how can i debug why my box is showing 20% packetloss when i have a 1gbit inet connection and sudo iftop only shows 120Mb of combined traffic rate?

igb driver fwiw

i got a lagg if over igb0 and igb1 fwiw

the problem could be anywhere between you box and the destination, not necessarily your box itself.

if the problem is my box, how could i debug it? like if my OS needs tuning

or can a default freebsd handle 1gbps of mostly udp just fine?

I'd use iperf on a local network for a bandwith test like that

in other words how can i see if my OS is overloaded and needs expansion of tunables

can iperf test udp?

yes

ok great idea. btw i tested pinging the box from another box in the same DC that ISNT having packetloss issues, and packetloss is showing same 20%

btw, UDP tests with iperf3 default to 1Mbit/s, don't forget to use sth like '--bitrate 1G' on the client side

ok ty

and you can reverse the sender with '-R' to see which one chokes

do you think my cpu being used 94% would explain the packetloss?

check your IRQ usage

ok i got the numbers with vmstat -i, how do i know if the numbers are too high?

depends on too many factors to give a number

ok so how do i make use of the numbers then?

top -P -S

how much percentage irq you see per thread?

30 and more packetloss is probable

by per thread do you mean the per cpu count at the top?

because for all of those cpu lines, the interrupt is 0.0% or so

sometimes 1 will be like 0.4%

idle is around 60% for each

oh sorry wrong box, interrupt is same but idle is like 9% for each

idle machine interrupt is at 9%?

the box with 20% packetloss is showing interrupt at either 0.0% or 0.4% for each cpu core, and idle around 7%

for each cpu core

Have you replaced the cable?

no

worth a try too

9 out of 10 times when I've seen packet loss it ended up being a stupid hardware issue. Mostly cable.

is there anything else i can check to see if it's on the OS level? box is in a DC and i don't wanna bug them unless i kinda need to

Hm, DC cables are usually decent enough quality.

(the people there know how to make them, and usually do test before use)

can you check for broadcast traffic, is your network limited to just you, or you share switches with other parties?

do you have pocketloss locally there too between boxes you run? or is it towards el internetzo?

how do i do that? pretty sure we share

yep

from another box there that has no packetloss, when i ping the lossy 1 i get same 20% rate

well then you could create a ticket i guess, and some of the dc people can check stats, you would not need to pay for hands on support afaics

what do i ask them? what's the point about broadcast traffic?

You could write that you have packetloss on one of your machines, and if they can verify the switch isnt overloaded or something in that line

I have an Atom C3558 mini-PC, with broken uart(4) which tends to freeze the box entirely. this only happens when booted with EFI; legacy bootloader works fine. bug persists through 13.5 to latest CUR snapshot. is this worth reporting or should I just disregard it as a firmware issue?

fwiw, Linux w/ EFI works fine, but I quickly tapped out from reading / cross-referencing fbsd and linux serial driver sources on account of time and sanity

so as long as the cpu core interrupt % is less than 1, it's not overloaded NIC causing packetloss. is there anything else OS level i could check for causing packetloss? like some kinda network buffers getting overfilled or?

i'm not using any firewall like pf atm, fwiw

even if cpu core ran >90% interrupt handler it shouldn't cause packet loss

dang

it should only cause packet loss if the CPU is veritably overloaded

what do you consider overloaded? top shows idle around 5%

the core is pinned

so, 100%

ah, damn. any other ideas for what it could be?

on OS level. ofc it could be hw

try changing the cable

your firewall settings could be wonky, but don't assume that if they've not changed since before this started

no fw enabled

you've eliminated every OS level possibility, I think. try changing the cable. if that fails, press your backup switch (assuming you have one) into service.

concretely: power it up, and plug all your cables into it

and then power down your main switch

then retest

not an easy task in a remote DC..

dropped the cpu usage from 95% down to 75% and the packetloss went away. why?

Does ifconfig_<iface> / _alias<x> do any ordering? Asking, because I'm configuring the "primary" IP as a first, then adding alias1/2/.... but for some reason the first IP goes last?

tried "ordering" them as alias0(the primary IP), 1/2/3 but still.. the 1st goes last ?

ifconfig_iface_alias0 is not the primary IP, it's the first alias

divlamir I said I tried... but nomatter what I tried, the 1st IP I set is never actually set as the 1st IP (i.e. the one that is used for outbound traffic by default)

had to do some fuckery with defaultrouter and -ifa

Onepamopa: ifconfig iface0 inet A.B.C.D/N alias prefer_source

rc.conf equivalent == ?

prefer_source is only for IPv6, isn't it?

ivy: oh are we talking aobut v4 hmm

was disconnected from the bouncer, sorry

and brain fried

wonder if you could use pf for this

Onepamopa: are the netmasks set correctly? usually the source address for the route will be whichever IP address can reach the router (/24 or whatever) while the aliases will be /32s. this doesn't work if your primary address is also a /32, though

the netmasks are all /32 (it's a VPS, I don't have much choice), even though I tried setting a /24 mask on the primary IP, it still ended up being last in the "list" ...

the 3 aliases are 51.38.xxx.xxx

the primary IP is 51.75.xxx.xxx

try this: assign the primary address to the external interface, and configure the secondary addresses as aliases on lo0

something "orders" them in a way where the "smaller" IPs are at the top

and the aliases would be reachable via vtnet0 when they aren't aliases on it?

yes. at least this is how it works in IPv6, i don't use this setup for IPv4 but i think it should also work

the main difference is for IPv4 you need at least one IP address on the interface itself, for IPv6 you don't, but in this case you want an address on the interface anyway so that's fine

that's so un-intuitive....

in Linux, there is a feature called prefsrc that can be used to set the default source IP address for a route. i'd like to have that in FreeBSD, but currently we don't

defaultrouter="51.75.xxx.1 -ifa 51.75.xxx.xxx"

that's the fuckery I referred to earlier

and my surprise when setting an IP address and then aliases... results in that IP address being sent "downwards" for some reason, who "tells" it to "move" ? :)

for some reason... even -ifa doesn't work

what are you expecting -ifa to do? that doesn't affect source address selection as far as i know

well... setting the aliases @ lo0 also doesn't work... nginx listens to 1 of them, trying to connect from the "outside" - no packets @ vtnet0, nothing ...

no packets at all would mean that IP address isn't routed to your VM at all, you should see incoming traffic regardless of local network configuration

it is :) and there are packets when it's alias @ vtnet0

so all I changed was ifconfig_vtnet0_aliasX -> lo0

do you see ARP requests for the address? maybe it's done via L2 instead of routed (in which case, ugh)

yup.. there's arp for the aliases

that is a horrible configuration, i cannot think of a solution off hand

that's OVH for you

needed a test vps for some fuckeries I'm doing...

Oracle has free ones iirc.

Onepamopa: you could try adding a static ARP entry for the address on vtnet0 with the "pub" keyword (see arp(8)), iirc this doesn't actually work though, but i can't remember why

i.e., put the address on lo0, but add the arp entry on vtnet0

what's horrible IMHO is the fact that previous versions of freebsd weren't doing this fuckery... the 1st IP was 1st IP, all IPs were added in the order they're in as aliasX Y Z ...

that basically makes the machine proxy arp for its own address, which is... weird... but this is why i prefer to avoid cheap VPS providers :-)

I'll put money where my mouth is and reinstall using 13.5-stable (currently the VPS is 14.3-stable... just want to confirm this F-ing behavior (got servers with 13.3 where this F-ing behavior isn't observed - 51.210 is the "1st" IP, then some 91.xxx aliases, then 51.30 aliases - at the "bottom")

Onepamopa: just tried in a vm, and seems to work here, an old vm running 14.1-RELEASE. will do a freebsd-update to see if it misbehaves

divlamir here's what I get: bpa.st/KYPA

1 alias completely missing, IPs not added in the order of rc.conf ....

any..... ideas ?

and that's after a system reboot with that rc.conf?

yep, after reboot ..

hrm

divlamir my thoughts, exactly ....

still working here after updating to 14.3-RELEASE-p4

I'll switch kernel/world to 14.3-release, rebuild and get back to you .... if you think it's a "releae vs stable" issue ..

would take a couple of hours tho

it weird, no idea

okay, I'll rebuild and see if that'd still be the case

don't have a stable at hand to test it with

I switched to binary updates for base system years ago so no more STABLE for me too

my kernels are custom but not the base system haha

Remilia: with the magic of pkgbase, you can now run -STABLE and still get binary updates!

although i don't recommend doing this until 15 is out

I'm not really into that

just need to stuff to work and RELEASEs are good

yeah, right now i run main everywhere but i think i'm going to switch to 15.0-RELEASE for non-dev systems

there's a limit to how much you want to be wasting time on that stuff

Onepamopa: tbh if there are no weird control codes in the rc.conf statement for alias0 and yet the alias is not brought up, it sounds like your rc framework is broken in a weird way

question would be... why / how

Onepamopa: 14.3-RELEASE-p3, all aliases are added in order of appearance, none are droped

dropped*

(this is in Hyper-V, I used /32 for all of them)

Remilia I'll just backup some stuff from the VPS and reinstall it via the OVH panel. I think it's 14.3 by default, will see if the fuckery with the aliases persists on a "clean" system

btw could you perchance avoid the f-bombs here?

sorry about that... it's just frustrating AF :)

Hi guys

Could I use ZFS only for my personal partitions not disks, and not system disk

yes, there is no requirement to use ZFS for root, UFS remains fully supported

and will that help in testing the freebsd 14 upgrade?

without breaking my system

help in what way?

Someone here said that to me few months ago

if you don't use ZFS for root you don't get boot environments, which is the usual way to test upgrades and roll back in case of problems, so if that's a concern for you, i would suggest using ZFS root

How?

after I installed the system

and I will it break my whole installation?

there is no built-in way to convert an existing system to ZFS root, you need to create the zfs pool and copy the system over by hand, i would not recommend trying that if you aren't already quite comfortable with ZFS and the FreeBSD boot process

Ivy: yeah I feel it will be danger

And I just want my system to use UFS for root

And ZFS for my data

that's fine, but then you can't use ZFS-specific features for upgrading, so it's up to you

Could I use something like external hard drive for that (ZFS-specific features for upgrading)

no, because it relies on the root filesystem using ZFS

Ok, thank you :)

ivy: This why I want LTS for freebsd

i'm not getting into that again

Like using the same version for +4 years with no concern about upgrading..

Ah, then it was you heh

I just forgot

Remilia divlamir ivy .. "clean" 14.3-RELEASE-p2 after reinstall via the OVH panel ... still does the exact same ******* ....

so, either OVH changed something, or .... no clue

(and by changed, I mean - screwed up)

do you get any error messages if you try to add the missing alias manually?

also is it an image provided by OVH because who knows what they add there

it's not only the alias that is missing, it's the complete "Misalignment" of the rest ...

it's a VPS from OVH installed using their image, so I'd imagine they F-ed up, badly

it does not matter for diagnostics purposes, delete all aliases and add them manually in the order you want them, see what happens

okay, moment..

I would not be surprised if OVH has some daemon/startup service of their own that configures stuff itself

Removed all aliases, reboot, added manually - no issues - aliases appear normally and in the order I added them in...

that means something weird is going on with your rc subsystem

I'm just going to try your exact configuration with my hyper-v VM as an experiment

not mine, their...

I'll F-ing destroy them in a ticket .... SHORTLY

Remilia: OVH maintains cloud-init in freebsd, so i assume they're using it on their platform

oh

the only thing I don't recognize is: 858 u0- I    0:00.00 /bin/sh -o verify /etc/rc autoboot

I think I saw cloud-init on this super cheap VPS I have from alexhost

cloud-init.. how to stop this **** ?

you can probably turn it off in rc.conf

i think the service is called nuageinit, unless they install the ports version

Onepamopa: bpa.st/4RCQ as you can see here

yeah, obviously they F-ed something up, question is how to find and stop it

I was already rebuilt kernel + world ... that didn't help

it wouldn't because cloud-init is not in the base system

i see u have qemu_guest_agent_enable=YES, try disabling that too maybe

Remilia: it is: /etc/rc.d/nuageinit. although i don't know what version this was added in

oh

it's not "cloud-init" (the software) but it is an implementation of the cloud-init spec

divlamir already tried, it's not it ..

ok

nuageinit is also the 1st thing I disabled ...

nuageinit is already disabled in your prevoius rc.conf paste

yeah, was enabled by default

didn't know they provided FreeBSD images, I use mfsbsd to install my vps from the qemu shell

tbh I'd check console log

from boot time

I think I found the culprit

just a sec...

service -e ?

In /etc/rc.conf.d/ -- network and routing ... setting the interface to DHCP, some ipv6 and what not

commented out everything, reboot, voila - everything - as - expected

Ah guys did you added the bug warning in HP 6305 SFF bios to wiki?

I don't want other users suffer from that..

Onepamopa: nice!

The wiki is not really meant for bug reports, there's bugzilla for that, and you can submit your report there

But iirc it was not a freebsd bug, but hardware issues, wasn't it Retrofan?

I left OVH for Hetzner when my vps in Strasbourg melted in the fire. Looking at the pricing they offer about twice the capacity for the same price, hm. Might switch back

divlamir don't get me started on that SBG disaster ... lost a few servers + the backup server which was in a neighboring "room" 1 wall away from the fire

divlamir: my one experience with OVH ended when i asked them to replace a failed disk in a dedicated server running NetBSD, and instead they reinstalled the working disk with Linux

no backups ... it was FUN

ouch

backup server in the same DC doesn't really count for off-site though

well, I had servers in RBX GRA and SBG .. and the backups were in SBG

very bad luck then :-/

yep..

now I got 2 backups ;)

as for hetzner... how are the things in there, anything comparable with ovh's "firewall" / mitigation / etc ?

cause... got hit with a few 200-300 Gbps floods, handled perfectly in ovh (drop udp all ;) ), no complaints from them whatsoever.

I found the ovh interface very clunky, hetzner is way better organized

you are talking about ddos mitigations? haven't had any issues

so, they have ~same functionality as ovh ?

Though maybe they don't insist on reporting them as ovh

pretty much

and maybe better

interesting

worth testing at some point

re: Hetzner, i remember an issue a while ago where someone reported an abusive customer, and they forwarded the reporter's contact details (real name, etc.) to the customer, which was not a popular move

huh

what provider would you recommend in EU?

there's netcup, been looking at their offerings too lately

any comments about them?

I wouldn't go with someone smaller than ovh/hetzner to be honest ...

seen my share of ddos.. smaller providers just won't handle it properly i.e. your IPs null-routed ...

the only EU provider i've tried is Leaseweb and i wasn't super impressed, nothing especially wrong but the service was mediocre. i guess that's typical for large providers though

that just won't do...

divlamir: yeah but I think it should be mentioned

Is 6005 bug even mentioned?

hetzner sucks. demanded photo of gov ID for a crappy $20/mo ded server

didn't buy over vpn, nothing unusual at all

EU ded servers are like 50% more than US based

same with ovh

I'm using netcup because they offer guaranteed resources

regular VPS stuff scares me

their "root" servers? that is what I am looking at

yes

got one I think 2 years ago?

the 10 vCPU / 32 GB RAM plan

it's a lot faster than my old OneProvider dedicated server (Paris DC) and roughly 40% cheaper

also no iLO3 to deal with and server restart is 1 second instead of 8 minutes of sea of sensors

Yeah, in the end it's has the flexibility of a vps, jsut dedicated ressources

however, unlike OneProvider, their networks keep getting blacklisted by MS

for SMTP that is

ah, but that happens often elsewhere too

never happened with OneProvider for me

I only had to email MS once to whitelist my IP and that was it

with netcup it's like

'mitigation applied' then a month later relay access denied again

> Diagnostic-Code: smtp; 550 5.7.1 Unfortunately, messages from [94.16.X.X] weren't sent. Please contact your Internet service provider since part of their network is on our block list (S3150).

hrm, thanks for sharing

and contacting netcup about this is pointless

divlamir: i know you asked for EU, but if you can tolerate UK, all my hosting is at mythic-beasts.com now (they do have a presence in .nl, but it's a UK company). it's not a large company and it's also more expensive than "cloud" providers, so maybe not quite what you're looking for

but i've never had issues with SMTP, support is excellent and they're happy to do custom stuff within reason

thank you ivy, will check them out. I prefer EU for geo latency reasons, not anything else

the only thing i don't like is their .nl isn't L3 access yet, because they acquired it from another company, but last i heard (from a support ticket answered by head of network engineering) they're working on that

wow, a bit steep their pricing

will stick with hetzner for the moment. I don't need much horsepower, just sth that pushes packets outside of my cgnat contryside hell

ivy: those prices are scary haha

yep

they ask 1000 euro or so for half of what I have with netcup

I pay 330 at the moment

(yearly)

and that's with a bandwidth limit that I would break :\

ivy: what happened to using jump networks :P

hi guys, someone here use on freebsd a similar software as Obsidian?

I use Obsidian (sometimes)

vkarlsen: nice, but do u emulate it or install using rpm/deb mechanism of linux binaries compatibility of freebsd?

s1lversurfer: I install textproc/obsidian from ports

i'll check it :)

s1lversurfer: There's some license issue that prevents it from being distributed as a package

vkarlsen: interesting, i haven't checked ports.. i am so dumb and newbie hehe, but it's ok i'am almost drunk, some beers u know... :D

s1lversurfer: Take a look at the Makefile, there's a list of instructions there that will make it easy

yesterday i've installed vscode, almost there, compiling Obsidian :) i'm in love with freebsd, i am a linux user since 2004 and i never tested a bsd system, have no explanation for that lol

the openbsd still alive right ? but the freebsd have the biggest community?

you missed a lot

in 2004 Linux was stable enough that there was no need to seek any alternatives - that might justify it

mzar: ya! empty mind.. i used to work with Red Hat for many years, but u know, they are creating some partnerships with Microsoft... wtff is that ?

I have nothing against them and their partnerships, but FreeBSD is just decent OS

and now the linux community stills in war because of pieces of rust code on linux kernel hehe even Linus Torvalds giving his aprovement

freebsd is a boat on the internet titanic, if you have my age will know, the scene are fuc* up by a lot of posers on youtube, hacker is just a guy that watched Mr. Robot and play CTF, programmers walking around with their macbooks and those thousands of frameworks with bulssh*** what a mess... sorry for this, ourburst... :D

did you install vscode or not?

aic: yeah ! :D

I use Emacs, not very customized. but anyway speaking of vscode, here's a very cool emacs setup emulating vscode IDE: github.com/doomemacs/doomemacs

sexy screenshot alone makes me want to try it

aic: i'll check out, i had a problem with electron34, but i solved it, and now i'm having a problem with electron33 :D but i will fix it too hehe

dooom hehe

this is my obsidian for 20 years now: orgmode.org

am I the only one getting some anubis error when accessing bugs.freebsd.org ?

is it my browser or is it actually broken

aic: wow! 20 years of material, you are not joking hehe, i only have 2 years note on Obsidian, the rest of my life i'll try to recover on a 1TB Seagate Barracuda that is broken

tykling: working here!

thanks

god I hate that anubis thing, shame it is needed

you need to enable javascript (e.g. whitelist the site in NoScript extension in your browser) and you need to accept cookies from that domain

anyone recognize this node_exporter build error? poudriere.tyknet.dk/data/freebsd_13…gs/errors/node_exporter-1.9.1_2.log

that will make anubis happy

aic: I accept all cookies and do not have noscript in my browser, and anubis usually works on other sites

@aic ty for introducing the orgmode, I found the vim alternative here: github.com/jceb/vim-orgmode . obsidian is good, but you should compile it everytime...

wow finally one for vim. I gotta share that with all my coworkers (infidels all use vim :)

maybe it is because 13.4 is eol and they already depend on something only in 13.5+ in node_exporter

it is.

prometheus/node_exporter #3177 this change from node_exporter 1.9.0

oh well, time to upgrade I guess

guys

NIS/yp seems like a great solution over LDAP in my opinion. I get that passwords and user info are unencrypted, but nobody uses password based auth anyway, and multi-site connectivity is behind IPsec. So why do people keep saying not to use NIS?

NIS has some great potentail when used in combonation with SSH CA

governance risk and compliance departments are probably not going to sign off on it, as it is considered obsolete/insecure

maybe check Keycloak if it can do what you want, it can use LDAP but it is not mandatory

hi!

see list of features: keycloak.org/docs/latest/server_admin/index.html

could a kind soul pinpoint me to the location of the release signing key? i would like to verify my downloaded .img's, and i dont know which key of the 1000s listed here: docs.freebsd.org/pgpkeys/pgpkeys.txt is the right one

thanks in advance !!

it says it's for "web applications" but in a company I worked at we also used it for SSH with hardware tokens rotating one-time passwords

uzuri: gpg --verbose CHECKSUM.SHA256-FreeBSD-15.0-ALPHA4-riscv-riscv64-vm.asc

gpg: Signature made Sat Sep 27 19:42:45 2025 CEST

gpg: using RSA key 82563B84D0620EDC0DFB86413897F2E22E65AD3F

search docs.freebsd.org/pgpkeys/pgpkeys.txt for string: 65AD3F

and there you go....

uzuri: you got that how I determined the key?

shoot, i disconnected, can you please say it again?

uzuri: gpg --verbose CHECKSUM.SHA256-FreeBSD-15.0-ALPHA4-riscv-riscv64-vm.asc

gpg: using RSA key 82563B84D0620EDC0DFB86413897F2E22E65AD3F

couldnt see a single reply

search docs.freebsd.org/pgpkeys/pgpkeys.txt for string: 65AD3F and there you go...

aic: thanks...

there really should be a more direct way to get the link