1 3356 i
This is not a problem for me, but i had to let you know
Best,
--
Ronnie Garcia
it is not recommended, but its not clear.
Then, maybe i should switch to using ports ?
Best,
--
Ronnie Garcia
pretty meaningless
(unless.. well, that's another story)
What other tool would you recommend, then ? The idea is to simulate
legit Internet traffic and/or DDoS traffic.
--
Ronnie Garcia
Kian Mohageri a icrit :
On 4/16/07, Ronnie Garcia <[EMAIL PROTECTED]> wrote:
Bryan Vyhmeister a icrit :
On Apr 16, 2007, at 1:58 AM, Ronnie Garcia wrote:
Clint Pachl a icrit :
Ronnie Garcia wrote:
Do you expect doing more than 100mbits with this hadware (with PF
anabled) ?
I'm
Bryan Vyhmeister a icrit :
On Apr 16, 2007, at 1:58 AM, Ronnie Garcia wrote:
Clint Pachl a icrit :
Ronnie Garcia wrote:
Do you expect doing more than 100mbits with this hadware (with PF
anabled) ?
I'm maxing a P4 2.4Ghz at 40mbits, with a dual em, and a ~300 lines
pf.conf
What is
Clint Pachl a icrit :
Ronnie Garcia wrote:
Chris C. a icrit :
I'm in the need to replace my two 100mbit fxp nic's in my firewall
with a 1000mbit one. The hardware is kinda old. (PIII)
I'm looking for an inexpensive but not bad (so I think no realtek
chips) nic.
Have looked at
bge nics at my local vendors.
So... which driver to go? sk? em?
Do you expect doing more than 100mbits with this hadware (with PF anabled) ?
I'm maxing a P4 2.4Ghz at 40mbits, with a dual em, and a ~300 lines pf.conf
--
Ronnie Garcia
Hey,
I was expecting to stop pfsync with :
ifconfig pfsync0 down
But it did not.
I could stop pfsync by down'ing the physical device, but is there any
other way around ?
I'm using 4.0
Rgds,
--
Ronnie Garcia
r openbgpd (well,
unless somebody pays me so massively for it that I consider that a
sufficient solatium)
How much is massive ? ;)
--
Ronnie Garcia
below:
cpu0: Dual Core AMD Opteron(tm) Processor 280, 2394.36 MHz
cpu1: Dual Core AMD Opteron(tm) Processor 280, 8139.45 MHz
I don't know if that could be related, but look how your two cores are
probed. One is 4 times faster than the other.
--
Ronnie Garcia
this, or how to debug the issue further ?
Did you tweek kernel parameters, like net.inet.ip.ifq.maxlen ?
What is the CPU usage during the transfer ?
Did you try with autonegotiation off, and with speed fixed at 1000base-T
FD on each port ?
--
Ronnie Garcia
in /etc/resolv.conf and an entry /etc/sysctl.conf has
been commented
out.
Which one ? net.inet.ip.forwarding ?
--
Ronnie Garcia
Design | Zope/Plone Development & Consulting | Co-location | Hosting
--
Ronnie Garcia
Directeur
ovea
Til : +33 4 6767
Gsm : +33 6 29500295
http://www.ovea.com
/2007/routers_bol.html
While you are at it, and because i did not see it mentionned in this
list, there is a very good prez made by claudio@ :
Routing with OpenBSD using OpenOSPFD and OpenBGPD
http://www.openbsd.org/papers/linuxtag06-network.pdf
--
Ronnie Garcia
Here is usefull details from Henning (thanks!)
Message original
Sujet: Re: Firewall, high interrupt load, is this a driver problem (dc) ?
Date: Tue, 23 Jan 2007 11:42:22 +0100
De: Henning Brauer <[EMAIL PROTECTED]>
Pour: Ronnie Garcia <[EMAIL PROTECTED]>
Rifiren
Hey Henning,
Henning Brauer a icrit :
* Ronnie Garcia <[EMAIL PROTECTED]> [2007-01-22 21:10]:
I'm graphing a lot of kernel/pf variables with cacti, and i'm clearly
seeing the box maxing at 15k interrupts/s.
that is not necessarily a problem.
I'm raising 15k interru
Ronnie Garcia a icrit :
I recently switched one of our firewalls from Linux to oBSD 4.0.
Its handling approx 8-9 kpps (in+out) on both interfaces. It has a
D-Link DFE-570TX quad ports NIC (dc driver), two ports are used.
On Linux, the CPU was loaded at approx 20% when, and on oBSD, its
less preferred the host
will be when choosing a master. The default is 0. Acceptable values are
from 1 to 254.
?
--
Ronnie Garcia
Daniel Ouellet a icrit :
Ronnie Garcia wrote:
The CPU usage is almost only "interrupt", as you can see on this top
output :
Instead of showing part of your DMESG, all of it would have been better.
You can find it below, for the record.
Anyway, as far as Interrupts are concern, y
os)
pchb0 at pci0 dev 0 function 0 "SiS 651 PCI" rev 0x02
ppb0 at pci0 dev 1 function 0 "SiS 86C201 AGP" rev 0x00
pci1 at ppb0 bus 1
vga1 at pci1 dev 0 function 0 "SiS 650 VGA" rev 0x00: aperture at
0xf000, size 0x40
Kind regards,
--
Ronnie Garcia
e same target.
[1] http://www.w3.org/TR/WAI-WEBCONTENT (see 13.1)
--
Ronnie Garcia
firewall (the one owning the
shared CARP IP) will announce routes thru OSPF over the CARP interface.
Regards =]
--
Ronnie Garcia
ions, you should set the neighbor address to be the loopback
address of your other border router.
Your router-id parameter should also be the IP adress of your local
loopback interface.
Your loopback interfaces should have a /32 IP adress set.
Regards,
--
Ronnie Garcia
more practical anecdotes as to where it is really useful.
This is more or less the definition of a VPN, not VLANs.
--
Ronnie Garcia
Claudio Jeker a icrit :
On Tue, Oct 10, 2006 at 07:59:23PM +0200, Ronnie Garcia wrote:
I have an OSPF enabled backbone and want to insert two firewalls.
Each firewall will be connected to one different core router.
My idea is to setup OSPFd on the interfaces plugged to the core, and
CARP on
can enter thru FW2 and the corresponding
ACK packet go back thru FW1.
Will pfsync just handle the split sessions happily ? Will it handle the
load for, say, 10k pps ?
Kind regards,
--
Ronnie Garcia
routes?
Currently all as-external routes are announced with a default metric of
100 and as type 1 routes. I planned to add support for a "set metric" and
"set type" type option for the redistribute keyword but had no time to
finish the implementation.
That would just rock =]
--
Ronnie Garcia
Stuart Henderson a icrit :
On 2006/09/30 21:59, Ronnie Garcia wrote:
Is it planned at any time to implement a (cisco-like) "network"
parameter, to be able to tell ospfd which network it should annouce ?
Actually i need a mix of "default" and "static"/"co
to announce a default route,
and a few static/connected routes into the IGP.
Regards,
--
Ronnie Garcia
29 matches
Mail list logo
