Re: Duplicate MAC addresses in VNET epair interaces

On 14/02/2017 13:51, Bjoern A. Zeeb wrote: ifconfig epair0b ether ether 02:ff:e0:00:00:0b ifconfig: can't set link-level netmask or broadcast Two “ether”s there but I assume that’s a copy and paste issue? No, it's just me being stupid and careless... ;) Ok, it works great both in the jail

Re: Duplicate MAC addresses in VNET epair interaces

On 06/02/2017 20:53, Bjoern A. Zeeb wrote: This is a potentially bad behavior, because if I want to bridge say epair1a on A with epair10a on B with a VPN or a physical connection giving 192.168.1.1 to epair1b and 192.168.1.2 to epair10b, I won't be able to make them talk to each other sinc

Duplicate MAC addresses in VNET epair interaces

Hi all, Setup: 11.0-STABLE FreeBSD 11.0-STABLE #0 r312338: Tue Jan 17 12:29:38 UTC 2017 I've set up two freebsd hosts, each of which has a single VNET jail. On each host I've created 2 epair interfaces. Host A - epair0a, epair1a on the host - epair0b, epair1b on the jail Host B - epai

Re: Issue with igb and lagg (was Re: Problem with link aggregation + sshd)

On 09/12/2012 10:51 PM, Freddie Cash wrote: On Wed, Sep 12, 2012 at 1:48 PM, Jack Vogel wrote: On Wed, Sep 12, 2012 at 12:40 PM, Freddie Cash wrote: Thanks for checking. I've used lagg(4) with igb, just not on 9.x. You're right, it seems to be pointing to the igb(4) driver in 9.x compared t

Re: Issue with igb and lagg (was Re: Problem with link aggregation + sshd)

On 09/11/2012 11:34 PM, Freddie Cash wrote: On Sep 11, 2012 2:12 PM, "Giulio Ferro" mailto:au...@zirakzigil.org>> wrote: > > Well, there definitely seems to be a problem with igb and lagg. > > igb alone works as it should, but doesn't seem to work pro

Issue with igb and lagg (was Re: Problem with link aggregation + sshd)

d to get it working again is ifconfig down and up on one of the physical interfaces. This is on 8.1 On 3 September 2012 19:25, Giulio Ferro wrote: No idea anybody why this bug happens? Patches? On 08/29/2012 10:22 PM, Giulio Ferro wrote: On 08/28/2012 11:12 AM, Damien Fleuriot wrote

Re: Problem with link aggregation + sshd

No idea anybody why this bug happens? Patches? On 08/29/2012 10:22 PM, Giulio Ferro wrote: On 08/28/2012 11:12 AM, Damien Fleuriot wrote: Hi Giulio, Just to clear things up: igb0: 192.168.9.60/24 lagg0: 192.168.12.21/24 Yes. Actually I notice now that the lagg0 address is different from

Re: Problem with link aggregation + sshd

ust in case, did you enable any firewall ? (PF, ipfw) As I already said, no. Nothing is working/active on this server, just sshd. Thank you. On 27 August 2012 21:22, Giulio Ferro wrote: Hi, thanks for the answer Here is what you asked for: # ifconfig igb0 igb0: flags=8843 metric 0

Re: Problem with link aggregation + sshd

| grep 22 On 25 Aug 2012, at 13:18, Damien Fleuriot wrote: I'll get back to you regarding link aggregation when I'm done with groceries. We use it here in production and it works flawlessly. On 25 Aug 2012, at 09:54, Giulio Ferro wrote: No answer, so it seems that link aggregati

Re: Problem with link aggregation + sshd

No answer, so it seems that link aggregation doesn't really work in freebsd, this may help others with the same problem... I reverted back to one link for management and one for service, and ssh works as it should... On 08/21/2012 11:18 PM, Giulio Ferro wrote: Scenario : freebsd 9 s

Problem with link aggregation + sshd

Scenario : freebsd 9 stable (yesterday) amd64 on HP server with 4 nic (igb) 1 nic is connected standalone to the management switch, the 3 other nics are connected to a switch configured for aggregation. If I configure the first nic (igb0) there is no problem, I can operate as I normally do and s

Re: kerberized NFS

On 02/19/2012 02:55 AM, Rick Macklem wrote: I just updated the patch: http://people.freebsd.org/~rmacklem/rpcsec_gss-9.patch If you already downloaded it, please do so again, because it had two arguments reversed in order and would not have worked. I think this one is correct, although I don

kerberized NFS

Thanks everybody again for your help with setting up a working kerberized nfsv4 system. I was able to user-mount a nfsv4 share with krb5 security, and I was trying to do the same as root. Unfortunately the patch I found here: http://people.freebsd.org/~rmacklem/rpcsec_gss.patch fails to apply c

Re: kerberized NFS

Thank you to all of you for your replies. I'll try next week and let you know. My mail server was down for a few hours, but everything should be ok now... Giulio. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebs

Re: kerberized NFS

I forgot to mentioned that I compiled both servers with option KGSSAPI and device crypto, and I enabled gssd on both. Is there anyone who was able to configure this setup? ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinf

kerberized NFS

I'm trying to setup a kerberized NFS system made of a server and a client (both freebsd 9 amd64 stable) I've tried to follow this howto: http://code.google.com/p/macnfsv4/wiki/FreeBSD8KerberizedNFSSetup But couldn't get much out of it. First question : is this howto still valid or something mor

nfsv4 with kgssapi

I'm trying to setup a nfs server which uses the kerberized rpc header, so to overcome the problem with 16 groups: http://www.mail-archive.com/freebsd-sta...@freebsd.org/msg109809.html FreeBSD 8 amd64 stable last (yesterday) Following the man page for nfsv4 I have compiled the kernel with -

Re: PF + BRIDGE still causes system freezing

Max Laier wrote: On Friday 28 May 2010 07:46:07 Giulio Ferro wrote: Months ago I reported a system freezing whenever bridge was used with pf. This still happens now in 8.1 prerelease: after several minutes to hours that the bridge is active the system becomes unresponsive. as I told

Re: PF + BRIDGE still causes system freezing

On 28.05.2010 07:46, Giulio Ferro wrote: Would it be a good idea to try netgraph bridge? Or the underlying implementation is the same as in if_bridge? Months ago I reported a system freezing whenever bridge was used with pf. This still happens now in 8.1 prerelease: after several minutes to

Re: PF + BRIDGE still causes system freezing

On 28.05.2010 07:46, Giulio Ferro wrote: I've also tried to disable all filtering: net.link.bridge.pfil_onlyip=0 net.link.bridge.pfil_member=0 net.link.bridge.pfil_bridge=0 net.link.bridge.pfil_local_phys=0 net.link.bridge.ipfw=0 net.link.bridge.ipfw_arp=0 But to no avail. It always fr

PF + BRIDGE still causes system freezing

Months ago I reported a system freezing whenever bridge was used with pf. This still happens now in 8.1 prerelease: after several minutes to hours that the bridge is active the system becomes unresponsive. # uname -a FreeBSD firewall1 8.1-PRERELEASE FreeBSD 8.1-PRERELEASE #0: Thu May 27 18:03:

Re: NFS permission strangeness

On 16.04.2010 10:29, Sean wrote: Yes, I have more than 16 groups, 22 actually... Then there's nothing "wrong" per se, you're just hitting the fact that NFS v2 and v3 only support 16 groups on the wire. That's just the way the protocol is defined. Ops, I didn't know that... Is th

Re: NFS permission strangeness

On 16.04.2010 02:30, Rick Macklem wrote: login as "giulio", but when I try to access that same dir on the client machine I get: $ cd /path/to/root/dir/etc (ok) $ cd subdir2 subdir2/: Permission denied. What happens is that I can access "subdir2" on the server machine when I Yes, it should wor

NFS permission strangeness

Here's the setup: server : NFS server machine (fb 8 stable amd64 ) client : NFS client machine (as above) server and client are both sharing the same permission database through ldap: Both have in /etc/nsswitch.conf ... group: files ldap ... passwd: files ldap This issue isn't related to ldap

NFS lockd problem

Outset: 1 NFS server (with lockd) 2 NFS client (with lockd) The clients serve several jails with apache, whose data (www) resides on the server From time to time everything seem to freeze. Then, after one minute or so, the system works again as nothing had happened. In these occasions I get

Re: PF + BRIDGE + PFSYNC causes system freezing

On 18.03.2010 20:35, Max Laier wrote: Okay ... so it looks like this is a live lock (not a deadlock) and it's probably caused by relooping packets. Now we "only" have to find the culprit for the loop ... can you share your setup details, again? The simpler the better. Ok > uname -a Fr

Re: PF + BRIDGE + PFSYNC causes system freezing

On 18.03.2010 15:26, Max Laier wrote: Ok, it's happened again... and once the system freezes try to enter the debugger and get ps and locks information. show allchains No result show alllocks Process 4483 (sshd) thread 0xff0002ded3a0 (100159) exclusive sx so_r

Re: PF + BRIDGE + PFSYNC causes system freezing

On 17.03.2010 18:00, Max Laier wrote: Can you enable WITNESS and compile in DDB. Make sure to report any LORs and once the system freezes try to enter the debugger and get ps and locks information. show allchains show alllocks ps After that you can try to "call doadump" so you get the informat

Re: PF + BRIDGE + PFSYNC causes system freezing

On 17.03.2010 17:47, Max Laier wrote: On Wednesday 17 March 2010 17:37:31 Giulio Ferro wrote: On 17.03.2010 16:50, Greg Hennessy wrote: A possible corner case with the virtual hosting platform ? Try changing the NICS from EM to something else supported RL on vmware IIRC

Re: PF + BRIDGE + PFSYNC causes system freezing

hine... Greg From: owner-freebsd...@freebsd.org [owner-freebsd...@freebsd.org] On Behalf Of Giulio Ferro [au...@zirakzigil.org] Sent: 17 March 2010 15:46 To: Daniel Hartmeier Cc: freebsd-net@freebsd.org; freebsd...@freebsd.org Subject: Re: PF + BRIDGE + PFSYN

Re: PF + BRIDGE + PFSYNC causes system freezing

On 17.03.2010 11:47, Giulio Ferro wrote: On 17.03.2010 09:12, Daniel Hartmeier wrote: On Tue, Mar 16, 2010 at 03:19:51PM -0400, kevin wrote: I would like to assist in diagnosing this issue so if anyone wants me to check anything or test, please let me know. I would really like to understand

Re: PF + BRIDGE + PFSYNC causes system freezing

On 17.03.2010 09:12, Daniel Hartmeier wrote: On Tue, Mar 16, 2010 at 03:19:51PM -0400, kevin wrote: I would like to assist in diagnosing this issue so if anyone wants me to check anything or test, please let me know. I would really like to understand this problem. What are your setti

Re: Bridge causes freezes

I confirm this problem for another server: stable 8 amd64 + vlan + carp Whenever I join a bridge with a vlan interface: ifconfig bridge0 addm vlan35 The system soon or later freezes. This time it has happened after 3 days of normal behavior. No logs, no dump. On 03.03.2010 12:30, Giulio

NFS Client error

Freebsd 8 stable amd64 It mounts different file systems by NFS (with locking) on a data server directly connected (gigabit) to the server Apache running in a several jails on those nfs folders. Now and then I get huge slow-down. When I look in the logs I get thousand of lines like these: Mar 5

Bridge causes freezes

I'm setting up an openvpn demon in bridge mode on a firewall. Scenario: freebsd 8 amd64 stable (last week), pf, vlans, openvpn in tun mode (different port, of course), many routes I've created the bridge interface in rc.conf like this: cloned_interfaces="vlan.. .. .. bridge0" ... ifconfig_brid

Re: multicast and multiple nics

Thanks for the reply. ipre...@freebsd.org wrote: I want to run ushare (/usr/ports/ushare). This program sends multicast packets to multicast address 239.255.255.250 The packets should go to the lan, so I add the route: route add 224/4 -iface re0 In order to do the test I switch off the firewal

multicast and multiple nics

This is something that's really been puzzling me lately... Freebsd 8 beta amd64 recently updated The box has 2 nics: (internet inteface) em0 : 192.168.1.1, netmask 255.255.255.0 (lan interface) re0 : 192.168.2.1 netmask 255.255.255.0 (lan interface) 192.168.2.2 netmask 255.255.255.255 (a

Re: NAT-T on current 8

Bjoern A. Zeeb wrote: The NATT patch is slated to hit the FreeBSD tree soon so please do report back your findings. Yes, in case you find any positiv or negative things we'd be happy to hear back from you - or anyone else who's going to give it a try. Sorry for late feedback, very little t

Re: NIC teaming with VLANs does't work

Vincent Hoffman wrote: Possibly try lagg(4) instead? this supports fec and lacp. Thanks, I'll try as soon as I'm able... ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to

NAT-T on current 8

Hi everybody. As far as I know the natt patch hasn't been included in the source tree yet. This fact notwithstanding, is there a patch I can download and apply manually? I need it rather badly... Thanks. ___ freebsd-net@freebsd.org mailing list http://

NIC teaming with VLANs does't work

Freebsd 7.2 amd64 recently updated. I want to aggregate the two nics on my server (em0 and em1) in a single fec interface (so if one nick / switch is down, the other takes over). On this interface I want to build vlans. Here is the networking section of my /etc/rc.conf: ---

Re: Configure networking outside rc.conf

Chris Cowart wrote: Assuming the NICs are displayed by ifconfig -a or inserted into cloned_interfaces in /etc/rc.conf, you can create the following scripts: /etc/start_if.vlan100 /etc/stop_if.vlan100 Where start_if.vlan100 is sourced by the netif start and stop_if.vlan100 is sourced by the neti

Configure networking outside rc.conf

I was wondering if there was a way to cleanly configure networking without using rc.conf but only ifconfig and other utilities This is what I mean: let's suppose that I have a complex network configuration to launch on my machine, for example: - many physical nics (with different speed, mtu, dupl

IPSEC NAT traversal

What's the status of NATT patch in 8 current? Is it usable? Thanks. ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"

Re: NATT patch on current

VANHULLEBUS Yvan wrote: Hi. On Sat, Jan 10, 2009 at 09:40:53AM +0100, Giulio Ferro wrote: I just wanted to report that the nat-traversal patch on HEAD 2008-03-19 fails to apply cleanly. The problem is in the file ipsec.c lines 1847, 1870 Any news for the natt integration in CURRENT

NATT patch on current

I just wanted to report that the nat-traversal patch on HEAD 2008-03-19 fails to apply cleanly. The problem is in the file ipsec.c lines 1847, 1870 Any news for the natt integration in CURRENT? Thanks. ___ freebsd-net@freebsd.org mailing list http://li

ng_fec and vlan

I've tried (without too much effort, I admit...) to create vlan interfaces using a fec device as parent. It was something like this: ... fec_interfaces="fec0" fecconfig_fec0="re1 re2" ifconfig_fec0="inet 192.168.0.1 netmask 255.255.255.0" ... cloned_interfaces="vlan1 vlan2 vlan3 ..." ifconfig_vla

Re: lost routes

Eygene Ryabinkin wrote: Giulio, good day. Good day to you. Was the problem described in some PR? I don't know, really. I heard about it in the past (some years ago) from another guy, and it has happened to me for at least 2-3 years. This is just the first time I've decided to report i

lost routes

I think this is a very old freebsd problem, dating back to freebsd5 or even before. Every now and again static routes are lost by freebsd. In my fw/router/vpn box (average traffic about 10Mb/s) with a lot of interfaces, physical, vlan and virtual, once every x weeks (x very variable) one of the r

Re: SOLVED (was Re: Problem clarification (was: Problems with vlan + carp + alias))

Peter Jeremy wrote: On 2008-Jun-26 22:06:11 +0200, Giulio Ferro <[EMAIL PROTECTED]> wrote: I guess what I could do was to "poison" their arp cache for each address with a "is-at" message. Is there a way to force the sending of these messages for all the addresses o

Re: altq on vlan

Giulio Ferro wrote: http://people.yandex-team.ru/~sem/FreeBSD/vlan+altq.patch Nope, this patch doesn't apply cleanly to freebsd 7... ___ freebsd-net@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe,

altq on vlan

I've tried to set altq bandwidth control on a vlan interface, but this feature doesn't seem to be supported by the vlan driver. I've googled around and I've found that there should be a trivial patch to enable this feature: http://people.yandex-team.ru/~sem/FreeBSD/vlan+altq.patch If this is so

Re: SOLVED (was Re: Problem clarification (was: Problems with vlan + carp + alias))

Steve Bertrand wrote: Thank you Giulio (is it Gio?) No, it's Giulio (english Julius) :-) For some reason when I plugged in the new firewall, only the base non-aliased address was updated in the ISP switch arp cache (if someone can throw a guess at why, I'm eager to listen). Well, you nee

SOLVED (was Re: Problem clarification (was: Problems with vlan + carp + alias))

cal customer care of the ISP and I requested them to reset the arp cache of the port. Done that, everything worked without a glitch. The new firewall is now up and running in production with vlan + carp. Everything seems fine. Thanks to everybody who answered my plea... :-) Giulio Ferro wro

Problem clarification (was: Problems with vlan + carp + alias)

After some more tests I've finally realized that the problem is with vlan and alias. I've taken carp out of the picture. (Please read my previous message on the topic to understand the scenario, I've reported it below) Here is what matters in /etc/rc.conf: -

Re: Problems with vlan + carp + alias

Primeroz lists wrote: What is tcpdump showing for ping on 192.168.10.11 ? can you see echo reply exiting vlan10 interface ? what if you try from your server to "ping -S 192.168.10.11 192.168.10.254 " ? First of all I'm

Re: Problems with vlan + carp + alias

Primeroz lists wrote: Hi , I think you should setup ALL the carp address as alias/32 , like this: ifconfig_carp10="vhid 10 pass qweq 192.168.10.10 netmask 255.255.255.255 " ifconfig_carp10_alias0="192.168.10.11 netmask 255

Re: Problems with vlan + carp + alias

Han Hwei Woo wrote: Hi Giulio, Since the IP's are on the same subnet, you should try using a netmask of 255.255.255.255 on the aliases. Hi Han, Sorry no, changing the mask to 255.255.255.255 of the aliases doesn't change the situation. Anyway exactly the same configuration works with non-v

Problems with vlan + carp + alias

Scenario : freebsd 7.0 stable amd64 (compiled today), bce network interface Simply put, I'm trying to create multiple aliases on the same carp interface. I did this without vlans (on physical interfaces) and it always worked. Here's what I do: ---rc.conf ... ifconfig_bce0="inet 192.168.1.1 ne

Re: VLAN trunking and fragmentation

Pyun YongHyeon wrote: > > # ping -s 2000 192.168.100.2 > PING 192.168.100.2 (192.168.100.2): 2000 data bytes > 2008 bytes from 192.168.100.2: icmp_seq=0 ttl=64 time=0.264 ms > 2008 bytes from 192.168.100.2: icmp_seq=1 ttl=64 time=1001.186 ms [...] > 2008 bytes from 192.168.100.2: icmp_se

Re: VLAN trunking and fragmentation

Pyun YongHyeon wrote: Please try latest attempt to fix re(4) issues. http://people.freebsd.org/~yongari/re/if_re.c http://people.freebsd.org/~yongari/re/if_rlreg.h This one is attempt to fix the following bug reports on re(4). - VLAN tagging does not work on multi-fragmented frames. - Non-wo

Re: VLAN trunking and fragmentation

Pyun YongHyeon wrote: This hardware really make me crazy. There had been many attempts to fix checksum offload related issues. But it seems that several users still suffer from bad checksum or VLAN issues. So I guess the root cause of hardware bug was not yet known. This means that previous patch

Re: VLAN trunking and fragmentation

Giulio Ferro wrote: That's it! Now seems to work properly, the problem then is with hardware tagging. My question now is: can I use vlans without htag in a complex system with heavy traffic without a significant performance loss? If not, how much will it take to fix the issue with the d

Re: VLAN trunking and fragmentation

Pyun YongHyeon wrote: > No packet reached the other PC. Ok, then try disabling hardware VLAN tagging. (#ifconfig re0 -vlanhwtag) That's it! Now seems to work properly, the problem then is with hardware tagging. My question now is: can I use vlans without htag in a complex system with heav

Re: VLAN trunking and fragmentation

Pyun YongHyeon wrote: > The latter is if_rlreg.h, I guess... Oops, yes. > > Anyway they don't compile: > Maybe you don't copy if_rlreg.h to /usr/src/sys/pci directory? I didn't ;-) Ok, I compiled and installed it. The behavior didn't change: the simple ping works all right, but wh

Re: VLAN trunking and fragmentation

Eygene Ryabinkin wrote: Giulio, good day. Thu, Mar 13, 2008 at 02:43:57PM +0100, Giulio Ferro wrote: Pyun YongHyeon wrote: To rule out other possible issues, would you try the following files on your box? http://people.freebsd.org/~yongari/re/if_re.c http://people.freebsd.org

Re: VLAN trunking and fragmentation

Pyun YongHyeon wrote: To rule out other possible issues, would you try the following files on your box? http://people.freebsd.org/~yongari/re/if_re.c http://people.freebsd.org/~yongari/re/if_rereg.h The latter is if_rlreg.h, I guess... Anyway they don't compile: cc -c -O2 -frename-registe

Re: VLAN trunking and fragmentation

Sean Chittenden wrote: interface ethernet 1/g1 switchport mode trunk switchport trunk allowed vlan add 10 exit I think this is an issue with default VLAN membership. I don't think it's where the problem lies, otherwise even a simple ping wouldn't work. The problem here explicitly arises whe

Re: VLAN trunking and fragmentation

Sam Leffler wrote: You failed to provide the output of ifconfig on your running system. Be sure any checksum offload is disabled (should be by the bridge). Sam My bad. I switched off checksum offload in /etc/rc.conf like this: ifconfig_re0="inet 192.168.60.1 netmask 255.255.255.0 -rxcsum

VLAN trunking and fragmentation

I need to configure ports to work with multiple vlan on my redundant freebsd router/firewall. In order to setup my test environment I have 2 freebsd boxes 7.0 STABLE amd64 both with gigabit realtek (re0). According to what the man says, these cards should support vlan in hardware. These PCs ar