Re: [Tor-BSD] Recognizing Randomness Exhaustion

2015-01-01 Thread Richard Johnson 

On 2014-12-31 11:21, Libertas wrote:

For those not familiar, a Tor relay will eventually have an open TCP
connection for each of the other 6,000 active relays, and (if it allows
exit traffic) must make outside TCP connections for the user's requests,
so it's pretty file-hungry and crypto-intensive.


It can also be pf-state-hungry. Further, each upstream peer Tor node, and each 
client on a Tor entry node, will probably be a pf src.


Packets being dropped and circuits failing when the pf default limits topped 
out would naturally present to the tor bandwidth authorities as network 
congestion.


In my case, I'm now fairly certain my relays usage grew to the point where 
they were allocation-bound in pf. The host was still using the pf defaults 
until recently.


Since increasing the pf limits, I'm seeing better throughput. The current 
entries from pfctl -si currently reach 35k instead of hitting the default 
limit of 10k. Also, state inserts and removals are up to 50/s from 29/s, and 
matches are topping 56/s instead of 30/s. As well, the pfctl -si memory could 
not be allocated counter remains a reassuring 0 instead of increasing at 
0.9/s. Additionally, netstat -m counters for pf* have a reassuring 0 in the 
failure column of the memory resource pool stats. Finally, Tor network traffic 
seems to have started climbing.


I increased the limits thusly, since the host does nothing but Tor and unbound 
for Tor DNS.


| # don't choke on lots of circuits (default is states 1,
| # src-nodes 1, frags 1536)
| set limit { states 10, src-nodes 10, frags 8000, \


One possible explanation is that its randomness store gets exhausted. I
once saw errors like this in my Tor logs, but I don't know how to test
if it's a chronic problem. I also couldn't find anything online. Is
there any easy way to test if this is the bottleneck?


I suspect Tor won't exhaust randomness; random(4) shouldn't block. (From a 
cursory look at the source, Tor references /dev/urandom, and doesn't use 
arc4random.)



Richard

Re: Areca ARC-1213-4i or ARC-1223-8i using arc(4) for hardware RAID?

2012-04-14 Thread Richard Johnson 
At 17:29 +0200 on 2012-04-14, Benny Lofgren wrote:
 On 2012-04-12 22.23, Richard Johnson wrote:
 Is there any particular reason the ARC-1212-4i or ARC-1223-8i will not work
 with OpenBSD 5.1 and newer's arc(4) driver?  (Will arc(4) deal with Areca's
 generically named RAID-on-chip (ROC), listed in specs for the 1213, vs.
 their more specific IOP3## RAID processors listed for the ARC-1231ML et al?
 Is there actually a significant difference there?)

 I suspect they are equipped with the same ROC controller that the
 ARC-1880 series uses. I don't recall at the moment exactly what
 controller it is, but it definitely is not the Intel IOP348 that's
 in some of the other ARC-1200 series (as well as ARC-1680), and it is
 AFAIK *not* presently supported by the arc(4) driver. Which is
 unfortunate, since they are excellent controllers with much bang for
 the buck.

Thanks.  Indeed, this site:

http://www.osslab.com.tw/Storage/Enterprise/SAS%E8%88%87RAID/SAS//SATA//RAID_HBA,_IOP%E5%92%8CIOC%E8%B3%87%E8%A8%8A
suggests that the ARC-1880 RAID-on-Chip (ROC) is based on LSI SAS 2108.  It
seems likely that the ARC-1213  1223 cards are also based on LSI SAS2108
or something close.

The fact that Areca are being cagey about specifying the processor hints,
at minimum, at their reserving the option to make under-the-hood changes.

 I actually made a stab at implementing support for the ARC-1880i using
 the FreeBSD driver as inspiration, but alas ran out of time on the
 project I was intent on using them in, so we had to revert to ARC-1680i
 (which are now unfortunately no longer sold).

I see some lingering ARC-1680s for sale, so that's possibly still an option
for this system, and maybe for lists if I can't find another easier way to
a RAID 6 capable system to offer there.

The ARC-1212 and ARC-1222 are still more readily available from
distributors.  They're not listed as explicitly supported by arc(4) man
page, but at least they're Intel (-Marvell) IOP348-based.

However, there's this thread termination from 2010 that suggests the
ARC-1212 may be detected as the ARC-1680, such that bioctl can't report the
array status.
http://archives.neohapsis.com/archives/openbsd/2010-09/1206.html .  I don't
see anything in current sources that shows differentiation/mention of
PCI_PRODUCT_ARECA_ARC1222, but I am not necessarily looking in all the
right places.


Richard

Areca ARC-1213-4i or ARC-1223-8i using arc(4) for hardware RAID?

2012-04-12 Thread Richard Johnson 
We're looking at Areca ARC-1213-4i or ARC-1223-8i [1] cards for doing RAID
5, 6 or 10 arrays. http://www.areca.com.tw/products/sas6g_internal.htm

They're not listed on the OpenBSD-current man page for arc(4).  They're
reported by some to be essentially the same as the long-discontinued
ARC-1210/1220, however, which is listed as supported.

Is there any particular reason the ARC-1212-4i or ARC-1223-8i will not work
with OpenBSD 5.1 and newer's arc(4) driver?  (Will arc(4) deal with Areca's
generically named RAID-on-chip (ROC), listed in specs for the 1213, vs.
their more specific IOP3## RAID processors listed for the ARC-1231ML et al?
Is there actually a significant difference there?)

If you have experience with the ARC-1213 or 1223, what did you find?

Thanks in advance.


Richard

SATA RAID card suggestions?

2011-10-10 Thread Richard Johnson 
I'm looking to possibly use a SATA RAID card instead of softraid(4) on a
new amd64 PCIx or PCI express machine build.

I'm tired of rebooting into the bios for other machines with mfi(4).  So I
want to build something manageable via bio(4), bioctl(4), and maybe
sensorsd(8).  That'll either be softraid, or some kind of supported SATA
RAID card.

However, most of the card models listed in the man pages for ami(4),
ciss(4), ips(4), and arc(4) are older discontinued SCSI and PCI beasts.
ami(4) also is limited to 2TB logical volumes.

Given the whole go dark and produce driver blobs only trend in the RAID
controller business, I'm not getting my hopes up too much for a hardware
SATA RAID option, and will certainly be OK with softraid(4).

However, if you have any ideas, I'd appreciate suggestions about
manufacturers to look at for SATA RAID cards that might provide for drive
status and maintenance commands via bio(4) and bioctl(4) in OpenBSD.


Richard

Re: SATA RAID card suggestions?

2011-10-10 Thread Richard Johnson 
On Mon, 10 Oct 2011 14:50:45 -0700, Ryan Corder wrote:
 On Mon, Oct 10, 2011 at 02:16:47PM -0600, Richard Johnson wrote:
 I've had great success with the Areca ARC-1210.

   http://www.areca.com.tw/products/pcie.htm

Wups, I was apparently too tired last night to find the Areca cards, though
I could have sworn I'd studied the arc(4) man page.  That is, until I
reviewed it again this evening after receiving your response.

Thanks for getting me pointed in the right direction.

Now to find one in stock.


Richard