hello

hi

hello

hi

hello

servus!

need some basic networking advice...

I picked up some fast NICs and will be doing some testing on them

they're dual port 100G & 25G NICs, but I only have a 10G switch

so plan is to have the 2 servers connected both directly (100G or 25G speed)

and also via the 10G switch via the 25G

so A <> B and also A <> switch <> B

I would need to have separate IP subnet for the A <>B part I guess

but what I'd really like is traffic to go over the faster path automagically

from anywhere in my network

the only idea I came up with, is on each box with a direct link, to add an /etc/hosts entry with the fast IP address in it

and everywhere else can use normal dns

is there a smarter way?

you could also configure the same ip-addresses as /128 (/32 for v4) on the fast nic and add some extra routing table entries

this way also routed traffic would go the fast path

alternativ go with extra routes over the 2. ip-subnet

dch: is 100G link supposed to work as a bridge between hosts only or larger network segments, behind that hosts ?

satanist: ok that sounds like a better solution then

mzar: its just host to host

I was planning on replacing a mellanox nic and I saw a 2nd hand pair of 100G NICs + SFP and cables for less than the mlx one

I COULD NOT RESIST IT

I have nothing that needs that throughput but its a great opportunity to do some testing

in particular what jail <> host <> host <> jail throughput do i get

are you using vnet jails and if yes, routed or switched?

satanist: for this testing I will vary between all the options

right now I just use host alias jails over zerotier (a bit like wireguard) with fixed ipv6 in each jail

but I will consider wireguard with separate vnet interfaces for each jail

hello, I have created a VM using qemu but there is no internet in the VM. This issue is new to me since VM connects to interenet automatically when I use qemu

I think I have to do some extra steps for interenet but I don't know what to do

ghodawalaaman: share how you invoke qemu

here's a (sadly complicated) example of using qemu with UEFI firmware and accessing a tap0 interface for network

you probably need something like `-nic user,model=virtio` in there

here is the command: qemu-system-x86_64 -cdrom archlinux-x86_64.iso -boot order=d -drive file=arch_image,format=raw -m 4G

ok so you need some network stuff then

docs.freebsd.org/en/books/handbook/…ion/#qemu-virtualization-host-guest actually covers this *much* better than me

ok I will read it first

Been trying to get FreeBSD to run atop of Openstack. But it always ends up with FreeBSD not getting IP address from DHCP and thus being unable to speak to metadata-server.

I've been trying both the official cloud init images as well as bsd-cloud-image.org

Also tried setting virtio settings on the images to no avail

oh, why the random?

is it just slower to gather random data in a VM or am I gonna be generating bad SSH host keys

Ove_: what happens when you run dhclient on the interface?

zip: I don't think it should be slower. What's the kern.random.random_sources OID set to?

And what's kern.random.harvest.mask_symbolic set to?

debdrup: Same thing - it times out. Doesn't get an IP address from DHCP server.

Ove_: then the problem is lower down the stack; is the interface up, and can you do arp requests on it?

what I'm asking is if I should be adding that `-object rng-random` line to my `qemu` setup

debdrup: nothing at all in the arp table.

I have not done so before and I was wondering if it's an important thing to do

zip: TLDR yes but its not critical. It only matters on very first boot, when there is a risk of delay while $RANDOM bits come in

zip: I don't know for sure, but I can't see the harm in trying.

fair enough

debdrup: Also long time no speak.

zip: on a normal system you have better entropy on the nic, keyboard, etc, and not all of these are either available in a vm, or possibly dont have the random chatter that a real system would do

Ove_: true true.

Ove_: do you have a dev.<network device>.0.debug OID?

I shoudl probably have an efi variable storage device set up too

incidentally I had a lot of trouble getting it to run with `-cpu host`, but once I figured out my exact CPU I could get it running. I think I had the same issues with windows 10, but I abandoned that project because basically I don't give a shit if I can't boot windows 10

debdrup: Depends on image I use. if I use the ones from bsd-cloud-image I am not able to get a prompt (because cloud init will overwrite whatever passwords where there originally).

I'll check

I can't say I'm too familiar with cloud-images...

Spinning up machine now. It'll take a while until it fails.

oh, oops, this is running off a 4GB image so now I have to remember how to resize a zpool

debdrup: Nope - not seeing any debug oid

there we go, got ot

oh, missed one. also a `gpart repair`

`gpart repair` lets it rewrite the table so it knows about all the extra space at the end of the virtual disk, `gpart resize` makes the final partition take up that space, `zpool online -e` tells zpool to expand to fit

I think I've not booted this VM up before, it's a decompression of FreeBSD-14.1-RELEASE-amd64-zfs.qcow2.xz

debdrup: tcdumping I can actually see that DHCP is answering

Curiouser and curiouser.

debdrup: dhcpdump confirms it. It is getting an ip back

Ove_: net/dhcpcd?

Can you give it a static IP?

I can try

debdrup: Yup works

And I can reach intarwebz also

Huh.

What version of FreeBSD is these images using?

14.2

debdrup: dhcpcd worked great.

Right, but I'm wondering if dhclient in 15-CURRENT might work better. Are those images available?

Ooooh

Soo

Our whole network is basically L3.

I wonder if that plays in somehow

It's the KVM host that answers with dhcp replys

So arp _should_ work between kvm host and guest

debdrup: seems to have to do with checksuming

KVM host is linux. And it doesn't actually add checksum to the udp packages which dhclient tries to validate (it calculates it's own and tries to match it with dhcdp servers non existent checksum).

debdrup: iptables -A POSTROUTING -t mangle -p udp --dport bootpc -j CHECKSUM --checksum-fill on the kvm host made dhclient work

so i just updated from 14.0 to 14.2 using the guide and now the pkg manager seems busted: `pkg: An error occured while fetching package`

using -d suggests the system's ssl certs are screwed

what can i try?

try using pkg-static instead

rtprio: same with `pkg-static update`

there's an env var to ignore the tls errors, but i can't be doing that long term

vext01: out of curiosity is your date/timezone showing correct?

Tenkawa: huh, no, it is not!

it's an hour out

That could be causing part of the problem

set your time/tz ad try again

er and

I had to do that to get the ssl handshake in tolerances a few times

offset +1988486.208442 sec (lol)

why would updating freebsd cause this though?

and the pkg errors are gone

Tenkawa: thanks

vext01: no problem... mine had a failed battery on its rtc... you working with a desktop or laptop?

it's an old desktop i use as a file server

I wonder if it doesn't have a good cmos battery anymore

has freebsd become a linux distribution? i'm doing this reddit.com/r/foss/comments/1hcomg3/linux_user_survey_responses_needed and it asks at some point what linux distribution have i used, and freebsd is listed there.

no others bsds listed.

i had a cmos battery "randomly" die. it was after the first power down in probably 4 years

rtprio: not much surprising after 4 years of PSU power

i was lucky to have had a spare

rtprio: so once you powered down you only just ended up running into that issue, at least that's my assumption

yep-- the system was also pretty old

that definitely sounds like a cmos battery

What happens if I connect two PCs to a switch and then my ISP fiber modem to the switch? Will the fiber modem allocate DHCP addresses to each device connected to the switch?

it probably won't work

ok, thanks

Ove_: so nothing to do with FreeBSD afterall. :P

hello

Sometimes its good to create symlinked packages (I have no better name for this) for packages which have versions in the name. For example, bacula11-client. For automated scripts, I want to specify bacula-client, and have it install whatever I've decided is the 'latest' - it might be bacula13-client, it might be bacula-14-client. I have not tested anything else, but I'm thinking about symlinks in the All/ directory

dvl: You can use the post-installation section to do that. Whatever is installed the "latest" (even if it's bacula11-client instead of say, bacula13-client) would get symlinked.

TommyC: Since asking, I've become aware of a simple solution: create a new [local] port which has one dependency - the port you want installed.

TommyC: the post hook would also need to update the packagesite files... etc. The beauty of a meta-port (which is what we already call such ports here in house) is poudriere takes care of all that.