Re: vxlan with IPv6 underlay ?
On Dec 4, 2023, at 3:26 AM, Benoit Chesneau wrote:Is IPv6 underlay fully supported with FreebBSD ? I have created the a tunnel and associated an Ipv6 address to each side. I'm able to ping between each devicesl. But when I want to curl from the remote side it timeout. Locally on the remote side it is OK. Is this expected ? Should I rather create a bridge with vxlan as a member and bind nginx to it ?I think you’ve answered your own question and demonstrated that it works as expected. Pinging the inside address would not work at all if the tunnel and outer transport weren’t working.As to why your curl test doesn’t work, we’d need more information. Make sure that nginx is in fact listening on the vxlan IP and is not being blocked by a firewall. You may also want to do a packet capture of the inside interfaces to see what is and isn’t going through.JN```$ ifconfig vxlan0 create vxlanid 108 vxlanlocal ::110b:102::100 vxlanremote ::110b:102::12$ ifconfig vxlan0vxlan0: flags=1008843 metric 0 mtu 1430 options=80020 ether 58:9c:fc:10:ff:eb groups: vxlan vxlan vni 108 local [::102::100]:4789 remote [::110b:102::12]:4789 media: Ethernet autoselect (autoselect ) status: active nd6 options=29$ ifconfig vxlan0 inet6 ::110b:300::1/64Ping from remote is ok:``` ifconfig vxlan0vxlan0: flags=1008843 metric 0 mtu 1430 options=680323 ether 58:9c:fc:10:df:1f inet6 fe80::5a9c:fcff:fe10:df1f%vxlan0 prefixlen 64 scopeid 0xf inet6 ::110b:300::2 prefixlen 64 groups: vxlan vxlan vni 108 local [:110b:102::12]:4789 remote [::110b:102::100]:4789 media: Ethernet autoselect (autoselect ) status: active nd6 options=21$ ping6 ::110b:300::1PING6(56=40+8+8 bytes) ::110b:300::2 --> :::110b:300::116 bytes from 2a0e:e701:110b:300::1, icmp_seq=0 hlim=64 time=0.071 ms16 bytes from 2a0e:e701:110b:300::1, icmp_seq=1 hlim=64 time=0.078 ms16 bytes from 2a0e:e701:110b:300::1, icmp_seq=2 hlim=64 time=0.076 ms16 bytes from 2a0e:e701:110b:300::1, icmp_seq=3 hlim=64 time=0.104 ms16 bytes from 2a0e:e701:110b:300::1, icmp_seq=4 hlim=64 time=0.077 ms^C```But when I run `curl -6 -v 'http://[::110b:300::1]'` it timeout. Benoît Chesneau, Enki Multimedia—t. +33608655490 Sent with Proton Mail secure email.
Re: Question: Why ain't I getting gigabit speed?
On Feb 7, 2013, at 4:13 PM, Ronald F. Guilmette wrote:
> I just aquired a brand new chepie gigabit PCI ethernet card off eBay.
> The main chip on it appears to be an RTL8110S-32.
>
> I stuck this card into a 9.1-RELEASE system that I have been putting
> together, and it seemed to be recognized ok (as re0) upon boot up, so
> I diddled my /etc/rc.conf file to get it to ifconfig as 192.168.1.3
> on reboot. Then I rebooted.
>
> I have the card wired via a CAT6 cable to my Linksys E2000 gigabit
> router. Nonetheless, upon reboot, followed by "ifconfig -a", the
> output from ifconfig says the following for this card:
>
> re0: flags=8843 metric 0 mtu 1500
>
> options=8209b
> ether 00:13:3b:02:03:bd
> inet 192.168.1.3 netmask 0xff00 broadcast 192.168.1.255
> inet6 fe80::213:3bff:fe02:3bd%re0 prefixlen 64 scopeid 0x7
> nd6 options=29
> media: Ethernet autoselect (100baseTX )
> status: active
>
> I've tried two different CAT6 cables, two different LAN ports on my E2000,
> and I've even tried the card in two different PCI slost on my motherboard,
> but the results are always the same.
>
> So, um, what gives? Why does the driver appear to be setting this card to
> 100baseTX rather than the 1000baseTX that I was hoping for?
>
> Is there some magic spell that I am unaware of that I must cast on this
> in order to get it to work right?
I would suspect the switch ("router"). FYI:
http://forum.qnap.com/viewtopic.php?f=11&t=47421#p213242
I have an re interface on my FreeBSD router and it connects at 1000baseT no
problem.
> P.S. dmesg has this to say about the card:
>
> re0: port
> 0xbe00-0xbeff mem 0xdf9ff000-0xdf9ff0ff irq 18 at device 5.0 on pci4
> re0: Chip rev. 0x0400
> re0: MAC rev. 0x
> re0: Ethernet address: 00:13:3b:02:03:bd
> re0: link state changed to UP
> re0: link state changed to DOWN
> re0: link state changed to UP
> ___
> freebsd-net@freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
>
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Question: Why ain't I getting gigabit speed?
On Feb 8, 2013, at 1:48 PM, Ronald F. Guilmette wrote:
> In message ,
> John Nielsen wrote:
>
>> On Feb 7, 2013, at 4:13 PM, Ronald F. Guilmette =
>> wrote:
>>
>>> I just aquired a brand new chepie gigabit PCI ethernet card off eBay.
>>> The main chip on it appears to be an RTL8110S-32.
>>> ...
>
>> I would suspect the switch ("router"). FYI:
>> http://forum.qnap.com/viewtopic.php?f=3D11&t=3D47421#p213242
>>
>> I have an re interface on my FreeBSD router and it connects at 1000baseT =
>> no problem.
>
> Could you please send or post the relevant ifconfig printout for that,
> and also the applicable/relevant dmesg lines?
% ifconfig re0
re0: flags=8843 metric 0 mtu 1500
options=8209b
ether 00:1f:e2:55:1d:bc
inet 67.182.217.170 netmask 0xfc00 broadcast 255.255.255.255
nd6 options=29
media: Ethernet autoselect (1000baseT )
status: active
% dmesg | egrep '^re0:|^miibus0:|^rgephy0:'
re0: port
0xd800-0xd8ff mem 0xfe9ff000-0xfe9f irq 17 at device 0.0 on pci2
re0: Using 1 MSI message
re0: Chip rev. 0x3800
re0: MAC rev. 0x0040
miibus0: on re0
rgephy0: PHY 1 on miibus0
rgephy0: none, 10baseT, 10baseT-FDX, 10baseT-FDX-flow, 100baseTX,
100baseTX-FDX, 100baseTX-FDX-flow, 1000baseT, 1000baseT-master, 1000baseT-FDX,
1000baseT-FDX-master, 1000baseT-FDX-flow, 1000baseT-FDX-flow-master, auto,
auto-flow
re0: Ethernet address: 00:1f:e2:55:1d:bc
> This problem is very perplexing, but I don't think that the problem
> is with my Linksys E2000.
>
> I did some more experiments. Fortunately, I had a CAT6 crossover cable
> lying around. So I used that and connected my machine with the RTL8110S-32
> in it directly to two other machines with gigabit interfaces. One was
> my other server. The other was a laptop I have here. The results were
> very strange.
>
> In the case of connecting to the laptop, all seemed to work correctly,
> however ifconfig showed that my re0 device in this case believed itself
> to be "master". (I suspect that this may make a difference, and that
> the current FreeBSD re driver may perhaps behave better when it is
> acting as master.)
Agree with other followup--"master" shouldn't be applicable here; figure that
out before you spend more time worrying about hardware. Would you mind posting
a redacted version of /etc/rc.conf (and the contents of /etc/rc.conf.d, if any)?
> In the case of connecting (via CAT6 crossover) direct to my other server,
> things got even more strange. In this case, after making the connection,
> autonegotiation apparently worked correctly, and I could see "1000baseT"
> in the output from "ifconfig re0", *however* a moment or two later,
> suddenly the connection was entirely dropped, and now the ifconfig
> output said "no carrier". I reproduced this sequence multiple times.
> It is readily reproducable. (The other server is running FreeBSD 8.3-
> RELEASE with an on-motherboard Nvidia gigabit ethernet interface, BTW.)
Any log or kernel messages on either side when this happens?
> I am inclined to wonder if perhaps the re driver has some rough edges
> still.
I wouldn't jump to that conclusion. It's not exactly a new driver and its
author (Bill Paul) was quite experienced. It is possible you have a dodgy board
though.
> P.S. Since this card is really not working out for me, has anybody got
> a suggestion and/or link they could send me for an _inexpensive_ gigabit
> PCI nic that works reliably with FreeBSD? (I am hoping for something under
> $12 USD.)
Most/all 1G NIC's in that price range will be Realtek. You may be able to find
a Marvell/SysKonnect card for a bit more, but for not much more than that you
can get something from Intel. You may get gigabit links from a cheap card but I
wouldn't count on gigabit performance. (Actually any PCI card will fall short
of gigabit performance.) If you actually care then spend the $30 on an Intel
card.
JN
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Question: Why ain't I getting gigabit speed?
On Feb 9, 2013, at 5:02 PM, Ronald F. Guilmette wrote: > P.S. While I appreciate all the friendly advice people here have given > me, i.e. to go with a card based around some non-Realtek chip, I have to > say that up until now I have always and consistantly had -zero- problems > with the many other Realtek-based 10/100 cards that I have owned and used. A bit OT, but I would say that this is _because_ of the FreeBSD driver (rl, also by Bill Paul). Some of the hardware deficiencies documented in the manpage and in comments in the if_rl.c are almost comical.. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Options to monitor/sniff network traffic under a vm
On Aug 25, 2013, at 5:38 AM, carlopmart wrote: > I need to monitor/sniff network traffic for three subnets (1 GiB nets) and I > need to do this using a virtual guest under an ESXi 5 host (yes, it is a > "handicap"). Not sure about your questions below, but doesn't ESXi 5 support port mirroring in the virtual switch? That seems like a better place to do most of the heavy lifting. You could still attach your FreeBSD instance to the monitor port(s) for analysis. That would hopefully help at least with a) by reducing the number of virtual NICs needed. > I would like to use FreeBSD 8.4 + netmap, but I see some problems: > > a) How can I avoid sharing interrupts for nics interfaces?? This vm needs to > use 6 nic interfaces. > > b) Which is best: em or ixgb emulated drivers?? > > c) Is it a good idea to enable polling in these nics?? ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Network troubles after 8.3 -> 8.4 upgrade
On Apr 17, 2014, at 2:38 PM, Andrea Venturoli wrote: > Three days ago I upgraded an amd64 8.3 box to the latest 8.4. > Since then the outside network is misbehaving: large mails are not sended > (although small ones do), svn operations will work for a while, then come to > a sudden stop, etc... > Perhaps the most evident test is "wget"ting a big file: it will download some > chunk, halt; restart after a while and download another chunk; lose the > connection once again, then restart and so on. > > I remember a couple of similar experiences in the past, from which I got out > by disabling TSO; however those box had fxp cards, while this has an em. > In any case disabling TSO did not help. My first thought was TSO as well, since I've seen the symptoms you describe a few times on systems running 10.0. Do you use IPFW or any kind of NAT on this system? When an application encounters a network problem, does it report or log anything at all? Anything in the kernel log/dmesg? A bit of a shot in the dark, but could you try applying r264517 (fixes a problem with VLAN and TSO interaction)? http://svnweb.freebsd.org/base/head/sys/net/if_vlan.c?r1=257241&r2=264517 Otherwise my only other thought would be the driver. Can you try reverting only the em(4) driver back to 8.3? If that helps it would give you both a workaround and a clue for where to look for a solution. Build modules and a kernel without em(4) from unmodified 8.4 src, load em(4) as a module, confirm that the problem persists. Replace the contents of src/sys/dev/e1000, src/sys/modules/em and src/sys/conf/files with those from an 8.3 src tree (or otherwise revert revision 247430), rebuild em module, unload/reload or reboot, see if problem goes away. (Could be somewhat complicated by the fact that you also have igb interfaces which also use code from the e1000 directory, but rather than speculate I'll leave solving that as an exercise for someone else.) JN > This is the relevant part of rc.conf: >> cloned_interfaces="lagg0 vlan1 vlan2 vlan3 carp0 carp1 carp3 carp4 carp6 >> carp7 carp9 carp10" >> ifconfig_igb0="up" >> ifconfig_igb1="up" >> ifconfig_lagg0="laggproto lacp laggport igb0 laggport igb1 192.168.101.4 >> netmask 255.255.255.0" >> ifconfig_lagg0_alias0="inet 192.168.101.101 netmask 0x" >> ifconfig_carp0="vhid 1 advskew 100 pass xxx 192.168.101.10" >> ifconfig_carp1="vhid 2 pass 192.168.101.10" >> ifconfig_em0="up" >> ifconfig_vlan1="inet 81.174.30.11 netmask 255.255.255.248 vlan 4 vlandev em0" >> ifconfig_vlan2="inet 83.211.188.186 netmask 255.255.255.248 vlan 2 vlandev >> em0" >> ifconfig_vlan3="inet 192.168.2.202 netmask 255.255.255.0 vlan 3 vlandev em0" >> ifconfig_carp3="vhid 4 advskew 100 pass 81.174.30.12" >> ifconfig_carp4="vhid 5 pass xxx 81.174.30.12" >> ifconfig_carp6="vhid 7 advskew 100 pass xx 83.211.188.187" >> ifconfig_carp7="vhid 8 pass xxx 83.211.188.187" >> ifconfig_carp9="vhid 10 advskew 100 pass 192.168.2.203" >> ifconfig_carp10="vhid 11 pass 192.168.2.203" >> ifconfig_lo0_alias0="inet 127.0.0.2 netmask 0x" >> ifconfig_lo0_alias1="inet 127.0.0.3 netmask 0x" >> ifconfig_lo0_alias2="inet 127.0.0.4 netmask 0x" > > As you can see the setup is quite complicated, but worked like a charm until > the upgrade; actually the internal net (igb+lagg+carp) still does, so this is > what points me toward em0, where I cannot seem to get any kind of stability. > > The card is >> em0@pci0:6:0:0: class=0x02 card=0x10828086 chip=0x107d8086 rev=0x06 >> hdr=0x00 >>vendor = 'Intel Corporation' >>device = 'PRO/1000 PT' >>class = network >>subclass = ethernet > > I tried disabling TSO, RXCSUM, TXCSUM, VLANHWTAG, VLANHWCSUM, VLANHWTSO... > I tried putting the card into 10baseT/UTP mode... > I tried sysctl net.inet.tcp.tso=0... > > None helped. > > Maybe I'm barking up the wrong tree, but nothing is in the logs to help... > > Nor did Google or wading through bug reports. > > > > Now I could restore the dumps I made before upgrading to 8.4 (but I'd really > like to avoid this), try to upgrade even further to 9.2 (although this will > be a lot of work and I'm not looking forward to it as a shot in the dark), > drop in another NIC... > What I'd really like, however, is some insight. > > Is this a known problem of some sort? Is this card or this driver known to be > broken? > Is there any way I could get some debugging info? > > Any hint is appreciated (and I need it badly :( !!!). > > bye & Thanks > av. > ___ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "f
Re: vlan without ip address
On Dec 19, 2011, at 12:52 AM, saeedeh motlagh wrote: > you're right but we can't assign tow parent interface to one vlan in > freebsd therefore i define two vlans with the one vlan id. > although we can do it by blow command but it's not work too: > ifconfig gbeth0.10 create > ifconfig msk0.10 create > ifconfig > gbeth0.10: flags=8842 metric 0 mtu 1500 >options=3 >ether 00:27:0e:03:4b:2f >media: Ethernet autoselect (1000baseT ) >status: active >vlan: 10 parent interface: gbeth0 > msk0.10: flags=8842 metric 0 mtu 1500 >options=100 >ether 00:30:4f:63:5a:bc >media: Ethernet autoselect (none) >status: active >vlan: 10 parent interface: msk0 > > you know when i define vlans with ip addressess they work as i expected but > i want to know if i can define vlan without ip address as the switch > beacuse i wanna configure a freebsd box as a real switch in my network. > maybe it's impossible to do that :( Take a few minutes to think out (and describe to us in detail if you really want useful input) your network topology. What interfaces do you have on the FreeBSD machine and what are they connected to? Which interfaces should carry tagged traffic? Which interfaces should carry untagged traffic? How many VLAN's exist? Which ones does the FreeBSD machine care about? (i.e. which ones will it be tagging/untagging for?) Traffic for other VLAN's can pass through the box but you don't need to create VLAN interfaces for them. You need VLAN interfaces only for those VLAN's where: The FreeBSD box itself should communicate on one or more specific VLAN's (and/or provide services, etc) -OR- The FreeBSD box is sending/receiving untagged traffic on one or more interfaces and should untag/tag it as needed for other hosts. Once you've got that figured out, configure your bridges and VLANs as follows: Any physical interface that carries traffic for multiple VLAN's should be considered a "trunk" port. Traffic on trunk ports is tagged. If you only have one trunk port, it shouldn't be in a bridge at all. If you have more than one, all of your trunk ports should be members of a single bridge (the "real" parent interfaces). If you don't want the FreeBSD box to do any tagging/untagging then you're done. However it sounds like that is not the case.. Now create VLAN interfaces off of the trunk bridge (or interface if just one) for only those VLAN's this machine cares about. For each VLAN that should do tagging/untagging for a physical interface, create a NEW bridge device. Add to the bridge the untagged physical interface(s) and the appropriate VLAN interface from the trunk. If the FreeBSD box itself needs to communicate on one or more specific VLAN's, configure it to do so using the bridge device created for that VLAN (if any) or the appropriate VLAN sub-interface of the trunk bridge (if not shared with any untagged physical interfaces). In short, you should only have ONE trunk device, whether it's a bridge or a single interface. You don't need to create a VLAN interface for VLAN's this machine doesn't care about. ALL of the VLAN sub-interfaces you do create should be children of the trunk device. VLAN's that have untagged interfaces should be in their own bridges with those interfaces. HTH, JN > On Sun, Dec 18, 2011 at 10:52 PM, Alexander Lunev wrote: > >> first of all, you should name and number you vlan same, if it's clan10 >> on the one side, then it's vlan10 on the other side and in betweeen. >> then (though you have to do it first of all), you should understand >> how vlan's work, and after that connect ports to each other according >> to your scheme. >> >> >> -- >> your sweet isn't ready yet >> >> >> >> On Sun, Dec 18, 2011 at 10:01 AM, saeedeh motlagh >> wrote: >>> i have 3 freebsd system: 0.28 , 0.25 and 0.12 which 28 is assumed to be >>> switch here. one interface of 28 is connected to 25 and the other >> interface >>> of 28 is connected to 12. as mentioned below, i've defined two vlan10 and >>> 11 with the same vlan id on the 28 and bridge them. >>> now i can't ping 0.25 from 0.12. what's wrong here? should i define >> vlan10 >>> on 12 and 25? >>> please tell me if i'm misunderstanding. >>> this is the ifconfig for 0.28: >>> vlan10: flags=8943 >> metric 0 >>> mtu 1500 >>> options=3 >>> ether 00:27:0e:03:4b:2f >>> media: Ethernet autoselect (1000baseT ) >>> status: active >>> vlan: 10 parent interface: gbeth0 >>> vlan11: flags=8943 >> metric 0 >>> mtu 1500 >>> options=100 >>> ether 00:30:4f:63:5a:bc >>> media: Ethernet autoselect (none) >>> status: active >>> vlan: 10 parent interface: msk0 >>> bridge0: flags=8843 metric 0 mtu >>> 1500 >>> ether d6:c4:f6:0f:5e:4f >>> id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 >>> maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 >>> root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 >>> member: vlan11 flags=143 >>> ifmaxaddr 0 port 6 p
Fwd: using ConnectX card as Ethernet (mlxen)
No takers on -current, anyone on -net know how to do this? Begin forwarded message: > From: John Nielsen > Subject: using ConnectX card as Ethernet (mlxen) > Date: September 24, 2012 10:37:30 AM MDT > To: freebsd-curr...@freebsd.org > > I have a machine running "FreeBSD 10.0-CURRENT #0 r240887" amd64 with two > ConnectX (InfiniBand) cards. Relevant bits of dmesg and pciconf -lv below. > The cards are connected directly to a 10GB Ethernet switch so I need to run > them in "eth" mode rather than "ib". Unfortunately they come up in "ib" mode > and I don't know how to change it. > > The same hardware works fine under CentOS 6.3, though I need to manually set > the cards to 'eth' there as well (which I do using a 'connectx_port_config > script from Mellanox that twiddles the mlx4_port1 entries under /sys (sysfs). > Under FreeBSD I see these sysctls but I can't set them to 'eth' either via > /boot/loader.conf or by sysctl after boot, with or without mlxen and/or > mlx4ib loaded: > sys.device.mlx4_core0.mlx4_port1: ib > sys.device.mlx4_core1.mlx4_port1: ib > > Assuming mlxen is actually supported, how do I configure the card so it will > attach? > > > mlx4_core0: mem 0xdfa0-0xdfaf,0xdd80-0xddff irq > 32 at device 0.0 on pci4 > mlx4_core: Mellanox ConnectX core driver v1.0-ofed1.5.2 (August 4, 2010) > mlx4_core: Initializing mlx4_core > mlx4_en: Mellanox ConnectX HCA Ethernet driver v1.5.2 (July 2010) > mlx4_en mlx4_core0: UDP RSS is not supported on this device. > mlx4_core1: mem 0xdf90-0xdf9f,0xdd00-0xdd7f irq > 42 at device 0.0 on pci7 > mlx4_core: Initializing mlx4_core > > mlx4_core0@pci0:4:0:0:class=0x0c0600 card=0x002215b3 chip=0x673c15b3 > rev=0xb0 hdr=0x00 >vendor = 'Mellanox Technologies' >device = 'MT26428 [ConnectX VPI PCIe 2.0 5GT/s - IB QDR / 10GigE]' >class = serial bus > mlx4_core1@pci0:7:0:0:class=0x028000 card=0x001715b3 chip=0x100315b3 > rev=0x00 hdr=0x00 >vendor = 'Mellanox Technologies' >device = 'MT27500 Family [ConnectX-3]' >class = network > > Thanks, > > JN ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: divert rewrite
On Feb 5, 2011, at 8:42 PM, Julian Elischer wrote: > if you have ipv6 connectivity and experience, I have no experience or > connectivity, with it so > I'll be coding blind and will need a tester. > If you have an application for IPV6 testing that would be even better. > Divert is often used for NAT but that doesn't seem very useful for IPv6 and > natd doesn't support it anyhow. The connectivity bit is easily remedied: I've used http://tunnelbroker.net/ with a FreeBSD router/firewall with good success. Free IPv6 uplink over a gif IPv4 tunnel. JN ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: netflix from japan
On Jul 23, 2011, at 3:38 PM, Randy Bush wrote: > netflix streaming is not allowed to japan where we live. i can tunnel > to a server in one of my racks in the states. the tokyo border is a > soekris running FreeBSD 8. it will kinda look like > > .--. > | | > | b --wlan0| .. Apple TV > | r| >WAN IIJ| i --- vr1| >PPP/NAT ---|vr0[PPPoE][ppp]tun0--d| 192.168.0.0/24 > Public IP Addr | g --- vr2| LAN hosts, > | e| DHCP Clients > | 0 --- vr3| ... > | | > `--' > > --- > >% cat /etc/ppp/ppp.conf >iij: > set device PPPoE:vr0 > set MRU 1454 > set MTU 1454 > accept CHAP > enable lqr > add default HISADDR > nat enable yes > nat port tcp 192.168.0.33:51332 51332 > nat port udp 192.168.0.33:51332 51332 > nat port tcp 192.168.0.12:22 42022 > set authname foo > set authkey bar > > --- > > there seem to be at least two sets of problems > > o what are the ip addys and ports involved in netflix streaming set-up >and delivery? > > o how to tunnel just those to/from a server in the states? > > anyone with suggestions? I use my FreeBSD router at home for similar purposes from time to time (getting past draconian firewalls, working around various types of broken-ness in public WiFi networks, etc). I don't have many specific comments on your setup outlined above, but I hope that outlining my approach will give you some ideas. On the side with "good" (unrestricted, etc) connectivity (home, in my case): FreeBSD router w/ public IP. NAT - I use IPFW but any solution should work OpenVPN running as a TCP server on port 443 (for maximum chance of being reachable through draconian firewalls). Other VPN / tunneling solutions should work here. For some types of traffic (like streaming video) TCP is not ideal so if you don't have firewall issues use UDP and a more standard port. NAT should be configured to work with VPN traffic. On the restricted/broken side: Any computer/OS that supports OpenVPN or whatever VPN/tunneling solution you use (FreeBSD, Linux, Mac, Windows, jailbroken iPhone...). This can be set up on a single device (laptop, etc) or on a router/gateway machine so the whole network benefits. For somewhat restrictive but otherwise decent networks: Establish VPN connection Add static route(s) for restricted IP's using VPN server internal IP For really broken networks, route ALL traffic through VPN: Use IP (not DNS name) for server in VPN config) Establish VPN connection Add static route using local gateway for VPN server external IP Delete existing (local) default gateway Add VPN server internal IP as default gateway Use VPN server or other known good server for DNS There are some in-between combinations as well; just make sure to think about DNS and leave a working route for your VPN packets to follow. Works like a charm, but keep in mind that the VPN download speed is the server side's upload speed. More of an issue for my home connection than for a datacenter link I imagine. To get your questions answered I would suggest setting up a general solution (get the VPN/tunnel and NAT working between your two gateways) and then do some experimenting. You could maybe start by forwarding all traffic from the LAN over the tunnel, start tcpdump on your local gateway, and fire up a show on the Apple TV. Then analyze the result--pay attention to the DNS requests as well as the actual data streams. Probably easiest just to identify the IP's being used then use whois to extrapolate them to IP blocks. Add static routes that use your tunnel for the IP ranges you identify. Repeat as needed. If you want to be more specific than that (route based on LAN source IP or specific IP/port combinations) you should look in to using setfib and friends (possibly within your firewall ruleset). HTH, JN ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Is 802.11n rate control being worked on?
I am working on a network scenario which would benefit greatly from the MIMO features and higher bandwidth of 802.11n. It's my understanding that 11n is not fully supported in FreeBSD since there is no appropriate rate control algorithm in the tree. Is that still the case? I would _really_ like to run FreeBSD for this project, and I believe the Atheros wireless cards I plan to use are supported by ath(4). I'd like to find out what else needs to happen to complete the picture. I may even go so far as to write some code myself. :) Is anyone working on this at the moment? Is it just the rate control that needs to be done or are there other parts involved? Is MIMO separate? Is there a detailed description of the missing pieces somewhere? Or a not-very-detailed summary of where to look and what to read to get started? Thanks, JN ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Is 802.11n rate control being worked on?
On Sep 8, 2010, at 8:32 AM, Rui Paulo wrote: > On 7 Sep 2010, at 19:41, John Nielsen wrote: > >> I am working on a network scenario which would benefit greatly from the MIMO >> features and higher bandwidth of 802.11n. It's my understanding that 11n is >> not fully supported in FreeBSD since there is no appropriate rate control >> algorithm in the tree. Is that still the case? > > I've worked on supporting 11n on ath_rate_sample but it's incomplete. > >> >> I would _really_ like to run FreeBSD for this project, and I believe the >> Atheros wireless cards I plan to use are supported by ath(4). I'd like to >> find out what else needs to happen to complete the picture. I may even go so >> far as to write some code myself. :) >> >> Is anyone working on this at the moment? > > Not really, I did some work in the past, but it's incomplete. > >> >> Is it just the rate control that needs to be done or are there other parts >> involved? Is MIMO separate? > > We have MIMO on some non-Atheros drivers, but one of these drivers (Ralink > 11n) is not yet in the tree. That would be interesting to look at. Is the code somewhere publicly available? Is it slated to hit the tree soon? >> Is there a detailed description of the missing pieces somewhere? Or a >> not-very-detailed summary of where to look and what to read to get started? > > Not really. There's some interest from other FreeBSD committers to get this > going, so I'll let them chime in. Surprisingly silent so far. Is there a better list to post this to? Thanks, JN ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Is 802.11n rate control being worked on?
On Sep 14, 2010, at 11:16 PM, Adrian Chadd wrote: > I'm working on bringing over the changes from Linux ath9k into our > HAL. I'm slowly starting on bringing over simple bits and pieces but I > hope to eventually be able to bring over large chunks of the hardware > fiddling almost untouched. Since the current open Atheros development > by people with the docs is occuring in linux ath9k, being able to sync > against that is high up on my todo list. Sounds like a plan. The rate control is separate from the HAL, correct? Would you be working on that as well? > Rui told me his main problem was lacking in reliable driver code to > actually make/receive 11n frames reliably. I'm hoping to just lift the > ath9k hardware code but that doesn't help with the needed net80211 > changes to support 11n. These would be driver-independent net80211 changes? > If you're happy to take over rui's 11n work, I'm happy working on > porting over ath9k driver/rate changes. I'm definitely happy to look at it. I'll wait until I know just how far over my head this project is and how much time I'll have for it before I commit to it though. :) What still needs to happen for 11n in net80211? Are any of MIMO, 40MHz channels, 5GHz operation, etc candidates for common code or is all of that handled in the driver? > On 8 September 2010 20:32, Rui Paulo wrote: >> On 7 Sep 2010, at 19:41, John Nielsen wrote: >> >>> I am working on a network scenario which would benefit greatly from the >>> MIMO features and higher bandwidth of 802.11n. It's my understanding that >>> 11n is not fully supported in FreeBSD since there is no appropriate rate >>> control algorithm in the tree. Is that still the case? >> >> I've worked on supporting 11n on ath_rate_sample but it's incomplete. >> >>> >>> I would _really_ like to run FreeBSD for this project, and I believe the >>> Atheros wireless cards I plan to use are supported by ath(4). I'd like to >>> find out what else needs to happen to complete the picture. I may even go >>> so far as to write some code myself. :) >>> >>> Is anyone working on this at the moment? >> >> Not really, I did some work in the past, but it's incomplete. >> >>> >>> Is it just the rate control that needs to be done or are there other parts >>> involved? Is MIMO separate? >> >> We have MIMO on some non-Atheros drivers, but one of these drivers (Ralink >> 11n) is not yet in the tree. >> >>> >>> Is there a detailed description of the missing pieces somewhere? Or a >>> not-very-detailed summary of where to look and what to read to get started? >> >> Not really. There's some interest from other FreeBSD committers to get this >> going, so I'll let them chime in. >> >> Regards, >> -- >> Rui Paulo >> >> >> ___ >> freebsd-net@freebsd.org mailing list >> http://lists.freebsd.org/mailman/listinfo/freebsd-net >> To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" >> > ___ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" > ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Extending dummynet/ipfw
On Sep 27, 2010, at 11:20 AM, Paul Joe wrote: > I have attached a patch which allows to do flow classifications in userland > (e.g based on url categories, LDAP users) > and do bandwidth control in kernel(dummynet). > > The patch has > > a) a setsocketopt, to associate a pipe to the socket. > > b) an ipfw option(sockarg) to redirect flows to corresponding pipe. > > Moreover, a member uint32_t is added to struct socket to hold the pipe info. > > I guess this structure is not part of kernel userland ABI. > > Please let me know your comments, which I would be glad to incorporate This is something I have wished for in the past so I'm glad to see it. I'd love to test it but I'm not sure what to do, especially on the userland side. Could you post a simple ipfw ruleset that uses your patch along with directions or a simple example program for doing the userland classification? Thanks! JN ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: When to use and not use divert/natd ...
On Sep 5, 2014, at 9:15 PM, John Case wrote: > For many years I would build FreeBSD firewalls and they would be very, very > simple - I just set gateway_enable="yes" in rc.conf and everything just > worked. > > However, these firewalls *always* had real, routable IPs no both sides. Both > interfaces had real, routable IPs. > > Now I have a firewall that has two non-routable IPs for its interfaces, and > is connected to a internet router with the real IP. When I try to builda > very simple firewall it does not work, and I am forced to use ipdivert and > natd. > > If I use ipdivert and natd, it works just fine. > > So, am I correct that I can create a simple gateway without natd/divert as > long as both interfaces are real IPs, but if both interfaces are non-routable > IPs, I am forced to use divert/natd ? Just think about the 'routing' aspect. In your current scenario it sounds like the Internet-connected device is doing NAT. It knows about its public IP and its private subnet. It sounds like you have a second private subnet behind your FreeBSD machine about which the Internet-connected device knows nothing. For packets to get from the Internet-connected device to your second subnet one of two things needs to happen: 1) The Internet-connected device has a static route to the second subnet (so it knows to use your FreeBSD machine as the gateway), or 2) The FreeBSD machine performs NAT (a second time), so the Internet-connected device send traffic to it even though it knows nothing about the subnet behind it. I would prefer 1) as it's simpler and double-NAT isn't generally a good thing. However, if you don't have a way to add a route to the Internet-connected device then 2) isn't necessarily bad. In your previous all-routable-IPs setups something was presumably advertising the route for you. The new setup isn't much different in principle. JN PS: Using the in-kernel NAT with IPFW is simpler and more efficient than using natd... ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Can DUMMYNET handle weighting of traffic according to firewall rules?
On Dec 12, 2014, at 8:23 AM, Brett Glass wrote: > At 03:06 AM 12/12/2014, Luigi Rizzo wrote: > >> you can set the limit for the pipe, create two queues with different >> weights attached to the pipe, and then schedule. >> >> ipfw pipe 12 config bw 3456 Kbit/s >> ipfw queue 34 config weight 2 pipe 12 >> ipfw queue 56 config weight 1 pipe 12 >> ipfw add queue 34 in recv halfduplexlink0 >> ipfw add queue 56 out xmit halfduplexlink0 > > Alas, as I understand it (and also based on my empirical tests), this will > give downstream traffic priority but will still let the same amount of > upstream traffic through per second if there is no downstream traffic... > because the capacity of the pipe is still the same. What I want to do is have > the pipe, not the queue, weight the upstream traffic twice as heavily. Is there a reason you can't use a separate pipe for each direction? ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
IPv6 multicast routing
Hi all- Does anyone do IPv6 multicast routing on FreeBSD? If so, what software do you use? Any caveats or other things to be aware of? The only options I have seen are all in net/mcast-tools and I'm having some trouble with each of them. I do have "options MROUTING" in my kernel and IPv6 forwarding enabled on each host. I've had the best luck with "mfc": I can get packets to traverse a single router. However I can't get them to traverse a second one in either direction (though that may or may not be a problem with mfc itself). The big downer of course is that each unicast source and multicast destination has to be explicitly spelled out in each direction in the config file. Not at all scalable and not compatible with the auto-configuration goals of my project. The one I think I'd like to use is pim6sd. However I have had no luck with either it or pim6dd. Both will run but not pass packets, and they each complain that they cannot assign the requested ff02::2 address on either interface. Any advice or suggestions appreciated. JN ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Does "setfib" in ipfw forces to re-route packet?
On Feb 1, 2015, at 3:23 PM, Lev Serebryakov wrote: > "man 8 ipfw" doesn't state, that setting new fib on "out" packet > (whrn routing decision is done and output interface is known) change > routing decision: > > ""The packet is tagged so as to use the FIB (routing table) fibnum in > any subsequent forwarding decisions."" > > But according to ip_output.c (around line 527) "setfib" FORCES to > make NEW decision! > > Do I read sources right? Maybe, wording in ipfw(8) should be changed? AFAIK, ipfw's setfib can only be usefully applied to incoming packets (before a routing decision is made) that are passing through (and not destined for) the FreeBSD machine as a router. For locally-originated traffic you need to either start your application(s) using setfib(1) to begin with or use ipfw fwd rules to redirect the traffic (which essentially ignores the original routing decision). Be warned that FreeBSD 10.0 had a bug which broke ipfw fwd (see the errata). I use the latter on a multi-homed non-router machine. $IP1/$CIDR1 is assigned to $IF1, and $GW1 is the default route for the system (just one FIB). $IP2/$CIDR2 is assigned to $IF2, and I'd like traffic originating from $IP2 to use $GW2 instead of $GW1. $LOCALTABLE is an ipfw table containing directly-connected subnets (traffic for which does not need to be routed). ipfw table $LOCALTABLE add $IP1/$CIDR1 ipfw table $LOCALTABLE add $IP2/$CIDR2 ipfw table $LOCALTABLE add 127.0.0.0/8 ... ipfw fwd $GW2 ip from $IP2 to not "table($LOCALTABLE)" out via $IF1 JN ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: vlan+bridge questions
> On Aug 14, 2015, at 11:57 AM, Hooshang F wrote: > > We need to install a freebsd firewall (pf). The freebsd > box needs to be placed in bridge mode in the middle of a VLAN truck > link between 2 Cisco switches. The em0 and em1 ports > are connected to the trunk ports on the 2 switches. > > We are going to: > > 1- Define two vlan interfaces for vlan id X. >one with em0 as parent and the other on top of em1. > 2- Create a bridge interface. > 3- Add the two vlan interfaces as members of the bridge. > 4- Repeat 1-3 for every vlan id used in the network. > > 2 questions: > > 1- Is not there a simpler method which does not involve creating so >many vlans & bridges? For instance, is it possible to have >a truck interface which accepts 'all' vlan IDs (like cisco) instead >of creating two vlan interface per ID? > > 2- How the untagged traffic should be bridged? Cisco switches > send out packets untagged if vlan ID is equal to the trunk port >'native' vlan id. To bridge this packets, we should create >a bridge with em0 and em1 as members, but that will >effectively disables bridging on vlan interfaces. Right? Same answer for both questions: bridge the parent interfaces. If you need vlan interfaces, create them as children of the single bridge interface. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: RFC7084 "Basic Requirements for IPv6 Customer Edge Routers"
Since FreeBSD is a general-purpose operating system, a fresh install with default options will certainly not meet all the requirements. However, from a quick read of the RFC it looks like it would be straightforward to configure a FreeBSD box to meet the requirements. For simple routing, the include rtadvd(8) may be adequate; however I am unsure if its behavior by default would meet req G-4 from 4.1. (If it doesn’t, a small script to add interfaces using rtadvctl once appropriate WAN routes are available would suffice.) FreeBSD does include a RIP6 routing daemon (route6d); other routing protocols are supported by third-party programs such as quagga or openbgpd. FreeBSD supports SLA but requires third-party software for DHCP6 client or server operation. Examples of such software include dhcp6, isc-dhcp43-client, and isc-dhcp43-server. Those are all the potential sticking points that stood out to me. On Aug 17, 2015, at 5:24 AM, Gary Palmer wrote: > > > > Hi, > > Does anyone know if FreeBSD 9.3 is compliant with RFC7034? > > Thanks, > > Gary > ___ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org" > ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Ubuntu-phone BQ as Wifi router to the Internet
On Oct 22, 2015, at 12:43 PM, Matthias Apitz wrote: > I have a mobile phone, a Ubuntu BQ which works really nice as any kind > of Linux box, SSH access etc. (not like this Android crap). > > At the moment I'm using my BQ as a router to the Internet as described > here: > https://gurucubano.gitbooks.io/bq-aquaris-e-4-5-ubuntu-phone/content/chapter4.html > i.e. via USB and tethering: > > FreeBSD-netbook ---(USB tethering)---> BQ ---(data mobile) ---> Internet > > I'd like to get rid of the USB cable and I'm thinking about the > following: > > My FreeBSD C720 netbook acts as an AP, the BQ connects, but all the routing > and > DNS is scripted the way that the traffic from the netbook goes over > Wifi to the BQ and from this to Internet; > I investigated the option and technical it seems to work once changed > routing etc. in the BQ; > > Any comments? Should work fine with static IPs, etc on the wireless subnet. Using DHCP will probably be problematic. ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: tap(4) and host-only networking between host and guest
On Nov 4, 2015, at 11:45 AM, Victor Sudakov wrote:
> Victor Sudakov wrote:
>> Julian Elischer wrote:
I am experimenting with bhyve which uses tap(4) for network access.
I don't want to bridge tap0 with any of the hosts's real NICs. How can
I create a private network just between the host and the guest?
>>> you are thinking too hard!
>>>
>>> tap IS the interface..
>>>
>>> ifconfig tap0 $address...
>>> and in the VM, ifconfig vtnet0 ${some_other_address}
>>
>> Thank you, Julian! It works. I felt I was missing something obvious.
>
> For some reason, after a guest is shutdown or rebooted, the IP address
> on the host's tap0 interface is deleted.
>
> It's kind of inconvenient.
What I have done in this scenario is create a bridge interface, assign the
host’s IP to the bridge, and add the tap as a member to the bridge.
___
freebsd-net@freebsd.org mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: USB wireless AP?
On Wednesday 23 April 2008 11:57:28 am Ivan Voras wrote: > I've found a perfect match for my needs: D-Link DWL-G122, with the > "rum" driver. Not a single problem so far, everything works as > documented. Truly a plug and play experience. > > I'm just curious about one more thing: I wish to set up a "b/g" > network, so both b and g devices can connect. Apparently this is set up > via the "mode" argument to ifconfig, which accepts "11g" and "11b" but > not the obvious "11bg". Any pointers on this? You can either omit the "mode" argument altogether and get both supported by default, or just specify "11g", which will also support both. I typically omit the mode unless I want to limit things to only 11b. JN ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Taking bhyve step forward enterprise grade
> On Mar 19, 2016, at 8:12 AM, Sami Halabi wrote: > > hi, > are there ongoing job on taking bhyve further steps toward enterprise scale > like: > 1. high availability, rules on vms (like affinity rules in vmware: eg an > app vm and sql vm go together...), vmotion... > 2. network virtualization like vmware nsx... The wiki pages probably the best place for general info on bhyve current and planned features: https://wiki.freebsd.org/bhyve Live migration is a planned feature. HA rules and other automation and orchestration are probably beyond the scope of what bhyve itself is aiming to achieve, though such features could easily be provided by additional scripts and tools. What specifically are you after in terms of network virtualization? Again, bhyve itself isn't intended to be a giant umbrella but FreeBSD does support many networking features which could support network virtualization (and which work fine with bhyve). JN ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Identify physical port given a network interface name on Dell PowerEdge servers?
> On Mar 29, 2016, at 3:42 PM, Pallav Bose via freebsd-net > wrote: > > Is there a way for me to identify which physical port corresponds to a given > interface name? For example, the input to my script/program is the network > interface name, like bge0/ix0, and the output is the physical port which maps > to this interface, like, LOM1/LOM2 or NIC1 port 1 (in case a NIC card is > attached via the PCI bus). This program/script will run on a Dell PowerEdge > server. > > LOM stands for LAN On Motherboard. It sounds like you're looking for something like Dell's biosdevname for Linux. I don't think such a thing exists on FreeBSD, but if you can figure out how to get it the same data should be available from the BIOS. I would start by scrutinizing the output of "dmidecode"; if it's in there then you can just parse it out for your script. If not, you can always dive through the source of biosdevname: http://linux.dell.com/git/biosdevname.git/ ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Identify physical port given a network interface name on Dell PowerEdge servers?
> On Mar 29, 2016, at 4:44 PM, John Nielsen wrote: > > >> On Mar 29, 2016, at 3:42 PM, Pallav Bose via freebsd-net >> wrote: >> >> Is there a way for me to identify which physical port corresponds to a given >> interface name? For example, the input to my script/program is the network >> interface name, like bge0/ix0, and the output is the physical port which >> maps to this interface, like, LOM1/LOM2 or NIC1 port 1 (in case a NIC card >> is attached via the PCI bus). This program/script will run on a Dell >> PowerEdge server. >> >> LOM stands for LAN On Motherboard. > > It sounds like you're looking for something like Dell's biosdevname for > Linux. I don't think such a thing exists on FreeBSD, but if you can figure > out how to get it the same data should be available from the BIOS. I would > start by scrutinizing the output of "dmidecode"; if it's in there then you > can just parse it out for your script. If not, you can always dive through > the source of biosdevname: > > http://linux.dell.com/git/biosdevname.git/ See also: https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/sec-Consistent_Network_Device_Naming_Using_biosdevname.html#sec-Consistent_Network_Device_Naming-System_Requirements I don't have access to a Dell box running FreeBSD but on a PowerEdge server running CentOS 6 this command looks like it returned all the raw info you would need to implement your own "biosdevname-lite". Specifically you could map the NIC number from the "Reference Designation" to its PCI bus address and then call it whatever you wanted: # dmidecode -t 41 # dmidecode 2.12 SMBIOS 2.6 present. Handle 0x2900, DMI type 41, 11 bytes Onboard Device Reference Designation: Embedded NIC 1 Type: Ethernet Status: Enabled Type Instance: 1 Bus Address: :01:00.0 Handle 0x2901, DMI type 41, 11 bytes Onboard Device Reference Designation: Embedded NIC 2 Type: Ethernet Status: Enabled Type Instance: 2 Bus Address: :01:00.1 [...] ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Bridge interface and ARP traffic
> On May 20, 2016, at 12:30 AM, Aqz wrote: > > Hello, > > I have a very strange issue with passing ARP traffic through bridge > interface. > I'm using FreeBSD 10.3-REL VMWare virtual machine as bridge between two > networks using the same IP address space. Bridge interface doesn't have IP > address assigned so it acts more like a switch between those two virtual > networks - let's call them NET and PUB. > Gateway for our network is in NET vlan, all the virtual machines are in the > PUB vlan. > > Traffic passes through this bridge, but there are few problems. > > I have to manually add static ARP table entries for gateway on all the > machines in PUB network - I can see ARP broadcasts from machines asking > where's the gateway, and the reply but only on one of bridged interfaces - > the one from NET side. The response is not visible on bridge interface, nor > the PUB vlan interface. > > Also, when I try to ping a machine that's in NET network from PUB network > all network traffic suddenly stops, even when I'm pinging some nonexistent > host. I have to use virtual console and ping for ex. DNS server, or any > internet host to make traffic start again. > > I'm not sure what I'm doing wrong - I've been using a similar configuration > before (with physical machines). > > Here's my ifconfig output http://aquaz.eu/bridgeifconfig.txt The first thing to check is the hypervisor. Do you have your VM configured to allow the NICs to use promiscuous mode? Is there any kind of IP/MAC matching or filtering going on? Next thing to check is firewall in the VM. Is IPFW or PF enabled? What is the output of "sysctl net.link.bridge" ? The ping problems are definitely weird, not sure what to think about that. JN ___ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
Re: Can't delete route
On Thursday 18 May 2006 11:31, Alexandre Biancalana wrote: > Hi List, > > Today I had to add a new route in the company gateway. So I ran the > command: > > # route add 128.110.0.0 255.255.0.0 10.0.0.17 > add net 128.110.0.0: gateway 255.255.0.0 > >Running netstat -nr I get the following: > > 0&0xa11255.255.0.0UGSc 15 332 fxp0 => > > this is incorrect, the interface should be fxp1 not fxp0 (that is the > default interface). And Why the destination network is 0&0xa11 and > not 128.110.0.0 > > > Trying to delete this route the follow error occur: > > # route delete -net 128.110.0.0 255.255.0.0 10.0.0.17 > route: writing to routing socket: No such process > delete net 128.110.0.0: gateway 255.255.0.0: not in table Try this: route delete -net 128.110.0.0 without any additional parameters. JN ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Gigabit Ethernet NIC with Jumbo Frame Support
On Friday 01 December 2006 21:11, Jim Pirzyk wrote: > I am looking for a recommendation for a card purchase of a Gigabit > Ethernet NIC that supports jumbo frames. Looking at the kernel, > the following drivers support jumbo frames; bce, bge, em, ixgb, > lge, nge, sk stge, and vge. What is perceived as the most stable, > best performing card and driver for FreeBSD RELENG_6 line? I have > multi TBs to back up from a SAN (via 2Gb Qlogic FC card) to a TSM > Server. We currently have the Broadcom BCM5750, but that chipset > does not support Jumbo Frames. The card itself needs to be PCI- > Express. At home I use an SMC card and an onboard Marvell chip on either end of a gig link with jumbo frames (mtu 9000) enabled. I've been quite happy with it; for random I/O intensive tasks I can't tell a difference between using an NFS mount and local storage. Both use the sk(4) driver. Watch out for newer Marvell chipsets that require the non-finished msk(4) driver. At work I use an em(4) Intel card, but don't have jumbo frames enabled. It performs well even so. Only some of the chipsets supported by the driver support jumbo frames. See the manpage for details. Unfortunately I'm not sure what's available as a PCI-e card. I expect you'll get additional responses, though. HTH, JN ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Wireless NIC recommendation
On Monday 15 January 2007 12:54, Lars Stokholm wrote: > Hi, I hope someone can help me with this, before I go mad (no pun > intended.) :) > > I was initially looking for a relatively cheap 54Mbps, 802.11g- and > WPA-capable network card, based on an Atheros chipset, but after > spending the whole of last night looking for one - to no avail - I gave up. > > I'm almost about to conclude that Atheros is not the way to go. So now I > want to know, if anyone can recommend ANY card, being cheap and > supporting the features mentioned above. I don't mind using NDIS, as > long as it works flawlessly. Also it would be good, if the card was a > popular one, so community support is more available. For driver support in FreeBSD, Atheros is definitely the way to go. Have you looked through the listings here? http://customerproducts.atheros.com/customerproducts/default.asp Also, you failed to mention what your definition of "cheap" is, and what form factor you're looking for (PCI, Cardbus, etc.) I would start with the listings at the link above and look through products from the cheaper-but-popular brands (D-Link, Belkin, Netgear, Linksys) to see if there are any you can currently buy within your price range. JN ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Wireless NIC recommendation
On Monday 15 January 2007 13:44, John Nielsen wrote: > On Monday 15 January 2007 12:54, Lars Stokholm wrote: > > Hi, I hope someone can help me with this, before I go mad (no pun > > intended.) :) > > > > I was initially looking for a relatively cheap 54Mbps, 802.11g- and > > WPA-capable network card, based on an Atheros chipset, but after > > spending the whole of last night looking for one - to no avail - I gave > > up. > > > > I'm almost about to conclude that Atheros is not the way to go. So now I > > want to know, if anyone can recommend ANY card, being cheap and > > supporting the features mentioned above. I don't mind using NDIS, as > > long as it works flawlessly. Also it would be good, if the card was a > > popular one, so community support is more available. > > For driver support in FreeBSD, Atheros is definitely the way to go. Have > you looked through the listings here? > > http://customerproducts.atheros.com/customerproducts/default.asp > > Also, you failed to mention what your definition of "cheap" is, and what > form factor you're looking for (PCI, Cardbus, etc.) I would start with the > listings at the link above and look through products from the > cheaper-but-popular brands (D-Link, Belkin, Netgear, Linksys) to see if > there are any you can currently buy within your price range. The Netgear WG311T seems like a widely available decent bet for ~$50 USD. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Wireless NIC recommendation
On Monday 15 January 2007 15:54, Lars Stokholm wrote:
> John Nielsen wrote:
> > On Monday 15 January 2007 12:54, Lars Stokholm wrote:
> >> Hi, I hope someone can help me with this, before I go mad (no pun
> >> intended.) :)
> >>
> >> I was initially looking for a relatively cheap 54Mbps, 802.11g- and
> >> WPA-capable network card, based on an Atheros chipset, but after
> >> spending the whole of last night looking for one - to no avail - I gave
> >> up.
> >>
> >> I'm almost about to conclude that Atheros is not the way to go. So now I
> >> want to know, if anyone can recommend ANY card, being cheap and
> >> supporting the features mentioned above. I don't mind using NDIS, as
> >> long as it works flawlessly. Also it would be good, if the card was a
> >> popular one, so community support is more available.
> >
> > For driver support in FreeBSD, Atheros is definitely the way to go. Have
> > you looked through the listings here?
> >
> > http://customerproducts.atheros.com/customerproducts/default.asp
>
> Wow, I actually think I found a card there, that is guaranteed to work.
> Is this really the end of all my struggles? :) For only 50 USD. There
> seem to be only one version of the card.
>
> http://www.dlink.com/products/?pid=12
> http://edbpriser.dk/Products/Listprices.asp?ID=38373 (in Danish)
>
> The two cards /are/ the same, right?
This is actually the card I have and use in my FreeBSD box as an access point
(I didn't know it was still available or I would have said so sooner.) Yes,
they should be the same.
There is an early revision ("A1") card of the same name that actually used a
non-Atheros chip, but anything you buy today should be "B" or "C" and work
fine. I have the "B" revision.
Check out the D-Link website (pretend like you're looking for a Windows
driver) for slightly more information on the different revisions and how to
identify them.
> Also, it says 108Mps? Does it matter that my AP is only 54Mbps?
Shouldn't matter at all. 108Mbps is often advertised and rarely
used/practical. The idea is to use two 54Mbps streams at once. You need to
have a card (and driver) that suport it ("Super-G" or "Extreme-G"), an AP
that supports it and that acknowledges that your card supports it, and little
to no other traffic or interference, since most AP's will automatically fall
back to 54Mbps at the drop of a hat. I'm not sure if ath(4) supports it or
not, but I've never really cared too much.
JN
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: Traffic between cxgbe VFs and/or PF on a host
On Oct 11, 2024, at 6:21 PM, Navdeep Parhar wrote:On Fri, Oct 11, 2024 at 3:56 PM John Nielsen <li...@jnielsen.net> wrote: I’m running a FreeBSD 14-STABLE host with a Chelstio T520. I have a bhyve VM (also running 14-STABLE) to which I have assigned a VF of the NIC. That is all working as expected; the host can pass traffic using the PF cxl0 and the guest can pass traffic using the VF cxlv0. However the host cannot communicate with the guest. I am looking in to the possibility of enabling 802.1qbg / VEPA / reflective relay on the switch port but I’d like to know if the T5 can do that switching itself without sending the packets over the wire. The marketing material says the card "integrates a high performance packet switch” but I don’t know how to configure that functionality on FreeBSD or if this use case is supported. Can anyone shed some light on that?The PF driver's tx bypasses the internal switch by default and is not visible to the VFs because of that. Set this knob to force it go through the switch. hw.cxgbe.tx_vm_wr Setting this to 1 instructs the driver to use VM work requests to transmit data. This lets PF interfaces transmit frames to VF interfaces over the internal switch in the ASIC. Note that the cxgbev(4) VF driver always uses VM work requests and is not affected by this tunable. The default value is 0 and should be changed only if PF and VF interfaces need to communicate with each other. Different interfaces can be assigned different values using the dev..X.tx_vm_wr sysctl when the interface is administratively down. Thank you! That indeed works as described. I did scan the man page before posting but obviously could have benefited from closer study. I appreciate you pointing me in the right direction.Out of curiosity is there any practical difference (performance; security, etc) between setting this knob and just using an additional VF for the host rather than the PF (aside from being one less VF available for use elsewhere)?JN
Traffic between cxgbe VFs and/or PF on a host
Hi- I’m running a FreeBSD 14-STABLE host with a Chelstio T520. I have a bhyve VM (also running 14-STABLE) to which I have assigned a VF of the NIC. That is all working as expected; the host can pass traffic using the PF cxl0 and the guest can pass traffic using the VF cxlv0. However the host cannot communicate with the guest. I am looking in to the possibility of enabling 802.1qbg / VEPA / reflective relay on the switch port but I’d like to know if the T5 can do that switching itself without sending the packets over the wire. The marketing material says the card "integrates a high performance packet switch” but I don’t know how to configure that functionality on FreeBSD or if this use case is supported. Can anyone shed some light on that? The other alternative would be to wire up the second port but if I can get away with not needing to use another SFP+ port on the switch for this that would be ideal. Thanks! JN
Re: EFI boot with iPXE
> On Nov 7, 2024, at 1:23 PM, Peter Blok wrote: > > I have tried to boot over iSCSI using PXE using the ports isboot-kmod. It > worked after many tries, but it is not automatic yet. > > At the loader.efi prompt I do: > set currdev=zfs:zroot/ROOT/default: > load /boot/kernel/kernel > load /boot/kernel/opensolaris.ko > load /boot/kernel/zfs.ko > load /boot/kernel/acpi_wmi.ko > load /boot/kernel/smbus.ko > load /boot/kernel/ichsmb.ko > load /boot/kernel/uhid.ko > load /boot/kernel/wmt.ko > load /boot/kernel/iscsi.ko > load /boot/modules/isboot.ko > boot > > And it starts. There is no local storage so everything is really coming over > the net. > > Obviously it doesn’t read what is in loader.conf and I’m puzzled what the > boot flow is once you have loader.efi loaded. I can put currdev in loader.env > but it doesn’t set it although set qqq=something shows up when I type show, > so I have the right file. > > How can I boot without having to type the commands? Typically all you need to do is add the following to /boot/loader.conf after installing the isboot port: isboot_load="YES” From there it’s up to the boot firmware (iPXE in your case) to make the initial connection to the target, populate the iBFT, load the boot blocks and perform the early boot. The loader uses the iSCSI disk just like a local disk to do its job including load the kernel and modules (including isboot) in to memory. When the kernel begins execution it probes devices and eventually gets to isboot. If isboot locates a valid iBFT it will parse it and use that information to re-establish the connection with the iSCSI target (as well as bring up the needed network interface etc). From there the iSCSI volume(s) should be available as regular da(4) devices and boot continues like it would on any other type of storage. The root volume being ZFS adds some moving parts but there’s no reason it wouldn’t work. If you can, try to replicate your setup using local storage. Once that is working then you just need to add iPXE and the single line above to loader.conf. JN
cxgbe VF vs multicast
Hi-
I just moved my router VM from a bridge + virtio setup to using a VF (virtual
function) on my Chelsio T520-LL-CR to improve performance. It’s working
beautifully for the most part, but I have noticed two things that aren’t, both
related to multicast.
First, when using dhcpcd to assign IPv6 addresses to my LAN VLAN interfaces, I
get this spammed repeatedly on the console for both VLANs where I use prefix
delegation:
kernel: cxlv0.2: a looped back NS message is detected during DAD for [address].
Another DAD probes are being sent
I was able to work around that (I think?) by setting
"net.inet6.ip6.dad_count=0” in /etc/sysctl.conf (as hinted in
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=270859 talking about an mlx5
VF).
Second, CARP no longer works. At all. I turned off the peer completely but the
interfaces never came out of the BACKUP state. For now I have removed CARP from
the setup.
Both IPv6 address assignment and CARP were working correctly in the previous
setup.
Is the VF receiving its own multicast packets back from the PF or virtual
switch in the T5? That would explain both issues. In any case, is there
anything I can do about it?
Both host and guest are FreeBSD 14-stable. In addition to the T5 VF the host
passes through an em interface to the guest entirely.
Config excerpts from both machines below. Any help/insight appreciated. Thanks!
-John
On the host I have:
#/boot/loader.conf
vmm_load="YES"
hw.vmm.amdvi.enable="1"
pptdevs="14/0/0” #em0
hw.cxgbe.tx_vm_wr=“1” #allow PF to talk to VF
#/etc/rc.conf
ifconfig_cxl0="up"
vlans_cxl0="2 104"
ifconfig_cxl0_2="inet ${ADDR2}/24"
ifconfig_cxl0_2_ipv6="inet6 accept_rtadv auto_linklocal"
ifconfig_cxl0_104="inet ${ADDR104}/24"
iovctl_files="/etc/iov/cxl0.conf"
#/etc/iov/cxl0.conf
PF {
device : cxl0
num_vfs : 1
}
VF-0 {
passthrough : true;
}
On the guest I have:
#/boot/loader.conf
if_cxgbev_load="YES"
net.inet.ip.fw.default_to_accept=“1” #allow dhcp6 before ipfw ruleset is loaded
#/etc/rc.conf
ifconfig_cxlv0="up"
vlans_cxlv0="2 98 103"
ifconfig_cxlv0_2="inet ${MY_IP}/24"
ifconfig_cxlv0_2_ipv6="inet6 auto_linklocal" # set from dhcpcd via prefix
delegation
#ifconfig_cxlv0_2_alias0="inet vhid 1 advskew ${MY_SKEW} pass ${PASS} alias
192.168.2.1/32"
ifconfig_cxlv0_2_alias0="inet alias 192.168.2.1/32"
#ifconfig_cxlv0_103="inet vhid 2 advskew ${MY_SKEW} pass ${PASS}
192.168.103.1/24"
ifconfig_cxlv0_103="inet 192.168.103.1/24"
#ifconfig_cxlv0_98="inet vhid 3 advskew ${MY_SKEW} pass ${PASS} 192.168.98.1/24"
ifconfig_cxlv0_98="inet 192.168.98.1/24"
ifconfig_cxlv0_98_ipv6="inet6 auto_linklocal"
rtadvd_interfaces="cxlv0.2 cxlv0.98"
dhclient_program="/usr/local/sbin/dhcpcd"
#/etc/sysctl.conf
net.inet.carp.preempt=1
net.inet6.ip6.dad_count=0
#/usr/local/etc/dhcpcd.conf
duid
persistent
vendorclassid
option classless_static_routes
option interface_mtu
option rapid_commit
require dhcp_server_identifier
slaac hwaddr
allowinterfaces em0
waitip 4
waitip 6
nodelay
timeout 10
interface em0
ia_na
ia_pd 1/::/64 cxlv0.2/0/64/1
ia_pd 2/::/64 cxlv0.98/0/64/1
