Re: how to "aggregate" a single TCP connection, is posible?

> On Fri, 23 Aug 2013 18:39:29 -0500, Abel Abraham Camarillo Ojeda > wrote: >> Not yet, will test. >> >> On Thu, Aug 22, 2013 at 7:05 AM, Stuart Henderson >> wrote: >>> On 2013-08-22, Abel Abraham Camarillo Ojeda wrote: Is there a way to duplicate the throughput of a single TCP connect

Re: OpenOSPFd and CARP Masters

On 2013-10-01, Andy wrote: > Is there a way of ensuring that the CARP master is the one which is > FULL/DR, and the CARP backup is FULL/BDR? No, but does it matter anyway? I don't believe it affects route selection, and you wouldn't usually want more network instability from having a DR election

Re: key precedence in ssh

On Tue, 1 Oct 2013, Christian Weisgerber wrote: > Lars Noodén wrote: > > > Is there a way in ssh(1) to get the identity specified by -i to take > > precedence over what is already in the agent? > > IdentitiesOnly, see ssh_config(5). > > -- > Christian "naddy" Weisgerber

[OT] OpenBSD "Network Specialist" wanted in Kilgore, Texas

I know this is off topic, but I'm looking to help fill my old position after moving away from East Texas. The company is located in Kilgore, Texas and runs a WAN based heavily on OpenBSD (over a hundred OpenBSD boxes in router/firewall/VPN roles) and Cisco/ Netgear Prosafe switches. They are l

Re: OpenOSPFd and CARP Masters

I'm not sure because at that point I gave up on CARP completely and just let OSPF failover to the secondary firewall if the first stops working. -brian On Oct 1, 2013, at 10:01, Andy wrote: > On 01/10/13 14:32, Brian Hechinger wrote: >> On Tue, Oct 01, 2013 at 09:19:20AM +0100, Andy wrote: >>>

Re: key precedence in ssh

Lars Noodén wrote: > Is there a way in ssh(1) to get the identity specified by -i to take > precedence over what is already in the agent? IdentitiesOnly, see ssh_config(5). -- Christian "naddy" Weisgerber na...@mips.inka.de

Re: [OT] quotes speedup sed

Le 01/10/2013 16:56, Alexander Hall a écrit : > Without the quotes you get it all on a single line. A 45k line can be tough > on a regex. > Thank you very much Alexander :) Denis

Re: OpenOSPFd and CARP Masters

I have setup where central cisco connects downstream to branch office cisco routers and upstream to the Internet via pair of CARPed firewalls. Cisco routers speak OSPF between themselves, and I keep them all in area 0 (I don't see any reason to complicate it with more areas). Central cisco router

Re: [OT] quotes speedup sed

Without the quotes you get it all on a single line. A 45k line can be tough on a regex. /Alexander j...@wxcvbn.org wrote: >Denis Fondras writes: > >> Hello all, > >Hi, > >> This afternoon I stumbled upon a weirdness I can't explain. I hope >some >> misc-guru can give a clue. >> >> I was parsing

key precedence in ssh

Is there a way in ssh(1) to get the identity specified by -i to take precedence over what is already in the agent? When six keys are added into ssh-agent(1), authentication is not possible with a seventh, or later, key even if that final key is pointed to by ssh(1) explicitly using -i. $ ssh

Re: OpenOSPFd and CARP Masters

For 5.4, plus54.html states: "Reinstate ospfd(8)code to announce routes to backup carp interfaces, so that a specific route is maintained during failover." ..which I think means it actually will an

Re: OpenOSPFd and CARP Masters

On Tue 01 Oct 2013 15:01:32 BST, Andy wrote: On 01/10/13 14:32, Brian Hechinger wrote: On Tue, Oct 01, 2013 at 09:19:20AM +0100, Andy wrote: Also is there no way to have the CARP IP be the IP which is advertised as the neighbor ensuring that traffic is always sent to the CARP IP instead (I woul

Re: OpenOSPFd and CARP Masters

On 01/10/13 14:32, Brian Hechinger wrote: On Tue, Oct 01, 2013 at 09:19:20AM +0100, Andy wrote: Also is there no way to have the CARP IP be the IP which is advertised as the neighbor ensuring that traffic is always sent to the CARP IP instead (I would MUCH prefer this!). I spent an enormous amo

Re: how routing multicast traffic?

Koenig, Thomas wrote: > Hello, > > I try to route some multicast traffic between two networks, but it does > not work. > > em0: inet 10.100.1.1 netmask 0x broadcast 10.100.255.255 > em1: inet 192.168.251.251 netmask 0xff00 broadcast 192.168.251.255 > > Multicast address: 239.192.1.1

[sot] going long long on time_t

went through theo's presentation slides at eurobsdcon (via undeadly) looks like 5.5 is the one that i've been saving money for all along thanks theo and gang. :)

Broken IPSec tunnels with latest snapshot

Hello list@, I'v recently snapshoted several amd64-machines from: OpenBSD 5.3 (GENERIC.MP) #55: Fri Mar 1 09:13:04 MST 2013 dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP to: Sep 30 on ftp.eu.openbsd.org OpenBSD 5.4-current (GENERIC.MP) #58: Sat Sep 14 13:27:19 MDT

Re: OpenOSPFd and CARP Masters

PS; Is there any support like BFD (Bidirectional Forward Detection) in > OpenBSD to improve the link failure detection time for OSPF and or BGP > seeing as the routers and OpenBSD boxes are connected via Layer 2 > switches links (three types of up-links to the Cisco cores are being > used; VPL

Re: [OT] quotes speedup sed

Hi Jérémie, > Without the quotes the shell performs splitting, maybe ksh(1) is a bit > slow at this... I'd rather download the page to a temp file rather than > put that stuff into memory. > Ok, thank you. This is actually faster when I use a tempfile. (sed is even faster than gsed in that case

Re: [OT] quotes speedup sed

Denis Fondras writes: > Hello all, Hi, > This afternoon I stumbled upon a weirdness I can't explain. I hope some > misc-guru can give a clue. > > I was parsing a 45kB html document on my OpenBSD 5.3 with the help of > sed to extract a value and it was awfully slow. Quoting the input string > ga

how routing multicast traffic?

Hello, I try to route some multicast traffic between two networks, but it does not work. em0: inet 10.100.1.1 netmask 0x broadcast 10.100.255.255 em1: inet 192.168.251.251 netmask 0xff00 broadcast 192.168.251.255 Multicast address: 239.192.1.1 Port 12345 Sender in em1, client in em0

Re: (5.3) load problem on em(4) MSI / interrupt ?

On 2013-10-01, Patrick Lamaiziere wrote: > Hello, > > With OpenBSD 5.3, our firewall does not handle our network load well. > We loose around 5% of packets and netstat shows a lot of Ierr. > > That worked much better with 5.1. There was a change to not enable MSI > on 82572 chipset on our Intel ca

(5.3) load problem on em(4) MSI / interrupt ?

Hello, With OpenBSD 5.3, our firewall does not handle our network load well. We loose around 5% of packets and netstat shows a lot of Ierr. That worked much better with 5.1. There was a change to not enable MSI on 82572 chipset on our Intel card ( "Intel PRO/1000 QP (82571EB)" rev 0x06) in 5.2 :

Re: OpenOSPFd and CARP Masters

PS; Is there any support like BFD (Bidirectional Forward Detection) in OpenBSD to improve the link failure detection time for OSPF and or BGP seeing as the routers and OpenBSD boxes are connected via Layer 2 switches links (three types of up-links to the Cisco cores are being used; VPLS, MPLS,

OpenOSPFd and CARP Masters

Hello, I have started deploying OSPF in our test environment before deploying it out to the production network. We have two Cisco ASR 1002 IOS XE routers in the middle of our Area 0 which have the Transit connections to the rest of the world etc. And we have OpenBSD firewalls (CARP pairs et

iked: ikev2 eats CPU after ikectl reload

Hi! For me, on two different 5.3-stable machines a simple ikectl reload triggers a loop in the 'iked: ikev2' process. Aborting 'iked: ikev2' a few times, it usually gets the signal in event_queue_remove() in event_del(). To reproduce, basically I just start iked (no matter with that parameters),