On Mon, 4 Mar 2019, 13:29 David Gwynne, wrote:
> On Mon, Mar 04, 2019 at 10:36:23AM +0100, Tony Sarendal wrote:
> > On Mon, 4 Mar 2019, 09:43 Tony Sarendal, wrote:
> >
> > >
> > >
> > > Den m??n 4 mars 2019 kl 09:26 skrev Tony Sarendal :
> > >
On Mon, 4 Mar 2019, 09:43 Tony Sarendal, wrote:
>
>
> Den mån 4 mars 2019 kl 09:26 skrev Tony Sarendal :
>
>> Den sön 3 mars 2019 kl 21:35 skrev Theo de Raadt :
>>
>>> Tony,
>>>
>>> Are you out of your mind? You didn't provide even a rou
Den mån 4 mars 2019 kl 09:26 skrev Tony Sarendal :
> Den sön 3 mars 2019 kl 21:35 skrev Theo de Raadt :
>
>> Tony,
>>
>> Are you out of your mind? You didn't provide even a rough hint about
>> what your firewall configuration looks like. You recognize that&#x
Den sön 3 mars 2019 kl 21:35 skrev Theo de Raadt :
> Tony,
>
> Are you out of your mind? You didn't provide even a rough hint about
> what your firewall configuration looks like. You recognize that's
> pathetic, right?
>
> > Earlier in the week I could run parallel ping-pong tests through my tes
Earlier in the week I could run parallel ping-pong tests through my test
firewalls
at 300kpps without any packet loss. I updated to the latest snapshot today
and
start to see packet loss at around 80kpps.
/T
OpenBSD 6.5-beta (GENERIC.MP) #764: Sun Mar 3 10:24:08 MST 2019
dera...@amd64.openbs
Good evening,
We inserted a 2x40G NIC into one of our old franken-pc's, and got this:
ixl0 at pci2 dev 0 function 0 "Intel XL710 QSFP+" rev 0x02: port 0, FW
5.0.40043 API 1.5, msi, address 0c:c4:7a:5e:f9:c8
ixl0: unable to query phy types
ixl1 at pci2 dev 0 function 1 "Intel XL710 QSFP+" rev 0x02
You will likely run out of CPU before bandwidth.
Even on nice hardware I have yet to exceed 1Mpps with OpenBSD.
/T
Den ons 19 dec. 2018 kl 03:12 skrev Max Clark :
> Tom,
>
> The presentation was very interesting and it's given me a lot of food for
> thought for another project. Fortunately for
Hola,
Unrelated to wifi, I have seen a dramatic drop in forwarding performance in
6.4 and later.
I run some basic performance tests to verify the releases before we deploy
them.
For the same test on the same hardware I have this:
Release, pps
snapshot, 340k
6.4, 340k
6.3, 450k
6.2, 430k
6.1, 420k
Or re-write next-hop to the carp address, so carp actually decides the
master firewall.
/T
Den tors 13 sep. 2018 kl 00:20 skrev Tim Jones <
b631093f-779b-4d67-9ffe-5f6d5b1d3...@protonmail.ch>:
>
> On Wednesday, 12 September 2018 20:49, Stuart Henderson <
> s...@spacehopper.org> wrote:
>
> > On
Configure the interfaces into separate rdomains.
/T
2017-10-25 21:17 GMT+02:00 Christopher Paul :
> Hi Misc,
>
> I have been tasked with setting up a benchmark platform to test NICs and
> network cables. I'd like to do this on one PC. So I want to send packets of
> different protocols out of one
Not looking so good.
tonsar@jump0.swe1$ ftp ftp.eu.openbsd.org
Trying 193.156.26.18...
Connected to ftp.eu.openbsd.org (193.156.26.18).
220 jj-prod-obsdmirror.inet6.se FTP server ready.
Name (ftp.eu.openbsd.org:tonsar): ftp
331 Guest login ok, send your email address as password.
Password:
230 Gue
Back in 2007 I tested with 4k VLAN interfaces, it wasn't fast, but it
worked.
/T
2017-04-03 5:46 GMT+02:00 Nick Holland :
> On 04/02/17 22:08, Edgar Pettijohn wrote:
> > Is there a maximum number of network interfaces that can be configured?
> > I looked around in /usr/include to see if I could
Hola,
I got a pair of mini-pc's to play with for the summer vacation, small
fanless
thingies with 4xGE and wifi.
http://www.qotom.net/goods-129-QOTOM-Q190G4+4+LAN+Mini+PC.html
When testing with the latest snapshot USB wont play.
Any ideas ?
Regards Tony
# dmesg
OpenBSD 6.0-beta (GENERIC.MP) #2
Hola amigos,
I'm doing some testing in the lab at the moment and just though I'd share.
pf0.swe69# pfctl -si | grep current
current entries 50239413
pf0.swe69# vmstat -m | tail -n 1
In use 22035659K, total allocated 5678936K; utilization 388.0%
pf0.swe69#
4 tcpbench sessions th
2016-03-08 15:38 GMT+01:00 Matt Schwartz :
> I did not even know it was broken?
>
> On Mar 8, 2016 1:26 AM, "Tony Sarendal" wrote:
> >
> > Is there any chance of getting "network inet connected" fixed to 5.9 ?
> >
> > Regards Tony
>
>
Is there any chance of getting "network inet connected" fixed to 5.9 ?
Regards Tony
2016-01-21 11:16 GMT+01:00 Stuart Henderson :
> On 2016-01-20, Tony Sarendal wrote:
> > network inet connected is broken in 5.6, 5.8 and -current.
> > Restarting bgpd is required when making interface changes.
>
> Ah, so it was fixed in 5.7 and broken again? Now the
network inet connected is broken in 5.6, 5.8 and -current.
Restarting bgpd is required when making interface changes.
/T
2016-01-20 20:36 GMT+01:00 Denis Fondras :
> Hello,
>
> I'm using -current as a BGP router and "sometimes" it won't put the right
> nexthop in FIB. The only thing I played wit
2015-12-17 10:29 GMT+01:00 Peter Hessler :
> 1) does "bgpctl reload" detect it?
>
> 2) does -current work as you expect?
>
>
>
1. bgpctl reload does not make any difference.
2. A quick test on my -current workstation (not the same hardware, no
trunk) also fails to work.
-current from the 14th.
/
"network inet connected" does not pick up new vlan interfaces, same problem
as 5.6.
bmr0.esp1# ifconfig vlan69 create
bmr0.esp1# ifconfig vlan69 vlandev trunk0 vlan 69 up
bmr0.esp1# ifconfig vlan69 1.1.1.1/30
bmr0.esp1# bgpctl show rib 1.1.1.1
flags: * = Valid, > = Selected, I = via IBGP, A = Anno
How is this going ?
/T
On Fri, Mar 20, 2015 at 8:57 PM, Martin Pieuchot wrote:
> If you've been following my contributions to OpenBSD's kernel, you
> already know that in the past years I've been working on the Network
> Stack [1] to make it more SMP friendly [2].
>
> All the network hackers p
>From 5.5 and up it looks like bgpd macros are broken.
ton...@obc2.rad$ cat bgpd.conf
good="{ 192.168.0.0/16, 172.16.0.0/12, 10.0.0.0/8 }"
AS 65001
deny from any prefix { $good }
ton...@obc2.rad$
On 5.4:
ton...@obc2.rad$ bgpd -f bgpd.conf
-n
configuration OK
ton...@obc2.rad$
On 5.5:
ton...@obc0.
On Fri, Sep 19, 2014 at 6:07 PM, Jonathan Gray wrote:
> On Fri, Sep 19, 2014 at 02:22:49PM +0200, Tony Sarendal wrote:
> > Good afternoon,
> >
> > Friday question:
> > Does anyone have recommendation on graphics hardware to use for 4k
> screens
> > and
Good afternoon,
Friday question:
Does anyone have recommendation on graphics hardware to use for 4k screens
and OpenBSD ?
I'm thinking about improving my workstation. I run lots of terminal
windows, a web browser,
and the default window manager. As I like eye candy I may even do "xsetroot
-solid
On Tue, Sep 16, 2014 at 12:20 AM, Alexander Salmin
wrote:
> Did you see it in previous versions?
> I would compare the same ruleset with a fresh 5.5 and see if you
> experience the same and in that case continue compare the relevant
> sourcecode.
>
The behaviour is the same as far back as 5.4 at
I'm currently looking into some logging strangeness in we are seeing.
Does anyone know why this is logged ?
obc3.rad# cat /etc/pf.conf
pass quick all
obc3.rad# pfctl -sr
pass quick all flags S/SA
obc3.rad# tcpdump -n -e -ttt -i pflog0
tcpdump: WARNING: snaplen raised from 116 to 160
tcpdump: liste
bgpctl show rib nei out
On Mon, Sep 15, 2014 at 3:55 AM, Adam Thompson
wrote:
> Is there any functionality in bgpctl(8) that will show me precisely what
> I'm advertising to a neighbor?
> If not, is there any easier way - assuming I don't have access to my
> neighbor's router, and they don't r
On Sat, Sep 13, 2014 at 10:17 AM, Henning Brauer
wrote:
> * Tony Sarendal [2014-09-03 06:48]:
> > The initial request disappearing and the firewalls staying demoted
> > "forever" are independent issues.
>
> sure about that? the demotion counter for the inter
orid: b33d7f45 age: 00:00:00 status: start
/T
On Tue, Sep 2, 2014 at 12:07 PM, Tony Sarendal wrote:
> As Chuck pointed out this has nothing to do with pfsense or freebsd.
>
> While I dig deeper I'm running with the following config to get around the
> problem:
> pf1.
nce he's clearly indicating currently supported OpenBSD versions 5.4
> and 5.5 near the bottom...)
>
> On 30 Aug 2014 at 14:22, Chuck Burns wrote:
>
> > On Saturday, August 30, 2014 8:27:24 AM Tony Sarendal wrote:
> > > Good morning,
> > >
> > > I&#
Good morning,
I'm having issues with pfsync on trunk interfaces, although I suspect it to
be
any interface that is slow to start. When I run pfsync on a vlan interface
on a trunk(4),
the pfsync bulk transfer never completes.
Running pfsync on an interface that starts quickly I see:
07:41:45.98240
PM, Matthias Appel
wrote:
> > -Ursprüngliche Nachricht-
> > Von: owner-m...@openbsd.org [mailto:owner-m...@openbsd.org] Im
> > Auftrag von Tony Sarendal
> > Gesendet: Montag, 18. August 2014 12:55
> > An: misc
> > Betreff: Re: Does OpenBGPd suffer collateral dam
What a horrible article. I thought the kebab I just had for lunch ruined my
day, reading that was worse.
On Mon, Aug 18, 2014 at 2:27 AM, Rod Whitworth wrote:
> http://www.smh.com.au/technology/technology-news/how-flakey-is-the-inter
> net-20140816-104t8p.html
>
> I would love to hear that our
Tested on 5.2 and current.
routes get stuck in bgpd after ifconfig destroy.
titan# cat /etc/bgpd.conf
AS 65001
router-id 10.1.1.1
network inet connected
network inet static
titan# bgpctl show rib
flags: * = Valid, > = Selected, I = via IBGP, A = Announced, S = Stale
origin: i = IGP, e = EGP, ?
On Tue, Apr 3, 2012 at 10:49 PM, mxb wrote:
>
> On Apr 3, 2012, at 4:31 PM, Tony Sarendal wrote:
>
> > On Tue, Apr 3, 2012 at 3:41 PM, Jonathan Gray wrote:
> >
> >> On Tue, Apr 03, 2012 at 03:09:37PM +0200, Tony Sarendal wrote:
> >>> When testing new bo
On Tue, Apr 3, 2012 at 3:41 PM, Jonathan Gray wrote:
> On Tue, Apr 03, 2012 at 03:09:37PM +0200, Tony Sarendal wrote:
> > When testing new boxes with Intel E3-1270 cpu I don't see AES on the
> cpu's
> > in dmesg.
> > Does this mean that the aes-ni stuff
When testing new boxes with Intel E3-1270 cpu I don't see AES on the cpu's
in dmesg.
Does this mean that the aes-ni stuff isn't used on these ? I was a bit
curious to see if it had any effect on ipsec performance.
Regards Tony
test3.pio# dmesg
OpenBSD 5.1-current (GENERIC.MP) #258: Mon Apr 2 12:
Good evening,
the last two days we have experienced panics sequentially across all of our
peering boxes.
After one day of coffee, thinking and reading, I found this in 4.9. (5.0+
looks good):
target49# ifconfig vlan69
vlan69: flags=8843 mtu 1500
lladdr 00:0c:29:38:f3:c5
priority:
On Fri, Sep 16, 2011 at 2:34 PM, Claudio Jeker wrote:
> On Wed, Aug 31, 2011 at 04:37:49PM +0200, Tony Sarendal wrote:
> > On Wed, Aug 31, 2011 at 4:24 PM, Josh Hoppes
> wrote:
> >
> > > Why are you using "set nexthop self" and then trying to change that
On Wed, Aug 31, 2011 at 4:24 PM, Josh Hoppes wrote:
> Why are you using "set nexthop self" and then trying to change that
> with the filter "allow quick to 172.29.1.52 set nexthop 172.29.1.200".
> If you don't want your nexthop to be yourself don't tell bgpd to do
> that.
>
>
To show a bug in bgp
On Wed, Aug 31, 2011 at 11:01 AM, Andre Keller wrote:
> Hi
>
> Am 31.08.2011 10:23, schrieb Tony Sarendal:
> > Sender says next hop = 172.29.1.100, receiver says .51.
> > show rib out in this case shows incorrect nexthop.
>
> Well thats kind of the point of having set
On Wed, Aug 31, 2011 at 9:51 AM, Patrick Lamaiziere
wrote:
> Le Wed, 31 Aug 2011 07:19:15 +0200,
> Tony Sarendal a icrit :
>
> Hi,
>
> > current1# cat /etc/bgpd.conf
> > AS 65001
> > network 10.0.1.0/24
> >
> > current1# bgpctl show rib nei 172.29.1
current1# cat /etc/bgpd.conf
AS 65001
network 10.0.1.0/24
neighbor 172.29.1.52 {
remote-as 65001
set nexthop self
descr "current2"
local-address 172.29.1.51
}
allow quick to 172.29.1.52 set nexthop 172.29.1.200
allow to any
allow from any
current1# bgpctl show rib
On Fri, Jul 8, 2011 at 4:09 PM, Stuart Henderson wrote:
> On 2011-07-08, Tony Sarendal wrote:
> >> > If you're running isakmpd from 4.8 or 4.9 with IKE you want to pull
> >> > up src/sbin/isakmpd/dh.c to r1.14 otherwise you will certainly
> >> > see
On Mon, Jul 4, 2011 at 4:12 PM, rancor wrote:
> Ah =) Thanks!
>
> // rancor
>
> 2011/7/4 Stuart Henderson :
> > On 2011-07-02, rancor wrote:
> >> Hi.
> >>
> >> I have two separate ipsec tunnels from 4.9 boxes and both are
> >> generating this message i /var/log/messages once every hour or two
>
On Sat, Oct 23, 2010 at 8:45 PM, Tony Sarendal wrote:
>
>
> On Sat, Oct 23, 2010 at 8:02 PM, Henning Brauer wrote:
>
>> * Tony Sarendal [2010-10-23 19:03]:
>> > How does OpenBSD handle the same prefix being in both bgpd and ospfd ?
>>
>> in general? OS
On Sat, Oct 23, 2010 at 8:02 PM, Henning Brauer wrote:
> * Tony Sarendal [2010-10-23 19:03]:
> > How does OpenBSD handle the same prefix being in both bgpd and ospfd ?
>
> in general? OSPF routes have priority over BGP routes. that's
> implemented kernel routing tab
On Sat, Oct 23, 2010 at 6:16 PM, Stuart Henderson wrote:
> On 2010-10-23, Tony Sarendal wrote:
> > rtlabel label
> > Add the prefix with the specified label to the kernel
> routing
> > table.
>
> I think this should be:
>
>
On Sat, Oct 23, 2010 at 3:07 PM, Henning Brauer wrote:
> * Tony Sarendal [2010-10-23 14:29]:
> > rtlabel label
> > Add the prefix with the specified label to the kernel
> routing
> > table.
> >
> > Is this an error in the page or
On Sat, Oct 23, 2010 at 2:05 PM, Insan Praja SW wrote:
> Hi Tony,
>
> On Sat, 23 Oct 2010 18:44:46 +0700, Tony Sarendal
> wrote:
>
> Is there a way to redistribute routes from BGP to OSPF using bgpd and ospfd
>> ?
>>
>>
> on bgpd.conf you might want to do
Is there a way to redistribute routes from BGP to OSPF using bgpd and ospfd
?
I have a network where the core concists of openbsd devices using bgpd to
distribute
routing information. At present we need to use static routing if we connect
devices that
do not support BGP.
Regards Tony
On Sat, Apr 10, 2010 at 9:44 AM, tom baecker wrote:
> Hello,
>
> I've setup a openbsd-ha firewall, based on the
> http://www.openbsd.org/faq/pf/carp.html.
>
> If the master goes down - the backup system become the Master rule.
> All established connections are in sync and stay active - so thats
>
On Sun, Mar 28, 2010 at 1:18 PM, Tony Sarendal wrote:
>
>
> On Sun, Mar 28, 2010 at 10:41 AM, Mark Kettenis
> wrote:
>
>> It's worth trying to disable ichiic(4).
>>
>
> Cheers, giving it a go on a few of them.
>
>
Over a week running with i386 4.6
On Sun, Mar 28, 2010 at 10:41 AM, Mark Kettenis wrote:
> It's worth trying to disable ichiic(4).
>
Cheers, giving it a go on a few of them.
/Tony
Is there a way to see where the cpu time is spent when it isn't in userland
?
I took one of our affected systems and killed everything on it as well as
disabling pf.
bmr1.brh# ps aux
USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND
root 1 0.0 0.0 324 296 ??
> I'd be looking at the state of your mbufs as well. man netstat
>
>
Thanks Aaron,
these systems are currently running with load very low. From one of the
boxes with
the problem:
bmr1.mlt# uptime
11:33AM up 13 days, 1:04, 1 user, load averages: 0.15, 0.17, 0.11
bmr1.mlt# netstat -m
102 mbufs i
I'm using supermicro boxes (dmesg below) as vpn routers. IPsec+gre+bgp.
After a few days uptime the boxes start reporting 8% system cpu, and at the
same time
they become unresponsive on the network approx every 10 seconds.
Any idea on how to find the reason for this is appreciated.
I have around 2
On Mon, Mar 1, 2010 at 12:54 PM, Stuart Henderson wrote:
> On 2010-03-01, Tony Sarendal wrote:
> > Good morning misc,
> >
> > I upgraded two devices from i386-4.6 to i386-snapshot-feb28.
> > After the upgrade snapshot boxes are unable to communicate with the 4.6
Good morning misc,
I upgraded two devices from i386-4.6 to i386-snapshot-feb28.
After the upgrade snapshot boxes are unable to communicate with the 4.6
devices
when going through ipsec. snapshot-snapshot works fine.
Everything looks ok except that nothing shows up on enc0 when doing
4.6<-->snapsh
On 12/4/07, Tony Sarendal <[EMAIL PROTECTED]> wrote:
>
>
>
> On 12/4/07, John Rodenbiker <[EMAIL PROTECTED]> wrote:
> >
> > On Dec 4, 2007, at 12:14 AM, visc wrote:
> > > So, my question is this - what are the current best practices for
> >
On 12/4/07, John Rodenbiker <[EMAIL PROTECTED]> wrote:
>
> On Dec 4, 2007, at 12:14 AM, visc wrote:
> > So, my question is this - what are the current best practices for
> > setting up a hub and spoke topology using OpenBSD, allowing for
> > traffic to securely flow from Branch to Branch on occasio
On 11/12/07, Claudio Jeker <[EMAIL PROTECTED]> wrote:
>
> On Tue, Nov 06, 2007 at 06:26:47PM +0100, Tony Sarendal wrote:
> > New version. Less duplication and a nice feature as bonus.
> > With softreconfig in enabled the looped prefixes are accepted
> > into the Adj-R
On 11/7/07, Martin Toft <[EMAIL PROTECTED]> wrote:
>
> Hi,
>
> I'm experiencing some mysterious transfer speed differences. I have a
> virtual Linux-server at HostEurope, Germany, and it appears that
> machines running OpenBSD can only download from the Linux-server with
> approx 300 kB/s, whereas
On 11/6/07, Tony Sarendal <[EMAIL PROTECTED]> wrote:
>
> New version. Less duplication and a nice feature as bonus.
> With softreconfig in enabled the looped prefixes are accepted
> into the Adj-RIB-In.
>
> This means that I can tell if my neighbor AS is using
> a path v
path_update(peer, fasp, &prefix,
+ prefixlen,F_LOCAL);
/* free modified aspath */
if (fasp != asp)
--
---
Tony Sarendal - [EMAIL PROTECTED]
IP/Unix
-= The scorpion replied,
"I couldn't help it, it's my nature" =-
diff -u version.
/Tony
Index: rde.c
===
RCS file: /cvs/src/usr.sbin/bgpd/rde.c,v
retrieving revision 1.228
diff -u -r1.228 rde.c
--- rde.c 16 Sep 2007 15:20:50 - 1.228
+++ rde.c 6 Nov 2007 10:38:23 -
@@ -919
I have not yet checked how other implementations handle the
situation where an update with a as-path loop hides the fact
that the neighbor just lost a path.
But I made a quick patch if anyone feel like testing.
The black-hole condition does not appear anymore when
I test.
Be gentle, I only browse
On 11/5/07, Claudio Jeker <[EMAIL PROTECTED]> wrote:
>
> On Sun, Nov 04, 2007 at 11:30:20PM +, Tony Sarendal wrote:
> > On 11/4/07, Tony Sarendal <[EMAIL PROTECTED]> wrote:
> > >
>
> Thanks for all the info. I will have a look at this as well. Curren
On 11/4/07, Tony Sarendal <[EMAIL PROTECTED]> wrote:
>
>
>
> On 11/4/07, Tony Sarendal <[EMAIL PROTECTED]> wrote:
> >
> > On 11/4/07, Tony Sarendal <[EMAIL PROTECTED] > wrote:
> >
> > >
> > > bgpd does not re-route correctly when
On 11/4/07, Tony Sarendal <[EMAIL PROTECTED]> wrote:
>
> On 11/4/07, Tony Sarendal <[EMAIL PROTECTED]> wrote:
>
> >
> > bgpd does not re-route correctly when I shut down a transit when I
> > use a bgp-only design, causing black-holes for some prefixes.
>
On 11/4/07, Tony Sarendal <[EMAIL PROTECTED]> wrote:
>
>
> bgpd does not re-route correctly when I shut down a transit when I
> use a bgp-only design, causing black-holes for some prefixes.
>
> router-01 and router-02 are in the same AS and peer with the same transit
>
bgpd does not re-route correctly when I shut down a transit when I
use a bgp-only design, causing black-holes for some prefixes.
router-01 and router-02 are in the same AS and peer with the same transit
provider.
router-01 and router-02 have two ibgp peerings, primary and standby path.
router-01 s
On 11/3/07, Florian Fuessl <[EMAIL PROTECTED]> wrote:
>
> Hi Gregory,
>
> we have multiple redundant FE upstream peerings to the same AS. So I guess
> the best solution would be in our case to let the upstream provider assign
> different community flags for packets passing each FE line which we can
On 10/30/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
>
> * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-30 11:25]:
> > On 10/30/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
> > >
> > > * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-30 02:28]:
On 10/30/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
>
> * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-30 02:28]:
> > bgp rib and fib look out of sync.
> > Any ideas why it behaves this way ?
> >
> > It seems like the networks that only exist in bgp fai
I set up a test network with bgpd/ospfd, a standard service provider design
where ospf carries the network links and loopbacks and bgp carries
everything,
bgp routers doing nexthop self, core full mesh and access routers rr-clients
of the two nearest core routers.
I'm seeing some pretty odd behavi
On 10/27/07, Tony Sarendal <[EMAIL PROTECTED]> wrote:
>
> On 10/27/07, Jake Conk <[EMAIL PROTECTED]> wrote:
>
> > Hello,
> >
> > I have my OpenBSD machine setup as a router and when I moved my
> > network from my office to my new datacenter I was no lo
On 10/27/07, Jake Conk <[EMAIL PROTECTED]> wrote:
>
> Hello,
>
> I have my OpenBSD machine setup as a router and when I moved my
> network from my office to my new datacenter I was no longer able to
> connect to the internet from machines behind the obsd router. When I
> try to ping a domain such a
I'm testing openbsd and routing in a basic setup.
router-01 and router-02 are access routers with dynamic routing,
both connect to a lan where firewall-01 resides.
Both router-01 and router-02 have a static route for the network
behind firewall-01.
router-01# cat
/etc/hostname.em1
inet 192.168.1.
On 10/23/07, ropers <[EMAIL PROTECTED]> wrote:
>
> On 23/10/2007, Tony Sarendal <[EMAIL PROTECTED]> wrote:
> > On 10/23/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
> > >
> > > * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-22 18:33]:
> &
On 10/23/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
>
> * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-22 18:33]:
> > I didn't get that opinion from marketing.
> > No matter, we disagree, lets leave it at that.
>
> well, yeah, nontheless, I wanna point
On 10/22/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
>
> * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-22 14:59]:
> > On 10/22/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
> > > * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-22 01:19]:
> > > &
On 10/22/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
>
> * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-22 01:19]:
> > On 10/21/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
> > > well, you can go stateful up to a certain point and handle stuff above
>
On 10/21/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
>
> * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-21 17:22]:
> > On 10/21/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
> > >
> > > * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-21 14:50]:
On 10/21/07, Can Erkin Acar <[EMAIL PROTECTED]> wrote:
>
> Tony Sarendal <[EMAIL PROTECTED]> wrote:
> > On 10/21/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
> >>
> >> * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-21 14:50]:
> >> &
On 10/21/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
>
> * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-21 14:50]:
> > > stateless is poop.
> > What will happen when the limit of maximum concurrent states is reached
> ?
> > Will it stop forwarding new flo
On 10/21/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
>
> * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-20 18:06]:
> > On 10/20/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
> > >
> > > * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-20 13:24]:
On 10/20/07, Timo Schoeler <[EMAIL PROTECTED]> wrote:
>
> Hi list,
>
> on a customers' site I have a problem connecting from within their
> LAN (OpenBSD machine) crossing their router (Linksys BEFSX41, doing
> NAT) to a machine on the internet via SSH: Sessions die after some time
> due to 'timeout
On 10/20/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
>
> * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-20 13:24]:
> > Once I have a few moments free I'll check the impact of pf with urpf and
> > basic stateless filters
> > filters enabled. Tim
On 10/20/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
>
> * Tony Sarendal <[EMAIL PROTECTED]> [2007-10-20 09:49]:
> > I performed some quick additional tests with OpenBSD and vlan's just
> > for the fun of it, although I belive these tests were more about
>
I performed some quick additional tests with OpenBSD and vlan's just
for the fun of it, although I belive these tests were more about OpenBSD's
performance with lots of interfaces.
If you want a openbsd router/firewall with 4000 interfaces don't go for a
low-end CPU =)
http://www.layer17.net/open
On 10/18/07, Brian A. Seklecki <[EMAIL PROTECTED]> wrote:
>
> On Thu, 18 Oct 2007 14:16:59 +0100
> "Tony Sarendal" <[EMAIL PROTECTED]> wrote:
>
> > Just a 5 minute quick test, nothing too scientific.
>
> Thanks! What was your IXIA platform? RHEL wit
On 10/18/07, Brian A. Seklecki <[EMAIL PROTECTED]> wrote:
>
> On Wed, 17 Oct 2007 10:52:34 +0200
> Henning Brauer <[EMAIL PROTECTED]> wrote:
>
> > * Brian A. Seklecki <[EMAIL PROTECTED]> [2007-10-16
> 23:01]:
> > > All:
> > >
> > > I see that IFCAP_VLAN_MTU is available, but IFCAP_VLAN_HWTAGGING, a
I made a new more detailed latency/throughput test with ifq.maxlen set to
2500. With AMD64 UP kernel we are now looking at around 500kpps
without packet loss. From 400 to 500kpps with one command, pretty nice,
I have to remember that one.
http://www.layer17.net/openbsd-test-rfc2544-throughput-laten
New set of tests done with AMD64 UP kernel.
http://www.layer17.net/openbsd-router-intro.html
/Tony
On 10/3/07, Daniel Ouellet <[EMAIL PROTECTED]> wrote:
>
> Claudio Jeker wrote:
> > Could you add the dmesg of the test box to the website?
> > Do you have any other network cards you could test? (I'm mostly
> interested
> > in bnx but sk, msk, bge and nfe could be interesting as well).
>
> This box
On 10/3/07, Claudio Jeker <[EMAIL PROTECTED]> wrote:
>
> On Tue, Oct 02, 2007 at 08:46:43PM +0100, Tony Sarendal wrote:
> > On 9/27/07, Tony Sarendal <[EMAIL PROTECTED]> wrote:
> > >
> > > On 9/27/07, Claudio Jeker <[EMAIL PROTECTED]> wrote:
>
On 9/27/07, Tony Sarendal <[EMAIL PROTECTED]> wrote:
>
> On 9/27/07, Claudio Jeker <[EMAIL PROTECTED]> wrote:
>
> > On Thu, Sep 27, 2007 at 09:54:00AM +0100, Tony Sarendal wrote:
> > > On 9/27/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
> > > &
On 9/27/07, Claudio Jeker <[EMAIL PROTECTED]> wrote:
>
> On Thu, Sep 27, 2007 at 09:54:00AM +0100, Tony Sarendal wrote:
> > On 9/27/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
> > >
> > > * Tony Sarendal <[EMAIL PROTECTED]> [2007-09-27 10:36]:
&g
On 9/27/07, Henning Brauer <[EMAIL PROTECTED]> wrote:
>
> * Tony Sarendal <[EMAIL PROTECTED]> [2007-09-27 10:59]:
> > I meant if the input queue length was per physical or logical interface.
>
> neither. there is one per protocol. i. e. typically two (inet
1 - 100 of 238 matches
Mail list logo
