Re: Machine becomes non-responsive, only ^T shows it as alive under l oad: IPFW, TCP proxying
On Wednesday, Oct 23, 2002, at 19:41 US/Pacific, Don Bowman wrote: I have an application listening on an ipfw 'fwd' rule. I'm sending ~3K new sessions per second to it. It has to turn around and issue some of these out as a proxy, in response to which some of them the destination host won't exist. I have RST limiting on. I'm seeing messages like: Limiting open port RST response from 1312 to 200 packets per second come out sometimes. After a while of such operation (~1/2 hour), the machine becomes unresponsive: the network interfaces no longer respond, the serial console responds to ^T yielding a status line, but ^C etc do nothing, and the bash which was there won't give me a prompt. ^T indicates my bash is running, 0% of CPU in use, etc. I have no choice but to power-cycle it. Any suggestions for how one would start debugging this to find out where its stuck, and how? At a guess, you need to tune the state-table retention time down. KeS To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Annoying ARP warning messages.
I have two systems connected through a common network (switch). They each have two NICs, with one addressed on one IP network and the second on another. IP works fine. My problem is that the kernel keeps bitching about seeing the same MAC addresses on both interfaces: Oct 26 06:15:03 babelfish /kernel: arp: 192.168.168.101 is on em0 but got reply from 00:30:65:00:e6:e6 on xl0 (Last message repeated ad nauseum) Any way of shutting the damn thing up? KeS To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Annoying ARP warning messages.
On Saturday, Oct 26, 2002, at 14:28 US/Pacific, Don Bowman wrote: systcl net.link.ether.inet.log_arp_wrong_iface=0 Gee, why didn't that permutation of keystrokes occur to me? ;) Thanks. KeS To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Annoying ARP warning messages.
On Saturday, Oct 26, 2002, at 16:20 US/Pacific, Julian Elischer wrote: On Sat, 26 Oct 2002, Don Bowman wrote: Kevin Stevens wrote: I have two systems connected through a common network (switch). They each have two NICs, with one addressed on one IP network and the second on another. IP works fine. My problem is that the kernel keeps bitching about seeing the same MAC addresses on both interfaces: well, WHY is it seeing the same MA addresses on both interfaces? Because they're on the same network, as described above. Is this your attempt to get more throughput using 2 logical nets through the same switch? No. I'd fork out the extra $5 for switched cable and connet them together directly and bypass the switch (for teh 2nd link) (probably faster too) Then you'd be as unsuccessful at meeting my requirements as you've been unresponsive to the question I asked. Fortunately Mr. Bowman promptly gave me the answer below, which is exactly what was needed. KeS Oct 26 06:15:03 babelfish /kernel: arp: 192.168.168.101 is on em0 but got reply from 00:30:65:00:e6:e6 on xl0 systcl net.link.ether.inet.log_arp_wrong_iface=0 --don ([EMAIL PROTECTED] www.sandvine.com p2p) To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Annoying ARP warning messages.
On Saturday, Oct 26, 2002, at 20:24 US/Pacific, Julian Elischer wrote: Don't get snooty.. the question is :"why do you want to do that? Is it to get more bandwidth? The answer is: None of your business. It was a simple technical question, to which I was given a simple technical answer, which made me warm and fuzzy and happy all over. There's no need to answer your irrelevant questions. If you don't think my response is polite and friendly - well, you're the one who challenged the design without knowing the requirements, which is fairly rude to begin with. Is this your attempt to get more throughput using 2 logical nets through the same switch? No. ok, then. "why?" See above. I'd fork out the extra $5 for switched cable and connet them together directly and bypass the switch (for teh 2nd link) (probably faster too) Then you'd be as unsuccessful at meeting my requirements as you've been unresponsive to the question I asked. Well since you don;t SAY what your requirements are, I can only try guess.. and as you have now said hta tit is not the only valid reason I can think of, I can;t think of any other reason to do what you are trying to do. I can think of a lot of reasons to have multiple physical interfaces on the same network. I didn't ask for a critique of the solution design, I asked how to stop the kernel messages. If you knew the answer, why didn't you give it? Since you apparently didn't know the answer, why didn't you simply hold your peace? Fortunately Mr. Bowman promptly gave me the answer below, which is exactly what was needed. which is fine but I'm stilll puzzled as to why someone would want to do that if it's not to get extra bandwidth. While you're cogitating, you might ask yourself why there actually exists a sysctl switch for that setting. Apparently other people have the need to use it as well. KeS To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: Annoying ARP warning messages.
On Saturday, Oct 26, 2002, at 21:36 US/Pacific, Don Bowman wrote: This can also be seen, believe it or not, on a routed network, if you have something like spanning tree protocol which hasn't converged yet, but has been set for rapid convergence (which assumes the path isn't a loop until it discovers otherwise). Routers and switches are merging. --don ([EMAIL PROTECTED] www.sandvine.com p2p) Which is an evil all unto itself - my brain still locks up when Cisco references "layer 3 switching". ;) I've got some interesting scars from a scenario where HSRP on a distribution router set was flapping due to misconfigured spanning tree roots on multiple access switches. KeS To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Dual Networks - Was: Annoying ARP warning messages.
On Saturday, Oct 26, 2002, at 23:42 US/Pacific, Julian Elischer wrote: As one of the people whio wrote lots of the code you are using I'm trying to figure out why you are doing something that we never designed it to do because "no-one would want to do that". i.e. "Do we have to change any design criteria? Is there soemm reason that this is suddenly something people will want to do?" Well, speaking generally, here are some of the reasons I've seen people run two NICS on the same physical network: - Redundancy for NIC failure. This is often combined with a second physical layer network, but that's not always feasible. - Configuration requirements. Sometimes there are compatibility issues associated with running multiple protocols on the same card, sometimes there are configuration differences. For example, one might want to run jumbo frames on a gig card to connect to a backup server, but need to limit MTU on connections headed to the outside world via external VPN. You can't always do what you need to with aliases on a single card. - Traffic control/accounting. Statistics and SNMP counters usually run against the physical interface rather than the IP address, so if you need accounting for separate networks (for utilization reports, billing, etc.) it can be desirable to have multiple NICS in the same box. - Load balancing/teaming. Via MLPPP or other teaming technology, you might have several 100MB connections teamed out of the same box to a switch with a faster uplink to the destination. The ARP issue mentioned will still occur even though each NIC has it's own dedicated 100MB duplex connection. I'm sure there are others out there as well. KeS To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: device fxp cannot detect Intel On-Board LAN
On Tue, 29 Oct 2002, Ng Wee Yong wrote: > Hi all, > > I just install the FreeBSD 4.6.2 - STABLE version. My motherboard is a MSI > 845GE Max-L, 1.8Ghz Pentium 4, On-board LAN is Intel 82562. > > FreeBSD just work fine accept it cannot detect my On-Board Intel LAN. I > build and install a custom KERNEL with "device fxp" & "device miibus" set. > The new kernel was "make" & "make install" successfully. But it just cannot > detect my network card. The "dmesg" doesn't even show any "fxp" output. > > Did I miss out any step? I read somewhere in the mailing list that you can > do some setting in the file "/boot/loader.conf" file, is it? You shouldn't have had to take those steps; I did a 4.7 install yesterday and the onboard NIC was automagically discovered and the fxp driver installed. I suspect that your particular NIC isn't supported by the fxp driver. What does the man fxp page have to say? KeS To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
RE: device fxp cannot detect Intel On-Board LAN
On Mon, 28 Oct 2002, Don Bowman wrote: > > From: Ng Wee Yong [mailto:ngweeyong@;yahoo.com.sg] > > I just install the FreeBSD 4.6.2 - STABLE version. My > > motherboard is a MSI > > 845GE Max-L, 1.8Ghz Pentium 4, On-board LAN is Intel 82562. > > > > FreeBSD just work fine accept it cannot detect my On-Board > > Intel LAN. ... > > kern/39974 describes the issue. > > http://www.geocrawler.com/archives/3/145/2002/6/50/9058043/ > > has a solution for you, changing one line in the fxp driver > to give it this pci vendor/device id. Dammit, that'll teach me to respond before reading all my messages. Never mind my previous comment, Ng. KeS To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: route pointing to a gateway that's not on net
> > I was recently following a thread on tech-netbsd that was discussing the > routing tables when the gateway address was on a 10.x.x.x network while > the machine was assigned a 209.122.66.x address. The long and short of > the discussion (as I understand the discussion) was that this was that > while it can be accessed via windose and Linux ( > > > On Linux, we could do this to get around that minor problem: > route add -host 192.168.14.88 dev eth0 > ) that is was an evil, ugy illegal network route and that it not > possible, will not be implemented in NetBSD. It is all of that. ;) I've used this in a network setup where there were multiple local links that terminated at a remote router, and the desire was that traffic be able to flow over any of them. But it leaves a bad taste in my brain, like when Cisco refers to "layer three switching". > Now since my cable ISP has me provised it this manner, and since I can't > find a method to get out from FreeBSD using the route command. I was > wondering if a) I missed something and there is some option for the > route command that allows to route to be setup, or if not will netgraph > allow me to setup this route? I think you do it the same way. Can't you create a route to the 10.x.x.x subnet that simply points to the outbound interface? (rummaging around for network access to router...) Yes, you can use the -interface option with the route command. Try this: route add -net 10.0.0.0 -interface (whatever). Worked for me in at least adding the route, I don't have a ready way to test it at the moment. KeS To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: route pointing to a gateway that's not on net
> Well it's not the way I wanted it, but it's the way I have to try and > work with. > > I tried the route add net 10.0.0.0 -interface (whatever) > and that didn't work for me. That's not the syntax I gave you, and obviously it needs to have your local interface information inserted. I can confirm that the command: route add -net 10.0.0.0 -interface em0 does parse and operate correctly on my 4.7 system, as confirmed by netstat -nr. That is the general approach for directing traffic out a local interface rather than to a same-subnet gateway. Try looking at man route for the details, or perhaps someone else will respond with a higher level of hand-holding. KeS To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: AirportExtreme with FreeBSD HostAP
>> The PowerBook returns invalid password (128bit wep Key entered in Hex) >> supplied. > > Of course you've re-checked for typos. Aren't 26-character hex keys > fun? Did you use the required $ prefix in the Airport client WEP requester? >> Has anybody had experience getting an AirportExtreme client to work >> with a FreeBSD HostAP? Any Pointers? (Must I disable WEP (as useless >> as it may be...)?) No, but I have my Airport Extreme client (17" PB) working fine with my Linksys AP. Ok, not FINE, it doesn't seem to work in g-only mode, but the WEP key isn't a problem. KeS To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-net" in the body of the message
Re: xl0 full duplex
> xl0: flags=8943 mtu 1500 > options=3 > inet 10.1.2.15 netmask 0xff00 broadcast 10.1.2.255 > inet 10.1.2.126 netmask 0x broadcast 10.1.2.126 > ether 00:00:5e:00:01:02 > media: Ethernet 10baseT/UTP (10baseT/UTP ) > > I tried: > > ifconfig xl0 10.1.2.15 netmask 255.255.255.0 mediaopt full-duplex > > since it is connected to a full-duplex switch. > > However, network throughput will crawl, i.e, for example, listening to an > mp3 from this machine will give 1 sec. of > audio, then 1 sec. of silence, then 1 sec. of audio, and so on. Do you know that full-duplex is supported and enabled on the switch for 10Mb operation? Some only support half-duplex for 10Mb, others have to be forced. KeS ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: coexsiting two network (addresses) on a single ivp4 link
On Mon, 4 Aug 2003 [EMAIL PROTECTED] wrote: > what kind of things go wrong if I'd put two ipv4 networks > on a single ethernet link? eg., put 192.168.1/24 and 192.168.3/24 > on a single segment. If you just mean on the same segment; nothing goes wrong. If you mean on the same interface on a FreeBSD box, you get a lot of ARP warning messages. Then when you post here as to how to turn the warning messages off (there's a sysctl for it), you get a bunch of people grilling you as to why you want to do that, even though it's a perfectly legitimate design. At least that was my experience. ;) KeS ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: suffering from poor network performance...
On Tue, 16 Dec 2003, Alex wrote: > I have a small home network with a PowerBook G4 and FBSD 4.9-STABLE > connected through a Netgear DS108 hub (10/100). The FBSD box is a dual > Xeon 500MHz with Intel Etherexpress 100/Pro (MS440GX motherboard). If > for some reason it makes a difference, there is an RT311 router > connected to the hub as well. This is the router through which these > machines see the internet. There are other machines connected to the > network. However, they are currently turned off. Ok. > In my limited knowledge I'm using ping from each host to the other. > From the FBSD system to the G4 system, I'm getting nearly 60% packet > loss and about 20% in the other direction. I'm ready to use tcpdump but > I'm not sure how I would. How can/should I go about improving network > performance? tcpdump will only show you packets that ARRIVED - since packet loss is your problem it probably won't help much. > ifconfig on the PowerBook G4 gives: > > en0: flags=8863 mtu 1500 > inet6 fe80::20a:95ff:fe77:5140%en0 prefixlen 64 scopeid 0x4 > inet 192.168.0.3 netmask 0xff00 broadcast 192.168.0.255 > ether 00:0a:95:77:51:40 > media: autoselect (100baseTX ) status: active > supported media: none autoselect 10baseT/UTP Ok... > ifconfig on the dual Xeon gives: > > fxp0: flags=8843 mtu 1500 > inet 192.168.0.2 netmask 0xff00 broadcast 192.168.0.255 > ether 00:90:27:3e:b2:66 > media: Ethernet autoselect (100baseTX) > status: active > > I know both interfaces are configured for half-duplex. Perhaps How do you know this? The G4 showed half-duplex, the Xeon shows that it is set for autoconfiguration. In any case how they are configured is less important than how they are actually running - not always the same thing. I believe there's a sysctl that can be queried under FreeBSD to provide actual status. Sorry, I'm now exclusively on Mac/OSX, so can't check it for you. > full-duplex would help? How to enable under Mac OS X 10.2? Otherwise, I > know how to do it under FBSD in /etc/rc.conf. You're probably on the right track with a duplex problem. Most hubs default to half-duplex, and it's probably the safest choice to use in any case - most attempts at full-duplexed hubs I've seen have been poor. First, pull the hub out of the middle and connect the G4 to the Xeon with a straight-through Ethernet cable. (All G4 PBs should automatically handle any crossover required). Repeat your ping tests, and observe your duplex config on both machines (should be full duplex). You should see practically no packet loss. Now go back and reconnect each machine to the hub, and verify/confirm half duplex for each device. Repeat tests. If you're still getting packet loss, power cycle the hub. If you're STILL getting packet loss, throw the hub out and buy an 8-port switch for $30, and set the machines to full-duplex. KeS ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: suffering from poor network performance...
On Tue, 16 Dec 2003, Charles Swiger wrote: > If the device works at both 10 and 100 speed, it's a switch, not a hub. It is sold as a hub. Most of these "dual-speed" hubs are/were two hubs, one of each speed, with a two-port internal switch connecting them. The physical ports would auto-join to whichever side the connection speed indicated. Infuriating to use as tap devices, if you ended up on the wrong side of the switch from your target, you wouldn't see any broadcast traffic. ;) KeS ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: suffering from poor network performance...
On Dec 16, 2003, at 17:32, Charles Swiger wrote: On Dec 16, 2003, at 7:22 PM, Alex (ander Sendzimir) wrote: [ ... ] First, Barney was correct: using "ping -f" will run into the ICMP response limitation. Try using "ping -i 0.01 _hostname_", instead, and you may find out that you don't have a problem with packet loss at all at this lower speed. I wish I had a FreeBSD box to check this on, but from an OS X G5 to an Athlon WinXP box (both at 100% CPU from distribfolding client: babelfish:~ root# ping -f -c 1 denizen PING denizen.pursued-with.net (192.168.168.1): 56 data bytes . --- denizen.pursued-with.net ping statistics --- 1 packets transmitted, 1 packets received, 0% packet loss round-trip min/avg/max = 0.079/0.112/1.01 ms babelfish:~ root# That's through a cheap Gb switch. Just a data point. KeS ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: suffering from poor network performance...
On Dec 16, 2003, at 20:32, Bill Fumerola wrote: I wish I had a FreeBSD box to check this on, but from an OS X G5 to an Athlon WinXP box (both at 100% CPU from distribfolding client: which is completely irrelevant because your winxp machine doesn't have the aforementioned icmp response limiter. That's through a cheap Gb switch. Just a data point. ... albiet a useless one. FOAD, jackass. KeS ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
Re: suffering from poor network performance...
I apologize to the list for my results not being germane to the conversation. I can confirm that OS X also implements an ICMP restriction (net.inet.icmp.icmplim) which similarly limits responses (default is 250), and would account for the OP's results when testing toward the PowerBook. As for my response to Bill Fumerola, his snotty response was completely uncalled for, and if you treat people like that you should expect the same in return. No apology there. KeS ___ [EMAIL PROTECTED] mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "[EMAIL PROTECTED]"
