Re: high cpu usage on natd / dhcpd
On Thu, 7 Feb 2013 12:50:51 +, Eggert, Lars wrote:
> Hi,
>
> On Feb 7, 2013, at 13:40, Ian Smith wrote:
> > On Thu, 7 Feb 2013 08:08:59 +, Eggert, Lars wrote:
> >> On Jan 31, 2013, at 16:03, Matthew Luckie wrote:
> >>>
> >>> 00510 allow ip from me to not me out via em1
> >>> 00550 divert 8668 ip from any to any via em1
> >>>
> >>> Rule 510 fixes it.
> >>
> >> Yep, it does. Can I ask someone to commit this to rc.firewall?
> >
> > The ruleset Matthew posted bears no resemblance to rc.firewall, so I
> > don't see that (or how) it solves any generic problem.
>
> sorry for having been imprecise. What I was asking for was this change:
>
> --- /usr/src/etc/rc.firewall 2012-11-17 12:36:10.0 +0100
> +++ rc.firewall 2013-02-06 11:35:45.0 +0100
> @@ -155,6 +155,7 @@
> case ${natd_enable} in
> [Yy][Ee][Ss])
> if [ -n "${natd_interface}" ]; then
> +${fwcmd} add 49 allow ip from me to not me out via
> ${natd_interface}
> ${fwcmd} add 50 divert natd ip4 from any to any via
> ${natd_interface}
> fi
> ;;
That could break the 'client' ruleset, which also includes this section,
so to do this you may need another case for just 'open' to add that
allow first, then the existing code for 'client' as well. Bit messy. My
patch made it a setup_nat() function called with or without rule number,
so it could be used in 'simple' too, which currently lacks kernel nat.
That allows all outbound IP (4 or 6) from any address on your box (me)
without trying to divert it via natd - which is a sensible aim for
'open', and as julian@ has said (paraphrasing perhaps) "Never waste
natd's time with a packet it doesn't care about", which these are.
I think you'd do better for this case to either put these few rules you
need, including the following '65000 allow all..' into /etc/my.rules and
set firewall_type="/etc/my.rules", or copy rc.firewall to rc.mywall,
modify only that and set firewall_script="/etc/rc.mywall" in rc.conf ?
Either way you'll still get setup_loopback() and setup_ipv6_mandatory()
rules. If it improves performance, can you instrument that at all?
> >> (And I wonder if the rules for the ipfw kernel firewall need a
> >> similar addition, because the system locks up under heavy network
> >> load if I use that instead of natd.)
Perhaps finding the root cause of 'lock up' would be useful to pursue?
Is there any ipv6 involved with this? Is your upstream DHCP server
giving you an address in public or RFC1918 space? What packet rates?
> > Which rc.firewall ruleset are you referring to?
>
> My rc.conf has:
>
> gateway_enable="YES"
> firewall_enable="YES"
> firewall_type="OPEN"
> natd_enable="YES"
> natd_interface="bce0"
>
> With the patch above, that seems to work fine.
>
> I tried to replace the natd_* lines with:
>
> firewall_nat_enable="YES"
> firewall_nat_interface="bce0"
>
> which caused the machine to lock up under load, similar to when natd
> started eating CPU cycles. This made me wonder if a similar patch to
> the above for the firewall_nat_* case in rc.firewall might be needed.
Well it shouldn't, but maybe you've reached some load / pps limit on
your hardware in ipfw_nat too? Again, avoiding trying to do NAT on
ineligible (outbound, from me) packets is not a bad idea per se.
One of the issues in outstanding PRs for /etc/rc.d/ipfw is that if you
still have natd_enable set, it won't load the ipfw_nat module needed, ie
you currently need to know you must disable natd when enabling ipfw_nat.
> > I suggest following up to ipfw@ (cc'd) rather than net@
>
> Will subscribe, thanks.
>
> Lars
I'll leave you to pull this out of net@ if you think it best.
cheers, Ian
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Intel 82574 issue reported on Slashdot
For those that may have run across the story on Slashdot about this NIC, here is our statement: Recently there were a few stories published, based on a blog post by an end-user, suggesting specific network packets may cause the Intel® 82574L Gigabit Ethernet Controller to become unresponsive until corrected by a full platform power cycle. Intel was made aware of this issue in September 2012 by the blogs author. Intel worked with the author as well as the original motherboard manufacturer to investigate and determine root cause. Intel root caused the issue to the specific vendor’s mother board design where an incorrect EEPROM image was programmed during manufacturing. We communicated the findings and recommended corrections to the motherboard manufacturer. It is Intel’s belief that this is an implementation issue isolated to a specific manufacturer, not a design problem with the Intel 82574L Gigabit Ethernet controller. Intel has not observed this issue with any implementations which follow Intel’s published design guidelines. Intel recommends contacting your motherboard manufacturer if you have continued concerns or questions whether your products are impacted. Here is the link: http://communities.intel.com/community/wired/blog/2013/02/07/intel-82574l-gigabit-ethernet-controller-statement Any questions or concerns may be sent to me. Cheers, Jack ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Intel 82574 issue reported on Slashdot
Jack, How do I tell whether my motherboards are made by 'specific manufacturer' and whether NICs there are affected? Broadcasting packet of death is not a very good method in production environment. EEPROM dump on my 82574L NICs on Supermicro X9SAE-V motherboard do match the 'bad' EEPROM mentioned in the http://www.kriskinc.com/intel-pod --Artem On Fri, Feb 8, 2013 at 10:16 AM, Jack Vogel wrote: > For those that may have run across the story on Slashdot about this NIC, > here is our statement: > > Recently there were a few stories published, based on a blog post by an > end-user, suggesting specific network packets may cause the Intel® 82574L > Gigabit Ethernet Controller to become unresponsive until corrected by a > full platform power cycle. > > Intel was made aware of this issue in September 2012 by the blogs author. > Intel worked with the author as well as the original motherboard > manufacturer to investigate and determine root cause. Intel root caused the > issue to the specific vendor’s mother board design where an incorrect > EEPROM image was programmed during manufacturing. We communicated the > findings and recommended corrections to the motherboard manufacturer. > > It is Intel’s belief that this is an implementation issue isolated to a > specific manufacturer, not a design problem with the Intel 82574L Gigabit > Ethernet controller. Intel has not observed this issue with any > implementations which follow Intel’s published design guidelines. Intel > recommends contacting your motherboard manufacturer if you have continued > concerns or questions whether your products are impacted. > Here is the link: > > http://communities.intel.com/community/wired/blog/2013/02/07/intel-82574l-gigabit-ethernet-controller-statement > > Any questions or concerns may be sent to me. > > Cheers, > > Jack > ___ > freebsd-sta...@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org" ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Question: Why ain't I getting gigabit speed?
On Feb 7, 2013, at 4:13 PM, Ronald F. Guilmette wrote:
> I just aquired a brand new chepie gigabit PCI ethernet card off eBay.
> The main chip on it appears to be an RTL8110S-32.
>
> I stuck this card into a 9.1-RELEASE system that I have been putting
> together, and it seemed to be recognized ok (as re0) upon boot up, so
> I diddled my /etc/rc.conf file to get it to ifconfig as 192.168.1.3
> on reboot. Then I rebooted.
>
> I have the card wired via a CAT6 cable to my Linksys E2000 gigabit
> router. Nonetheless, upon reboot, followed by "ifconfig -a", the
> output from ifconfig says the following for this card:
>
> re0: flags=8843 metric 0 mtu 1500
>
> options=8209b
> ether 00:13:3b:02:03:bd
> inet 192.168.1.3 netmask 0xff00 broadcast 192.168.1.255
> inet6 fe80::213:3bff:fe02:3bd%re0 prefixlen 64 scopeid 0x7
> nd6 options=29
> media: Ethernet autoselect (100baseTX )
> status: active
>
> I've tried two different CAT6 cables, two different LAN ports on my E2000,
> and I've even tried the card in two different PCI slost on my motherboard,
> but the results are always the same.
>
> So, um, what gives? Why does the driver appear to be setting this card to
> 100baseTX rather than the 1000baseTX that I was hoping for?
>
> Is there some magic spell that I am unaware of that I must cast on this
> in order to get it to work right?
I would suspect the switch ("router"). FYI:
http://forum.qnap.com/viewtopic.php?f=11&t=47421#p213242
I have an re interface on my FreeBSD router and it connects at 1000baseT no
problem.
> P.S. dmesg has this to say about the card:
>
> re0: port
> 0xbe00-0xbeff mem 0xdf9ff000-0xdf9ff0ff irq 18 at device 5.0 on pci4
> re0: Chip rev. 0x0400
> re0: MAC rev. 0x
> re0: Ethernet address: 00:13:3b:02:03:bd
> re0: link state changed to UP
> re0: link state changed to DOWN
> re0: link state changed to UP
> ___
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
>
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Question: Why ain't I getting gigabit speed?
In message ,
John Nielsen wrote:
>On Feb 7, 2013, at 4:13 PM, Ronald F. Guilmette =
>wrote:
>
>> I just aquired a brand new chepie gigabit PCI ethernet card off eBay.
>> The main chip on it appears to be an RTL8110S-32.
>>...
>I would suspect the switch ("router"). FYI:
>http://forum.qnap.com/viewtopic.php?f=3D11&t=3D47421#p213242
>
>I have an re interface on my FreeBSD router and it connects at 1000baseT =
>no problem.
Could you please send or post the relevant ifconfig printout for that,
and also the applicable/relevant dmesg lines?
This problem is very perplexing, but I don't think that the problem
is with my Linksys E2000.
I did some more experiments. Fortunately, I had a CAT6 crossover cable
lying around. So I used that and connected my machine with the RTL8110S-32
in it directly to two other machines with gigabit interfaces. One was
my other server. The other was a laptop I have here. The results were
very strange.
In the case of connecting to the laptop, all seemed to work correctly,
however ifconfig showed that my re0 device in this case believed itself
to be "master". (I suspect that this may make a difference, and that
the current FreeBSD re driver may perhaps behave better when it is
acting as master.)
In the case of connecting (via CAT6 crossover) direct to my other server,
things got even more strange. In this case, after making the connection,
autonegotiation apparently worked correctly, and I could see "1000baseT"
in the output from "ifconfig re0", *however* a moment or two later,
suddenly the connection was entirely dropped, and now the ifconfig
output said "no carrier". I reproduced this sequence multiple times.
It is readily reproducable. (The other server is running FreeBSD 8.3-
RELEASE with an on-motherboard Nvidia gigabit ethernet interface, BTW.)
I am inclined to wonder if perhaps the re driver has some rough edges
still.
Regards,
rfg
P.S. Since this card is really not working out for me, has anybody got
a suggestion and/or link they could send me for an _inexpensive_ gigabit
PCI nic that works reliably with FreeBSD? (I am hoping for something under
$12 USD.)
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Question: Why ain't I getting gigabit speed?
On 8 Feb 2013, at 21:48, "Ronald F. Guilmette" wrote:
>
> In message ,
> John Nielsen wrote:
>
>> On Feb 7, 2013, at 4:13 PM, Ronald F. Guilmette =
>> wrote:
>>
>>> I just aquired a brand new chepie gigabit PCI ethernet card off eBay.
>>> The main chip on it appears to be an RTL8110S-32.
>>> ...
>
>> I would suspect the switch ("router"). FYI:
>> http://forum.qnap.com/viewtopic.php?f=3D11&t=3D47421#p213242
>>
>> I have an re interface on my FreeBSD router and it connects at 1000baseT =
>> no problem.
>
> Could you please send or post the relevant ifconfig printout for that,
> and also the applicable/relevant dmesg lines?
>
> This problem is very perplexing, but I don't think that the problem
> is with my Linksys E2000.
>
> I did some more experiments. Fortunately, I had a CAT6 crossover cable
> lying around. So I used that and connected my machine with the RTL8110S-32
> in it directly to two other machines with gigabit interfaces. One was
> my other server. The other was a laptop I have here. The results were
> very strange.
>
> In the case of connecting to the laptop, all seemed to work correctly,
> however ifconfig showed that my re0 device in this case believed itself
> to be "master". (I suspect that this may make a difference, and that
> the current FreeBSD re driver may perhaps behave better when it is
> acting as master.)
>
?
Come again ?
Master what ?
You never mentioned using lagg.
> In the case of connecting (via CAT6 crossover) direct to my other server,
> things got even more strange. In this case, after making the connection,
> autonegotiation apparently worked correctly, and I could see "1000baseT"
> in the output from "ifconfig re0", *however* a moment or two later,
> suddenly the connection was entirely dropped, and now the ifconfig
> output said "no carrier". I reproduced this sequence multiple times.
> It is readily reproducable. (The other server is running FreeBSD 8.3-
> RELEASE with an on-motherboard Nvidia gigabit ethernet interface, BTW.)
>
> I am inclined to wonder if perhaps the re driver has some rough edges
> still.
>
>
> Regards,
> rfg
>
>
> P.S. Since this card is really not working out for me, has anybody got
> a suggestion and/or link they could send me for an _inexpensive_ gigabit
> PCI nic that works reliably with FreeBSD? (I am hoping for something under
> $12
Come on you've got to be kidding here...
Get an intel or a Broadcom, cough up a bit more than duh... $12, and you'll be
happy with that card.
FYI I'm getting 1000baseT from built-in NICs.
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Question: Why ain't I getting gigabit speed?
In message , Damien Fleuriot wrote: >> In the case of connecting to the laptop, all seemed to work correctly, >> however ifconfig showed that my re0 device in this case believed itself >> to be "master". (I suspect that this may make a difference, and that >> the current FreeBSD re driver may perhaps behave better when it is >> acting as master.) >>=20 > >? >Come again ? >Master what ? The hell if I know! That's just what it said on the output of "ifconfig re0". I saw the word "master" following after the "1000BaseT" (but inside the <>) on the "media:" line of the output. >You never mentioned using lagg. I have no idea what that is. Thus, I have no idea if I am using it or not. If I am, it is certainly unintentional. Regards, rfg ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: bin/175974: ppp(8): logic issue
Old Synopsis: logic issue in ppp(8) New Synopsis: ppp(8): logic issue Responsible-Changed-From-To: freebsd-bugs->freebsd-net Responsible-Changed-By: eadler Responsible-Changed-When: Fri Feb 8 23:52:20 UTC 2013 Responsible-Changed-Why: change synopsis and assign http://www.freebsd.org/cgi/query-pr.cgi?pr=175974 ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Question: Why ain't I getting gigabit speed?
On Feb 8, 2013, at 1:48 PM, Ronald F. Guilmette wrote:
> In message ,
> John Nielsen wrote:
>
>> On Feb 7, 2013, at 4:13 PM, Ronald F. Guilmette =
>> wrote:
>>
>>> I just aquired a brand new chepie gigabit PCI ethernet card off eBay.
>>> The main chip on it appears to be an RTL8110S-32.
>>> ...
>
>> I would suspect the switch ("router"). FYI:
>> http://forum.qnap.com/viewtopic.php?f=3D11&t=3D47421#p213242
>>
>> I have an re interface on my FreeBSD router and it connects at 1000baseT =
>> no problem.
>
> Could you please send or post the relevant ifconfig printout for that,
> and also the applicable/relevant dmesg lines?
% ifconfig re0
re0: flags=8843 metric 0 mtu 1500
options=8209b
ether 00:1f:e2:55:1d:bc
inet 67.182.217.170 netmask 0xfc00 broadcast 255.255.255.255
nd6 options=29
media: Ethernet autoselect (1000baseT )
status: active
% dmesg | egrep '^re0:|^miibus0:|^rgephy0:'
re0: port
0xd800-0xd8ff mem 0xfe9ff000-0xfe9f irq 17 at device 0.0 on pci2
re0: Using 1 MSI message
re0: Chip rev. 0x3800
re0: MAC rev. 0x0040
miibus0: on re0
rgephy0: PHY 1 on miibus0
rgephy0: none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX,
100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX,
1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto,
auto-flow
re0: Ethernet address: 00:1f:e2:55:1d:bc
> This problem is very perplexing, but I don't think that the problem
> is with my Linksys E2000.
>
> I did some more experiments. Fortunately, I had a CAT6 crossover cable
> lying around. So I used that and connected my machine with the RTL8110S-32
> in it directly to two other machines with gigabit interfaces. One was
> my other server. The other was a laptop I have here. The results were
> very strange.
>
> In the case of connecting to the laptop, all seemed to work correctly,
> however ifconfig showed that my re0 device in this case believed itself
> to be "master". (I suspect that this may make a difference, and that
> the current FreeBSD re driver may perhaps behave better when it is
> acting as master.)
Agree with other followup--"master" shouldn't be applicable here; figure that
out before you spend more time worrying about hardware. Would you mind posting
a redacted version of /etc/rc.conf (and the contents of /etc/rc.conf.d, if any)?
> In the case of connecting (via CAT6 crossover) direct to my other server,
> things got even more strange. In this case, after making the connection,
> autonegotiation apparently worked correctly, and I could see "1000baseT"
> in the output from "ifconfig re0", *however* a moment or two later,
> suddenly the connection was entirely dropped, and now the ifconfig
> output said "no carrier". I reproduced this sequence multiple times.
> It is readily reproducable. (The other server is running FreeBSD 8.3-
> RELEASE with an on-motherboard Nvidia gigabit ethernet interface, BTW.)
Any log or kernel messages on either side when this happens?
> I am inclined to wonder if perhaps the re driver has some rough edges
> still.
I wouldn't jump to that conclusion. It's not exactly a new driver and its
author (Bill Paul) was quite experienced. It is possible you have a dodgy board
though.
> P.S. Since this card is really not working out for me, has anybody got
> a suggestion and/or link they could send me for an _inexpensive_ gigabit
> PCI nic that works reliably with FreeBSD? (I am hoping for something under
> $12 USD.)
Most/all 1G NIC's in that price range will be Realtek. You may be able to find
a Marvell/SysKonnect card for a bit more, but for not much more than that you
can get something from Intel. You may get gigabit links from a cheap card but I
wouldn't count on gigabit performance. (Actually any PCI card will fall short
of gigabit performance.) If you actually care then spend the $30 on an Intel
card.
JN
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Intel 82574 issue reported on Slashdot
On 09/02/2013, at 4:46, Jack Vogel wrote: > recommends contacting your motherboard manufacturer if you have continued > concerns or questions whether your products are impacted. > Here is the link: > > http://communities.intel.com/community/wired/blog/2013/02/07/intel-82574l-gigabit-ethernet-controller-statement > > Any questions or concerns may be sent to me. In all honesty.. The blog post (and your email) are basically information free, they don't name names and provide no script or downloadable code that will allow end users to check if they are affected. "Contact your motherboard manufacturer" is much more time consuming than "Run sysctl... | grep foo | awk ..." to see if your system is affected. -- Daniel O'Connor software and network engineer for Genesis Software - http://www.gsoft.com.au "The nice thing about standards is that there are so many of them to choose from." -- Andrew Tanenbaum GPG Fingerprint - 5596 B766 97C0 0E94 4347 295E E593 DC20 7B3F CE8C ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
