Re: Apparent IPv6 bug

On 2010.02.25 23:03, Doug Barton wrote: > On 02/25/10 19:56, Steve Bertrand wrote: >> Do you want more v6 traffic thrown at the interface for testing? > > Thanks for the offer, but the load I have on it now is the same as what > I had when I got the crashes, so I think it will

Re: Apparent IPv6 bug

On 2010.02.25 16:45, Doug Barton wrote: > On 02/24/10 14:17, Li, Qing wrote: >> Please try this patch >> >> http://people.freebsd.org/~qingli/nd6.c.diff >> >> and let me know if it works out for you. >> >> Thanks, >> >> -- Qing > > Thank YOU. :) Uptime is 12 hours so far, with fairly continuo

Re: Routing into overlapping subnets

On 2010.02.18 00:31, Christian Ullrich wrote: > * Steve Bertrand wrote: > >> On 2010.02.17 16:42, Christian Ullrich wrote: > >>> send the packet. Why doesn't the kernel look up an ARP table entry by >>> both IP address and interface? >> >&g

Re: Routing into overlapping subnets

On 2010.02.17 16:42, Christian Ullrich wrote: > Hello all, > > I'm having a routing problem I can't wrap my head around. Consider this > situation: I want to provide some common resources (printers etc.) to a > number of clients in separate networks. They each have their own > physical network, an

Re: ipfw not blocking inter jail ip traffic

Peter wrote: > iH, > > Have 2 jails and I don't want them to be able to reach other. > > gulag:#ifconfig em0 > em0: flags=8843 metric 0 mtu 1500 > options=9b > ether 08:00:27:03:18:ea > inet 172.20.6.50 netmask 0xff00 broadcast 172.20.6.255 > inet 172.20.6.

Re: native vlan

Balázs Mátéffy wrote: > Hi, > > I would add, that if you have hosts, a hub or an unmanaged switch without > vlan capability between two switches with vlans those devices will use the > native vlan. This isn't entirely accurate. Note that the VLAN tag is applied during the ingress into the switch

Re: IPv6 fragmentation weirdness

Steve Bertrand wrote: > Kevin Oberman wrote: > >> Second, why the heck is the fragment going out first? This should be OK, >> but I suspect many firewalls (which are often not happy with fragments) >> are not likely to pass a fragment which precedes the initial frame. &g

Re: IPv6 fragmentation weirdness

Kevin Oberman wrote: > Second, why the heck is the fragment going out first? This should be OK, > but I suspect many firewalls (which are often not happy with fragments) > are not likely to pass a fragment which precedes the initial frame. I'll try to find some time today to see if I can replicat

Re: lagg LACP between two hosts

and...@brancatelli.it wrote: > Hello everybody, > > I have a strange curiosity maybe you can clarify me :-) > > Is it possible to do a LACP lagg connection directly between two hosts > using two gigalan and two crossed cables? Or maybe three... ;-) I've done it with two GigE nics, and it works p

Re: IPv6 Ideas

Nathan Lay wrote: > I started playing with IPv6 on my home network with the intent to > transition over. While many things work quite well, IPv6 technology in > general still seems to have some rough edges. I disagree. I believe the "rough edges" do not belong to IPv6, the "rough edges" are the a

Re: Route traffic on a gateway through SSH tunnel

Adrian Chadd wrote: > G'day; > > 2009/4/19 Steve Bertrand : > >> I have a Squid proxy/content filter at my office that I would like to >> route all 80/443 traffic from my home connection, through the proxy. The >> proxy and the termination point of my

Route traffic on a gateway through SSH tunnel

>From what I believe, I'm attempting to do something that has most likely been achieved before, but there is something that I'm missing. This is for my personal home setup. I've built a flash-based CPE, which connects to our DSL network with mpd5. I've enabled NAT, and am using IPFW as the packet

Re: [OT] Multiple default routes / Force external routing

Sam Fourman Jr. wrote: > On Tue, Apr 14, 2009 at 2:23 PM, wrote: I think you are rather confused about what Multiple FIBs is.. All it is is teh ability to make a packet use a particular FIB on it's outgoing path. There is not such thing as an interface being "In" a FIB. All i

Re: Multiple default routes / Force external routing

Julian Elischer wrote: > sth...@nethelp.no wrote: >>> I've poked about for weeks and asked similar questions in >>> -questions and elsewhere without avail. Probably using the wrong keys >>> to search and ask: >>> >>> I have set up a box with various vlan interfaces on it. I naively >>> expected to

Re: #netstat -rn output

Max Laier wrote: > On Tuesday 24 March 2009 06:09:40 Steve Bertrand wrote: >> Can the Netif column be expanded via the command line? > -W is your friend. See also netstat(1) It most certainly is... thanks :) Steve ___ freebsd-net

#netstat -rn output

Hi all, I don't know if this belongs here or not, but here it is anyway. I'm in the middle of troubleshooting why two sub-interfaces on two FreeBSD boxes (directly connected via XO cable) within a /30 can't communicate, and I found that output when doing ``netstat'' is carved at a char length for

uRPF

Hi everyone, I've implemented RTBH within our network, but I have one small issue. I've got one FreeBSD/Quagga edge router that has an interface which contains a default route out. Although this will change in the next while, at this time, it is preventing me from doing reverse path check, thereb

HP Procurve, FreeBSD and LACP

Hi everyone, I'm attempting to configure a lagg interface between a FreeBSD box and an HP Procurve 2848, but can't seem to get it right. The lagg interface consists of an re and an age device, both connected to the switch at 1000/full. FreeBSD claims that lagg is up, but only one of the physical

Re: VLAN access and sub-int

Steve Bertrand wrote: > What I'm asking is if I change the switchport mode on the physically > connected switch port to trunk, will the native em5 interface deal with > the untagged traffic by default? ...upon 'testing' on production gear, it works just fine. em5

VLAN access and sub-int

Hi all, I'm in a bit of a pinch. I need to set up a VLAN from a FreeBSD box to a Cisco catalyst switch, but I am not in a position to test this in a lab before I deploy it. Currently, I've got em5 to a catalyst switch. There are no vlans in place on this switch at this point (other than native 1)

Re: Plz help: Configuring routing protocols on Freebsd router

new2FreeBSD wrote: > Dear guys, > > I am new to FreeBSD and to this forum as well. Please help me as I am in > middle of a project. My question is, can I configure the following routing > protocols on a freebsd router, if so, how can I configure it. I could only find one. The rest may require so

Re: IPv6 autoconfiguration fails

Bruce Cran wrote: > On Thu, 12 Feb 2009 09:56:29 -0500 > Steve Bertrand wrote: > >> Bruce Cran wrote: >>> [forwarding from curr...@] >>> >>> I recently reinstalled -current on my laptop and have started seeing >>> IPv6 autoconfiguration faili

Re: IPv6 autoconfiguration fails

Bruce Cran wrote: > [forwarding from curr...@] > > I recently reinstalled -current on my laptop and have started seeing > IPv6 autoconfiguration failing. I have two interfaces re0 and > ath0: re0 is plugged in and gets an address via DHCP while I'm not > using wireless at the moment so ath0 remai

Re: Support for IPv6 tables in ipfw?

Raffaele De Lorenzo wrote: > Hi, > I developed with Luigi (as mentor) and Mariano Tortoriello the first > release of ipfw with ipv6 extension. If you and the FreeBSD Community > think that the tables functional is a good feature i can develop it for > IPv6 protocol. I think that tables are extrem

Re: Certain traffic not being routed as expected

Steve Bertrand wrote: > Hi everyone, ...hrm...never mind. I was trying too hard to think again... The traffic was allowed through, obviously because the _destination_ is allowed to be routed. I have no idea why I had such a lapse of sense ;) Sorry for the noise. *hangs head* St

Certain traffic not being routed as expected

Hi everyone, I have a strange issue, and am hoping that I am just missing something simple. I apologize for the length, but I'm at a complete loss. I learn the IPv4 BOGON from Cymru via BGP, and here is one route currently in my routing table: 192.168.0.0/16 192.168.222.1 UG1 0

Re: IPv6 routing help?

Ivan Voras wrote: > Steve Bertrand wrote: >> Ivan Voras wrote: >> >>> As far as I understand ipv6 (very little), this basically says the >>> router told the client it can't send packets to outside addresses with >>> source addresses that are link-loc

Re: IPv6 routing help?

Ivan Voras wrote: > The last line correctly lists the link-local ipv6 address of the router. > This looks ok, except attempts to actually use ping6 on this address fail: > > # ping6 fe80::250:8bff:feeb:8401 > connect: Invalid argument Oh, and I've found in the past that FreeBSD requires you to a

Re: IPv6 routing help?

Ivan Voras wrote: > As far as I understand ipv6 (very little), this basically says the > router told the client it can't send packets to outside addresses with > source addresses that are link-local. Is this correct? I don't know much about 6to4. All of my IPv6 is native, but what you are saying

loopback creation at boot

Hi all, I'm curious to know if the creation of additional 'lo' interfaces is possible at boot via the traditional /etc/rc.conf as of yet. Forgive me if I've missed anything regarding this. I'm still trying to blend some functionality between FBSD and Quagga for certain routing functions. This i

netstat byte/bit confusion

Hey all, I'm experiencing conflicting information on throughput numbers when comparing information garnered via MRTG on a 1000Mbps HP Procurve, and netstat -h -w1 on a server connected to the switch. What I want to know is if netstat in the below case is actually displaying the info in bits, even

Re: m0n0wall/pfsense question.

Julian Elischer wrote: Does anyone know whether the above mentionned bsd systems boot to a ram disk or keep their filesystem on teh flash/disk? Julian, It depends... Its been a while, but any system I've built lately (not related to the aforementioned) are easily dumped from startup->runni

Re: Tunneling issues

[EMAIL PROTECTED] wrote: ifconfig gif1 inet 192.168.72.1 192.168.70.1 netmask 255.255.255.0 Above you are assigning a /24 netmask. Got it from the manual # ifconfig gif0 create # ifconfig gif0 tunnel A.B.C.D W.X.Y.Z # ifconfig gif0 i

Re: Freebsd IP Forwarding performance (question, and some info) [7-stable, current, em, smp]

Ingo Flaschberger wrote: Dear Steve, My next "router" appliance will be: http://www.axiomtek.com.tw/products/ViewProduct.asp?view=429 This is exactly the device that I have been testing with (just rebranded). cool. what performace do you reach? After some very quick testing with everythi

Re: Freebsd IP Forwarding performance (question, and some info) [7-stable, current, em, smp]

Ingo Flaschberger wrote: Dear Steve, My next "router" appliance will be: http://www.axiomtek.com.tw/products/ViewProduct.asp?view=429 This is exactly the device that I have been testing with (just rebranded). cool. what performace do you reach? It's hard to say right now as I've really o

Re: Freebsd IP Forwarding performance (question, and some info) [7-stable, current, em, smp]

Ingo Flaschberger wrote: My next "router" appliance will be: http://www.axiomtek.com.tw/products/ViewProduct.asp?view=429 This is exactly the device that I have been testing with (just rebranded). Steve ___ freebsd-net@freebsd.org mailing list http:

Re: Freebsd IP Forwarding performance (question, and some info) [7-stable, current, em, smp]

Mike Tancsa wrote: The box in the middle doing the forwarding If I can help in any way, a topo map of the setup that you are facing would be good. What do you have at either end. In the interest of pushing 500kpps, I have this, if it helps with troubleshooting: [EMAIL PROTECTED]:0:0: cl

Re: Freebsd IP Forwarding performance (question, and some info) [7-stable, current, em, smp]

Support (Rudy) wrote: Ingo Flaschberger wrote: usually interface polling is also chosen to prevent "lock-ups". man polling I used polling in FreeBSD 5.x and it helped a bunch. I set up a new router with 7.0 and MSI was recommended to me. (I noticed no difference when moving from polling -

Re: Freebsd IP Forwarding performance (question, and some info) [7-stable, current, em, smp]

Wilkinson, Alex wrote: So how does one enable "ip fast forwarding" on FreeBSD ? Not to take anything away from Ingo's response, but to inform how to add the functionality to span across reboots, add the following line to /etc/sysctl.conf net.inet.ip.fastforwarding=1 Steve

Re: Freebsd IP Forwarding performance (question, and some info) [7-stable, current, em, smp]

Mike Tancsa wrote: At 04:04 AM 6/29/2008, Paul wrote: This is just a question but who can get more than 400k pps forwarding performance ? OK, I setup 2 boxes on either end of a RELENG_7 box from about May 7th just now, to see with 2 boxes blasting across it how it would work. *However*, th

Re: IPV6 problem : nd6_lookup: failed to add route for a neighbor

Tuc at T-B-O-H.NET wrote: But once I brought it all up, I got : kernel: nd6_lookup: failed to add route for a neighbor(2001:0470:0007:0028::0001), errno=17 With your exact configuration between two 7.0 boxes, I see no indication of this error whatsoever, with the /128 prefix.

Re: SOLVED (was Re: Problem clarification (was: Problems with vlan + carp + alias))

Peter Jeremy wrote: On 2008-Jun-26 22:06:11 +0200, Giulio Ferro <[EMAIL PROTECTED]> wrote: I guess what I could do was to "poison" their arp cache for each address with a "is-at" message. Is there a way to force the sending of these messages for all the addresses of an interface? The kernel sh

Re: IPV6 problem : nd6_lookup: failed to add route for a neighbor

Tuc at T-B-O-H.NET wrote: Hi, Running 5.5 (And no "upgrade" messages please, I'm forced to, its out of my hands) and trying to bring up HE's IPV6. I've got it running on a 4.10 system (Ok, feel free to tell me to upgrade, this one is more a lazy issue.. But I am making progress.

Re: SOLVED (was Re: Problem clarification (was: Problems with vlan + carp + alias))

Giulio Ferro wrote: I finally got the problem, and it had nothing to do either with vlans or with carp. The firewall I was setting up was meant to replace an existing freebsd firewall which didn't use vlans (it had a lot of nics). The problem was that the network port where our ISP brings the

Re: if_vlan subinterfaces at boot

Steve Bertrand wrote: Brooks Davis wrote: If anyone can provide me with information on specific working groups or locations that I can directly obtain information for certain areas without disturbing the list, I would be appreciative. Currently, I am deeply focused on the above, and

Re: if_vlan subinterfaces at boot

Brooks Davis wrote: On Mon, Jun 16, 2008 at 09:22:32PM -0400, Steve Bertrand wrote: Steve Bertrand wrote: Brooks Davis wrote: On Mon, Jun 16, 2008 at 08:27:47PM -0400, Steve Bertrand wrote: Is there any way to create, and assign addresses to a if_vlan sub-interface (eg: em6.3) via rc.conf at

Re: if_vlan subinterfaces at boot

Steve Bertrand wrote: Brooks Davis wrote: On Mon, Jun 16, 2008 at 08:27:47PM -0400, Steve Bertrand wrote: Is there any way to create, and assign addresses to a if_vlan sub-interface (eg: em6.3) via rc.conf at boot? I'll post back with the results in case anyone else here has

Re: if_vlan subinterfaces at boot

Brooks Davis wrote: On Mon, Jun 16, 2008 at 08:27:47PM -0400, Steve Bertrand wrote: Is there any way to create, and assign addresses to a if_vlan sub-interface (eg: em6.3) via rc.conf at boot? Sorry for the noise... cloned_interfaces="em6.3" ifconfig_em6.3="inet x.x.x.x

Re: if_vlan subinterfaces at boot

Is there any way to create, and assign addresses to a if_vlan sub-interface (eg: em6.3) via rc.conf at boot? Sorry for the noise... cloned_interfaces="em6.3" ifconfig_em6.3="inet x.x.x.x netmask x.x.x.x" ...seems to be the job. Steve ___ freebsd-net

if_vlan subinterfaces at boot

Hi everyone, Is there any way to create, and assign addresses to a if_vlan sub-interface (eg: em6.3) via rc.conf at boot? If not, is there a documented best practice on how and where in the startup routine a custom script should be run from in order to perform the necessary commands? I'd l

Re: Throughput rate testing configurations

George V. Neville-Neil wrote: At Wed, 11 Jun 2008 09:51:27 -0700, security wrote: Iperf or netperf are probably what you're looking for. I personally prefer netpipe because it tries odd sized (non power of 2) messages and tends to help edge cases come to light. /usr/ports/benchmarks/netpi

Throughput rate testing configurations

Hi everyone, I see what I believe to be less-than-adequate communication performance between many devices in parts of our network. Can someone recommend software (and config recommendations if possible) that I can implement to test both throughput and pps reliably, initially/primarily in a s

Re: Proposal: Enable IPv6 Privacy Extensions (RFCs 3041/4941) by default

Randy Bush wrote: To address those privacy concerns RFC 3041 was written, and eventually obsoleted by RFC 4941. ftp://ftp.rfc-editor.org/in-notes/rfc4941.txt Our IPv6 implementation comes with the code to enable this feature, but by default it is turned off. My proposal is to enable it by default

Re: IPv6/IPv4 DNS resolver source

If you lose your IPv6 connectivity (or worse, if it's up but not performing well) you will run into problems with your end users that have IPv6 enabled because when it's on it is generally tried first. Since more and more operating systems come with IPv6 enabled by default, and more and more

Re: Dual stack with multiple addresses in rc.conf

David DeSimone wrote: Steve Bertrand <[EMAIL PROTECTED]> wrote: ifconfig_fxp0="inet6 2607:f118::b6 prefixlen 64" ifconfig_fxp0_alias0="inet6 2607:f118::b7 prefixlen 64" ifconfig_fxp0="inet 208.70.104.210 255.255.255.248" ifconfig_fxp0_alias1="inet 208.7

Re: IPv6/IPv4 DNS resolver source

Is there anyone here who can advise me where in the source tree I would find the DNS resolver code that performs /A record lookups, and more specifically, the fallback to A lookup if fails? Assuming you're considering getaddrinfo(), see res_queryN() in lib/libc/net/getaddrinfo.c. BTW:

Re: IPIP tunnel behind NAT

Baldur Gislason wrote: It'll work fine. I've done this several times before. Hmmm. I still can't seem to get this setup to work. The FreeBSD box is in behind a Fortigate 200 unit. However I've also had NAT implementations which didn't work this way but this one should definitely work. Are

IPIP tunnel behind NAT

Hi everyone, I'm trying to configure a GIF IPIP tunnel from a FreeBSD box to a Cisco router in order to route IPv6 blocks to a remote location. However, I can't find good documentation to find out whether this will work in behind a NAT device. The FreeBSD box has a private IP, NAT'd 1:1. Th

Re: about DNS server

Edwin Sanjoto wrote: Hi Guyz, I want to gain access to the internet via IPv4 (with the public IP) as my Gateway and I am using pure IPv6 (not dual stack)... I just want to know how to make a DNS server in freeBSD so i can gain access to the internet via IPv4... I've never used the faith dri

Re: Interface address sourced packets go thru default gateway on another interface

> As other contributors have suggested, if you really need source routing, > use pf or similar for that. I believe ipf also supports route-to on the > outbound. Another solutions would be that if there is only a known subset of networks sending you data over the leased line (such as a few /24's),

Re: Interface address sourced packets go thru default gateway on another interface

> My problem is, packets generated with A.B.C.D source address does not go > out thru xl1 but tun0 (which is the default gw). The problem also > happens when an outsite packet destined for A.B.C.D arrives. The packet > correctly arrives from xl1 interface but the response goes out from > tun0. This

Re: dualstack IPv4/IPv6 ADSL PPPoE configuration?

uration is done in regards to PPPoE, particularly with mpd4 and more specifically FreeBSD. Thus far, there is no such documentation. Cc'ing -isp. Steve -- Steve Bertrand Senior Network Manager eagle.ca Internet Services 905.373.9313 ___ freebsd-ne

Re: Quagga as border router

> I'm not saying you should use polling. I'm saying that not using polling > makes for more context switches. 64bit registers are twice as large as > 32bit registers. There will be a bigger penalty on stack/memory usage > and therefore slower transitions from one context to another (read: > handlin

Re: Quagga as border router

>>> Essentially, I'd like a board with at *least* 6 PCI-X slots, and perhaps >>> 8 RAM slots (if I can find justification that my router will work better >>> with up to 16GB of memory). > > Why would you go with PCI-X? it's slow and getting end-of life.. > > go for PCI-Express. > there are quad P

Re: Quagga as border router

I'm going to reply this first response in full context, and Cc my colleague so he can see this. Please reply-all as he is not subscribed, and remove anything not in context from here on out... >> Here is my scenario and minimum requirements: >> >> - two upstreams, BGP, accepting default-originate

Quagga as border router

Hi all, First off, sorry for being so verbose, but any reply to any portion will help me! I was referred to this list from over at -isp/-questions after a question I asked regarding the viability of an ISP using Quagga under FreeBSD as a border router. Many suggested OpenBGP and OpenOSPF as alte