Re: [Soekris] Dying net6501 servers

[Christopher Hilton]

>On Sep 4, 2016, at 6:10 PM, Nenhum_de_Nos  wrote:
> 
> David,
> 
> I won't laugh at all. I am now leaving both pfsense and soekris and I am 
> building a RPI2 box just to this role. So far, so good. Till next weekend I 
> may have it running as backup router, and soon after the main one. Must be 
> prepared to change my 5501-70. The 6501-70 passed away first :/
> 

Firstly, my Net5501 machines have been tremendously reliable. My Net6501 has 
also been fine but I don’t want to press my luck.

I just read about a machine called the Banana Pi in Linux Journal. The column 
was about building a low powered NAS box. Your Mileage May Vary but that might 
be a more appropriate solution. The Banana Pi is still ARM but it’s available 
in System On Chip format with 4 x Gb ethernet. Gigabit is a requirement for me 
since my ISP has just made 60Mb/s it’s minimum Tier. I upgraded from Net5501 to 
Net6501 because the Net5501’s 100Mb/s NICs were limiting my Internet speeds to 
85Mb/s.

I can’t move to Banana Pi today because I won’t move off of OpenBSD. Having 
said that it’s not an issue for me because I moved my Net6501 into the 
background about a year ago over health concerns I saw here. I replaced it with 
a 1U SuperMicro Atom. The power draw is similar but the machine seems to be a 
bit more rugged.

Chris

  __o  "All I was trying to do was get home from work."
_`\<,_   -Rosa Parks
___(*)/_(*).___o..___..o...ooO..._
Christopher Sean Hilton[chris/at/vindaloo/dot/com]





signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] net5501: FreeBSD ipfw and the elusive 75Mbps throughput

[Christopher Hilton]

> On Jun 8, 2016, at 8:18 PM, Jed Clear  wrote:
> 
> I just climbed out of the bronze age of home networking (DSL) and now have 
> "75Mbps service” from $BIG_CABLE_CO (iron age?).  Before the DSL was the 
> bottle neck.  Now it appears the 5501 is the bottle neck.  My net5501-70 has 
> long been running nanobsd (FreeBSD 9.3-R) and ipfw as my perimeter 
> router-firewall-nat.  While I’m not expecting 75, especially in the evening, 
> it’s not even close.  Note all the speeds mentioned are download speeds in 
> Mbps.  The upload is much worse, but not bothered by that in this exercise.
> 
> When the cable modem was first brought up, a laptop directly on it pulled 56 
> with one of the speed test sites.  The cable modem channel power and SNR 
> don’t look bad.  Putting the 5501 in-line dropped the speed to the 30s.  Some 
> googling later and I discover FreeBSD’s polling feature.  So I added options 
> DEVICE_POLLING to the kernel config (HZ was already 1000), baked a new image, 
> set all the interfaces to polling and … it dropped like a rock to 5 Mbps.  
> Flipping off polling on the three interfaces brought it back to the 30s.
> 
> I tried the built in “simple” firewall rule set, and that did modestly better 
> than my, perhaps overly complicated, rule set.  It got around 44.  I will 
> work that later.
> 
> Anyway I’m a bit baffled by the negative results when enabling polling.  And 
> any other advice on improving the performance through the 5501 would be 
> appreciated.  I haven’t given up on self help, but need a break from google 
> for a bit so will appeal to the collective wisdom of soekris-tech.
> 
> Thanks,
> 
> -Jed
> 
> PS: To add insult to injury, I just repeated the directly connected laptop 
> experiment and clocked over 90.  :-(
> 

I don’t know about FreeBSD/ipfw but on OpenBSD/pf and the latest performance 
tweaks to both the vr driver and the pf firewall the best I could do with a 
Net5501-70, pf, and the vr driver based nics was 85Mbit/s. If I understand 
correctly, FreeBSD’s vr driver is more performant than OpenBSD’s but that may 
have changed. In 5.8, OpenBSD’s pf is much more performant than pf in FreeBSD 
9-* and less buggy. Again, I don’t know about FreeBSD/ipfw. If you aren’t 
reaching 75Mbit/s now on the Net5501-70 you might be able to do so either by 
switching to pfSense or by switching to OpenBSD.

SUMMARY

At the end of the day I think that 75 ~ 85 MBit’s per second is the limit on 
the vr interface in net5501. I don’t know what the limit is on the em interface 
in the Net6501 because between the 1Gbit speed of the NIC and the PCIe bus I 
can’t afford to buy enough bandwidth to get close. If you only have one 
firewall/router I’d replace it with either a Net6501 or some other Intel 
Atom/PCIe/Intel Gigabit based solution.

DETAILS:

At the end of the day, I solved this by throwing money at the problem in three 
steps:

First I replace my Net5501 with a Net6501. That changed the ethernet driver 
from vr to em and the em driver is much more performant.

I have two firewalls serially so moving to the Net6501 just moved the problem 
upstream in my network.

So, Second, to address that, I put the Net5501-70 into a Soekris Rackmount case 
for the better power supply and put a dual em interface into a net5501-70 for 
the second firewall. This worked and was stable under OpenBSD 5.2. It became 
biweekly unstable when I upgraded the OS From OpenBSD 5.2 to OpenBSD 5.6 and to 
5.8 meaning that I never saw an uptime greater than 14 days out of the OpenBSD 
5.6/5.8 box with the dual em card in it. This box would spontaneously reboot 
under heavy traffic and I could never figure out the reason. I speculate that 
under heavy traffic loads the power supply can’t keep up with the PCI dual em 
card. Thus the dual em hangs the PCI bus and ultimately triggers the watchdog 
reboot on the Net5501-70.

Finally, I replaced the Net6501 with a 1U SuperMicro D525 Atom and moved the 
Net6501 upstream replacing the net5501. Since then the only reason that either 
firewall goes down is because I rebooted it.

Hope this helps,

--
Chris

 __o  "All I was trying to do was get home from work."
   _`\<,_   -Rosa Parks
___(*)/_(*).___o..___..o...ooO..._
Christopher Sean Hilton[chris/at/vindaloo/dot/com]



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] FreeBSD-recent + nanobsd for 4801?

[Christopher Hilton]

On Jul 1, 2015, at 9:01 AM, Michael Stone mstone+soek...@mathom.us wrote:

 On Wed, Jul 01, 2015 at 08:30:25AM -0400, Christopher Sean Hilton wrote:
 The net4801 is supposed to be perfect as an inexpensive gps driven
 clock for ntpd. But I thought that having CPU_ELAN and CPU_ELAN_PPS in
 the kernel added precision to the timekeeping?
 
 That's the net4501, not the net4801. FWIW, without replacing the clock and 
 using a custom ntpd the 4501 is ok as an NTP server but not spectacular. The 
 limited memory and cpu hurt if you run a current OS  ntpd. Remember, 
 nobody's actively targeted that hardware in a decade. The net4801 will 
 probably do as well in the real world even without the elan timer registers.

I assumed that a gps with PPS output was required.

— Chris

Chris

  __o  All I was trying to do was get home from work.
_`\,_   -Rosa Parks
___(*)/_(*).___o..___..o...ooO..._
Christopher Sean Hilton[chris/at/vindaloo/dot/com]





signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] Net 5501-70 Dead With Red Flashing Error Light

[Christopher Hilton]

On Jun 19, 2015, at 3:28 AM, loppefaaret loppefaa...@gmail.com wrote:

 i beleive there is a limit to the size of the booting partition on the 5501.
 
 try seperating /boot on the first primary partition, with less than 2gb
 if you haven't tried that already.

@loppefaaret: He’s running OpenBSD, The kernel is in /. Still this is a good 
suggestion.

When you did your install, did you auto partition or did you roll your own. 
Auto Partitioning would have made a small root partition at the beginning of 
the disk. If there is a 2Gb Limit to where the soekris can boot from, Auto 
Partitioning would have insured that the kernel was within that limit.

Chris

  __o  All I was trying to do was get home from work.
_`\,_   -Rosa Parks
___(*)/_(*).___o..___..o...ooO..._
Christopher Sean Hilton[chris/at/vindaloo/dot/com]



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] Net 5501-70 Dead With Red Flashing Error Light

[Christopher Hilton]

On Jun 19, 2015, at 10:33 AM, andrew fabbro and...@fabbro.org wrote:

 8GB.  Installing works just fine...it's booting that's the issue.
 I've tried two different 6GB Kingston CF cards.  I could try a smaller
 one but I have not read that overall size of the card makes a
 difference.
 
 Any opinion on the POST (commas)?  I'm wondering if that is saying something.
 
 On Fri, Jun 19, 2015 at 7:31 AM, Christopher Hilton ch...@vindaloo.com 
 wrote:
 On Jun 19, 2015, at 10:15 AM, andrew fabbro and...@fabbro.org wrote:
 
 Auto partitioning.  Root is less than 1GB.
 
 
 Hrm… How big is the CF? My 5501-60 is running OpenBSD 5.7 from a 4GB SanDisk 
 Ultra, I bought two of the cards. One has FreeBSD 9.3-Stable; and I 
 installed OpenBSD 5.7 on the other without problems on Tuesday evening.
 
 
 Chris
 
  __o  All I was trying to do was get home from work.
_`\,_   -Rosa Parks
 ___(*)/_(*).___o..___..o...ooO..._
 Christopher Sean Hilton[chris/at/vindaloo/dot/com]
 
 
 
 
 
 --
 andrew fabbro
 and...@fabbro.org
 blog: https://raindog308.com
 

Here’s what mine looks like booting. The hd0+* is different than mine. I don’t 
know what the significance of this is though?


— screen capture —


rebooting...


POST: 012345689bcefghips1234ajklnopqr,,,tvwxy








comBIOS ver. 1.33  20070103  Copyright (C) 2000-2007 Soekris Engineering.

net5501

0256 Mbyte MemoryCPU Geode LX 434 Mhz

Pri Mas  SanDisk SDCFH-004G  LBA Xlt 968-128-63  3906 Mbyte

Slot   Vend Dev  ClassRev Cmd  Stat CL LT HT  Base1Base2   Int
---
0:01:2 1022 2082 1010 0006 0220 08 00 00 A000  10
0:06:0 1106 3053 0296 0117 0210 08 40 00 E101 A0004000 11
0:07:0 1106 3053 0296 0117 0210 08 40 00 E201 A0004100 05
0:08:0 1106 3053 0296 0117 0210 08 40 00 E301 A0004200 09
0:09:0 1106 3053 0296 0117 0210 08 40 00 E401 A0004300 12
0:17:0 13A3 0020 0B40 0116 0280 08 40 00 A0005000 A0006000 15
0:20:0 1022 2090 06010003 0009 02A0 08 40 80 6001 6101
0:20:2 1022 209A 01018001 0005 02A0 08 00 00  
0:21:0 1022 2094 0C031002 0006 0230 08 00 80 A001  07
0:21:1 1022 2095 0C032002 0006 0230 08 00 00 A0011000  07

 1 Seconds to automatic boot.   Press Ctrl-P for entering Monitor.
Using drive 0, partition 3.
Loading.
probing: pc0 com0 com1 pci mem[639K 255M a20=on]
disk: hd0+
 OpenBSD/i386 BOOT 3.26
switching console to com0
  OpenBSD/i386 BOOT 3.26
boot
booting hd0a:/bsd: 9777628+1068236 [72+409680+404343]=0xb1ec54
entry point at 0x200120

[ using 814508 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2015 OpenBSD. All rights reserved.  http://www.OpenBSD.org

— end screen capture —

I know that I’ve had issues with these CF cards and DMA settings in the past. 
As in I’ve had to slow down the DMA rate or even force PIO mode to get them to 
boot. I thought that those issue went away and I don’t remember ever seeing 
them on a Soekris. A cursory Google search points to this:

https://seifried.org/oag/common-errors/boot-errors.html

Which again suggests that a problem reading the /etc/boot.conf file because 
it’s not reachable by the BIOS. I don’t think that’s it though because the box 
wouldn’t have booted at all unless you changed boot.conf after and that caused 
it to be stored higher than the 1024 cylinder boundary.

Chris

  __o  All I was trying to do was get home from work.
_`\,_   -Rosa Parks
___(*)/_(*).___o..___..o...ooO..._
Christopher Sean Hilton[chris/at/vindaloo/dot/com]





signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] Net 5501-70 Dead With Red Flashing Error Light

[Christopher Hilton]

On Jun 19, 2015, at 10:15 AM, andrew fabbro and...@fabbro.org wrote:

 Auto partitioning.  Root is less than 1GB.
 

Hrm… How big is the CF? My 5501-60 is running OpenBSD 5.7 from a 4GB SanDisk 
Ultra, I bought two of the cards. One has FreeBSD 9.3-Stable; and I installed 
OpenBSD 5.7 on the other without problems on Tuesday evening.


Chris

  __o  All I was trying to do was get home from work.
_`\,_   -Rosa Parks
___(*)/_(*).___o..___..o...ooO..._
Christopher Sean Hilton[chris/at/vindaloo/dot/com]




signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] spontaneous reboot with large packet flows on net5501+lan1741

[Christopher Hilton]

Sorry, The Soekris Rackmount supply is 12V x 5.0A

-- Chris

On Feb 17, 2015, at 3:56 PM, Andrew Atrens wrote:

 5A should be plenty I'd think .. but I guess it also depends on the voltage ..
 
 A few years ago I experienced issues with an ALIX board and a high power 
 Ubiquiti/Atheros-based mini-PCI card .. if memory serves I think it was an 
 XR-2 .. in that case though the miniPCI card would sort of brown out and that 
 could lock up the PCI bus leading to a kernel crash or watchdog reset.  In 
 that situation the issue was internal to the PUPS on the ALiX board - a known 
 limitation wrt how how much power could be supplied to the miniPCI slot.
 
 
 
 On 2015-02-17 2:02 PM, Christopher Sean Hilton wrote:
 On Tue, Feb 17, 2015 at 01:37:51PM -0500, Andrew Atrens wrote:
 Hi Nix,
 
 It's almost certainly a power issue as power draw for the lan card will not
 be a static thing - ie will increase when transmitting packets vs idle.
 
 That's an intersting theory. I also run an external nic in the PCI
 slot of a Net5501-60. In my case the OS is OpenBSD 5.5 and the nic
 card is an Intel dual Gigabit PCI-X unit. I also experience reboots of
 this configuration under high packet flows. In my case though my
 machine is in the Net5501 rack mount case with the 5.0A power supply.
 
 I will arrange to test by swapping to a newer 5501 rack mount case and
 retesting.
 
 Thanks
 
 -- Chris
 

___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] can't get past BIOS...

[Christopher Hilton]

On Aug 12, 2014, at 4:41 AM, Eric Abrahamsen e...@ericabrahamsen.net wrote:

 
 On 08/11/14 16:39 PM, ED Fochler wrote:
 ^P is only useful at one particular stage of boot in the BIOS. net6501
 also accepts +++ followed by 1 second of nothing to display the
 uManager (micro manager) interface. I’d use that as your test, so you
 don’t need to keep re-setting the unit to get interaction. Just try a
 new terminal speed and hit + 3 times to see if you get a reaction.
 
 This is the bane of serial connections. Short of hooking up an
 oscilloscope, I think you just have to keep guessing and trying.
 Possible values can be 2400, 4800, 9600, 19200, 38400, 57600.
 
  ED.
 
 Thanks for the responses! I've tried a few of these suggestions with no
 luck yet. Since most of this stuff is new to me, and I might be making
 dumb mistakes, let me outline exactly what's happening.
 
 1. I plug in the cable, start minicom, set to 19200 or what have you.
 2. I plug in power on the router
 3. The power and error lights both come on (none of the others)
 4. Six or seven seconds later the error light goes off, and I get my
 line of gibberish
 
 That's it! I tried changing speeds in minicom then hitting +++, and
 nothing happened -- no new output, the lights didn't change, nothing.
 
 I also opened it up and pulled the internal SSD, and that didn't affect
 anything at all -- everything happens just as it did before.
 
 Net booting sounds promising, I don't know how to do that but I'll give
 it a Google and see what comes up. Any further hints much appreciated!
 

I'd try unplugging any hard drive connected the machine. That's USB, SATA or 
mSATA and putting it aside while you attempt to find out what the console speed 
is. This should shorten your test cycle since you won't have to wait for 
whatever operating system is trying to come up on the machine. For this to work 
you also want to disconnect any network cables.

Also, after reading the thread I'm not sure what kind of cable you have. Serial 
defines a crossover cable for really simple situations and a null modem cable 
for connecting a computer to another computer. The reasons for this are buried 
in the original function of serial protocol. It was designed to connect 
intelligent hardware like computers to relatively unintelligent peripherals 
like modems or printers or mice or what have you. You're crossover cable can 
work with a little knowledge of the serial protocol but a proper null modem 
cable should be foolproof. I've used the orange banded null modem adapters 
available on Amazon with the Trendnet USB serial adapter and had great success 
managing my fleet of soekris boxes. I'd test without a hard drive before buying 
new equipment. If you are still stumped after testing without a hard drive as a 
complication, I'd look at the cables.

-- Chris



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

[Soekris] Install FreeBSD 9.x onto Soekris net4511

[Christopher Hilton]

I'm trying to install FreeBSD 9.2-RELEASE onto a net4511. The installation 
fails when unpacking the distribution. When it fails it complains about running 
out of swap space. I can run 8.x-STABLE on these machines. is 9 just too big?

-- Chris



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] net6501-30 max throughput

[Christopher Hilton]

On May 5, 2014, at 2:19 PM, Tuomo Latto d...@iki.fi wrote:

 On 28.04.2014 09:42, ML mail wrote:
 I am using OpenBSD 5.1, would their be any performance gains in upgrading to 
 5.4 or 5.5? Btw yes I checked again and the interface is really in 1000baseT.
 
 How about the cables?
 

Great point. That's bitten me in the a** before. Make absolutely certain that 
you have a cable with all 4 pairs wired in. 100Mbit ethernet only used two 
pairs, Gigabit uses all four. If you connect a gigabit port with a two pair 
cable the best you can do is 100Mbit/s. Also, unless you are going some major 
distance Cat5e cable is sufficient. In fact cat 5 cable will do 1Gb/s over 
short distances. When I got burned by this it turned out that the cable I got 
with my 3Com something-or-other only terminated pairs 1 and 2. As I said 
before, that's sufficient for Fast-Ethernet but not for Gigabit-Ethernet.

-- Chris


signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

[Soekris] OpenBSD Alt-Q update -- Was: net6501-30 max throughput

[Christopher Hilton]

On Apr 26, 2014, at 10:31 AM, Christopher Hilton ch...@vindaloo.com wrote:

 

[snip]

 If I remember right, I heard that they were reworking the code in the BSDTalk 
 podcast at the same time as I heard about the pf performance upgrades. It's 
 worth tracking down and listening to the podcast to get more information. If 
 I were that interested I might even dash out a quick email to the person 
 working on the code for an update. For me the 

FYI:

May 1, 2014.

We are pleased to announce the official release of OpenBSD 5.5.
This is our 35th release on CD-ROM (and 36th via FTP).  We remain
proud of OpenBSD's record of more than ten years with only two remote
holes in the default install.

...

- pf(4) improvements:
   o New queueing system with new syntax.
   o The received-on parameter can now be used with the any keyword
 to match any existing interface except loopback ones.
   o The block policy in the default pf.conf(5) is now block return.

...


signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] net6501-30 max throughput

[Christopher Hilton]

On Apr 25, 2014, at 9:28 PM, David Ruggiero thatseattle...@gmail.com wrote:

 Second there is quite a bit of Voodoo^H^H^H^H^H^Hahem non-deterministic 
 configuration here because
 the ALT-Q code has some real performance issues
 
 Chris, do you expect that the ALT-Q rewrite coming in OpenBSD 5.5 will
 significantly improve queue and bandwidth management performance? Or
 is it just window dressing? Would love to know if the pain of an
 upgrade (I'm on 5.3 IIRC) will be worth it. I do use ALT-Q
 extensively.

If I remember right, I heard that they were reworking the code in the BSDTalk 
podcast at the same time as I heard about the pf performance upgrades. It's 
worth tracking down and listening to the podcast to get more information. If I 
were that interested I might even dash out a quick email to the person working 
on the code for an update. For me the limitation isn't a problem because with 
Alt-Q OpenBSD can still exceed my available bandwidth. That said I do plan to 
upgrade to 5.5 but it's more about getting my OpenBSD stuff under puppet 
configuration management.

-- Chris


signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] net6501-30 max throughput

[Christopher Hilton]

On Apr 25, 2014, at 11:53 AM, ML mail mlnos...@yahoo.com wrote:

 Hi,
 
 I am using a net6501-30 (600 MHz CPU) with OpenBSD for my internet connection 
 (cable modem - soekris - internal network) and wanted to know what is the 
 theoretical max throughput in terms of bandwidth?
 
 I have a 250 Mbit/s internet cable connection and currently with some speed 
 tests I can't manage more than 100 Mbit/s. If I remove the Soekris from my 
 setup (directly connected to the cable modem) I can manage around 220 Mbit/s.
 

That doesn't seem right to me. Some things to check:

 Use ifconfig to make sure that the interfaces are negotiating the correct 
speed. It's unlikely that they are not but if they aren't try specifying the 
interface speeds in your /etc/hostname.em[0-3] files.

 Check the obvious cases: Make sure you are looking at a wired connection. 
The maximum speed you will get over wifi will be lower than the speed you get 
over wired.

 Make sure you are running a recent version of OpenBSD, The pf firewall 
code underwent a substantial cleanup that improved performance late in the 
OpenBSD 4.x stages, Somewhere between 4.7 and 4.9 IIRC.

It's likely that those three aren't the culprit but you have to address the 
elephant in the room. From what you say about being directly connected to the 
Cable Modem versus the Soekris I gather that you are _not_ testing your 
upstream provider's internet bandwidth. Other things I would look at are:

 How are your pf rules setup? 

 Pf gets most of it's performance by applying state rules to packages which 
is quick. A packet only goes to the ruleset only after it's been tested 
against, and fails to match, all of the existing states on the firewall. A 
ruleset with a lot of no state specifiers will be expensive to process.

 Are you seeing a bufferbloat condition? 

 If you cablemodem provides excess buffering, one connection can quite 
easily tie up all of your bandwidth by flooding that buffer with packets that 
cannot be dropped to activate TCP's automatic throttling condition. Note well 
that you will only have bufferbloat if you have two or more streams to the 
internet through your OpenBSD box. If you are the sole user then you don't have 
bufferbloat. If you are suffering from bufferbloat consider adding queueing to 
your ruleset and prioritizing the delivery of outbound TCP ACK packets. There 
are two issues here: Firstly Alt-q style QOS is not the best solution to the 
problem of bufferbloat but with OpenBSD that's the only tool you have right 
now. Second there is quite a bit of Voodoo^H^H^H^H^H^Hahem non-deterministic 
configuration here because the ALT-Q code has some real performance issues. In 
my setup I have 120/35 Mbit/s connectivity. I've restricted my inbound queues 
to 131Mbit/s and my outbound to 38Mbit/s to compensate for the overhead of the 
Alt-q code. Those levels were set by doing a few rounds of binary testing. E.g: 
I think the correct setting to realize 35 Mbit/s is between In the range 
between 35 ~ 40. What happens when I try 37.5? You would be right to turn your 
nose up at this procedure. I felt that it was a better choice than having to 
use IPTables.


-- Chris


signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] net5501 or net6501 multi-port serial card on FreeBSD 9.X?

[Christopher Hilton]

On Apr 16, 2014, at 6:19 PM, Christopher Hilton ch...@vindaloo.com wrote:

 On Apr 16, 2014, at 5:46 PM, Kevin Kadow kka...@gmail.com wrote:
 
 On Wed, Apr 16, 2014 at 2:02 PM, Michael Sierchio ku...@tenebras.com wrote:
 I'm looking for a 4- or 8-port serial card that works with FreeBSD 9.X, for
 either net5501 or net6501.
 
 Suggestions entertained.
 
 
 I use the Sunix SER5066A card with my Net5501, but not under FreeBSD.
 
 I was using one of the Comtrol Rocketport 8 port cards with a Net5501-60. But 
 I ran FreeBSD 8-STABLE. The driver for the comtrol is still in FreeBSD though 
 you may need to compile a custom kernel or play with /boot/loader.conf to 
 access the card. The card is a:
 
 Comtrol RocketPort uPCI
 P/N: 5002265
 
 Note two things: 
 

[snip]

Sorry it took so long to get back to you. My configuration for doing a pxeboot 
install of FreeBSD 9.x was a little pooched and required more concentration 
than I could give it until today. I have the RocketPort uPCI installed in a 
Net5501-60 running last weeks 9-STABLE built from source. Everything runs okay 
and I see 8 cuaR0* devices in the the /dev directory. The rp driver is not 
built into the GENERIC kernel. I had to add a device rp line to my kernel 
configuration and build new kernel but it appears automatically.

-- Chris

P.S. As a final test I connected the serial hydra cable to the card and looped 
port 0 back to the console on the soekris:

---

$ cu -l /dev/cuaR00 -s 19200
can't open log file /var/log/aculog.
Connected


FreeBSD/i386 (soekris.vindaloo.com) (ttyu0)

login:

FreeBSD/i386 (soekris.vindaloo.com) (ttyu0)

login:

---


signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] net5501 or net6501 multi-port serial card on FreeBSD 9.X?

[Christopher Hilton]

On Apr 16, 2014, at 5:46 PM, Kevin Kadow kka...@gmail.com wrote:

 On Wed, Apr 16, 2014 at 2:02 PM, Michael Sierchio ku...@tenebras.com wrote:
 I'm looking for a 4- or 8-port serial card that works with FreeBSD 9.X, for
 either net5501 or net6501.
 
 Suggestions entertained.
 
 
 I use the Sunix SER5066A card with my Net5501, but not under FreeBSD.

I was using one of the Comtrol Rocketport 8 port cards with a Net5501-60. But I 
ran FreeBSD 8-STABLE. The driver for the comtrol is still in FreeBSD though you 
may need to compile a custom kernel or play with /boot/loader.conf to access 
the card. The card is a:

 Comtrol RocketPort uPCI
 P/N: 5002265

Note two things: 

 FreeBSD supports a bunch of multi-port serial cards but not all of them 
are support by the Net5501. The Soekris only does 3.3V PCI if I recall 
correctly. If you can find pictures search for images of the comtrol listed 
above and the Moxa C168H 8-Port serial card The Moxa will not work in the 
Net5501 because it has the wrong kind of PCI signalling. If you compare the 
images you'll notice that the Comtrol has two slots in the interface fingers 
part of the card where the Moxa only has one.

 There are plenty of people selling these cards on eBay where I bought 
mine. It's rare to find someone selling both the card and the multi port serial 
cable / box needed to make it run. The problem seems to be that while the cards 
aren't rare, the interface cable is.

-- Chris

P.S. Putting FreeBSD 9-STABLE on my Soekris is a short term project. I brought 
the card to my workbench and will test it when I put 9.2 on the Soekris.




signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

[Soekris] Net5501 cases and temperatures

[Christopher Hilton]

I'm running OpenBSD 5.2 on a Soekris Net5501-70 in the standard case. This box 
is a bridge between two gigabit networks so it has a PCI-X Intel dual gigabit 
interface in the PCI slot. This machine has always run somewhat hot:

$ sysctl | grep temp[0-3]
hw.sensors.nsclpcsio0.temp0=81.00 degC (Remote)
hw.sensors.nsclpcsio0.temp1=127.00 degC (Remote)
hw.sensors.nsclpcsio0.temp2=59.00 degC (Local)

which creates a situation that I want to remedy. My choices are:

 Buy a Rackmount soekris case and install a fan
 Replace this box with something that's got a little more power like a 
Net6501

What fan can I install and the Net5501 rackmount enclosure and how can I power 
it?

-- Chris 
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] soekris 4801 and pfsense 2.x

[Christopher Hilton]

On Sep 10, 2013, at 1:17 PM, Nikola Gyurov ngyu...@gmail.com wrote:

 Hi,
 
 If you don't reqiure custom modifications all the time, no different
 user access to the interface etc. you could just create the pf.conf
 and use it on an OpenBSD installation (this is what I use, other BSDs
 may be fine too). It wouldn't need as much RAM as pfSense.
 
 However, this wouldn't help with the throughput limits.
 

OpenBSD may or may not be a big help here. The OpenBSD team has done a lot of 
work on pf since the version that's in pfsense was released. Some of the work 
was performances based and that may be enough to get the job done on net4801 
hardware for you. More on that later. One big change was a pf.conf syntax 
change regarding how NAT is handled which happened with OpenBSD 4.5. If you are 
using NAT, I would _not_ count on a pfsense generated configuration to work in 
OpenBSD 4.5+ 

Otherwise, the news if very good. If my research is correct the OpenBSD team 
has gained big performance increases in both their network stack and pf many of 
which aren't reflected in pfsense. According to this talk:

 youtube.com/watch?v=VNyBAcO2pIg [20:15] 

they roughly doubled the throughput of pf and their network stack from 28Mbit / 
sec to 56Mbit / sec on low end Soekris hardware. They don't specify the 
hardware beyond low end Soekris but when they say low end I assume that they 
mean a 45xx or a 48xx. I myself have tested 55xx and 65xx hardware and find 
that you can achieve 80 ~ 90 Mbit/sec with OpenBSD on the net5501 with the 
standard 100Mbit/s vr interfaces. To go faster you'll need to install a good 
Gigabit NIC in the net5501's PCI slot. The net5501 will keep up with the 
traffic but in this configuration, with a dual intel em PCI NICs I get lot's of 
heat. If the high heat bothers you, save yourself some time and opt for the 
net6501 or go for a rack mount chassis and plan on adding a fan.

 $ sysctl -a | grep deg
 hw.sensors.nsclpcsio0.temp0=92.00 degC (Remote)
 hw.sensors.nsclpcsio0.temp1=127.00 degC (Remote)
 hw.sensors.nsclpcsio0.temp2=70.00 degC (Local)

Hope this helps,

-- Chris



signature.asc
Description: Message signed with OpenPGP using GPGMail
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] help in booting FreeBSD 9

[Christopher Hilton]

On Aug 8, 2013, at 3:16 AM, Igalson Jacek - Korpo TP jacek.igal...@orange.com 
wrote:

 
 Hi Chris,
 
 Thank you for your suggestions concerning comconsole and speed.
 I set baudrate 9600 consitently in Soekris and server according to 
 loppefaaret advice on this mailinglist.
 I also set boot_serial=-h according to hint by Jed Clear.
 
 The last status of my booting is: 
 
 boot f0
 
 NSC DP83815/DP83816 Fast Ethernet UNDI, v1.03 
  
 Copyright (C) 2002, 2003 National Semiconductor Corporation
 All rights reserved.
 
 Pre-boot eXecution Environment  PXE-2.0 (build 082)
 Copyright (C) 1997-2000  Intel Corporation
 


I've needed to update the FreeBSD install on a 2Gb flashcard in my net5501 for 
a bit so I figured it would be a good time to test this out. I found a set of 
instructions on the soekris wiki specific to the net6501 but there shouldn't 
bee much of a difference between the net6501 and the net5501. The source of the 
instructions is:

 http://wiki.soekris.info/Installing_FreeBSD

under the heading Net Boot / Installing FreeBSD 9.1 on Soekris net6501 via 
PXE. The instructions linked here:

http://pivotallabs.com/installing-freebsd-9-1-on-soekris-net6501-via-pxe/

I modified exactly one instruction. Under DOWNLOAD  MOUNT FREEBSD at the 
bottom the instructions say:

 ...
 sudo vim /mnt/fbsd_boot/boot/loader.conf
   console=comconsole

I changed this to:

 ...
 sudo vim /mnt/fbsd_boot/boot/loader.conf
   console=comconsole
   comconsole_speed=19200

due to my experience with terminal emulators and serial communications. In the 
past when I've worked with these devices I've noticed that the systems have a 
tendency to break if the baud rate changes mid session. How you address the 
baud rate problem is your call, more on that later. Following those steps just 
got me to the FreeBSD 9.1 installer in about 10 minutes.

Regarding the baud rate problem, you can either bring the soekris to FreeBSD by 
changing the Baud Rate in ComBIOS or you can bring FreeBSD to the soekris by 
changing the baud rate in /boot/loader.conf. The best solution is to force them 
both to match so no matter which baud rate you choose I suggest you add the 
config to loader.conf

** CAVEATS **

At the end of the install process you need to make sure that the new system 
won't have a /boot/loader.conf file. You must create it again and specify the 
console and comconsole_speed settings that you choose to install with. 
Without those settings, your soekris will appear to hang on boot when the 
console switches to freebsd's default syscon device.

As a safety precaution do all of the following things as a part of the install.

* Enable the network on one of your soekris' interfaces. Choosing DHCP on the 
interface that you installed over works great here.

* Create a user and put him/her in group 'wheel' as part of the install. 

* Enable ssh on the soekris as a part of the install. 

If you miss a step or make a mistake with the /boot/loader.conf file you won't 
have a console to boot into and fix the problem. Creating a user and enabling 
networking and ssh will allow you boot into the machine via ssh. Putting the 
user into group 'wheel' allows you to use su and fix issues. It's a BSDism that 
only users in group 'wheel' can use su and FreeBSD doesn't allow root to log in 
via ssh even if the only user on the system is root. (OpenBSD detects root only 
systems and does the right thing).

Hope this helps,

-- Chris
___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] help in booting FreeBSD 9

[Christopher Hilton]

On Aug 8, 2013, at 3:16 AM, Igalson Jacek - Korpo TP jacek.igal...@orange.com 
wrote:

 
 Hi Chris,
 
 Thank you for your suggestions concerning comconsole and speed.
 I set baudrate 9600 consitently in Soekris and server according to 
 loppefaaret advice on this mailinglist.
 I also set boot_serial=-h according to hint by Jed Clear.
 

That's a valid solution to the problem. No matter what you do the baud rate 
switch is part of your problem.


 The last status of my booting is: 
 
 boot f0
 
 

[snip]

 My concern is about the message: Consoles: video/keyboard. Is it OK?
 
 


No, that is an indication from the FreeBSD kernel that it is using the syscons 
driver for keyboard and video. Your hardware doesn't have the required hardware 
to support this change. All new console messages will be directed to hardware 
that you don't have. This will appear as a hang to you.

Once you get things running you will have a file called:

 /boot/loader.conf

which configures the kernel. This file will have a line in it that reads:

 console=comconsole

in addition to other configuration options. You need to figure out how to prime 
that in a pxeboot managed system.

-- Chris

___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech

Re: [Soekris] help in booting FreeBSD 9

[Christopher Hilton]

On Aug 5, 2013, at 5:14 AM, Igalson Jacek - Korpo TP jacek.igal...@orange.com 
wrote:

 
 Hello,
 
 I am new to the Soekris. I try to install FreeBSD on Soekris 4801-48 
 with CF memory (8GB). I followed excellent guide for PXE booting 
 FreeBSD 9.x:
 http://freebsd.so14k.com/freebsd9_pxe.shtml
 
 To communicate with Soekris I use terminal Minicom (19200baud and  8N1) 
 on PC with FreeBSD 9.0.  
 
 I got the following output on terminal:
 
 boot f0
 

Looks like you are getting caught out by a couple of issues with booting 
FreeBSD on a soekris. 

 1. The FreeBSD pxeboot infrastructure assumes you are booting onto a 
machine with a VGA card and keyboard. Once the kernel loads it transfers over 
to the syscons driver and you can't see the output anymore

 2. The Soekris serial port defaults to 19200, 8n1 and the FreeBSD serial 
console assumes 9600, 8n1.


In some of your instructions you'll find a section that has you writing 
modifying the file '/boot/loader.conf' to have the line:

 console=comconsole

in it.  That specifies that the kernel should use the serial port as a console. 
With just that you should expect to see the kernel boot and then the output 
will turn to hash because the serial speed is wrong. At this point you could 
drop out of minicom and restart it with a speed of 9600 baud. Alternatively you 
can add the line:

 comconsole_speed=19200

That will keep the console speed at the default for the soekris. There are lots 
of instructions for pxebooting a soekris into FreeBSD 7, 8, and 9 on the net 
and there are differences in all of them because the different versions of 
FreeBSD have had various hangups.

-- Chris

___
Soekris-tech mailing list
Soekris-tech@lists.soekris.com
http://lists.soekris.com/mailman/listinfo/soekris-tech