pf af-to silently dropping oversized packets (affects pmtud)

I'm working on setting up an OpenBSD box to perform CLAT services for 464XLAT on my network. v4-only clients will be behind the pf box, which uses af-to to translate v4 packets to v6 and send them to my border NAT64 gateway. Things are working pretty well, but I've bumped into an issue with lar

Feature request for pf: allow embedding IPv4 into source address of af-to IPv6 packets (like SIIT/EAMT/NAT46)

Congratulations on a successful 7.4 release! I'm writing with a gentle feature request for pf; I asked about this functionality a long time ago and have seen a few other related questions on the list since then. Now that I've played with another NAT64 implementation (Jool), I think I can artic

Re: CARP and transit network to ISP

On Oct 1, 2012, at 7:42 PM, Henning Brauer wrote: > that is some time ago? Yes, it was. We were probably still running 4.3 (or so) when we made the change to having the ISP hand everything off to a single address. Jason -- Jason Healy|jhe...@logn.net| http://www.logn.net/

Re: CARP and transit network to ISP

/23 to our internal LAN. Jason -- Jason Healy|jhe...@logn.net| http://www.logn.net/

Re: CARP and transit network to ISP

liases, performance on the OpenBSD box improved substantially. We now have CARP answer for our end of the /30, so it just answers for one address. All other routing/NAT/firewalling is done using PF and static routes, and the performance there is much better. Jason -- Jason Healy|jhe...@lo

82573 E/L em(4) performance problems

I have a server with 4 em(4) cards in it: two are on-board PCIe, and two are on a single PCIe expansion card. The on-board NICs are Intel 82573E and 82573L chipsets (one of each), while the expansion card has two 82571EB ports. Recently I've been trying to increase throughput on this box (we use

Re: LACP trunk load balancing hash algorithm

On Jan 18, 2011, at 6:51 AM, Claudio Jeker wrote: > 165kpps is fairly low. Please add a dmesg so there is a chance to see what > is causing this low rate. Modern HW with good nics should handle around > 500kpps. Good to know. Right now we're only on a 45Mbps connection at about 5kpps, so that se

LACP trunk load balancing hash algorithm

t a C hacker, so nothing jumped out at me for computing the hash... Thanks, Jason -- Jason Healy|jhe...@logn.net| http://www.logn.net/

Re: Match rule with scrub options cause some websites to "hang"

perienced this in the past as well. I always assumed it was misbehaving hosts causing the problem, but I don't have any control over those hosts so I ended up just commenting out the line. Jason -- Jason Healy|jhe...@logn.net| http://www.logn.net/

PF Performance Tweak Folklore

inking about buffers, default MSS, ECN, window scaling, SACK, etc. I know it doesn't hurt to turn them on, but am I doing any good for the connections I'm forwarding? Thanks for any input and advice you can provide; I'm looking forward to using PF for another 10 years... =) Jason -- Jason Healy|jhe...@logn.net| http://www.logn.net/