[Vyatta-users] Path MTU discovery support
I'm curious what are you testing specifically, tcp traffic, icmp etc...? And what's not working ? ( details ) To confirm your path MTU using the -M options ( look at do ) and toggle the bit to 1 for DF from the linux host. Then ping the end site to determine the minimal MTU size between Windows and Linux and raise the packet size till you get no echo reply or a message; From 1.2.2.6 icmp_seq=1 Frag needed and DF set (mtu = 1500) ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Path MTU discovery support
Hi there, Thank you for your email. I am currently away on reservist and will only be back on the 3rd March 2008. My access to email during this period will be limited. If there is any urgent matter that require attention, please contact Choon Kiat ([EMAIL PROTECTED]) during this period and cc me in the email. Warmest regards, Daren Tay Senior MIS Hardware Zone Pte Ltd ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] Glendale Alpha 1 ERROR!!!
In the course of my normal, hack first, read documentation later, mode of operation, I managed to hang the netopia DSL router. Having done this before I know that the outside access is still good, just the inside network interface is scrod. So I reconfigured vyatta (A1) to route traffic to the Netopia via the outside link set protocols static route 192.1.1.1/32 next-hope 12.1.1.1 Where 192.1.1.1 is the inside IP of the DSL router (fully routable class C address) and 12.1.1.1 is the next hop out the cable modem. Everything seems to work fine. Traceroute works correctly. I'm happy. Then I try the required magic telnet 192.1.1.1. Command not found. What do you mean command not found!!! What operating system does not include telnet? Either the name changed or a tool is missing. Please make sure that telnet is included in future releases. (The hack I had to put into place required me to set up a NAT rule so that I could telnet from one of the inside machines) Best, -Chris (tongue in cheek) ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Glendale Alpha 1 ERROR!!!
I'm pretty sure the vyatta cli in alpha 2 has telnet mapped, but even in alpha 1 you can still get to telnet via linux (by using full path) even if the vyatta cli hasn't been mapped for it. Try: /bin/busybox telnet 192.1.1.1 stig _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Johnson Sent: Thursday, February 28, 2008 8:22 AM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] Glendale Alpha 1 ERROR!!! In the course of my normal, hack first, read documentation later, mode of operation, I managed to hang the netopia DSL router. Having done this before I know that the outside access is still good, just the inside network interface is scrod. So I reconfigured vyatta (A1) to route traffic to the Netopia via the outside link set protocols static route 192.1.1.1/32 next-hope 12.1.1.1 Where 192.1.1.1 is the inside IP of the DSL router (fully routable class C address) and 12.1.1.1 is the next hop out the cable modem. Everything seems to work fine. Traceroute works correctly. I'm happy. Then I try the required magic telnet 192.1.1.1. Command not found. What do you mean command not found!!! What operating system does not include telnet? Either the name changed or a tool is missing. Please make sure that telnet is included in future releases. (The hack I had to put into place required me to set up a NAT rule so that I could telnet from one of the inside machines) Best, -Chris (tongue in cheek) ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Glendale Alpha 1 ERROR!!!
You are absolutely correct. Therefore the bug is: telnet is not properly mapped. *GRIN* Thanks for your help Stig. Best, -Chris On Thu, Feb 28, 2008 at 11:30 AM, Stig Thormodsrud [EMAIL PROTECTED] wrote: I'm pretty sure the vyatta cli in alpha 2 has telnet mapped, but even in alpha 1 you can still get to telnet via linux (by using full path) even if the vyatta cli hasn't been mapped for it. Try: /bin/busybox telnet 192.1.1.1 stig -- *From:* [EMAIL PROTECTED] [mailto: [EMAIL PROTECTED] *On Behalf Of *Christopher Johnson *Sent:* Thursday, February 28, 2008 8:22 AM *To:* vyatta-users@mailman.vyatta.com *Subject:* [Vyatta-users] Glendale Alpha 1 ERROR!!! In the course of my normal, hack first, read documentation later, mode of operation, I managed to hang the netopia DSL router. Having done this before I know that the outside access is still good, just the inside network interface is scrod. So I reconfigured vyatta (A1) to route traffic to the Netopia via the outside link set protocols static route 192.1.1.1/32 next-hope 12.1.1.1 Where 192.1.1.1 is the inside IP of the DSL router (fully routable class C address) and 12.1.1.1 is the next hop out the cable modem. Everything seems to work fine. Traceroute works correctly. I'm happy. Then I try the required magic telnet 192.1.1.1. Command not found. What do you mean command not found!!! What operating system does not include telnet? Either the name changed or a tool is missing. Please make sure that telnet is included in future releases. (The hack I had to put into place required me to set up a NAT rule so that I could telnet from one of the inside machines) Best, -Chris (tongue in cheek) ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Glendale Alpha 1 ERROR!!!
Hi Chris, You're right it is a bug, but one that has been opened/fixed: https://bugzilla.vyatta.com/show_bug.cgi?id=2478 :-) BTW, I think the ssh client still hasn't been mapped to the cli, but probably is in the default admin path. stig _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Johnson Sent: Thursday, February 28, 2008 9:13 AM To: [EMAIL PROTECTED] Subject: Re: [Vyatta-users] Glendale Alpha 1 ERROR!!! You are absolutely correct. Therefore the bug is: telnet is not properly mapped. *GRIN* Thanks for your help Stig. Best, -Chris On Thu, Feb 28, 2008 at 11:30 AM, Stig Thormodsrud [EMAIL PROTECTED] wrote: I'm pretty sure the vyatta cli in alpha 2 has telnet mapped, but even in alpha 1 you can still get to telnet via linux (by using full path) even if the vyatta cli hasn't been mapped for it. Try: /bin/busybox telnet 192.1.1.1 stig _ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher Johnson Sent: Thursday, February 28, 2008 8:22 AM To: vyatta-users@mailman.vyatta.com Subject: [Vyatta-users] Glendale Alpha 1 ERROR!!! In the course of my normal, hack first, read documentation later, mode of operation, I managed to hang the netopia DSL router. Having done this before I know that the outside access is still good, just the inside network interface is scrod. So I reconfigured vyatta (A1) to route traffic to the Netopia via the outside link set protocols static route 192.1.1.1/32 next-hope 12.1.1.1 Where 192.1.1.1 is the inside IP of the DSL router (fully routable class C address) and 12.1.1.1 is the next hop out the cable modem. Everything seems to work fine. Traceroute works correctly. I'm happy. Then I try the required magic telnet 192.1.1.1. Command not found. What do you mean command not found!!! What operating system does not include telnet? Either the name changed or a tool is missing. Please make sure that telnet is included in future releases. (The hack I had to put into place required me to set up a NAT rule so that I could telnet from one of the inside machines) Best, -Chris (tongue in cheek) ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] ANN: Glendale Alpha 1 Released
PPPoE support... do you intend to support a PPPoE server with Glendale at some point? Francois, At present, it's not on the roadmap. The thought is that most of the time that PPPoE is being used, you'd have a BRAS of some sort on the provider-side, and currently, that's not a target market for Vyatta to go after. If you have a different use-case or if I'm missing something, please educate me and we'll definitely consider it. We're always looking for ways to make Vyatta better. Most all suggestions that people make are rational and interesting to us. It simply becomes a matter of priority for what we work on next. -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Glendale Alpha 1 ERROR!!!
File it for the bug bounty contest! ;-) You are absolutely correct. Therefore the bug is: telnet is not properly mapped. *GRIN* Thanks for your help Stig. Best, -Chris ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Glendale Alpha 1 ERROR!!!
However, make sure it's not already filed before you do - this was bug 2478 :-) https://bugzilla.vyatta.com/show_bug.cgi?id=2478 Justin On Thu, Feb 28, 2008 at 10:42 AM, Dave Roberts [EMAIL PROTECTED] wrote: File it for the bug bounty contest! ;-) You are absolutely correct. Therefore the bug is: telnet is not properly mapped. *GRIN* Thanks for your help Stig. Best, -Chris ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Glendale Alpha 1 ERROR!!!
However, make sure it's not already filed before you do - this was bug 2478 :-) https://bugzilla.vyatta.com/show_bug.cgi?id=2478 Justin Oooo, you're good. ;-) -- Dave ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
Re: [Vyatta-users] Path MTU discovery support
Hi Piyush, I'm curious what leads you to suspect Path MTU Discovery may not be working. Is it only that you don't see the Linux devices clearing the DF bit after the discovery process? That itself is not unusual, per RFC 1191: The PMTU discovery process ends when the host's estimate of the PMTU is low enough that its datagrams can be delivered without fragmentation... Normally, the host continues to set DF in all datagrams, so that if the route changes and the new PMTU is lower, it will be discovered. As I understand it, to support PMTUD a router only needs to send an ICMP Fragmentation required and DF set (type 3 / code 4) message containing the lower MTU if the next-hop MTU is lower than the size of the packet marked DF. If necessary, you should be able to verify this is happening with a packet capture on the Vyatta router. The most common cause I've seen for PMTUD failures is a router or firewall on the path indiscriminately filtering the necessary ICMP messages. There's a great article that helped me understand and learn to troubleshoot some PMTUD failures here: http://www.netcraftsmen.net/welcher/papers/pmtud.htm piyush sharma wrote: Thanks Steve. Saw this mail quite late. I had checked /proc/sys/net/ipv4/ip_no_pmtu_disc earlier, and the value is 0 in that but I am not sure if it works properly. I am using a commercial conformance test suite for IPv4 which have certain PMTU cases. Running it with a windows OS, I can see windows clearing the DF bit and sending a fragmented packet, but it doesn't seem to work with the Linux OSs. I tried Vyatta as well as Redhat FC4. Warm Regards, Piyush On Wed, Feb 13, 2008 at 11:44 PM, Steven Kath [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Piyush, If I'm not mistaken, the Vyatta system supports Path MTU discovery and has it enabled by default. You should be able to check the current setting with this command at the bash prompt: # cat /proc/sys/net/ipv4/ip_no_pmtu_disc 0 When the output is 0, Path MTU discovery should be functioning. To disable it, # echo 1 /proc/sys/net/ipv4/ip_no_pmtu_disc And to enable it if it's disabled, # echo 0 /proc/sys/net/ipv4/ip_no_pmtu_disc - Steve piyush sharma wrote: Hi, Does Vyatta support Path MTU discovery. If yes, is there any configuration required for it and how can we reset the related parameters to default? Thanks, Piyush ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] Problems with Glendale Alpha 2
Some problems when trying Alpha 2 1.- Error when trying install-system to install Alpha2 in a hard disk (I am using VMWare environment). Basically, the equipment ask me to perform a mount. When I say no the process finishes; when I say yes it tells me something like Mounting error and the process finishes. 2.- I am looking for PPPoE commands are I cannot find them. Any help?? Well I have seen the commands in the documentation but when I try to configure the interface set interfaces ethernet eth0 the next item that could be pppoe is not available. Where is my error?? Regards. Paco. ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users
[Vyatta-users] Problem sending prefixes to my upstream provider
Hi, I have problem sending prefixes to my upstream provider based on the docs on Originating route to eBGP neighbours. My prefixes is as follows 117.120.0.0/21 and here is my detail configuration: protocols { bgp { bgp-id: 203.192.163.146 local-as: 7595 import: export: BGP_EXPORT peer 203.192.163.145 { import: export: multihop: 1 peer-port: 179 local-port: 179 local-ip: 203.192.163.146 as: 10026 next-hop: 203.192.163.146 holdtime: 90 delay-open-time: 0 client: false confederation-member: false disable: false ipv4-unicast: true ipv4-multicast: false ipv6-unicast: false ipv6-multicast: false md5-key: } } static { disable: false route 117.120.0.0/21 { next-hop: 203.192.163.146 metric: 1 } } } policy { policy-statement BGP_EXPORT { term 1 { from { protocol: static network4: 117.120.0.0/21 } then { action: accept } } } } interfaces { restore: false loopback lo { description: } ethernet eth0 { disable: false discard: false description: hw-id: 00:30:48:83:08:ae duplex: auto speed: auto address 203.192.163.146 { prefix-length: 30 disable: false } } ethernet eth1 { disable: false discard: false description: hw-id: 00:30:48:83:08:af duplex: auto speed: auto address 117.120.0.5 { prefix-length: 21 disable: false } } } service { ssh { port: 22 protocol-version: v2 } webgui { http-port: 80 https-port: 443 } } firewall { log-martians: enable send-redirects: disable receive-redirects: disable ip-src-route: disable broadcast-ping: disable syn-cookies: enable } system { host-name: vyatta domain-name: name-server 202.79.210.197 time-zone: GMT ntp-server 69.59.150.135 login { user root { full-name: authentication { encrypted-password: $1$$Ht7gBYnxI1xCdO/JOnodh. } } user vyatta { full-name: authentication { encrypted-password: $1$$Ht7gBYnxI1xCdO/JOnodh. } } } package { auto-sync: 1 repository community { component: main url: http://archive.vyatta.com/vyatta; } } } Please advise how can i troubleshoot or send my prefixes to my upstream? Thanks! Yongsan ___ Vyatta-users mailing list Vyatta-users@mailman.vyatta.com http://mailman.vyatta.com/mailman/listinfo/vyatta-users