Linux SMP network performance measurements

2008-01-14 Thread Thierry Herbelot 
Hello,

a recent article 
(http://www.ibm.com/developerworks/linux/library/l-scalability/?ca=dgr-lnxw02FasterLinuxNet)
 
gives some measurements on various tweakings of an SMP machine with 4 Xeon 
processors (it *shows* a nice improvement when using more CPUs and more 
bonded Ethernet interfaces).

Has some the machine (and the time, obviously) to make some of the same 
measurements with the latest FreeBSD versions ?

TfH
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Re: Automating rc.firewall update from dhclient.leases

2000-12-31 Thread Thierry Herbelot 

No need to do any shell script :
add the following lines in your /etc/rc.conf
(the important line is the third "-dynamic")

natd_enable="YES"# Enable natd (if firewall_enable == YES).
natd_interface="ed1" # Public interface or IPaddress to use.
natd_flags="-dynamic"# Additional flags for natd.

TfH


Mike Gruver wrote:
> 
> > I have a FreeBSD server as a gatewar and firewall for a small LAN.  It is
> > running NATD for the LAN with non-routable IPs on the secondary adapter,
> as
> > it is a dual-homed host, it uses DHCP to get an IP from the ISP for the
> > primary adapter.  This presents a problem occasionally when a new lease is
> > given and the rc.firewall file needs to be updated.
> >
> > Does anyone have a script that parses the dhclient.leases file from the
> > rc.firewall at startup?  What would be optimum are direct references in
> the
> > rc.firewall for the IP, subnet mask and router.  I am not very strong with
> > shell programming (that should be obvious) so I have not been able to
> figure
> > this out.  Seems like it should be straight forward and would be a nice
> > addition for most anyone who is running a FreeBSD firewall.
> >
> > Thanks,
> >
> > [EMAIL PROTECTED]
> >
> >
> 
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-net" in the body of the message

-- 
Thierry Herbelot


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Re: Problems with VLAN and natd.

2001-01-01 Thread Thierry Herbelot 

Wes Peters wrote:
> 
[SNIP]
> 
> Doing link-layer encapsulation modules is really not very difficult.
> I've written pretty much the full complement, covering ethernet (10,
> 100, and 1000), FDDI/CDDI, token ring, ATM, and Frame Relay.  (Chuck,

What about a netgraph-enabled ATM NIC driver ? (this seems the missing
piece to get bridged Ethernet over RFC1483 encapsulation on ATM)

[SNAP]

> 
> Perhaps so.  If someone does the work to move EthII into netgraph, I can
> certainly contribute a SNAP/LLC module, and maybe even extensions to
> ifconfig so you can use it.  ;^)
> 
> --
> "Where am I, and what am I doing in this handbasket?"
> 
> Wes Peters Softweyr LLC
> [EMAIL PROTECTED]       http://softweyr.com/

-- 
Thierry Herbelot


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Re: Problems with VLAN and natd.

2001-01-01 Thread Thierry Herbelot 

Wes Peters wrote:
> 
> Thierry Herbelot wrote:
> >
> > Wes Peters wrote:
> > >
> > [SNIP]
> > >
> > > Doing link-layer encapsulation modules is really not very difficult.
> > > I've written pretty much the full complement, covering ethernet (10,
> > > 100, and 1000), FDDI/CDDI, token ring, ATM, and Frame Relay.  (Chuck,
> >
> > What about a netgraph-enabled ATM NIC driver ? (this seems the missing
> > piece to get bridged Ethernet over RFC1483 encapsulation on ATM)
> 
> If the top of all the network interface drivers is a netgraph connection,

we agree on it : FreeBSD needs a netgraphified hfa(4) : I've seen one or
two trys to get it done (the trouble is not many of our commiters know
well enough both ATM and netgraph to actually do it, and the ones who do
are so busy with other, more interesting challenges)

TfH

PS : at one time, I would even have tried getting some money from my
company to pay a consultant do it (there are not many of them in France,
though)

> any encapsulation should be straightforward.  In the Xylan switch, we

At work, I'm using a 1100 LSS : is it the same as the one you worked on
?

> actually did the conversion on the outbound network interface module,
> so the packet was never converted unless it had to be.  We could mimic
> that behavior, assuming the output device would check the packet to
> see if it needs to be converted, and if so call a module to strip it
> down to the bare packet, then another to add the correct encapsulation.
> 
> --
> "Where am I, and what am I doing in this handbasket?"
> 
> Wes Peters         Softweyr LLC
> [EMAIL PROTECTED]   http://softweyr.com/

-- 
Thierry Herbelot


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

diskless boot of a PXE-compatible machine : finally done !

2001-02-05 Thread Thierry . Herbelot 



Hello,

this a simili victory report : the PC now boots via PXE (this is a Motorola
rack-mount PC, with a no-thrills BX motherboard and an fxp NIC, with a
strictly 4.2-Release installation)

the rc.diskless2 must be wrong (I've not yet checked with -Stable),
as it tries to chmod, chgrp and find in /var
before mounting /usr (this must be a chicken-and-egg question, as a forced
/usr mount in the beginning of rc.diskless2 gives an error message about
/var/db/mounttab not being there)

in the limited tests I have done, I have not been able to start the machine
with a strict bootp setup : the PXE ROM says there are no answers if I
force the dhcpd as a BOOTP server (I want to control the correspondance
between the MAC and IP addresses)

the PXE boot rom is a 2.0 release, compile number 68 (is there any more
stable or better version ?)

 TfH




To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Re: diskless boot of a PXE-compatible machine : finally done !

2001-02-05 Thread Thierry Herbelot 

Luigi Rizzo wrote:
> 
> in your rc.conf or rc.conf.local, you should set
> 
> early_nfs_mounts="YES"

Well : (I don't find this knob in a recent -Stable machine - it is
indeed in the examples)
multi# cd /etc
multi# grep early rc*
rc:# BOOTP diskless boot.  We have to run the rc file early in order to
rc:# Set sysctl variables as early as we can
rc.network: # Establish ipfilter ruleset as early as possible (best
in
rc.network6:# Choose IPv6 default interface if it is not clearly
specified.
multi# uname -a
FreeBSD multi.XXX.YYY 4.2-STABLE FreeBSD 4.2-STABLE #0: Mon Jan  1
14:05:12 CET 2001
[EMAIL PROTECTED]:/files3/recup4/obj/files3/recup4/src/sys/multi  i386
multi#

this exists on a 3.5-Stable machine : (in /etc/rc)
if [ "X$early_nfs_mounts" != "XYES" ]; then
mount -a -t nonfs 
else
mount -a
fi

early_nfs_mounts was removed with revision 1.209 of rc
()

TfH

> 
> so that /usr and friends are mounted before rc.diskless2
> is invoked. This has worked for me at least in 3.1-something
> (the scripts in the CVS repository derive from the setup
> i have prepared on that version).
> 
> not sure about the /var/db/mounttab problem because i do not
> see this file on my 4.x system, and
> 
> strings `which mount` | grep mount
> 
> does not reveal any reference to that file... maybe it
> is a -CURRENT thing ?
> 
> cheers
> luigi
>


To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

What is the latest "known-good" PXE build ?

2001-02-06 Thread Thierry . Herbelot 



Hello,

I'm trying to use the pxeboot loader from 4.2-RELEASE, to diskless
boot some rack-mount PCs.

Using documentation from Alfred Perlstein and Mike Smith, I've configured
a DHCP server and a tftp server, and I'm still having problems
with at least one machine not being able to start each time it is powered on :
BTX halts (sometimes it is "Stack underflow", some other times, it goes to
a register crash dump, with eip often equal to ff - I'm going to redirect the BIOS
output to a serial port)

the configuration of the server must be correct as the diskless machine
sometimes can start (it loads pxeboot and the kernel via tftp, and then
the rest of the partitions via NFS).

The BIOS trace says the PXE is revision 2.0, build 68 : is there some other,
perhaps better version of it ? (the on-board NIC on the machine is an fxp)

 TfH

PS : As I've seen, rc has been modified to get rid of "early_nfs_mounts". After
this change, the rc.diskless2 does no longer work, as this script uses
/usr/bin/find and /usr is not yet mounted.




To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Re: net boot ?

2001-03-20 Thread Thierry Herbelot 

Luigi Rizzo wrote:
> 
> > Hi
> >
> > Is there a way to net boot a brand new PC ( without O.S )
> > using the bootp/tftp scheme at FreeBSD 4.xx ?
> > as long as the network board is able to boot on LAN
> 
> try one of the latest snapshots of etherboot (should be
> in the ports)
> 
> cheers
> luigi

If the PC is really recent, it may also have a PXE extension to its
BIOS, which can be used to boot the PC. there is not much documentation
, but I gave a list :

> you can read a note by Alfred Perlstein on
> <http://people.freebsd.org/~alfred/pxe.html>, the manpage for pxeboot,
> the code in rc.diskless{1,2}, the configuration of the boot server with
> dhcp and tftp/nfs (you may have to tweak /etc/fstab in order to mount a
> root partition which was not used to load /kernel ?)

-- 
Thierry Herbelot

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

test

2001-04-05 Thread Thierry Herbelot 

Is there something broken ?

I don't get any message on most FreeBSD mailing lists, on two different
adresses

TfH
-- 
Thierry Herbelot

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Re: UDP - Reliable throughput mesaurement tool

2001-05-26 Thread Thierry Herbelot 

Harkirat Singh wrote:
> 
> Hello!
> 
> I want to measure UDP thruput of lossy channel, is there any tool
> which tests it? I looked at some of the tools but these do not take care
> of loss, I mean no retransmisson, just measure raw thruput of UDP (TTCP
> is one of these).

Matt Dillon has written a tool called linktest, which can be a base for
any UDP reliability ot throughput test (no URL, sorry, but it may be in
the archives)

> 
> I am looking for a measurement tool which should retransmit in case of
> loss and keep a track of packets, I mean make UDP reliable amd blocking
> calls.

this is another beast : there are many ways to render UDP reliable 

> 
> Thanks,
> 
> Harkirat
> 

-- 
Thierry Herbelot

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Re: using ipfw's ``pipe'' to limit icmp traffic

2001-06-06 Thread Thierry Herbelot 

[EMAIL PROTECTED] wrote:
> 
> Trying  to protect  our network  from  ICMP-based attacks,  I added  the
> following rules to the firewall:
> 
> pipe 1  config bw 64Kbit/s
> add pipe 1  log icmp from any to any in via OIF
> add allow icmp from any to any
> 
> (OIF is the Outside InterFace)
> 
> The assumption is, there  is not going to be _much_  of ICMP traffic, so
> if it ever needs more than 64Kbit/s, it is an attack...
> 
> This  seems to  work,  but when  I  try to  ping  something outised  the
> network, the ping  time is around 10 msec. Without  the above piping, it
> is around 0.5 msec.  It is the bandwidth, that I'm  trying to limit, not
> the minimum latency!

the pipe facility is using the kernel clock, which has a default
frequency of 100 Hz (thus the 10ms latency).

the ipfw man page suggests : "it is a good practice to run kernels with
``options HZ=1000'' to reduce the granularity to 1ms or less" (HZ=1000
should work with computers as slow as pentium-75, I'm using HZ=5000 with
P-III/450MHz)

PS : the HZ option is not documented in the LINT kernel config as it
should be

> 
> Even  more bizarre  is  that  the ping  times  are  _higher_ when  pings
> originate from  the firewall itself,  compared to those,  that originate
> from inside the firewalled network...

USTL

> 
> What am I doing wrong? Thanks!
> 
> -mi
> 
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-net" in the body of the message

-- 
Thierry Herbelot

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Re: How to send packets to another interface on the same machine

2001-07-03 Thread Thierry Herbelot 

Juan Fco Rodriguez Hervella wrote:
> 
> Dear all:
> 
> I have the following problem: I would like to send an IPv6 packet using
> a given
> interface, to the address that corresponds to another interface of the
> same machine.
> 
> This, that seems a bit akward, it would be interesting for obtaining
> accurate
> packet latency results to test other systems that could be placed
> between the
> two interfaces (routers, etc.). Since the sending and the receiving
> process share
> the same physical clock, microsecond precision could be obtained in the
> measures.
> 
> The problem is that FreeBSD recognises that the destination address is
> in the same
> machine, and routes directly through the loopback interface, without
> sending actually
> the packets through the wire.
> 
> Anyone knows a trick to do this?

I have recently built a similar test bench, but for latency accuracies
in the order of 1 ms (instead of some usecs), using ntp to synchronize
the machines.

This way, I could measure the the travelling time of packets down to a 1
ms accuracy (from one PC to another, both being synchronized to the same
NTP master server)

HtH

-- 
Thierry Herbelot

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Re: DHCP client gateway ?

2001-07-06 Thread Thierry Herbelot 

I can confirm that natd can be used even with a DHCP setup (natd
-dynamic, this works even in 3.x) - as a matter of fact, that's how I've
had my 'net connection for the last three years ;-))

Julian Elischer wrote:
> 
> I believe NATD  now listens to routing sockets
> and updates it's tables when there is a change of address for an
> interface. Also I think that dhclient MAY be able to be used (maybe it's
> output) to trigger a script...
> 
> On Fri, 6 Jul 2001, Frank Bonnet wrote:
> 
> > Hi
> >
> > I would like to setup a gateway for a home network that will
> > be connected to a cable modem on one interface and on the
> > home LAN on another interface.
> > The two interfaces are ethernet boards.
> > The problem is the cable ISP use DHCP to attribute IP addresses
> > to client ( my gateway ) is there a way to build transparent IP
> > gateway that receive a different IP address each time it connect
> > to the Internet thru the cable modem ?
> >
> > Thanks for any info.
> >
> > Frank

-- 
Thierry Herbelot

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Re: UDP packet loss on FreeBSD 4.x

2001-07-11 Thread Thierry Herbelot 

Hello,

FWIW, I've recently built a test bench where I used P-III-450 PCs
running 4-port dc(4) NIC (DLINK DFE-570-TX).

The tests I've done have shown it's posible with the 4.2-R stock sources
(and a tailored kernel) to send AND simultaneously send more than 20k
packets/sec with a Packet Loss Rate of less than 1e-5 (when the ports
are configured for 100Mbps - full duplex ; the max "correct" throughput
for 10Mbps-FD is more like 8 to 10Kpacket/s, still sending and receiving
simultaneously)

the tests have been done with smallish packets (64 bytes/packet) and 1,
2, 3, 4, and 12 ports per machine (in each case, a total of 20 Kpack/s
could be processed  that is around 1800packet/s for 12 simultaneous live
ports)

the packets sent were UDP or raw IP streams (I did not use the xl(4)
driver)

TfH

Martin Karsten wrote:
> 
> Greetings,
> 
> I have observed the following behaviour on FreeBSD 4.x platforms (4.0 till
> 4.3 seem to be affected).
> 
> When receiving a sufficiently fast stream of UDP packets (the borderline
> seems to be around 3,500 packets/sec for e.g. the 'xl' driver on a 450MHz
> Pentium), an application on the receiving host does not receive all packets
> anymore, depending on which nic driver is used. A fraction of the lost
> packets is reported in net.inet.ip.intr_queue_drops, but not all.
> 
> Tests have shown that the losses occur for the 'xl' or 'ti' drivers, whereas
> the 'fxp' and 'de' driver don't seem to be affected.
> 
> On FreeBSD 3.4, no such losses happened and one could easily transmit more
> than 10,000 packets/sec between adjacent machines.
> 
> Is this a knowm problem and is there a chance that it is fixed? Is there
> potentially a quick solution for it?
> 
> Further, might this problem be related to an earlier report (08 Jan 2001)
> sent with the subject "On the performance of the xl driver" by Oscar-Ivan
> Lepe-Aldama?
> 
> Thanks in advance,
> Martin
> 
> To Unsubscribe: send mail to [EMAIL PROTECTED]
> with "unsubscribe freebsd-net" in the body of the message

-- 
Thierry Herbelot

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Re: MPLS

2001-07-18 Thread Thierry Herbelot 

Christophe Privotaux wrote:
> 
> Will MPLS and MPLS-TE (and MPLS VPL L2 and L3) be implemented
> under FreeBSD ?

have-you had a look at the archives ? ISTR a post where someone
announced work with MPLS 

> 
> I know that Juniper has implemented them and whole bunch of other
> neat thing over FreeBSD and that the latest JUNOS is a somewhat modified
> FreeBSD 4.x

I would be very surprised (but very happy) if Juniper would make its
routing software public : this is the core of their business and where
they have a competitive advantage when compared to other startups (this
includes MPLS, which may be tied to their routing ASIC, and BGP-4)

TfH
> 
> Is anyone (or maybe Juniper ? :)) working on implementing this under FreeBSD ?
> 
> Also when will AltQ be part of the FreeBSD system ?
> 

-- 
Thierry Herbelot

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Re: Capturing packets w/ bad CRC's?

2001-11-30 Thread Thierry Herbelot 

Ryan Mooney wrote:
> 
> Hello,
> 
> I'm trying to write an ethernet level network tester to test a wireless
> gigabit product the company I'm working for has developed.  I need
> to be able to get packets off a Gig-E interface that have bad CRC
> checksums so I can see how badly mangled they are.  I've tried using
> pcap and ng_ether int: lowerboth of which are giving me just the "good"
> packets.
> 
> Right now they are being discarded somewhere below the bpf interface.
> I'm not sure where, I've read through a bunch of the *if* code, but

they are discarded by the Ethernet chipset itself, and this the reason
why you don't see any source code for managing bad frames.

[SNIP]
> 
> If anyone knows how I can get the bad packets to examine them, I'd much
> appreciate it.

typically by tweaking the chipset, if at all possible, in order to see
also bea frames

-- 
Thierry Herbelot

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Re: Forcing packets to the wire

2002-04-06 Thread Thierry Herbelot 

Barney Wolff wrote:
> 
> Think about using vmware?

along the same line, but without any outside software : from my
experience, I'm sure you can do it with jail(8) with the creation of two
jails, one NIC per jail and one sender/emitter in each jail.

(there are lots of papers on how to setup a jail, beginning with the man
page)

TfH

[SNIP]

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Re: Best NIC at 4.6 ?

2002-07-08 Thread Thierry Herbelot 

if you can still find some, I was very happy with the DLINK DFE-570-TX
(4-port dc(4) NIC)

TfH

PS : the 3COM 3C905 NIC is also well supported under FreeBSD

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message

Re: Question about network layers in FreeBSD 4.x

2002-07-12 Thread Thierry Herbelot 

freebsd wrote:
> 
> I have a system I run FreeBSD 4.5-release on.  The purpose of this system is
> to run Snort (IDS).
> 
> The current system is a Compaq Proliant 1850R, have also tried on a Compaq
> Proliant 1600R.
> 
> Both systems are SMP with dual processors, > 256m ram, and Compaq Smart Array
> controller to handle raid in hardware.
> 

FreeBSD 4.x (did-you notice 4.6 has been released ?) is not very good at
using SMP machines where there are lots of interrupts (the kernel can
only be run by one CPU at any one time, and this is enforced by a "Big
Giant Lock").

you should re-run your test without the SMP option, to see it the
problem is still here (it should not)

then, there are kernel options in recent versions of FreeBSD enabling an
optimized use of the interrupts (DEVICE POLLING). this may help you, if
the driver has been modified.

I used a cheap 4-port NIC from DLINK (DFE-570-TX) with very good success
(this is the dc driver)

Hope this helps

TfH

To Unsubscribe: send mail to [EMAIL PROTECTED]
with "unsubscribe freebsd-net" in the body of the message