On Wed, Jan 15, 2020 at 5:24 PM Navdeep Parhar wrote:
> On 1/15/20 6:55 AM, John Jasen wrote:
> > Executive summary:
> >
> > Periodically, load will spike on network interrupts on one of our
> > firewalls. Latency will quickly climb to the point that things are
> > unresponsive, sessions will tim
On 1/15/20 6:55 AM, John Jasen wrote:
> Executive summary:
>
> Periodically, load will spike on network interrupts on one of our
> firewalls. Latency will quickly climb to the point that things are
> unresponsive, sessions will timeout, and bandwidth will plummet.
Is this with 9000 MTU? Can you
On 1/15/2020 9:55 AM, John Jasen wrote:
> Executive summary:
>
> Periodically, load will spike on network interrupts on one of our
> firewalls. Latency will quickly climb to the point that things are
> unresponsive, sessions will timeout, and bandwidth will plummet.
A couple of wild stabs... Are t
Executive summary:
Periodically, load will spike on network interrupts on one of our
firewalls. Latency will quickly climb to the point that things are
unresponsive, sessions will timeout, and bandwidth will plummet.
We do not see increases in ethernet pause frames, drops, errors, or
anything els
that is being passed throw the FreeBSD router is being marked by
itpables as INVALID.
An example for an INVALID packet:
http://ngtech.co.il/nat_issue/proxy2.pcap
Eliezer
On 26/08/2015 21:24, Eliezer Croitoru wrote:
Hey lists,
I had a similar issue in the past but now I have found the combination
I added a filter rule to iptables with a INVALID reject match and any
packet that is being passed throw the FreeBSD router is being marked by
itpables as INVALID.
An example for an INVALID packet:
http://ngtech.co.il/nat_issue/proxy2.pcap
Eliezer
On 26/08/2015 21:24, Eliezer Croitoru wrote
On Tue, 7/16/13, Eugene Grosbein wrote:
Subject: Re: FreeBSD router problems
To: "Barney Cordoba"
Cc: freebsd-net@freebsd.org
Date: Tuesday, July 16, 2013, 1:10 AM
On 15.07.2013 22:04, Barney Cordoba
wrote:
> Also, IP frag
On 15.07.2013 22:04, Barney Cordoba wrote:
> Also, IP fragmentation and TCP segments are not the same thing. TCP
> segments regularly will come in out of order, NFS is too stupid to do
> things correctly; IP fragmentation should not be done unless necessary
> to accommodate a smaller mtu.
The PR
On Sun, 7/14/13, Eugene Grosbein wrote:
Subject: Re: FreeBSD router problems
To: "Barney Cordoba"
Cc: freebsd-net@freebsd.org, "isp"
Date: Sunday, July 14, 2013, 1:17 PM
On 14.07.2013 23:14, Barney Cordoba
wrote:
>
On Sun, 7/14/13, Eugene Grosbein wrote:
Subject: Re: FreeBSD router problems
To: "Barney Cordoba"
Cc: "isp" , freebsd-net@freebsd.org
Date: Sunday, July 14, 2013, 1:17 PM
On 14.07.2013 23:14, Barney Cordoba
wrote:
>
On 14.07.2013 23:14, Barney Cordoba wrote:
> So why not get a real 10gb/s card? RJ45 10gig is here,
> and it works a lot better than LAGG.
>
> If you want to get more than 1Gb/s on a single connection,
> you'd need to use roundrobin, which will alternate packets
> without concern for ordering. Pu
k and modern TCP stacks know how to deal
with out of order packets.
ifconfig lagg0 laggproto roundrobin laggport em0 laggport em1
BC
On Thu, 7/11/13, isp wrote:
Subject: Re[2]: FreeBSD router problems
To: "Alan Somers"
Cc: freebsd-net@fr
rote:
>
>
>
> Hi! I have a problem with my FreeBSD router, I can't get more than 1 Gbps
> throught it, but I have 2 Gbps LAGG on it. There are only 27 IPFW rules
> (NAT+Shaping). IPoE only.
> lagg0 (VLAN's + shaping) - two 'igb' adapters
> lagg1 (NAT, tso
M, isp wrote:
>
>
>
> Hi! I have a problem with my FreeBSD router, I can't get more than 1 Gbps
> throught it, but I have 2 Gbps LAGG on it. There are only 27 IPFW rules
> (NAT+Shaping). IPoE only.
> lagg0 (VLAN's + shaping) - two 'igb' adapters
> lagg1 (N
Hi! I have a problem with my FreeBSD router, I can't get more than 1 Gbps
throught it, but I have 2 Gbps LAGG on it. There are only 27 IPFW rules
(NAT+Shaping). IPoE only.
lagg0 (VLAN's + shaping) - two 'igb' adapters
lagg1 (NAT, tso if off) - two 'em' adapters
I have a Linux server acting as a Home Agent for IPv6 Mobility and a
separate Linux client acting as a Mobile Node with a FreeBSD 7.2 router
in-between. The FreeBSD router itself is not participating in mobility,
it's just the Foreign Router that the Mobile Node happens to be attached
to. W
On 2009-Mar-26 11:02:55 -0500, Pierre Lamy wrote:
>A 1 day default timeout for established connections is retarded, since
>virtually all client apps and OSs as well as intervening stateful
>firewalls will lose state after 1 hour.
With respect, this is nonsense. An app or OS should never "lose
Hi,
On Thu, Mar 26, 2009 at 5:02 PM, Pierre Lamy wrote:
> stateshard limit1
>
> If I want to dos this box all I need to do is hold 10k tcp connections open
> in established.
>
> A 1 day default timeout for established connections is retarded, since
> virtually all client apps and
stateshard limit1
If I want to dos this box all I need to do is hold 10k tcp connections
open in established.
A 1 day default timeout for established connections is retarded, since
virtually all client apps and OSs as well as intervening stateful
firewalls will lose state aft
Hi,
On Wed, Mar 25, 2009 at 11:21 PM, Shawn Everett wrote:
> > tcp.established 86400s
> >
> > ^^ This should be 3600.
> >
> > Pierre
>
> That's an interesting thought. Why would that matter?
It's the PF TCP established session timeout, which defaults to 1 day. This
is relevant only
> tcp.established 86400s
>
> ^^ This should be 3600.
>
> Pierre
That's an interesting thought. Why would that matter?
Shawn
___
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send a
tcp.established 86400s
^^ This should be 3600.
Pierre
Shawn Everett wrote:
Any error messages in dmesg output ?
Significant changes in "netstat -m" output before and after ?
The same for "pfctl -s all" output...
The box has been up for about 12 hours now. As a point of dis
Hi,
On Fri, Feb 27, 2009 at 9:04 AM, Shawn Everett wrote:
> On Thursday 26 February 2009, Adrian Penisoara wrote:
> > pfctl -v -s state
>
> It's midnight here. There should be very little active traffic from
> workstations at this hour. I was just about to head off to bed.
>
OK, then check w
On Thursday 26 February 2009, Adrian Penisoara wrote:
> pfctl -v -s state
It's midnight here. There should be very little active traffic from
workstations at this hour. I was just about to head off to bed.
#pfctl -v -s state
No ALTQ support in kernel
ALTQ related functions disabled
all tcp 63
Hi,
On Fri, Feb 27, 2009 at 8:41 AM, Shawn Everett wrote:
> > Any error messages in dmesg output ?
> > Significant changes in "netstat -m" output before and after ?
> > The same for "pfctl -s all" output...
>
> The box has been up for about 12 hours now. As a point of discussion here
> is th
> Any error messages in dmesg output ?
> Significant changes in "netstat -m" output before and after ?
> The same for "pfctl -s all" output...
The box has been up for about 12 hours now. As a point of discussion here
is the output from netstat and pfctl in case anything obvious jumps out.
38
On Feb 26, 2009, at 3:43 PM, Shawn Everett wrote:
Here's a weird one... I set up FreeBSD 5.2 to act as a router.
[ ... ]
Any suggestions would be appreciated.
Try upgrading to a supported version of the OS, first, then work on
debugging any deadlocks if they still reoccur.
Early 5.x ver
Hi Guys,
Here's a weird one... I set up FreeBSD 5.2 to act as a router. I used
the pf.conf script shown at:
http://www.openbsd.org/faq/pf/pools.html#outgoing
Everything works just fine. Traffic is appropriately load balanced and
things work as expected.
Strangely after a few hours something j
Hi,
On Fri, Feb 27, 2009 at 1:06 AM, Shawn Everett wrote:
> Sorry I meant to say FreeBSD 7.0 :)
>
> > Hi Guys,
> >
> > Here's a weird one... I set up FreeBSD 5.2 to act as a router. I used
> > the pf.conf script shown at:
> > http://www.openbsd.org/faq/pf/pools.html#outgoing
> >
> > Everything
Sorry I meant to say FreeBSD 7.0 :)
> Hi Guys,
>
> Here's a weird one... I set up FreeBSD 5.2 to act as a router. I used
> the pf.conf script shown at:
> http://www.openbsd.org/faq/pf/pools.html#outgoing
>
> Everything works just fine. Traffic is appropriately load balanced and
> things work as
new2FreeBSD wrote:
> Dear guys,
>
> I am new to FreeBSD and to this forum as well. Please help me as I am in
> middle of a project. My question is, can I configure the following routing
> protocols on a freebsd router, if so, how can I configure it.
I could only find one. The r
Dear guys,
I am new to FreeBSD and to this forum as well. Please help me as I am in
middle of a project. My question is, can I configure the following routing
protocols on a freebsd router, if so, how can I configure it.
- Ad hoc on-demand distance vector routing protocol (AODV)
- Optimized
"Verbeek, Maarten" <[EMAIL PROTECTED]> wrote:
> i'm busy creating a a http-proxy server/router with FreeBSD 6.2, but
> somewhere along the line i'm doing things wrong i think.
What exactly did you do so far and how is it failing?
> situation: networ
Hi,
i'm busy creating a a http-proxy server/router with FreeBSD 6.2, but
somewhere along the line i'm doing things wrong i think.
situation: network 172.45.x.x/12 -----FREEBSD ROUTER -
192.168.3.x/16 -- firewall.
The defaultroute will be the ip-adress of the firew
Hi Thomas,
it seems that 5.4 has the old routing table code. This code used a TAILQ
to hold all the routes. This turned out to be a problem for large routing
tables so I replaced it with a red-black tree. This happened between 6.0
and 6.1 - 6.0 has still the old code, 6.1 the new one. The old
Hello Harti
Harti Brandt schrieb:
> On Fri, 27 Oct 2006, Thomas wrote:
>
> T>Hello Harti
> T>
> T>Harti Brandt schrieb:
> T>> On Fri, 27 Oct 2006, Thomas wrote:
> T>>
> T>> T>Hello
> T>> T>
> T>> T>I use several 5.4 and 6.1 FBSD machines as router (with quagga). The
> T>> T>average traffic is 30
On Fri, 27 Oct 2006, Thomas wrote:
T>Hello Harti
T>
T>Harti Brandt schrieb:
T>> On Fri, 27 Oct 2006, Thomas wrote:
T>>
T>> T>Hello
T>> T>
T>> T>I use several 5.4 and 6.1 FBSD machines as router (with quagga). The
T>> T>average traffic is 300mbit/s (em interfaces with polling enabled). It
T>> T>wo
Hello Harti
Harti Brandt schrieb:
> On Fri, 27 Oct 2006, Thomas wrote:
>
> T>Hello
> T>
> T>I use several 5.4 and 6.1 FBSD machines as router (with quagga). The
> T>average traffic is 300mbit/s (em interfaces with polling enabled). It
> T>works more or less.
> T>
> T>Problem:
> T>If bsnmpd is run
On Fri, 27 Oct 2006, Thomas wrote:
T>Hello
T>
T>I use several 5.4 and 6.1 FBSD machines as router (with quagga). The
T>average traffic is 300mbit/s (em interfaces with polling enabled). It
T>works more or less.
T>
T>Problem:
T>If bsnmpd is running and I'm doing a snmpwalk from a remote machine the
Hello
I use several 5.4 and 6.1 FBSD machines as router (with quagga). The
average traffic is 300mbit/s (em interfaces with polling enabled). It
works more or less.
Problem:
If bsnmpd is running and I'm doing a snmpwalk from a remote machine the
router has some significant packet loss. We are tal
At Thu, 28 Apr 2005 18:16:03 -0500,
Christopher Chan wrote:
> Can you provide much needed assistance? I have successfully setup a
> FreeBSD Router, but unfortunately it's connectivity is quite buggy.
>
> As per the traditional setup of a router, there are two ethernet
>
Honorable FreeBSD Gurus,
Can you provide much needed assistance? I have successfully setup a
FreeBSD Router, but unfortunately it's connectivity is quite buggy.
As per the traditional setup of a router, there are two ethernet
cards: rl0 and de0.
While the LAN is connected to the de0, the W
> Hello (just signed up to this list),
>
> I am wondering if anyone on the list has any experience using FreeBSD 5.3
> as a
> router in a high traffic environment? I am building a development cluster
> here
> and have decided to try using FreeBSD as my main network router instead of
> somethi
Hello (just signed up to this list),
I am wondering if anyone on the list has any experience using FreeBSD 5.3 as a
router in a high traffic environment? I am building a development cluster here
and have decided to try using FreeBSD as my main network router instead of
something like the Cisco
Thomas,
can you try if_em driver from HEAD and check whether this help.
There were some work done during 5.3-RELEASE.
On Fri, Jan 28, 2005 at 06:18:19PM +0100, Thomas Vogt wrote:
T> netstat -w 1 (polling disabled)
T> input(Total) output
T>packets errs
s to find the maximum pps throughput for the router with small
pakets.
But atm I've problems with device polling.
Graphic:
--
|10.0.1.2 udp send |
--
|
|
---em0--
|freebsd router |
---em1--
|
|
---
At Mon, 20 Dec 2004 19:28:21 +,
Lee Johnston wrote:
> Does any one have any ideas on this? Could the kernel option (options HZ)
> which we use for dummynet/polling effect the rate in which ARP requests are
> issued?
>
> I had planned to place each subnet in a VLAN, and looks like this will h
Hi there,
We are using a FreeBSD machine as a router in one of our PoPs (using Quagga
for BGP support). Today I've noticed a sudden increase in the amount of
ether broadcast traffic on the network. This seems to boil down to the rate
the router is issuing ARP who-has requests.
The machine has a
crease. This is not the most secure way of doing it, but it
allows you to work with a firewall that isn't physically accessible. If you
don't expect the IP address to change, and are willing to reboot if it does,
you can increase the securelevel to 3.
Hope this helps,
Joseph
----- Or
through changes they will be more comfortable with the browser GUI than
terrifying them with a black screen and a prompt ;)
-All the NAT and Firewall stuff that should be on a gateway - many good
tutorials on the web
Regards, JD
- Original Message -
Subject: FreeBSD = Router, and vice
basically I think that is right, as long as the provider is
supplying enough addresses for all the clients..
if not then you need to be using NAT on the external interface.
This implies running ipfw, but then, you probably should be doing that
anyhow..
On Thu, 19 Jun 2003, agent dero wrote:
>
I guess this is a simple question, but I have never done something like this
before, so I figure I'll ask. I have been using FBSD for a while, but now I
need to ship a FBSD server half way across america, and have a newbie press
the power button, plug in two network cards, and have it work.
I
52 matches
Mail list logo
