Re: Re : Re: netgraph and vpp

y performant these days https://issue.freebsdfoundation.org/publication/?i=660151 Benoit > Le sam. 25 nov. 2023 à 00:33, Jim Thompson nov. 2023 à 00:33, Jim Thompson <> a écrit : > > > > On Nov 24, 2023 at 12:48:07 AM, Benoit Chesneau < > beno...@enki-multimedia.eu&g

Re: how to cross-connect 2 interfaces

ng_hub(4)On Nov 25, 2023, at 8:34 AM, Benoit Chesneau wrote: Is there a way to cross-connect 2 interfaces without using a bridge . Something similar to the command ˋl2 xconnect` in vpp (or cisco) :https://docs.fd.io/vpp/16.12/vnet_vnet_l2.htmlThis could be quite handy to create a patch between di

Re: netgraph and vpp

On Nov 24, 2023 at 12:48:07 AM, Benoit Chesneau wrote: > netgraph and vpp looks similar in their intent. Both are graphs to > process packets. > > I thought that usinv netgraph sounds interresting to build a modern > router or cpe. What about the perforance? Did anyone compRe? Also is there > an

Re: Any reason to not implement VRRP in FreeBSD?

FreeBSD has always been free to have a VRRP implementation. The smoke and mirrors FUD managed to prevent same to this point, but it was always FUD. Jim > On Jan 26, 2023, at 10:08 AM, Nicolas MASSE > wrote: > > Hi all, > > Currently, i'm investigating solutions in order to ensure some >

Re: Splitting antenna

(When did FreeBSD-net become about antenna theory?) The answer (of course) is, “it depends”. Mostly on “what bands” though your antenna and cables will have some effect as well. Some WiFi cards these days employ a form of beamforming or even MIMO. Older cards could use selection diversity t

Re: Vector Packet Processing (VPP) portability on FreeBSD

> On May 13, 2021, at 7:02 AM, Francois ten Krooden wrote: > >  >> >> >> Thank you. I did set this to 1 specifically now and it still works. So >> then it >> should be running in native mode. >> >> I will dig a bit into the function that processes the incoming packets. >> The code I curr

Re: Vector Packet Processing (VPP) portability on FreeBSD

> On May 11, 2021, at 7:04 AM, Mark Johnston wrote: > > On Tue, May 11, 2021 at 12:43:10PM +, Francois ten Krooden wrote: >> On Monday, 10 May 2021 16:10 Konstantin Belousov wrote: >> >> >>> On Mon, May 10, 2021 at 11:08:18AM +, Francois ten Krooden wrote: 3. What are suitable a

Re: Status of Vector Packet Processing (VPP) portability into FreeBSD

> El mié., 26 sept. 2018 a las 18:51, David Cornejo () > escribió:. >> >> >> I'm not sure how willing the upstream is to support FreeBSD is either, >> so, as George said, a port will be tedious to create, but also onerous >> to maintain. Not saying we shouldn't, but hoping some masochists come >

Re: Is if_ipsec/ipsec - AESNI accelerated ?

You're not running AES-GCM, you're running AES-CBC + HMAC-SHA256 >E: rijndael-cbc 221239cf e0ddedc5 88f1f711 5e744723 >A: hmac-sha2-256 bf214e0e 73b27e42 1090a067 eaed9e2a d36d3ae7 529a40a1 bf5ea2c9 0e3f5f27 Try running AES-GCM. Example (from the work that gnn@ and I did back

Re: removal of token-ring infrastructure coming soon

> On Mar 27, 2018, at 5:56 PM, Rodney W. Grimes > wrote: > >> I have posted a revision which removes support for token-ring networking >> from the tree. There have been no such devices for some time. >> >> https://reviews.freebsd.org/D14875 >> > > Arcnet coming soon? > and probably FDDI?

Re: Multiple instances of hostapd?

https://lists.freebsd.org/pipermail/freebsd-wireless/2015-January/005345.html > On Jan 1, 2018, at 11:33 PM, Victor Sudakov wrote: > > Dear Colleagues, > > I would like to run multiple instances of hostapd, each per a wlanX > interface. I see some provisions for multiple instances inside the >

Re: Netmap: Build a network SPAN/TAP from netmap

> On Dec 14, 2017, at 12:00 PM, Ming Fu wrote: > > Hi, > > I am trying to explore the possibility to build a network SPAN/TAP from > netmap. Similar to the bridge sample, but all packet going through the bridge > also get copied to a SPAN port. How do I duplicate or clone an incoming > pack

Re: OpenVPN vs IPSec

there is some huge advantage of IPSec I've >>> skipped? >>> >> Hi, >> >> partners/customers with Cisco IOS or ASA wont be able to partner up >> without IPSEC. > > Sure, that's why I wrote "and others compatible with OpenVPN > like pfS

Re: OpenVPN vs IPSec

Performance is better with IPsec. It’s a standard, too. > On Nov 18, 2017, at 10:58 AM, Victor Sudakov wrote: > > Dear Colleagues, > > Is there any reason to prefer IPSec over OpenVPN for building VPNs > between FreeBSD hosts and routers (and others compatible with OpenVPN > like pfSense, Ope

Re: state of packet forwarding in FreeBSD?

> On Jun 14, 2017, at 9:48 AM, John Jasen wrote: > > Our goal was to test whether or not FreeBSD currently is viable, as the > operating system platform for high speed routers and firewalls, in the > 40 to 100 GbE range. We recently showed IPsec running at 36.32Gbps (8 streams, 32.68Gbps single

Re: [RFC/RFT] projects/ipsec

> In it's initial state if_ipsec allows to use only one set of encryption > parameters (because only one sainfo anonyumous is possible), so at this time > it doesn't allow to create multiple tunnels with VPN hubs that use different > cipers and/or transform sets, but as far as I understand this

Re: netmap, netmap-fwd, and how many M packets-per-second?

(I'm not subscribed to -hpc or -performance, so I've trimmed the recipients.) You're running iperf3 on an Ivy Bridge Xeon at 2.4GHz. -N (--no-delay) only applies to TCP, it disables Nagle's algorithm, so it doesn't apply for "-u" (--udp). In any case, iperf3 still attempts to use large enough fr

Re: projects/routing announcement/status

> On Aug 27, 2016, at 11:50 AM, Hooman Fazaeli wrote: > > Second have you considered replacing the existing radix tree with a faster > data structure, specially the Luigi DXR > tables? DXR only supports IPv4. FYI. ___ freebsd-net@freebsd.org mailing

Re: Netmap Checksum Offloading

We've focused on just the IP header checksum, but it's possible to add L4 checksum offload as well. I asked Luigi why he hadn't included checksum offload (with a library in software for devices that don't offer a hw offload), and his answer was that when he wrote netmap, he wanted a fast path to t

Re: Netmap Checksum Offloading

Luiz Otavio O Souza (loos@) developed these for igb(4) and, by extension, em(4) for use in netmap-fwd. He’s just gone back to Brazil with 82599 ixgb(4) hardware. I’m sure he’ll develop similar patches for ixgb(4) in the near future. Chelsio is also “on the list”, but I figured I’d speak to np

Re: [Bug 208389] Netmap Panic

Works fine on recent -CURRENT (r297237M), (Thinkpad x230, em0). > On Apr 1, 2016, at 2:41 PM, bugzilla-nore...@freebsd.org wrote: > > https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=208389 > > --- Comment #4 from Shawn Webb --- > On one box, it's em0, on another, it's ue0. Same backtrace. >

Re: Taking bhyve step forward enterprise grade

VALE is in 10.3, the netmap backend: IDK. It's in pfSense 2.3 (based on 10.3). -- Jim > On Mar 22, 2016, at 8:44 AM, Sami Halabi wrote: > > is it builtin already in 10.3? or in current only? > > בתאריך 19 במרץ 2016 18:55,‏ "Jim Thompson" כתב: >> >

Re: Taking bhyve step forward enterprise grade

> On Mar 19, 2016, at 10:55 AM, John Nielsen wrote: > >> On Mar 19, 2016, at 8:12 AM, Sami Halabi wrote: >> >> hi, >> are there ongoing job on taking bhyve further steps toward enterprise scale >> like: >> 1. high availability, rules on vms (like affinity rules in vmware: eg an >> app vm and s

Re: nice stuff from cloudflare (and, we need something like ethtool!)

> On Oct 16, 2015, at 12:06 AM, Ian Smith wrote: > >> On Thu, 15 Oct 2015 17:03:55 +0800, Julian Elischer wrote: >>> On 10/10/15 10:59 PM, Luigi Rizzo wrote: >>> the nice folks at cloudflare implemented a nice feature >>> in netmap that puts some queues of the NIC in netmap mode >>> leaving ot

Re: netmap: recommended NIC for 40GbE capture on Linux?

> Before we spend money, I'd love to hear someone report success with capturing > a single flow at >4Mpps, >20Gbps using netmap on Linux and > what NIC they use. You said linux, and this is freebsd-net, but this blog post (from yesterday) is probably apt. https://blog.cloudflare.com/single-rx-q

Re: Freebsd 10.2 amd64 netmap ipfw

> On Oct 9, 2015, at 7:14 AM, Archy Cho wrote: > > I think I must misunderstand something , could anyone send me advise? > Or any documents could help to build a NETMAP IPFW firewall box ? See the last several paragraphs of: https://github.com/luigirizzo/netmap-ipfw/blob/next/README Note tha

Re: remove IPsec SKIPJACK support...

> On Jul 27, 2015, at 10:41 PM, John-Mark Gurney wrote: > > Jim Thompson wrote this message on Mon, Jul 27, 2015 at 20:24 -0500: >>> On Jul 27, 2015, at 7:57 PM, John-Mark Gurney wrote: >>> >>> I would like to remove it from HEAD immediately as I don'

Re: remove IPsec SKIPJACK support...

> On Jul 27, 2015, at 7:57 PM, John-Mark Gurney wrote: > > I would like to remove it from HEAD immediately as I don't see a use > for it. Some time ago I proposed removing Skipjack from the OCF in 12, but > personally, now that I think about how long 12 is, we deprecate these sooner > rather

Re: Realtek Issues (re) on PC Engines APU1 Board...

Do we even know that Karl’s APU(s) aren’t running the current version of firmware (which was released last September)? jim > On Jun 12, 2015, at 11:53 AM, Adrian Chadd wrote: > > Hi, > > If this works for people then we should document this somewhere and > include the firmware/tool. > > Doe

Re: IPsec on a LAN?

What you’re looking for is “transport mode” IPsec. Dan Langille wrote this 14 years ago, it may still be accurate. http://www.freebsddiary.org/ipsec.php This is a bit more recent (14 months ago), and should be easy to adapt to two FreeBSD hosts: http://www

Re: netmap-ipfw on em0 em1

> On May 4, 2015, at 10:07 PM, Julian Elischer wrote: > > Jim, and Barney. I hate to sound like a broken record, but we really need > interested people in the network stack. > The people who make the decisions about this are the people who stand up and > say "I have a few hours I can spend on

Re: netmap-ipfw on em0 em1

of what "can" > happen, and 2) because they test under unrealistic conditions that don't > represent real world events, and 3) they don't have properly tuned ethernet > drivers. > > BC > > > > On Monday, May 4, 2015 12:37 PM, Jim Thompson wrote: >

Re: netmap-ipfw on em0 em1

While it is a true statement that, "You can do anything in the kernel that you can do in user space.”, it is not a helpful statement. Yes, the kernel is just a program. In a similar way, “You can just pop it into any kernel and it works.” is also not helpful. It works, but it doesn’t work wel

Re: [oss-security] CVE Request : IPv6 Hop limit lowering via RA messages

have you considered that there might not be a relevant patch because FreeBSD’s implementation isn’t affected? Jim > On Apr 2, 2015, at 9:15 PM, Eitan Adler wrote: > > + FreeBSD lists since I haven't seen any relevant patches (although I > might have missed them). > > -- Forwarded mess

Re: Invalid subnet masks

> On Feb 11, 2015, at 4:51 AM, Julian Elischer wrote: > >> On 2/11/15 5:55 PM, Matt Churchyard wrote: >> >> I appreciate that it might be 'valid' as a binary mask, but I'm struggling >> to find any documentation anywhere that actually suggests that it's valid as >> a network configuration.

Re: Silly experiments with netisr

> On Feb 5, 2015, at 2:23 PM, hiren panchasara > wrote: > > On 02/05/15 at 12:31P, Scott Long via freebsd-net wrote: >> >> >> Welcome to our workload. Granted, we don?t involve pf, but the majority of >> our CPU processing right now is spent in TCP (with the rest being spent in >> the VM,

Re: Silly experiments with netisr

> On Feb 5, 2015, at 1:13 PM, Adrian Chadd wrote: > > On 5 February 2015 at 11:03, Sean Bruno > wrote: >> >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA512 >> >> Some questions came up around the office and we ended up doing some >> quite silly things with l

Re: is polling still a thing?

> On Jan 27, 2015, at 4:08 PM, Antoine Beaupré wrote: > > On 2015-01-27 13:57:20, wishmaster wrote: >> Have you consider to use netmap-based ipfw instead pf in DDoS mitigation? I >> think you should. And without any network ''haks'' like polling. > > My understanding of netmap was that it wasn

Re: is polling still a thing?

> On Jan 27, 2015, at 2:28 PM, Olivier Cochard-Labbé wrote: > > On Tue, Jan 27, 2015 at 9:15 PM, Michael Sierchio > wrote: > > > On small, embedded computers running ipfw w/kernel nat and device polling > enabled (on em ether adapters), I observed the *reported* sy

Re: is polling still a thing?

> On Jan 27, 2015, at 11:28 AM, Antoine Beaupré wrote: > > (Please CC, as i am not on the list.) > > I was surprised to read this article in the pfSense blog: > > https://blog.pfsense.org/?p=115 That article is from June 2007. It’s over seven years old. T

Re: netmap in GENERIC, by default, on HEAD

> On Nov 5, 2014, at 9:47 AM, Andrey V. Elsukov wrote: > > Sorry, I showed wrong numbers here. IPSEC kernel in this test gives 2.4 > Mpps, but with encryption only 180 kpps. This is more in-line with what I'd expect, assuming AES-CBC-HMAC. Improving the situation wrt encryption overhead seem

Re: How do I balance bandwidth over several virtual NICs?

> On Sep 22, 2014, at 5:15 PM, Adrian Chadd wrote: > > On 22 September 2014 13:39, Elof Ofel wrote: >> Hi Adrian! >> >> Now this sounds promising! All my sensors use the ixgbe driver. >> However, my skills in programming/compiling isn't vast. I know how to patch >> and use poudriere. That's ab

Re: IP fast forwarding and setkey

> On Sep 21, 2014, at 10:41, Olivier Cochard-Labbé wrote: > >> On Sun, Sep 21, 2014 at 12:08 PM, Paul S. wrote: >> >> Hi folks, >> >> I plan to make an edge router out of a freebsd system with OpenBGPD + >> FreeBSD 10, or such. >> >> I've been reading up, and noticed that the net.inet.ip.fa

Re: [netmap/vale-ctl] when could process packet

Jaye, I’d really like to see this work happen. Let me know if I can help. Jim > On Sep 17, 2014, at 9:39 PM, upyzl wrote: > > Hi, > > I think it's right place to talk about FreeBSD 10 - netmap question > (location at FreeBSD 10: /usr/src/tools/tools/netmap ; with kernel device > netmap on) >

Re: jme interface bounces up and down, up and down....

> On Sep 16, 2014, at 6:53 PM, Brett Glass wrote: > > At 05:27 PM 9/16/2014, Chris Hill wrote: > >> On Tue, 16 Sep 2014, Brett Glass wrote: >> >>> So, what is the best solution? I cannot throw out the machine, and >>> because I am using a VLAN switch to multiplex the port to three LANs >>> I d

RE: Does anybody have set of scripts to support two uplink connections (with two ISPs) without AS and BGP?

pfSense has a bunch of PHP scripts that do this. :-) -Original Message- From: owner-freebsd-...@freebsd.org [mailto:owner-freebsd-...@freebsd.org] On Behalf Of Lev Serebryakov Sent: Sunday, August 24, 2014 12:38 PM To: freebsd-net@freebsd.org Subject: Does anybody have set of scripts to s

Re: Intel Support for FreeBSD

Barney, I think everyone on-list understand you’re upset. You’ve made that clear. However, (and I’ll put my vendor hat on), the project does not exist solely for the benefit of the companies who choose to use it in their product(s). Given same, your statement that “the commercial use of FreeB

Re: Intel Support for FreeBSD

> On Aug 13, 2014, at 8:24, Barney Cordoba via freebsd-net > wrote: > > Negative Progress is inevitable. Many here undoubtedly consider the referenced effort to be the opposite. Jim ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.or

Re: UDP sendto() returning ENOBUFS - "No buffer space available"

> On Jul 18, 2014, at 23:34, Adrian Chadd wrote: > > It upsets the ALTQ people too. I'm an ALTQ person (pfSense, so maybe one if the biggest) and I'm not upset. That cr*p needs to die in a fire. ___ freebsd-net@freebsd.org mailing list http://lists.

Re: ixgbe and igb - how many queues?

But only 8 per VF. -- Jim > On Jul 15, 2014, at 19:04, Ryan Stone wrote: > > The oldest hardware supported by the ixgbe driver is the 82598, which > supports up to 16 RSS queues (see Table 3-48 in the 82598 datasheet). > I believe that the 82599 and X520 are more capable. > > I have no idea w

Re: it's the output, not ack coalescing (Re: TSO and FreeBSD vs Linux)

On Aug 18, 2013, at 4:16 PM, Luigi Rizzo wrote: > The mistake, i think, > is to expect that there is one magic solution to handle all the useful > cases. AKA: not all the world is Yahoo. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.

Re: it's the output, not ack coalescing (Re: TSO and FreeBSD vs Linux)

On Aug 18, 2013, at 8:48 AM, Barney Cordoba wrote: > I could fill a tx queue with 10gb of traffic with yesteryear's cpus. It's > not an achievement. Being able to bridge > real traffic at 10gb/s with 2 cores is Or forward at layer 3. Or filter packets. Or IPSEC. Or... _

Re: netmap on wireless NIC

On Jun 5, 2013, at 7:50 AM, Ivan Voras wrote: > On 04/06/2013 23:06, Chao Xu wrote: >> Hello, >> >> Is it possible to hacking some wireless NIC driver (carl9170 for example) >> to enable netmap on it? I guess this is possible because wireless drivers >> also manage packets using ring buffers.

Re: pf performance?

On Apr 27, 2013, at 12:53 AM, Gleb Smirnoff wrote: > Unfortunately, as you see, most people avoid running head, waiting at least > for 10.0-RELEASE, or even for pfSense catching up on FreeBSD 10. So probably > this change won't be tested soon, and thus won't happen soon, Gleb, As a minor p

Re: ipfilter(4) needs maintainer

On Apr 14, 2013, at 5:25 PM, Mark Martinec wrote: > ... and as far as I can tell none of them is currently usable > on an IPv6-only FreeBSD (like protecting a host with sshguard), > none of them supports stateful NAT64, nor IPv6 prefix translation :( pfSense 2.1 has a lot of work to make this h

Re: Data Center Bridging?

On Jan 22, 2013, at 10:32 AM, Julian Elischer wrote: > On 1/22/13 8:43 AM, Eggert, Lars wrote: >> Hi, >> >> on Linux, various NICs (e.g., ixgbe) support Data Center Bridging. Is this >> also available under FreeBSD? Do *any* NICs support DCB under FreeBSD? >> >> Thanks, >> Lars >> ___

Re: FreeBSD boxes as a 'router'...

On Nov 20, 2012, at 3:52 PM, Barney Cordoba wrote: > Anyone who even mentions polling should be discounted altogether. Polling > had value when you couldn't control the interrupt delays; but interrupt > moderation allows you to pace the interrupts any way you like without > the inefficiencies of