Re: The kernels of *BSD include nonfree firmware blobs?
On Fri, Nov 27, 2015 at 6:35 PM, bofh wrote: > Do you understand your question has been answered over and over again, and > is not relevant here? > > Why do you continue by asking about blobs in FreeBSD? > My guess is, he has a Nero syndrom and is just trying to light a fire, but nobody other than Theo seem to be patient enough or likely wanting to to bring up some gas. Dear français, respectfully, you should ask FreeBSD related stuff like that on FreeBSD's misc and should ask IBM, Red Hat and Canonical (or any any other relevant Linux system, including Google's) how acurate this statement looks nowadays. You would get a much more interesting discussion, but please ask it in the proper lists, individually. -- === Eduardo Meyer pessoal: dudu.me...@gmail.com profissional: ddm.farmac...@saude.gov.br
OpenBGP: announcing network to different peers
Hello, I have a /20 and I want a announce half of it to peer21 and the other half to peer2 only. How am I expected to do so? Using filters? Can anyone please mention a working example? -- === Eduardo Meyer pessoal: dudu.me...@gmail.com profissional: ddm.farmac...@saude.gov.br
Re: OpenBGP: announcing network to different peers
On Fri, Mar 13, 2009 at 12:29 AM, Claudio Jeker wrote: > On Thu, Mar 12, 2009 at 10:27:42PM -0300, Eduardo Meyer wrote: >> Hello, >> >> I have a /20 and I want a announce half of it to peer21 and the other >> half to peer2 only. How am I expected to do so? Using filters? >> >> Can anyone please mention a working example? >> > > network a.b.c.d/21 > network a.b.c.e/21 > > deny to peer21 prefix a.b.c.e/21 > deny to peer2 prefix a.b.c.d/21 > > Something like this may work. Very good. I believed I had to deal with some complex stuff. I will try that right now. Tks Claudio and Pierre. > > -- > :wq Claudio > > -- === Eduardo Meyer pessoal: dudu.me...@gmail.com profissional: ddm.farmac...@saude.gov.br
OpenBGP - iBGP peers not announcing after 3 hops
Hello, I am facing a strange behavior, I have the following scenario eBGP1<->iBGP1<->iBGP2<->iBGP3<->eBGP2 The very first eBGP (eBGP1) is my customer, the later (eBGP2) is my carrier (WAN). eBGP1 announces its network successfully to iBGP1, which announces everything successfuly to iBGP2, but iBGP2 never announces it to iBGP3. I have announce all and absolutely no filter. If I set up eBGP using reserved ASN in substitution to iBGP2 and iBGP3, the announcement just happens fine. All received/announced networks up to iBGP2 are considered valid using "bgpctl sh rib det nei iBGP1". Any suggestions on what might be going wrong? -- === Eduardo Meyer pessoal: dudu.me...@gmail.com profissional: ddm.farmac...@saude.gov.br
Re: OpenBGP - iBGP peers not announcing after 3 hops
Really? It's difficult for me in this environment, do I have another option? On Mon, Feb 4, 2013 at 1:30 PM, Florian Obser wrote: > > > On 02/04/2013 03:59 PM, Eduardo Meyer wrote: > > Hello, > > > > I am facing a strange behavior, > > > > I have the following scenario > > > > eBGP1<->iBGP1<->iBGP2<->iBGP3<->eBGP2 > > iBGP must be fully meshed, a session between iBGP1 and iBGP3 is > missing. > -- === Eduardo Meyer pessoal: dudu.me...@gmail.com profissional: ddm.farmac...@saude.gov.br
Re: OpenBGP - iBGP peers not announcing after 3 hops
On Mon, Feb 4, 2013 at 1:36 PM, Peter Hessler wrote: > make iBGP2 a route server. > Sounds promising, what are the key configurations in bgpd.conf to do so? So I can look further. Are we talking 'bout reflector/collector? > > On 2013 Feb 04 (Mon) at 13:32:43 -0200 (-0200), Eduardo Meyer wrote: > :Really? It's difficult for me in this environment, do I have another > option? > : > : > :On Mon, Feb 4, 2013 at 1:30 PM, Florian Obser wrote: > : > :> > :> > :> On 02/04/2013 03:59 PM, Eduardo Meyer wrote: > :> > Hello, > :> > > :> > I am facing a strange behavior, > :> > > :> > I have the following scenario > :> > > :> > eBGP1<->iBGP1<->iBGP2<->iBGP3<->eBGP2 > :> > :> iBGP must be fully meshed, a session between iBGP1 and iBGP3 is > :> missing. > :> > : > : > : > :-- > :=== > :Eduardo Meyer > :pessoal: dudu.me...@gmail.com > :profissional: ddm.farmac...@saude.gov.br > : > > -- > I don't care who does the electing as long as I get to do the nominating > -- Boss Tweed > -- === Eduardo Meyer pessoal: dudu.me...@gmail.com profissional: ddm.farmac...@saude.gov.br
Re: OpenBGP - iBGP peers not announcing after 3 hops
On Tue, Feb 5, 2013 at 8:34 AM, Stuart Henderson wrote: > On 2013-02-04, Eduardo Meyer wrote: > >> On 02/04/2013 03:59 PM, Eduardo Meyer wrote: > >> > Hello, > >> > > >> > I am facing a strange behavior, > >> > > >> > I have the following scenario > >> > > >> > eBGP1<->iBGP1<->iBGP2<->iBGP3<->eBGP2 > >> > >> iBGP must be fully meshed, a session between iBGP1 and iBGP3 is > >> missing. > > > > Really? It's difficult for me in this environment, do I have another > option? > > This doesn't mean that they need to be directly connected; iBGP sessions > can be run over multiple hops by default. It just means you need neighbour > configs for 1<>2, 1<>3, 2<>3. > > You could use a route reflector as others suggested but it's a bit > much for this setup imo; it will be a critical part of the network so > you'll probably want a redundant pair. These come into their own when the > number of routers goes up. > > Yeah, you are all right, multihop peering just did fine; as well as route-reflector for iBGP group just worked fine; yeah I need to read some bgp basics; usually I tend to learn by experience and this is when such a great community comes to hand; I learn more with you than books but certainly some bgp theory will be on my reading list for the weekends; thanks veryone who kindly replied, I will think about the expected growing rate of the network and complexity to decide if I go with peering or route-reflector for this environment; -- === Eduardo Meyer pessoal: dudu.me...@gmail.com profissional: ddm.farmac...@saude.gov.br
Re: the balance between OpenBSD and life
On Saturday, May 28, 2016, Teng Zhang wrote: > I can't adjust the time for OpenBSD and my life appropriately. Could you > please share your experience with me about how you adjust your time between > OpenBSD and your life. > thanks for any reply. > > What are you? If you are a user, you probably benefit from OpenBSD more than a Linux or Windows or whatever, and your time is productively consumed with systems and servers which won't break or suddenly stop working due to bugs, failures, lack of documentation or, hmmm, systemd If you are a developer well openbsd is mostly a volunteer work so I guess you do this by pleasure. Some few people get paid to dev OpenBSD directly or indirectly, leveraging in OpenBSD to run their business, so again, it's probably a choice, a pleasure OR an act of contribution, so the time you put on these depends on your other joys of life (family, sports, etc) If you are a hobbyist, you should already be using only your spare time on OpenBSD activities, as a user or a contributor If you are a student, you should already be able to find how much time you can put on a subject before your learning rate and productivity drops... So, in the end, what are you? And what's you real problem, you think you are putting too much or to little time on OpenBSD? What's there to adjust? -- === Eduardo Meyer pessoal: dudu.me...@gmail.com profissional: ddm.farmac...@saude.gov.br
OpenBSD as a router on Oracle T5120
hello, I am doing some basic testings on the above mentioned scenario and I am stuck on some limits which I consider to be very low: I cannot get more than 27Kpps and 200Mbit/s routing performance without starting to loose packets. System is: # uname -srm OpenBSD 5.4 sparc64 # sysctl hw hw.machine=sparc64 hw.model=SUNW,UltraSPARC-T2 (rev 0.0) @ 1415.103 MHz hw.ncpu=32 hw.byteorder=4321 hw.pagesize=8192 hw.disknames=sd0:dc8022901cadee32,sd1:,cd0: hw.diskcount=3 hw.cpuspeed=1415 hw.vendor=Sun hw.product=SUNW,SPARC-Enterprise-T5120 hw.physmem=8455716864 hw.usermem=8455700480 hw.ncpufound=32 hw.allowpowerdown=1 No tuning, and no firewall to (pfctl -d). I am routing from em0 to em1 but also tried from em0 to em5 and em4 with em5 mixing onboard and PCI ports and results are the very same. Output from top points the bottleneck: load averages: 0.17, 0.21, 0.12 bgp.newtelecom.net.br18:06:20 9 processes: 8 idle, 1 on processor CPU00: 0.0% user, 0.0% nice, 0.0% system, 98.2% interrupt, 1.8% idle CPU01: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU02: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU03: 0.2% user, 0.0% nice, 0.0% system, 0.0% interrupt, 99.8% idle CPU04: 0.2% user, 0.0% nice, 0.2% system, 0.0% interrupt, 99.6% idle CPU05: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU06: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU07: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU08: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU09: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU10: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU11: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU12: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU13: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU14: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU15: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU16: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU17: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU18: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU19: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU20: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU21: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU22: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU23: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU24: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU25: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU26: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU27: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU28: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU29: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle CPU30: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle All my NICs are getting interrupted on CPU0. All 6 network cards are Intel 82571EB which support MSI-X and should, in theory support IRQ balance. So my question is, is there anything I can do to allow OpenBSD use more than one CPU or at least choose which CPU will be used for each NIC? What other tunings and settings and tweaks should I look for? Is this performance expected to be so low on this machine? I got much better numbers w/ OpenBSD on i386 servers. Thank you for any hint ]:) -- === Eduardo Meyer
Re: OpenBSD as a router on Oracle T5120
On Mon, Jan 20, 2014 at 8:34 PM, Chris Cappuccio wrote: > Eduardo Meyer [dudu.me...@gmail.com] wrote: > > hello, > > > > I am doing some basic testings on the above mentioned scenario and I am > > stuck on some limits which I consider to be very low: I cannot get more > > than 27Kpps and 200Mbit/s routing performance without starting to loose > > packets. > > > > System is: > > > > # uname -srm > > > > OpenBSD 5.4 sparc64 > ... > > CPU00: 0.0% user, 0.0% nice, 0.0% system, 98.2% interrupt, 1.8% idle > ... > > CPU30: 0.0% user, 0.0% nice, 0.0% system, 0.0% interrupt, 100% idle > > > > All my NICs are getting interrupted on CPU0. > > > > OpenBSD doesn't yet support any other mode of operation, although you > may be seeing improvements here shortly. > > > Thank you for any hint ]:) > > > > You may wish to try a 5.5-beta snapshot which will improve the single-core > performance slightly, although the significant improvement of distributing > across all cores it not yet available. > Dear Chris, thank you for your kind reply, I will try ftp://ftp.openbsd.org//pub/OpenBSD/snapshots/sparc64/install55.iso right now. Other than simply running it is there anything else I should look at, or any new command line tool to play around? Thank you. -- === Eduardo Meyer pessoal: dudu.me...@gmail.com profissional: ddm.farmac...@saude.gov.br
Re: OpenBSD as a router on Oracle T5120
On Tue, Jan 21, 2014 at 5:32 AM, Patrick Lamaiziere wrote: > Le Mon, 20 Jan 2014 18:59:02 -0200, > Eduardo Meyer a écrit : > > > hello, > > > > I am doing some basic testings on the above mentioned scenario and I > > am stuck on some limits which I consider to be very low: I cannot get > > more than 27Kpps and 200Mbit/s routing performance without starting > > to loose packets. > > ... > > All 6 network cards are Intel 82571EB which support MSI-X and should, > > in theory support IRQ balance. > > MSI are disabled on this chipset since OpenBSD 5.2... > You can try to renabled MSI in em(4), here this helps a lot (on amd64). > > Check the thread "(5.3) load problem on em(4) MSI / interrupt ?" on > misc@ > > https://www.mail-archive.com/misc@openbsd.org/msg123743.html > > Regards, > > patch on 5.3: > --- /usr/src/sys/dev/pci/if_em.c.orig Tue Oct 1 14:45:36 2013 > +++ /usr/src/sys/dev/pci/if_em.cTue Oct 1 14:48:52 2013 > @@ -337,7 +337,7 @@ > * Only use MSI on the newer PCIe parts, with the exception > * of 82571/82572 due to "Byte Enables 2 and 3 Are Not Set" > errata */ > - if (sc->hw.mac_type <= em_82572) > + if (sc->hw.mac_type < em_82571) > sc->osdep.em_pa.pa_flags &= ~PCI_FLAGS_MSI_ENABLED; > > /* Parameters (to be read from user) */ > Thank you everyone, here we go with the results. Disabling PF caused a 15% performance improvement. OpenBSD 5.5 made the system more responsive under this load but made no real difference on pps or bps results. MSIX did not cause any trouble and it helped to raise pps up to 30K and bps up to 240M which is better but still very low :-( Thank you all :-)
OpenBGP "state change OpenSent -> Active, reason: Connection closed" trouble
Hello everybody.
I am setting up OpenBGP for the first time in replacement to Cisco.
However, I am having some troubles which I could not realize the
reason myself, so I
#macros
peer_gvt=200.139.89.37
peer_intelig=200.184.196.18
#peer_intelig=201.70.200.1
# Configuracao Global
AS 28660
router-id 201.87.224.253
# route-reflector 3381352702
log updates
#holdtime 180
#holdtime min 3
holdtime 4
holdtime min 3
#listen on
#fib-update no
fib-update yes
#route-collector yes
#network 201.87.224.0/20# full routing
network 201.87.224.0/23 # partial routing
# neighbors and peers
#group "peering AS4230" {
#remote-as 4230
#neighbor $peer1 {
#descr "ASN4230 Embratel"
#announce self
# tcp md5sig password 7890
#}
#}
group "peering GVT" {
remote-as 18881
neighbor $peer_gvt {
descr "GVT"
#multihop 2
#local-address
#softreconfig in yes
depend on em1
#passive
holdtime3
holdtime min3
announceself# ebgp = self, ibgp = all - twi sera ebgp
}
}
group "peering Intelig" {
remote-as 17379
neighbor $peer_intelig {
descr "Intelig"
multihop4
#local-address 201.70.200.2
#softreconfigin yes
#depend on em0
#passive
holdtime3
holdtime min3
announceself# ebgp = self, ibgp = all - twi sera ebgp
}
}
#
# Filtros
#
deny from any
allow from any prefixlen 8 - 24 # publicacao de 8 a 24 bits, nem mais nem menos
deny from any prefix 0.0.0.0/0 # nao aceita publicacao de rota padrao
# Redes as quais nunca permitiremos publicacao de rotas
deny from any prefix 10.0.0.0/8 prefixlen >= 8
deny from any prefix 172.16.0.0/12 prefixlen >= 12
deny from any prefix 192.168.0.0/16 prefixlen >= 16
deny from any prefix 169.254.0.0/16 prefixlen >= 16
deny from any prefix 192.0.2.0/24 prefixlen >= 24
deny from any prefix 224.0.0.0/4 prefixlen >= 4
deny from any prefix 240.0.0.0/4 prefixlen >= 4
I have lowered holdtime and holdtime min just for testing purposes.
Here is the relevant Cisco config
router bgp 28660
no synchronization
bgp router-id 201.87.224.253
bgp cluster-id 3381352702
bgp log-neighbor-changes
network 201.87.224.0 mask 255.255.240.0
neighbor 200.139.89.37 remote-as 18881
neighbor 200.139.89.37 description Conexao a GVT
neighbor 200.139.89.37 ebgp-multihop 2
neighbor 200.139.89.37 update-source FastEthernet2
neighbor 200.139.89.37 soft-reconfiguration inbound
neighbor 200.139.89.37 route-map OUT out
neighbor 200.184.196.18 remote-as 17379
neighbor 200.184.196.18 description Conexao a Intelig
neighbor 200.184.196.18 ebgp-multihop 4
neighbor 200.184.196.18 update-source Loopback0
neighbor 200.184.196.18 version 4
neighbor 200.184.196.18 soft-reconfiguration inbound
neighbor 200.184.196.18 route-map OUT out
no auto-summary
!
The problem I get is:
neighbor 200.184.196.18 (Intelig): state change Connect -> OpenSent,
reason: Connection opened
neighbor 200.184.196.18 (Intelig): state change OpenSent -> Active,
reason: Connection closed
# bgpctl sh nei Intelig timers
BGP neighbor is 200.184.196.18, remote AS 17379
Description: Intelig
BGP version 4, remote router-id 0.0.0.0
BGP state = Active
Last read Never, holdtime 240s, keepalive interval 80s
IdleHoldTimer: not running Interval:30s
ConnectRetryTimer: due in 00:01:51 Interval: 120s
HoldTimer: due in 00:03:51 Interval: 240s
KeepaliveTimer: not running Interval:80s
Local host: 201.87.225.16, Local port: 61684
Remote host: 200.184.196.18, Remote port: 179
--
===
Eduardo Meyer
Re: OpenBGP "state change OpenSent -> Active, reason: Connection closed" trouble
On Jan 16, 2008 11:43 AM, Stuart Henderson <[EMAIL PROTECTED]> wrote: > On 2008/01/16 11:17, Eduardo Meyer wrote: > > I am setting up OpenBGP for the first time in replacement to Cisco. > > However, I am having some troubles which I could not realize the > > reason myself, so I > > > holdtime 4 > > can your peers keep up with that? it's rather low. > > > Local host: 201.87.225.16, Local port: 61684 > > Remote host: 200.184.196.18, Remote port: 179 > > is this the correct local-address? > > "tcpdump -nvvs1500 -i port 179" might give more clues. > > I have lowered holdtime for testing purposes only. With default value the behavior is the same. I have just forced local-address to another one, with "local-address 201.70.200.2" but still the same. Here is the tcpdum output 22:39:40.566835 IP (tos 0xc0, ttl 4, id 9918, offset 0, flags [DF], proto: TCP (6), length: 52) 201.87.225.16.61409 > 200.184.196.18.179: F, cksum 0x375a (incorrect (-> 0x3ca1), 990673835:990673835(0) ack 1878726869 win 33304 22:39:43.925328 IP (tos 0xc0, ttl 4, id 9930, offset 0, flags [DF], proto: TCP (6), length: 64) 201.87.225.16.57856 > 200.184.196.18.179: S, cksum 0x3766 (incorrect (-> 0xdc9c), 2171084445:2171084445(0) win 65535 22:39:43.933442 IP (tos 0xc0, ttl 63, id 2913, offset 0, flags [DF], proto: TCP (6), length: 64) 200.184.196.18.179 > 201.87.225.16.57856: S, cksum 0xb4d4 (correct), 1446395664:1446395664(0) ack 2171084446 win 16384 22:39:43.933508 IP (tos 0xc0, ttl 4, id 9933, offset 0, flags [DF], proto: TCP (6), length: 52) 201.87.225.16.57856 > 200.184.196.18.179: ., cksum 0x375a (incorrect (-> 0xb27e), 1:1(0) ack 1 win 33304 22:39:43.933609 IP (tos 0xc0, ttl 4, id 9934, offset 0, flags [DF], proto: TCP (6), length: 101) 201.87.225.16.57856 > 200.184.196.18.179: P, cksum 0x378b (incorrect (-> 0x69a3), 1:50(49) ack 1 win 33304 : BGP, length: 49 Open Message (1), length: 49 Version 4, my AS 28660, Holdtime 90s, ID 201.87.224.253 Optional parameters, length: 20 Option Capabilities Advertisement (2), length: 6 Multiprotocol Extensions (1), length: 4 AFI IPv4 (1), SAFI Unicast (1) 0x: 0001 0001 Option Capabilities Advertisement (2), length: 2 Route Refresh (2), length: 0 Option Capabilities Advertisement (2), length: 6 Graceful Restart (64), length: 4 Restart Flags: [R], Restart Time 0s 0x: 8000 22:39:43.939183 IP (tos 0xc0, ttl 63, id 2914, offset 0, flags [DF], proto: TCP (6), length: 52) 200.184.196.18.179 > 201.87.225.16.57856: F, cksum 0xf07e (correct), 1:1(0) ack 50 win 17376 22:39:43.939207 IP (tos 0xc0, ttl 4, id 9936, offset 0, flags [DF], proto: TCP (6), length: 52) 201.87.225.16.57856 > 200.184.196.18.179: ., cksum 0x375a (incorrect (-> 0xb240), 50:50(0) ack 2 win 33304 22:39:43.939229 IP (tos 0xc0, ttl 4, id 9937, offset 0, flags [DF], proto: TCP (6), length: 52) 201.87.225.16.57856 > 200.184.196.18.179: F, cksum 0x375a (incorrect (-> 0xb23f), 50:50(0) ack 2 win 33304 22:39:44.163831 IP (tos 0xc0, ttl 4, id 9939, offset 0, flags [DF], proto: TCP (6), length: 52) 201.87.225.16.57856 > 200.184.196.18.179: F, cksum 0x375a (incorrect (-> 0xb15e), 50:50(0) ack 2 win 33304 22:39:44.413831 IP (tos 0xc0, ttl 4, id 9945, offset 0, flags [DF], proto: TCP (6), length: 52) 201.87.225.16.57856 > 200.184.196.18.179: F, cksum 0x375a (incorrect (-> 0xb064), 50:50(0) ack 2 win 33304 22:39:44.713829 IP (tos 0xc0, ttl 4, id 9946, offset 0, flags [DF], proto: TCP (6), length: 52) 201.87.225.16.57856 > 200.184.196.18.179: F, cksum 0x375a (incorrect (-> 0xaf38), 50:50(0) ack 2 win 33304 22:39:45.113830 IP (tos 0xc0, ttl 4, id 9947, offset 0, flags [DF], proto: TCP (6), length: 52) 201.87.225.16.57856 > 200.184.196.18.179: F, cksum 0x375a (incorrect (-> 0xada8), 50:50(0) ack 2 win 33304 22:39:45.713832 IP (tos 0xc0, ttl 4, id 9950, offset 0, flags [DF], proto: TCP (6), length: 52) 201.87.225.16.57856 > 200.184.196.18.179: F, cksum 0x375a (incorrect (-> 0xab50), 50:50(0) ack 2 win 33304 22:39:46.489837 IP (tos 0xc0, ttl 4, id 9952, offset 0, flags [DF], proto: TCP (6), length: 52) 201.87.225.16.57856 > 200.184.196.18.179: F, cksum 0x375a (incorrect (-> 0xa848), 50:50(0) ack 2 win 33304 22:39:47.841844 IP (tos 0xc0, ttl 4, id 9955, offset 0, flags [DF], proto: TCP (6), length: 52) 201.87.225.16.57856 > 200.184.196.18.179: F, cksum 0x375a (incorrect (-> 0xa300), 50:50(0) ack 2 win 33304 22:39:50.345853 IP (tos 0xc0, ttl 4, id 9958, offset 0, flags [DF], proto: TCP (6), length: 52) 201.87.225.16.57856 > 200.184.196.18.179: F, cksum 0x3766 (incorrect (-> 0x9591), 3884765654:3884765654(0) win 65535 22:
Re: OpenBGP "state change OpenSent -> Active, reason: Connection closed" trouble
On Jan 16, 2008 1:15 PM, Stuart Henderson <[EMAIL PROTECTED]> wrote: > On 2008/01/16 12:33, Eduardo Meyer wrote: > > I have lowered holdtime for testing purposes only. With default value > > the behavior is the same. I have just forced local-address to another > > one, with "local-address 201.70.200.2" but still the same. > > > > Here is the tcpdum output > > that doesn't look like openbsd, ours is easy to read ;-) > > the peer just closes the connection on receipt of the Open. > you can either try experimenting with disabling some options > (announce ipv6 none, announce capabilities no) or better, > talk to your peer and see what they have logged. > > > 22:39:43.933609 IP (tos 0xc0, ttl 4, id 9934, offset 0, flags [DF], > proto: TCP (6), length: 101) 201.87.225.16.57856 > 200.184.196.18.179: > P, cksum 0x378b (incorrect (-> 0x69a3), 1:50(49) ack 1 win 33304 > : BGP, length: 49 > Open Message (1), length: 49 > Version 4, my AS 28660, Holdtime 90s, ID 201.87.224.253 > Optional parameters, length: 20 > Option Capabilities Advertisement (2), length: 6 > Multiprotocol Extensions (1), length: 4 > AFI IPv4 (1), SAFI Unicast (1) > 0x: 0001 0001 > Option Capabilities Advertisement (2), length: 2 > Route Refresh (2), length: 0 > Option Capabilities Advertisement (2), length: 6 > Graceful Restart (64), length: 4 > Restart Flags: [R], Restart Time 0s > 0x: 8000 > 22:39:43.939183 IP (tos 0xc0, ttl 63, id 2914, offset 0, flags [DF], > proto: TCP (6), length: 52) 200.184.196.18.179 > 201.87.225.16.57856: F, > cksum 0xf07e (correct), 1:1(0) ack 50 win 17376 22565151 105683507> > > Hello, This follow-up is to thank you all who replied and mention the solution (what is good for the history). I forced binding to the correct IP address declaring neighbor's local address, and added a static route to the box, instead of using the default one, although they were nexthoping to the same address. Finally I removed the "passive" keyword. Now its OK with the first BGP neighbor, I will setup the second tomorrow morning but probably there wont be any other problem. Thank you all and thanks for OpenBGP. Way simple, functional and much better/clearer than cisco. -- === Eduardo Meyer
OpenBGP - Saving & Restoring routes, possible?
Hello, I have setup OpenBGP doing full routing with 3 other peers, so I get around 240k routes from each peer. But if by some reason I have to restar bgpd, it takes up to 5 minutes so I can all routes updated again. Is there a way to save and later restore the RIB/FIB tables? Since the only problem on commodity hardware are the mobile parts, I am also settig up a SPARE router with carp, so if one gets down, the spare will assume. But resync'ing the tables is again, reason for a higher downtime. So if I could save the tables in a machine and restore it on the other, would be great. Can I do this? -- === Eduardo Meyer pessoal: [EMAIL PROTECTED] profissional: [EMAIL PROTECTED]
Re: OpenBGP - Saving & Restoring routes, possible?
On Feb 18, 2008 5:39 PM, NetOne - Doichin Dokov <[EMAIL PROTECTED]> wrote: > Eduardo Meyer NAPISA: > > Hello, > > > > I have setup OpenBGP doing full routing with 3 other peers, so I get > > around 240k routes from each peer. But if by some reason I have to > > restar bgpd, it takes up to 5 minutes so I can all routes updated > > again. > > > > Is there a way to save and later restore the RIB/FIB tables? > > > > Since the only problem on commodity hardware are the mobile parts, I > > am also settig up a SPARE router with carp, so if one gets down, the > > spare will assume. But resync'ing the tables is again, reason for a > > higher downtime. So if I could save the tables in a machine and > > restore it on the other, would be great. > > > > Can I do this? > If you search back the mailing list archive, you'll find some setups > i've proposed, which do exactly that - CARPed BGPs with no downtime for > full BGP refresh. > About your idea - saving / restoring routes - the very prime idea of BGP > is just that - to NOT save routes, and to distribute them. > > Kind regards, > Doichin > Thank you Doichin, I will search for it and rethink my concept on route distributing vs routing saving. -- === Eduardo Meyer pessoal: [EMAIL PROTECTED] profissional: [EMAIL PROTECTED]
OpenBGP - Balancing between peers
I have another doubt. My peers have different bw connected to me, one peer is 20Mb/s and the other is 30Mb/s. I know I may be failing on some BGP concepts here, but this is my very first time implementing full routing with 2 peers. So, please be patient ;) How should I balance, proportionally, those outbound traffic? Whould I use "weight"? Examples are also appreciated. Thank you again. -- ======= Eduardo Meyer pessoal: [EMAIL PROTECTED] profissional: [EMAIL PROTECTED]
Re: OpenBGP - Balancing between peers
On Feb 18, 2008 8:47 PM, Dustin Lundquist <[EMAIL PROTECTED]> wrote: > To balance your inbound you can prepend your AS number to your > advertisements to depreference them. Some larger ISPs do this on a per > prefix basis, but since a sizable portion of ISPs are running Cisco gear > with a 256K prefix limit it is not advisable to create additional > prefixes for the purposes of traffic balancing. > > For outbound, its easier you can use local preference. For reference > here is the Cisco BGP path selection process, OpenBGPD is similar: > http://www.cisco.com/warp/public/459/25.shtml > > > Dustin Lundquist Right, I could define the preffered outbound traffic to a certain AS with localpref. However, I could not balance it, and did not find how I am supposed to. For example, I have a certain traffic outgoing to AS 4230, it was going via AS17379, and with localpref I could make it go via 18881. However, I need to balance it in the adequated ratio, say, make 40% of outgoing traffic to 4230 go via 1881 while 60% goes out via 17379. If you could point me to what to read, or suggest anything, thats what I need, some words from the experienced ones. > > > > > Eduardo Meyer wrote: > > I have another doubt. > > > > My peers have different bw connected to me, one peer is 20Mb/s and the > > other is 30Mb/s. > > > > I know I may be failing on some BGP concepts here, but this is my very > > first time implementing full routing with 2 peers. So, please be > > patient ;) > > > > How should I balance, proportionally, those outbound traffic? Whould I > > use "weight"? Examples are also appreciated. > > > > Thank you again. > > > -- === Eduardo Meyer pessoal: [EMAIL PROTECTED] profissional: [EMAIL PROTECTED]
Re: offloading layer 7 packet classification to hardware
how does pfsense classify p2p traffic? On Thu, Oct 30, 2008 at 4:28 PM, Stuart Henderson <[EMAIL PROTECTED]> wrote: > On 2008-10-30, uday <[EMAIL PROTECTED]> wrote: >> hi guys, >> >> i just wanted to know if anyone has any experience with offloading PF >> layer 7 packet classification with hardware accelerators such as >> sensory networks's hyperscan ? > > unlikely, because PF does not do layer 7 packet classification. -- === Eduardo Meyer pessoal: [EMAIL PROTECTED] profissional: [EMAIL PROTECTED]
OpenBGP: 3 doubts regarding localpref, rib out and announcement
Hello, I have 3 simple but yet annoying doubts. First, it's about localpref. Today I have a /23 prefix which I announce only to one peer and which I also go upstream to this very only peer. However the upstream policy I had to use "pf route-to" to achieve the desired behavior. I could not arrange to sort a match filter which would allow me to set localpref to any destionation for a prefix of mine (outgoing). I cam, for sure, arrange to set destination based localpref. Say, I can raise or lower localpref for a given destination, but not for all destionations from a /23 source of mine. Tried things like: match to $peer_2 prefix X.Y.Z.0/23 set localpref +50 But it wont work as I need. Please remember X.Y.Z.0/23 is announced by me. By second doubts is regarding "bgpctl show rib out". This command shows what I announce in one OpenBGP router but does not shows on any other one. I have read the man pages, I have softreconfig set o yes for both in and out (which is the default, btw, as mentioned on man page and as bgpd -nv shows me). Sometimes I use "bgpctl net show" but thats not as nice as "sh rib out". Finally, my last doubt. I want to re-announce the bogon prefix I get from cymru projet to by internal BGP servers. I do "announce all" but the bogon list prefixes I get from cymru don't get announced. I managed to " set community delete NO_EXPORT" since I believed the NO_EXPORT community cymru sends me is the cause of non-reannouncement on "announce all" desired behavior. However its still dont get announced to my peers. I tried things like: allow to $my_inner_peer community $cymruas:888 But they did not work. Any other suggestions? Thank you. -- === Eduardo Meyer pessoal: dudu.me...@gmail.com profissional: ddm.farmac...@saude.gov.br
Re: OpenBGP: 3 doubts regarding localpref, rib out and announcement
On Sun, May 23, 2010 at 3:10 PM, Henning Brauer wrote:
>> match to $peer_2 prefix X.Y.Z.0/23 set localpref +50
>>
>> But it wont work as I need. Please remember X.Y.Z.0/23 is announced by me.
>
> localpref for outgoing? that is useless. localpref is, well, local,
> and not transmitted to the peer. and since you're setting it outbound
> (after all route decisions) it is a noop.
I believe I was not clear. I need to set a certain prefix of mine with
a higher localpref. It's not expected to be transmitted to the peer,
it's a local router policy decision to set localpref for a local /23.
Today I do this with pf route-to.
pass route-to peer2_ip from x.y.z.0/23 to any
> sounds like you're after sh ri out nei foo
Thats excactly what I wanted, thank you a lot Brauer.
>
>> Finally, my last doubt. I want to re-announce the bogon prefix I get
>> from cymru projet to by internal BGP servers. I do "announce all" but
>> the bogon list prefixes I get from cymru don't get announced. I
>> managed to " set community delete NO_EXPORT" since I believed the
>> NO_EXPORT community cymru sends me is the cause of non-reannouncement
>> on "announce all" desired behavior.
>> However its still dont get announced to my peers.
>
> i bet this is an invalid nexthop case. set nexthop-self might be
> required.
That's why I like talking to whom knows. You are absolutely right,
thank you again :) I could export it setting it to a reachable
nexthop.
But now I tried something else which did not work.
My scenario:
group "cymru" {
...
set community $myasn:6
...
peer $cymru1 {
...
...
}
peer $cymru2 {
...
}
}
#match from any community $myasn:6 set community delete NO_EXPORT #
[1] works great
match to $transit_peer1 community $myasn:6 set community delete
NO_EXPORT # [2] wont work, never gets deleted
My intention: export selectively what I get from group cymru, by
selectively removing the NO_EXPORT community.
If I comment [1] and uncomment [2] the rule wont match. [1] always match fine...
In fact I tested a number o rules and nome with "match to .. set X"
worked, when I am dealing with a prefix I got from someone else (not
announced by be).
What am I missing?
--
===
Eduardo Meyer
pessoal: dudu.me...@gmail.com
profissional: ddm.farmac...@saude.gov.br
OpenBGP bgpctl(8) asdot / 4byte-asn
Is there a way bgpctl will produce run-time information not using asdot format? I am trying to convert my OpenBGP conf to RPSL but the later is old enough that wont accept as-dot format, therefore I need it in 4-byte ASN notation. Thanks. -- === Eduardo Meyer pessoal: dudu.me...@gmail.com profissional: ddm.farmac...@saude.gov.br
Re: OpenBGP bgpctl(8) asdot / 4byte-asn
On Fri, May 27, 2011 at 3:28 PM, Stuart Henderson wrote: > On 2011-05-27, Eduardo Meyer wrote: >> Is there a way bgpctl will produce run-time information not using >> asdot format? > > Not at present, OpenBGP only accepts as-plain for input, it always > outputs as-dot. > > I think we should probably change this, rfc5396 came out a couple > of years ago and pretty much everyone is using as-plain now. (Even > though 3.10 looks far nicer than 196618 ;) Yeah, I agree, but the world seems to prefer plain 4byte (maybe they can read). BTW I have read in many Cisco[1] documents that asdot is made up of (PART1 * 65535) + PART2 However OpenBGP does the math as ((PART1 * 65535) + PART2) + PART1. How can Cisco be wrong again? lol [1]http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6554/ps6599/white_paper_c11_516829.html Thanks, Ill do some shell scripting to convert. -- === Eduardo Meyer pessoal: dudu.me...@gmail.com profissional: ddm.farmac...@saude.gov.br
OpenBGP Filter - Selectively Announcing by Peer.
Hello, I want to selectively announce what I get from my peers (whom I am transit for) for a certain upstream peer. I decided to use community to do so, like that: # Add what I get from my transit peers to communyt $myasn:1010 match from $peer_t1 set community $myasn:1010 match from $peer_t2 set community $myasn:1010 # Selectively announce it to by upstream peer number 2 deny to $peer_up2 allow to $peer_up2 community $myasn:1010 But it did not work. I dont want to manually declare the networks I get, and my upstream wont allow me to "announce all". What is wrong with the above OpenBGP rules? -- ======= Eduardo Meyer pessoal: dudu.me...@gmail.com profissional: ddm.farmac...@saude.gov.br
Re: OpenBGP Filter - Selectively Announcing by Peer.
On Mon, Oct 4, 2010 at 6:12 PM, Claudio Jeker wrote: > On Mon, Oct 04, 2010 at 02:20:55PM -0300, Eduardo Meyer wrote: >> Hello, >> >> I want to selectively announce what I get from my peers (whom I am >> transit for) for a certain upstream peer. I decided to use community >> to do so, like that: >> >> # Add what I get from my transit peers to communyt $myasn:1010 >> match from $peer_t1 set community $myasn:1010 >> match from $peer_t2 set community $myasn:1010 >> >> # Selectively announce it to by upstream peer number 2 >> deny to $peer_up2 >> allow to $peer_up2 community $myasn:1010 >> >> But it did not work. >> >> I dont want to manually declare the networks I get, and my upstream >> wont allow me to "announce all". >> >> What is wrong with the above OpenBGP rules? >> > > You need to set the announce type to "all" which means process all entries > in the RIB with the outbound filterset. Announce "self" which is the > default for eBGP sessions will block all non empty as pathes before > passing the prefix to the outbound filtering. As soon as you do tranist > you need "announce all" plus correct filters. Hello Jeker, I am "announcing al" already. Please enlighten ment, when I do a bgpctl sh rib out nei The prefixes I see are the ones the peer *accepted* from me or the ones I am actually announcing, no matter if the peer accepts or not? Because I "announce all" and later, filter by community, and the abouve "sh rib out nei " shows empty. Thanks again. > > -- > :wq Claudio > > -- === Eduardo Meyer pessoal: dudu.me...@gmail.com profissional: ddm.farmac...@saude.gov.br
ASN Flow Exporter for OpenBGP device
Hello, I have an OpenBGP device and I need to find out which ASN demands more bandwidth to do some sort of traffic policy engineering. Therefore I need to know if there is any software that is able to export netflow data including SRC/DST AS on an OpenBGP system. I have used pfflow and softflowd but on the second AS is always '0' and pfflow will depend on the ability to have pf data per ASN. I know I can set up some rtlabel or pftable to allow OBGP interaction with PF. However, I would need to manually set the whole scenario and the reliability of my information would depend on my observation of potential ASN to be tracked. Its OK but this way I miss the behavior deviations, if a certain quiet ASN suddenly raises traffic and later lowers it back again. So, how options we have? Thank you in advance. -- ======= Eduardo Meyer pessoal: dudu.me...@gmail.com profissional: ddm.farmac...@saude.gov.br
Re: ASN Flow Exporter for OpenBGP device
On Fri, Dec 4, 2009 at 3:08 PM, Henning Brauer wrote: > * Eduardo Meyer [2009-12-04 17:29]: >> Hello, >> >> I have an OpenBGP device and I need to find out which ASN demands more >> bandwidth to do some sort of traffic policy engineering. Therefore I >> need to know if there is any software that is able to export netflow >> data including SRC/DST AS on an OpenBGP system. I have used pfflow and >> softflowd but on the second AS is always '0' and pfflow will depend on >> the ability to have pf data per ASN. >> >> I know I can set up some rtlabel or pftable to allow OBGP interaction >> with PF. However, I would need to manually set the whole scenario and >> the reliability of my information would depend on my observation of >> potential ASN to be tracked. Its OK but this way I miss the behavior >> deviations, if a certain quiet ASN suddenly raises traffic and later >> lowers it back again. >> >> So, how options we have? > > we'd really like that functionality (with pflow(4), of course) but no > good idea on how to do that yet. I can see how hard it gets to be, specially to make it lightweight. One approach would be auto labeling routing entries by AS (basic support for it already exists) and later, pflow would check for it on exporting time, or maybe check from openbgp directly. I hope its possible somehow. Thank you for your time, we really appreciate. > > -- > Henning Brauer, h...@bsws.de, henn...@openbsd.org > BS Web Services, http://bsws.de > Full-Service ISP - Secure Hosting, Mail and DNS Services > Dedicated Servers, Rootservers, Application Hosting > > -- === Eduardo Meyer pessoal: dudu.me...@gmail.com profissional: ddm.farmac...@saude.gov.br
