp) until here we allready have a big progress. It would be nice if we could also get working the xauth and ip address assigning to phone through ipsec, but as I am not a developer, I hope it will happen someday. Cheers -- Claudiu Pruna
Re: Mobile VPN
On Fri, 2010-10-01 at 21:19 +0200, David Coppa wrote: > On Fri, Oct 1, 2010 at 9:11 PM, Claudiu Pruna wrote: > >I was wondering has anyone got an S60 mobile phone to connect to > > OpenBSD Ipsec ? > > > >I did some tryies, but no luck. > > Maybe this is of some use: > > http://betabug.ch/wiki/VPNNotes > > I'm sorry, but I have no personal experiences with "mobile vpns"... > > cheers, > david thanks a lot, sounds very interesting, I will test it and see what happens ;) -- Claudiu Pruna
Mobile VPN
I was wondering has anyone got an S60 mobile phone to connect to OpenBSD Ipsec ? I did some tryies, but no luck. -- Claudiu Pruna
Re: MD5 checksum
On Thu, 2010-07-01 at 14:14 +0300, Ozgur Kazancci wrote: > Sounds like a bad ram module to me. > > A mem test would be good; > > http://www.memtest.org/ > or > http://www.memtest86.com/ > > Get the pre-compiled bootable ISO from there and test your RAM modules. > > If errors are found, replace your SDRAM(s). > > Regards. > Yup. That's what it has also seems to me Thanks all.
Re: MD5 checksum
On Thu, 2010-07-01 at 10:32 +0300, Thanasis wrote: > I had such a problem with under-volted RAM. The RAM (DDR2) needed to be > manually set to 2.0 or 2.1 Volts (in BIOS). > > on 06/30/2010 11:58 PM Claudiu Pruna wrote the following: > > Hi there, > > > > I have a question if I have one box running OpenBSD 4.7 and everytime I > > do md5 on one file I get different results, who is more succeptible to > > be broken ? cpu ? ram ? or mb. ? > > > > Thanks for your thoughts. > > > > > > > the computer is an PIII/450MHz: hw.machine=i386 hw.model=Intel Pentium III ("GenuineIntel" 686-class, 512KB L2 cache) hw.ncpu=1 hw.byteorder=1234 hw.pagesize=4096 hw.disknames=wd0,cd0 hw.diskcount=2 hw.cpuspeed=448 hw.vendor=Compaq hw.product=Deskpro EP/SB Series hw.physmem=268005376 hw.usermem=267993088 could it still be a ram voltage problem ? as it has sdram ? -- Claudiu Pruna
Re: MD5 checksum
On Wed, 2010-06-30 at 16:21 -0600, Alexander Hall wrote: > On 06/30/10 14:58, Claudiu Pruna wrote: > > Hi there, > > > > I have a question if I have one box running OpenBSD 4.7 and everytime I > > do md5 on one file I get different results, who is more succeptible to > > be broken ? cpu ? ram ? or mb. ? > > > > Thanks for your thoughts. > > If your system is indeed this corrupt I am surprised it will run at all. > > Please show the actual command that produces this. > > /Alexander the command is md5 file.iso and every run it gives another result. Claudiu -- Claudiu Pruna
MD5 checksum
Hi there, I have a question if I have one box running OpenBSD 4.7 and everytime I do md5 on one file I get different results, who is more succeptible to be broken ? cpu ? ram ? or mb. ? Thanks for your thoughts. -- Claudiu Pruna
OpenBSD and DSCP field
Hello, I was wondering is there any chance that in the future (close or far) OpenBSD shall be able to modify (preferred from pf) the DSCP field ? Thanks & keep it up. Claudiu Pruna.
Re: Port compile and package install problem for vim and bash
Yes, thanks, my mistake, I guess that I've ran too fast over the What's New. Cheers, Claudiu -Original Message- From: Marius ROMAN <[EMAIL PROTECTED]> To: Claudiu Pruna <[EMAIL PROTECTED]>, misc@openbsd.org Subject: Re: Port compile and package install problem for vim and bash Date: Wed, 28 Nov 2007 20:11:20 +0200 On Nov 28, 2007 7:07 PM, Claudiu Pruna <[EMAIL PROTECTED]> wrote: > Hi there, > > I have just installed OpenBSD 4.2 on a machine and I encounter > problems > with installing either the precompiled package or trying to compile the > port for vim and bash, and both have problems at gettext dependencies at > expat. > > The error text when compiling the vim port with no_x11 flavor is: > > > ===> Verifying specs: iconv.>=2 iconv.>=2 c expat c expat > Missing library for expat > > and when trying to install the precompiled package I get: > > # pkg_add -vr ${PKG_PATH}vim-7.1.33-no_x11 > parsing > ftp://ftp.openbsd.org/pub/OpenBSD/4.2/packages/i386/vim-7.1.33-no_x11 > Dependencies for vim-7.1.33-no_x11 resolve to: gettext-0.14.6p0, > libiconv-1.9.2p3 (todo: gettext-0.14.6p0) > vim-7.1.33-no_x11:parsing gettext-0.14.6p0 > Dependencies for gettext-0.14.6p0 resolve to: libiconv-1.9.2p3 > found libspec c.41.0 in /usr/lib > Can't install gettext-0.14.6p0: lib not found expat.8.0 > Dependencies for gettext-0.14.6p0 resolve to: libiconv-1.9.2p3 > Full dependency tree is libiconv-1.9.2p3 > found libspec iconv.4.0 in package libiconv-1.9.2p3 > Can't install vim-7.1.33-no_x11: can't resolve gettext-0.14.6p0 > > > Thank you all. > > -- > Claudiu Pruna <[EMAIL PROTECTED]> > > Do you have xbase42.tgz installed ? http://www.openbsd.org/faq/faq1.html#WhatsNew Marius
Port compile and package install problem for vim and bash
Hi there, I have just installed OpenBSD 4.2 on a machine and I encounter problems with installing either the precompiled package or trying to compile the port for vim and bash, and both have problems at gettext dependencies at expat. The error text when compiling the vim port with no_x11 flavor is: ===> Verifying specs: iconv.>=2 iconv.>=2 c expat c expat Missing library for expat and when trying to install the precompiled package I get: # pkg_add -vr ${PKG_PATH}vim-7.1.33-no_x11 parsing ftp://ftp.openbsd.org/pub/OpenBSD/4.2/packages/i386/vim-7.1.33-no_x11 Dependencies for vim-7.1.33-no_x11 resolve to: gettext-0.14.6p0, libiconv-1.9.2p3 (todo: gettext-0.14.6p0) vim-7.1.33-no_x11:parsing gettext-0.14.6p0 Dependencies for gettext-0.14.6p0 resolve to: libiconv-1.9.2p3 found libspec c.41.0 in /usr/lib Can't install gettext-0.14.6p0: lib not found expat.8.0 Dependencies for gettext-0.14.6p0 resolve to: libiconv-1.9.2p3 Full dependency tree is libiconv-1.9.2p3 found libspec iconv.4.0 in package libiconv-1.9.2p3 Can't install vim-7.1.33-no_x11: can't resolve gettext-0.14.6p0 Thank you all. -- Claudiu Pruna <[EMAIL PROTECTED]>
Re: A (pf?) puzzler -- a single device invisible on the other side of an IPsec tunnel
On Fri, 2007-10-19 at 00:30 -0600, Stephen Bosch wrote: > Hi, folks: > > Here's a good one for you. > > I have an IPsec tunnel running between two OpenBSD boxes. One is still > running 3.8 (yes, it needs to be updated) and the other is running 4.1. > > There is a functioning tunnel running between the two devices. > > Hosts on one end can "see" hosts on the other, and vice versa -- EXCEPT > > we just put an HP Jetdirect print server on the OpenBSD 4.1 side. This > device is pingable and accessible from hosts on the same network, but > totally unpingable and inaccessible from hosts on the remote network. > > To recap: > > Print server is at site A. > Hosts at site A (on the same subnet) can ping and access print server. > > Hosts at site B (on a different subnet) *cannot* ping or access this > print server. > > And yet - Hosts at site B *can* see every other device at site A (and > vice versa) and all those devices can see the print server. > > Note that we're not doing any filtering on the encryption interface (the > line is "pass quick on enc0"); nevertheless, I'm wondering if I need > some special flags somewhere. > > Other things I've tried: > > - moving the Jetdirect to a different port on the same physical switch > - a variety of static and dynamic IPs in the subnet > > I also forwarded the external port 9100 to this print server and tried > to access it from a public host, but this didn't work either. > > This leads me to suspect a peculiar interaction between OpenBSD 4.1 and > this particular print server. Of course, it might well be the fault of > HP's IP stack, but I've already talked to them at great length and got > pretty much nowhere: "We don't support JetDirect over WAN connections." > > We ended up putting the printer outside on a public IP address as an > ugly, undesirable workaround, and, WAN connection or not, that is > currently working. I'd really like to get this one back on the private > network. I don't need hackers sending mountains of porn to this printer, > even if it *is* in a truck stop. > > Any ideas or salient suggestions? > > -Stephen- hi Stephen, No offense, but did you check JetDirect's ip settings about the default gateway ? Try an tcpdump on the ethernet interface at site A while trying to print from site B and check if you "see" packets on both directions. -- Claudiu Pruna <[EMAIL PROTECTED]>
Re: Hardware - PPS - throughput
On Wed, 2006-11-01 at 13:20 -0300, Anderson Nadal wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Hello. > > Today I have a Dell Power Edge 1850 (Dual Intel Xeon 3.20GHz), 2GB of > RAM and 4 Intel PRO/1000MT running OpenBSD 3.9. > This machine is just for routing (BGP and OSPF), including pf rules > (basic rules like blocking ports 135, 139, 445, etc). > My throughput is 80Mbps (50Kpps). > Does anybody knows what is the max PPS and max throughput* *for a > hardware like this? > > - -- > []'s > Nadal > > > "Nco discuta com idiotas, eles te levam ate o nmvel deles e te vencem > por serem experientes" > > +---+ > | Anderson Nadal <[EMAIL PROTECTED]> - RHCE | > |Coordenador Tecnico| > | Fone: + 55 41 3331 8200 | > | FAX: + 55 41 3331 8256 | > | OndaRPC | > | www.ondarpc.com.br | > |Registered Linux User: 56841 | > | PGP KEY: www.keyserver.net KEY ID 6ABB668D| > +---+ > Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org > > iD8DBQFFSMlPLQAusHT90XQRAmNNAJ9bCHqzKlmYqM1J4LbVrlQBRXD/XgCfYxks > NX3p2XrOKVAcRkCdqjcAeyA= > =vlef > -END PGP SIGNATURE- 50Kpps and 80Mbps ?? pretty small packets I could say ... /Claudiu -- Claudiu Pruna <[EMAIL PROTECTED]>
pkg_add
Hi there, Can anybody enlighten me, why in OpenBSD 3.9/i386 with GENERIC #617, happens the followings: ftp> get bash-3.1.1p0.tgz "|pkg_add -v -" local: |pkg_add -v - remote: bash-3.1.1p0.tgz 227 Entering Passive Mode (129,128,5,191,166,108) 150 Opening BINARY mode data connection for bash-3.1.1p0.tgz (514696 bytes). Error from ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/i386/: Unknown command. Can't resolve - ftp: |pkg_add -v -: short write 426 Network seems to have barfed - Let's all phone our ISP and go postal! 15928 bytes received in 7.75 seconds (2.01 KB/s) and PKG_PATH="ftp://ftp.openbsd.org/pub/OpenBSD/3.9/packages/i386/"; Thanks. -- Claudiu Pruna <[EMAIL PROTECTED]>
Re: pf woes
On Mon, 2006-06-26 at 11:44 -0400, Matt Singerman wrote: > Hi all, > > I am trying to configire pf to allow certain machines not behind our > firewall to access FileMaker on a server. FM uses port 5003 for > TCP/IP networking. If I disable pf, machines outside the firewall can > access the server without any problems. However, I cannot get things > working correctly with pf enabled. > > I have the following rules: > You should use $ext_if if you want to accept packets comming from outside you network, because the rules you specify in pf.conf refer to the interface those packets are getting to your firewall as it is also written in the man and howto. > pass in on $int_if proto { tcp, udp } from { $Center, $Home, $Person1, > $Person2 [etc.] } to $Db port 5003 keep state from any to any port > 5003 keep state > pass in on $inf_if proto udp > > With $inf_if simply pointing to dc1, the trusted netwrok adapter > connecting the server to our internal switch. > > pf starts without any errors, but connections simply won't go through. > Any ideas? > -- Claudiu Pruna <[EMAIL PROTECTED]>
"Sundance" Network card
Hi there, I have a question about a network card recently bought by one customer and which is shown as not configured in dmesg, and the board seems to have on the cd it came with drivers for win family, novell, linux and freebsd but not openbsd, so I am wondering if there is any chance to use it with openbsd 3.9 stable, and a second question to any of you, is there on openbsd an equivalent of linux's "lspci" ? = Dmesg output: OpenBSD 3.9 (GENERIC) #617: Thu Mar 2 02:26:48 MST 2006 [EMAIL PROTECTED]:/usr/src/sys/arch/i386/compile/GENERIC cpu0: Intel Pentium III ("GenuineIntel" 686-class) 731 MHz cpu0: FPU,V86,DE,PSE,TSC,MSR,PAE,MCE,CX8,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,MMX,FXSR,SSE real mem = 132685824 (129576K) avail mem = 114339840 (111660K) using 1645 buffers containing 6737920 bytes (6580K) of memory mainbus0 (root) bios0 at mainbus0: AT/286+(7d) BIOS, date 04/11/01, BIOS32 rev. 0 @ 0xfd87d apm0 at bios0: Power Management spec V1.2 apm0: AC on, battery charge unknown apm0: flags 30102 dobusy 0 doidle 1 pcibios0 at bios0: rev 2.1 @ 0xfd810/0x7f0 pcibios0: PCI IRQ Routing Table rev 1.0 @ 0xfdf30/176 (9 entries) pcibios0: PCI Interrupt Router at 000:31:0 ("Intel 82371FB ISA" rev 0x00) pcibios0: PCI bus #1 is the last bus bios0: ROM list: 0xc/0xa000 0xe4000/0xc000! cpu0 at mainbus0 pci0 at mainbus0 bus 0: configuration mode 1 (no bios) pchb0 at pci0 dev 0 function 0 "Intel 82815 Hub" rev 0x02 vga1 at pci0 dev 2 function 0 "Intel 82815 Graphics" rev 0x02: aperture at 0xf000, size 0x400 wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation) wsdisplay0: screen 1-5 added (80x25, vt100 emulation) ppb0 at pci0 dev 30 function 0 "Intel 82801AA Hub-to-PCI" rev 0x02 pci1 at ppb0 bus 1 vendor "Sundance", unknown product 0x0200 (class network subclass ethernet, rev 0x31) at pci1 dev 1 function 0 not configured xl0 at pci1 dev 2 function 0 "3Com 3c905C 100Base-TX" rev 0x74: irq 9, address 00:01:02:dc:1a:46 bmtphy0 at xl0 phy 24: Broadcom 3C905C internal PHY, rev. 6 xl1 at pci1 dev 4 function 0 "3Com 3c905C 100Base-TX" rev 0x78: irq 5, address 00:01:03:17:29:36 bmtphy1 at xl1 phy 24: Broadcom 3C905C internal PHY, rev. 7 ichpcib0 at pci0 dev 31 function 0 "Intel 82801AA LPC" rev 0x02 pciide0 at pci0 dev 31 function 1 "Intel 82801AA IDE" rev 0x02: DMA, channel 0 wired to compatibility, channel 1 wired to compatibility wd0 at pciide0 channel 0 drive 0: wd0: 16-sector PIO, LBA, 9641MB, 19746720 sectors wd0(pciide0:0:0): using PIO mode 4, Ultra-DMA mode 4 pciide0: channel 1 disabled (no drives) uhci0 at pci0 dev 31 function 2 "Intel 82801AA USB" rev 0x02: irq 11 usb0 at uhci0: USB revision 1.0 uhub0 at usb0 uhub0: Intel UHCI root hub, rev 1.00/1.00, addr 1 uhub0: 2 ports with 2 removable, self powered ichiic0 at pci0 dev 31 function 3 "Intel 82801AA SMBus" rev 0x02: irq 9 iic0 at ichiic0 isa0 at ichpcib0 isadma0 at isa0 pckbc0 at isa0 port 0x60/5 pckbd0 at pckbc0 (kbd slot) pckbc0: using irq 1 for kbd slot wskbd0 at pckbd0: console keyboard, using wsdisplay0 pcppi0 at isa0 port 0x61 midi0 at pcppi0: spkr0 at pcppi0 lpt0 at isa0 port 0x378/4 irq 7 npx0 at isa0 port 0xf0/16: using exception 16 pccom0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo pccom0: console fdc0 at isa0 port 0x3f0/6 irq 6 drq 2 fd0 at fdc0 drive 0: 1.44MB 80 cyl, 2 head, 18 sec biomask ff4d netmask ff6d ttymask ffef pctr: 686-class user-level performance counters enabled mtrr: Pentium Pro MTRR support dkcsum: wd0 matches BIOS drive 0x80 root on wd0a rootdev=0x0 rrootdev=0x300 rawdev=0x302 Thanks. -- Claudiu Pruna <[EMAIL PROTECTED]>
10k pps
Hi there list, I got to a situation at work where I have an OpenBSD 3.9 amd64 router acting as bgp and ospf router, and it has to coupe with 100Mbps and approx 15.000 packets per second, but it can't at about 10k pps, I have like 70% cpu utilisation on iterrupt, and all the traffic becomes an extreme sport, it is an Intel P4 3GHz em64 with 512MB of ram and 2 Intel Pro100 (fxp) network cards. Any ideea if/how can I "jump" over the 10k barrier ? P.S.: Claudio thanks for the advice about 3.9 bgpd version and additive communities, I works smooth. Thanks for any sugestion or advice. -- Claudiu Pruna <[EMAIL PROTECTED]>
OpenBGPD communities
Hi, I have just decided to switch 2 of my routers from linux to openbsd and of course planned to use OpenBGPD instead of zebra or quagga, but everithing went well untill I wanted to export to some peer additive communities like the equivalent of "set community 65003:6001 65003:6002 additive" in cisco or zebra when I tried the set parameter on per peer setting, setting it in the filters, but all I could was to announce 1 community, with the "match to $peer1 set community 65003:6001" if I have tried anything like "match to $peer1 set community 65003:6001 65003:6002 additive" or "match to $peer1 set community { 65003:6001 65003:6002 }" all I got was syntax error. So here comes the question: Is it supported on openbgpd to export additive communities ? Thanks in advance. Claudiu Pruna [EMAIL PROTECTED] "For the networks and for the people".