From owner-freebsd-isp@FreeBSD.ORG Sun Apr 16 06:00:12 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6D73716A401 for ; Sun, 16 Apr 2006 06:00:12 +0000 (UTC) (envelope-from farhad.i@caspel.com) Received: from caspel.com (mail.glta.az [85.132.32.41]) by mx1.FreeBSD.org (Postfix) with ESMTP id 89BFC43D48 for ; Sun, 16 Apr 2006 06:00:11 +0000 (GMT) (envelope-from farhad.i@caspel.com) Received: from ika (ipcop.caspel.com [85.132.32.101]) by caspel.com (caspel.com) (MDaemon.PRO.v8.1.3.R) with ESMTP id md50000216625.msg for ; Sun, 16 Apr 2006 11:00:28 +0500 From: "Farhad" To: "'Farhad'" Date: Sun, 16 Apr 2006 11:00:14 +0500 MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit X-Mailer: Microsoft Office Outlook, Build 11.0.5510 Thread-Index: AcZgwKvcPbpdRfz2Tge9Wffc7AJykgAAaOsgABYmDiA= X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 In-Reply-To: X-Spam-Processed: caspel.com, Sun, 16 Apr 2006 11:00:28 +0500 (not processed: message from valid local sender) X-Lookup-Warning: MAIL lookup on farhad.i@caspel.com does not match 85.132.32.101 X-MDRemoteIP: 85.132.32.101 X-Return-Path: farhad.i@caspel.com X-MDaemon-Deliver-To: freebsd-isp@freebsd.org X-MDAV-Processed: caspel.com, Sun, 16 Apr 2006 11:00:29 +0500 Message-Id: <20060416060011.89BFC43D48@mx1.FreeBSD.org> X-Mailman-Approved-At: Sun, 16 Apr 2006 07:20:59 +0000 Cc: freebsd-isp@freebsd.org Subject: RE: PPPoE X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Apr 2006 06:00:12 -0000 -----Original Message----- From: Farhad [mailto:farhad.i@caspel.com] Sent: Sunday, April 16, 2006 12:53 AM To: 'Alen Sarkinovic' Subject: RE: PPPoE I have same processor type processor and ram and Freebsd 5.4 I have simultaneous connections about 150 then when I press command ps aux I see 10 session of /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 And then this sessions are killed What kind of billing system did you use ? Ps I give my kernel & ppp config Please help me -----Original Message----- From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org] On Behalf Of Alen Sarkinovic Sent: Sunday, April 16, 2006 12:18 AM To: Farhad Cc: freebsd-isp@freebsd.org Subject: Re: PPPoE I'm running FreeBSD 5.4 on HP DL380 2xXeon 3.2GHz with 2GB DDR2 with 600 users simultaneous connections and traffic in/out about 20Mb on Ethernet GB card. Load averages: 4.54 max in peak time. Regarding my privies experience with slower machine system can handle all request without any problems with max load avr: 12.00 ----- Original Message ----- From: "Farhad" To: Sent: Saturday, April 15, 2006 7:59 PM Subject: PPPoE > How many simulative session can support PPPoE server. > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > _______________________________________________ freebsd-isp@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-isp To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" From owner-freebsd-isp@FreeBSD.ORG Sun Apr 16 09:56:46 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 733C516A401 for ; Sun, 16 Apr 2006 09:56:46 +0000 (UTC) (envelope-from ovidiue@unixware.ro) Received: from elgreco.hmdnsgroup.com (elgreco.hmdnsgroup.com [63.247.135.88]) by mx1.FreeBSD.org (Postfix) with ESMTP id F074243D45 for ; Sun, 16 Apr 2006 09:56:45 +0000 (GMT) (envelope-from ovidiue@unixware.ro) Received: from 86-124-116-144.iasi.cablelink.ro ([86.124.116.144]:51737 helo=[10.0.0.4]) by elgreco.hmdnsgroup.com with esmtpa (Exim 4.52) id 1FV3zm-0000Oh-9n; Sun, 16 Apr 2006 05:56:42 -0400 Message-ID: <444214F4.9020603@unixware.ro> Date: Sun, 16 Apr 2006 12:57:08 +0300 From: ovidiu User-Agent: Mozilla/5.0 (X11; U; FreeBSD i386; en-US; rv:1.7.7) Gecko/20050420 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Farhad References: <20060416060011.89BFC43D48@mx1.FreeBSD.org> In-Reply-To: <20060416060011.89BFC43D48@mx1.FreeBSD.org> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-HMDNSGroup-MailScanner-Information: Please contact the ISP for more information X-HMDNSGroup-MailScanner-SpamCheck: X-HMDNSGroup-MailScanner-From: ovidiue@unixware.ro X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - elgreco.hmdnsgroup.com X-AntiAbuse: Original Domain - freebsd.org X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12] X-AntiAbuse: Sender Address Domain - unixware.ro X-Source: X-Source-Args: X-Source-Dir: Cc: freebsd-isp@freebsd.org Subject: Re: PPPoE X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 16 Apr 2006 09:56:46 -0000 Farhad wrote: >-----Original Message----- >From: Farhad [mailto:farhad.i@caspel.com] >Sent: Sunday, April 16, 2006 12:53 AM >To: 'Alen Sarkinovic' >Subject: RE: PPPoE > >I have same processor type processor and ram and Freebsd 5.4 >I have simultaneous connections about 150 then when I press command ps aux I >see 10 session of > /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 >/usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 >/usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 >/usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 >/usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 >/usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 >/usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 >/usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 > >And then this sessions are killed > >What kind of billing system did you use ? > >Ps I give my kernel & ppp config > >Please help me > > >-----Original Message----- >From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org] >On Behalf Of Alen Sarkinovic >Sent: Sunday, April 16, 2006 12:18 AM >To: Farhad >Cc: freebsd-isp@freebsd.org >Subject: Re: PPPoE > >I'm running FreeBSD 5.4 on HP DL380 2xXeon 3.2GHz with 2GB DDR2 with 600 >users simultaneous connections and traffic in/out about 20Mb on Ethernet GB >card. > >Load averages: 4.54 max in peak time. > >Regarding my privies experience with slower machine system can handle all >request without any problems with >max load avr: 12.00 > >----- Original Message ----- >From: "Farhad" >To: >Sent: Saturday, April 15, 2006 7:59 PM >Subject: PPPoE > > > > >>How many simulative session can support PPPoE server. >> >>_______________________________________________ >>freebsd-isp@freebsd.org mailing list >>http://lists.freebsd.org/mailman/listinfo/freebsd-isp >>To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" >> >> >> > >_______________________________________________ >freebsd-isp@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-isp >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > >_______________________________________________ >freebsd-isp@freebsd.org mailing list >http://lists.freebsd.org/mailman/listinfo/freebsd-isp >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > I see you are using pppoed. I've used pppoed in the past but had problems with high CPU usage, so I've switched to mpd wich works fine. Using mpd I still had problems with number of connections, it seems to be a limit at 130 connections, so I've increased values for the following sysctl variables: net.graph.maxalloc=1024 net.graph.maxdgram=64000 net.graph.recvspace=64000 I don't know if this apply to pppoed, maybe other sysctl variable must modified. Also, I had another issues with pppoed. Sometimes when a windows client is broken, and a user tries to connect it crash the server. From owner-freebsd-isp@FreeBSD.ORG Mon Apr 17 07:45:19 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 22F5016A402 for ; Mon, 17 Apr 2006 07:45:19 +0000 (UTC) (envelope-from alen@smartnet.ba) Received: from mta-gw1.europronet.ba (gamera.europronet.ba [80.65.162.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9AEBF43D5C for ; Mon, 17 Apr 2006 07:45:17 +0000 (GMT) (envelope-from alen@smartnet.ba) Received: from localhost (localhost.europronet.ba [127.0.0.1]) by mta-gw1.europronet.ba (Postfix) with ESMTP id D3A1E170AE; Mon, 17 Apr 2006 09:45:40 +0200 (CEST) Received: from alens (internal.europronet.ba [80.65.162.66]) by mta-gw1.europronet.ba (Postfix) with SMTP id 9BBB7170B0; Mon, 17 Apr 2006 09:45:35 +0200 (CEST) Message-ID: <000d01c661f3$9a860760$0407a8c0@alens> From: "Alen Sarkinovic" To: "Farhad" References: <20060415195307.95DE63A566D@is05.europronet.ba> Date: Mon, 17 Apr 2006 09:50:32 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1807 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807 X-Virus-Scanned: amavisd-new at europronet.ba Cc: freebsd-isp@freebsd.org Subject: Re: PPPoE X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Apr 2006 07:45:19 -0000 I'm not sure why there is more than one pppoed proccess but you can try the following configuration: /etc/rc.conf #enable pppoed pppoed_enable="YES" pppoed_provider="" pppoed_interface="bge1" pppoed_flags="-d -P /var/run/pppoed.pid -a "provider_name" -l "default" " /etc/ppp/ppp.conf default: set timeout 600 # default is 180 sec (idle) set log Phase Chat Command set openmode passive enable pap #turn on chap and pap accounting allow mode direct #turn on ppp bridging enable proxy #turn on ppp proxyarping (redundant of above???) disable ipv6cp #we don't use ipv6, don't want the errors set mru 1480 #set mru below 1500 (PPPoE MTU issue) set mtu 1480 #set mtu below 1500 (PPPoE MTU issue) disable deflate pred1 mppe vjcomp acfcomp protocomp deny deflate pred1 mppe set ifaddr 10.0.0.1 xxxx.xxxx.xxxx.xxxx-xxxx.xxxx.xxxx.xxxx #Specify my wifi gateway IP as well as DHCP pool range set radius /etc/radius.conf #turn on radius auth and use this file accept dns #turn on dns cacheing/forwarding set dns xxx.xxx.xxx.xxx set server /var/run/ppp/tun%d "" 0177 enable echo enable lqr echo set lqrperiod 10 #set cd 5 #!bg /etc/ppp/log.sh INTERFACE HISADDR Actually you can use your own ppp.conf there is minor changes. > Ps I give my kernel & ppp config Actually you can use your own ppp.conf - there are minor changes. Regarding kernel, could you send us output from sysctl -a & uname -a > What kind of billing system did you use ? free-radius with mysql support ! The rest is web based inteface on mysql database writen in php. ----- Original Message ----- From: "Farhad" To: "'Alen Sarkinovic'" Sent: Saturday, April 15, 2006 9:53 PM Subject: RE: PPPoE > I have same processor type processor and ram and Freebsd 5.4 > I have simultaneous connections about 150 then when I press command ps aux I > see 10 session of > /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 > /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 > /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 > /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 > /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 > /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 > /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 > /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 > > And then this sessions are killed > > What kind of billing system did you use ? > > Ps I give my kernel & ppp config > > Please help me > > > -----Original Message----- > From: owner-freebsd-isp@freebsd.org [mailto:owner-freebsd-isp@freebsd.org] > On Behalf Of Alen Sarkinovic > Sent: Sunday, April 16, 2006 12:18 AM > To: Farhad > Cc: freebsd-isp@freebsd.org > Subject: Re: PPPoE > > I'm running FreeBSD 5.4 on HP DL380 2xXeon 3.2GHz with 2GB DDR2 with 600 > users simultaneous connections and traffic in/out about 20Mb on Ethernet GB > card. > > Load averages: 4.54 max in peak time. > > Regarding my privies experience with slower machine system can handle all > request without any problems with > max load avr: 12.00 > > ----- Original Message ----- > From: "Farhad" > To: > Sent: Saturday, April 15, 2006 7:59 PM > Subject: PPPoE > > > > How many simulative session can support PPPoE server. > > > > _______________________________________________ > > freebsd-isp@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > From owner-freebsd-isp@FreeBSD.ORG Mon Apr 17 08:13:16 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 79CC116A403 for ; Mon, 17 Apr 2006 08:13:16 +0000 (UTC) (envelope-from alen@smartnet.ba) Received: from mta-gw1.europronet.ba (gamera.europronet.ba [80.65.162.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0809043D46 for ; Mon, 17 Apr 2006 08:13:16 +0000 (GMT) (envelope-from alen@smartnet.ba) Received: from localhost (localhost.europronet.ba [127.0.0.1]) by mta-gw1.europronet.ba (Postfix) with ESMTP id B829D17096; Mon, 17 Apr 2006 10:13:39 +0200 (CEST) Received: from alens (internal.europronet.ba [80.65.162.66]) by mta-gw1.europronet.ba (Postfix) with SMTP id 687D6170C4; Mon, 17 Apr 2006 10:13:33 +0200 (CEST) Message-ID: <001301c661f7$83385000$0407a8c0@alens> From: "Alen Sarkinovic" To: "ovidiu" References: <20060415175946.54C1D43D45@mx1.FreeBSD.org> <044a01c660c1$4ad6bee0$0407a8c0@alens> <44418CAF.7050308@unixware.ro> Date: Mon, 17 Apr 2006 10:18:29 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1807 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807 X-Virus-Scanned: amavisd-new at europronet.ba Cc: freebsd-isp@freebsd.org Subject: Re: PPPoE X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Apr 2006 08:13:16 -0000 ----- Original Message ----- From: "ovidiu" To: "Alen Sarkinovic" Sent: Sunday, April 16, 2006 2:15 AM Subject: Re: PPPoE > Alen Sarkinovic wrote: > > >I'm running FreeBSD 5.4 on HP DL380 2xXeon 3.2GHz with 2GB DDR2 with 600 > >users simultaneous connections and traffic in/out about 20Mb on Ethernet GB > >card. > > > >Load averages: 4.54 max in peak time. > > > >Regarding my privies experience with slower machine system can handle all > >request without any problems with > >max load avr: 12.00 > > > >----- Original Message ----- > >From: "Farhad" > >To: > >Sent: Saturday, April 15, 2006 7:59 PM > >Subject: PPPoE > > > > > > > > > >>How many simulative session can support PPPoE server. > >> > >>_______________________________________________ > >>freebsd-isp@freebsd.org mailing list > >>http://lists.freebsd.org/mailman/listinfo/freebsd-isp > >>To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > >> > >> > >> > > > >_______________________________________________ > >freebsd-isp@freebsd.org mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-isp > >To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" > > > > > > > Hello > > I have few questions: > > I am using mpd pppoe server with 400 simultaneous connections, on a P IV > at 3 Ghz, 1 GB ram, I have 20% cpu usage on peak. > > I've purchased a Xeon server (with one CPU, but the motherboard is dual > Xeon) at 3 Ghz with 4 GB RAM. > > My question should I purchase another CPU to use dual function (SMP)? It > will help me with mpd? Yes it will help! > Another question: what ISO you use: freebsd 5.4 i386 or amd64 ? > I'm using i386 ! > (The amd64 is on 64 bits, that should help to increase the speed of > FreeBSD server, but I was not able to use amd64 iso because it stop > booting when detecting the onboard RAID controller.) You can check this and eventualy report to http://www.freebsd.org/platforms/amd64.html > And last question: what traffic shaping you use? I use pf with HFSC > algorithm wich works fine for hundreads of queues but is not good for > thousands, because is a linear algorithm. > > If you do not use pf HFSC, but pf with CBQ or PRIQ or ipfw with > dummynet, please tell me how do you succeed to have QoS. For example I > need to have different pppoe connections with different speeds, > guarantee bandwidth. > I am looking for a long time for proper setting, i think Linux's HTB is > better but I want to use FreeBSD. I'm using pppoed on cable network and traffic shaping & QoS was a part of Dosis standard. But IPFW is great solution, you can check WARTA on http://www.hpi.net/whitepapers/warta/ > Thank You > Best Regards, > Ovidiu > > From owner-freebsd-isp@FreeBSD.ORG Mon Apr 17 10:33:07 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0DBBC16A402 for ; Mon, 17 Apr 2006 10:33:07 +0000 (UTC) (envelope-from fooler@skyinet.net) Received: from smtp1.skyinet.net (smtp1.skyinet.net [202.78.97.6]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8B88F43D5D for ; Mon, 17 Apr 2006 10:33:06 +0000 (GMT) (envelope-from fooler@skyinet.net) Received: from fooler (fooler.ilo.skyinet.net [202.78.118.66]) by smtp1.skyinet.net (Postfix) with SMTP id 15CA1582C3; Mon, 17 Apr 2006 18:33:03 +0800 (PHT) Message-ID: <023401c6620a$4a55a680$42764eca@ilo.skyinet.net> From: "fooler" To: "Farhad" References: <20060416060011.89BFC43D48@mx1.FreeBSD.org> Date: Mon, 17 Apr 2006 18:32:55 +0800 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Cc: freebsd-isp@freebsd.org Subject: Re: PPPoE X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Apr 2006 10:33:07 -0000 ----- Original Message ----- From: "Farhad" To: "'Farhad'" Cc: Sent: Sunday, April 16, 2006 2:00 PM Subject: RE: PPPoE > -----Original Message----- > From: Farhad [mailto:farhad.i@caspel.com] > Sent: Sunday, April 16, 2006 12:53 AM > To: 'Alen Sarkinovic' > Subject: RE: PPPoE > > I have same processor type processor and ram and Freebsd 5.4 > I have simultaneous connections about 150 then when I press command ps aux > I > see 10 session of > /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 > /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 > /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 > /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 > /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 > /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 > /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 > /usr/libexec/pppoed -P /var/run/pppoed.pid -l pppoe-in -c 10 -p "*" em0 -c paramater? maybe you had a patched pppoed... > And then this sessions are killed you will see lots of pppoed processes if there are lots of incoming PADI pppoe frames.... > What kind of billing system did you use ? user ppp supports radius for authentication, authorization and accounting... one problem with user ppp regarding to its radius accounting... it will just send only one accounting packet regardless the link going to radius server is down or not and then exit ppp process... fooler. From owner-freebsd-isp@FreeBSD.ORG Mon Apr 17 10:56:40 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 97D0016A401 for ; Mon, 17 Apr 2006 10:56:40 +0000 (UTC) (envelope-from alen@smartnet.ba) Received: from mta-gw1.europronet.ba (gamera.europronet.ba [80.65.162.114]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1CCA643D46 for ; Mon, 17 Apr 2006 10:56:40 +0000 (GMT) (envelope-from alen@smartnet.ba) Received: from localhost (localhost.europronet.ba [127.0.0.1]) by mta-gw1.europronet.ba (Postfix) with ESMTP id 923BD1703C; Mon, 17 Apr 2006 12:57:03 +0200 (CEST) Received: from alens (internal.europronet.ba [80.65.162.66]) by mta-gw1.europronet.ba (Postfix) with SMTP id 8F51017066; Mon, 17 Apr 2006 12:56:57 +0200 (CEST) Message-ID: <014001c6620e$579aba20$0407a8c0@alens> From: "Alen Sarkinovic" To: =?iso-8859-1?Q?Sten_Daniel_S=F8rsdal?= References: <4439B5FD.4000309@wm-access.no> <034f01c65c73$66260540$0407a8c0@alens> <443A1E2F.7060700@wm-access.no> Date: Mon, 17 Apr 2006 13:01:54 +0200 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1807 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1807 X-Virus-Scanned: amavisd-new at europronet.ba Cc: freebsd-isp@freebsd.org Subject: Re: ppp & lqr problem - Warning: lqr_RecvEcho: Got packet size 6, expecting 12 ! X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Apr 2006 10:56:40 -0000 Hi Sten, I'we done some tcpdump with protocol decode option on the actualy Box -> 1) connection initiated by MTA 3328-2Re equipment : 11:43:22.189696 PPPoE [ses 0x1a] LCP, Echo-Request (0x09), id 4, length 18 encoded length 16 (=Option(s) length 12) Magic-Num 0x5c6f43f5 Data 0x0000: 594e 4f54 0000 0004 11:43:22.190473 PPPoE [ses 0x1a] LCP, Echo-Reply (0x0a), id 4, length 12 encoded length 10 (=Option(s) length 6) Magic-Num 0x0000311d Data 0x0000: 1e11 0000 0000 11:43:22.461148 802.1d config 8000.00:04:c0:76:db:09.801b root 8000.00:04:c0:76:db:09 pathcost 0 age 0 max 20 hello 2 fdelay 15 2) conection initiated by Windows 2000 Workstation with client RASPPPOE software : 11:46:14.990785 PPPoE [ses 0x1d] LCP, Echo-Request (0x09), id 2, length 18 11:46:14.991096 PPPoE [ses 0x1d] LCP, Echo-Reply (0x0a), id 2, length 18 I send more detailed trace logs to InnoMedia and waiting for response. Best regards, Alen ----- Original Message ----- From: "Sten Daniel Sørsdal" To: "Alen Sarkinovic" Cc: Sent: Monday, April 10, 2006 10:58 AM Subject: Re: ppp & lqr problem - Warning: lqr_RecvEcho: Got packet size 6, expecting 12 ! Alen Sarkinovic wrote: > Sten, thanks for your reply, actually I already sent an email to tech > support and waiting for response. > I'm stuck with this issue and hope that community on this list will help > with more information's. > > I have to say that InnoMedia MTA 3328-2R is working on Cisco UBR7200 CMTS > pppoe termination system. > Well, yes, they (Cisco) probably ignore the fact that the data field is missing and consider an Echo-Reply (without data) as being equally good as Echo-Reply (with data) to be backwards compatible (Data field was not defined in initial PPP RFC). To be honest I'd probably do the same as a service provider. -- Sten Daniel Sørsdal From owner-freebsd-isp@FreeBSD.ORG Mon Apr 17 13:58:10 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2906D16A404 for ; Mon, 17 Apr 2006 13:58:10 +0000 (UTC) (envelope-from "") Received: from viky.com (dhornn.net2.nerim.net [62.212.111.252]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9DD8743D4C for ; Mon, 17 Apr 2006 13:58:08 +0000 (GMT) (envelope-from "") Received: (qmail 16797 invoked by uid 204); 17 Apr 2006 14:42:31 +0200 Date: 17 Apr 2006 14:42:31 +0200 From: "System Anti-Virus Administrator" To: freebsd-isp@freebsd.org Message-ID: X-Tnz-Problem-Type: 40 MIME-Version: 1.0 Content-type: text/plain Subject: Disallowed attachment type found in sent message "Text" X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Apr 2006 13:58:10 -0000 Attention: freebsd-isp@freebsd.org A Disallowed attachment type was found in an Email message you sent. This Email scanner intercepted it and stopped the entire message reaching its destination. The Disallowed attachment type was reported to be: PIF files not allowed per Company security policy Please contact your I.T support personnel with any queries regarding this policy. Your message was sent with the following envelope: MAIL FROM: freebsd-isp@freebsd.org RCPT TO: info@viky.net ... and with the following headers: --- MAILFROM: freebsd-isp@freebsd.org Received: from unknown (HELO viky.net) (84.119.33.220) by 0 with SMTP; 17 Apr 2006 14:42:26 +0200 From: freebsd-isp@freebsd.org To: info@viky.net Subject: Text Date: Mon, 17 Apr 2006 15:58:02 +0200 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0006_000052B3.00004CF3" X-Priority: 3 X-MSMail-Priority: Normal --- From owner-freebsd-isp@FreeBSD.ORG Mon Apr 17 14:52:23 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 020DF16A401 for ; Mon, 17 Apr 2006 14:52:23 +0000 (UTC) (envelope-from dgilbert@daveg.ca) Received: from ox.eicat.ca (ox.eicat.ca [66.96.30.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6BFFD43D4C for ; Mon, 17 Apr 2006 14:52:22 +0000 (GMT) (envelope-from dgilbert@daveg.ca) Received: by ox.eicat.ca (Postfix, from userid 66) id 48C08156C1; Mon, 17 Apr 2006 10:52:21 -0400 (EDT) Received: by canoe.dclg.ca (Postfix, from userid 101) id A3F5C4AC4B; Mon, 17 Apr 2006 10:52:26 -0400 (EDT) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <17475.43946.264571.52593@canoe.dclg.ca> Date: Mon, 17 Apr 2006 10:52:26 -0400 To: Francisco Reyes In-Reply-To: References: X-Mailer: VM 7.17 under 21.4 (patch 19) "Constant Variable" XEmacs Lucid Cc: FreeBSD ISP Subject: What machine connected to particular nfsd? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Apr 2006 14:52:23 -0000 >>>>> "Francisco" == Francisco Reyes writes: Francisco> I had an nfsd proces which was using up all the I/O the Francisco> machine could handle. I could kill it, but another nfsd Francisco> will again will just pickup the process. Francisco> I am basically trying to tie up the process ID from ps/top Francisco> to a particular machine connecting to that particular nfsd Francisco> daemon. Yeah. There shouldn't be any such relationship. NFSd's service the queue of independant NFS requests independantly. When we say that NFS is stateless, we mean that each NFS request is independant of other NFS requests --- and that means that there's no requirement for any NFS process to service on client's requests. The reason we run 'nfsd' and have 'nfsd' processes is that the purpose of nfsd is (in general) to put a process context into the kernel to "own" the I/O that the NFSd does... and also to schedule the work that NFSd does. With 6.x and 7.x containing threads, there's little barrier to running without nfsd (making this a true kernel service) like Solaris does. Anyways... our current NFS implementation makes one NFSd very busy and the remaining NFSd's exponentially less busy on average. In fact, you can think of the number of NFSd processes as "concurrency" in NFS I/O, not clients. So... likely, your request is already answered --- that one NFSd busy and others much less busy is a normal state of a running system... but just in case: Francisco> My guess is that a program was having problems and was Francisco> doing lots of transactions... at the client.. problem is Francisco> that I don't know which client machine. Francisco> I tried tcpdump, but that pretty much showed me all the nfs Francisco> clients. :-( Francisco> Anyone else with NFS servers have had to deal with a rogue Francisco> client? In particular finding out which client it is. trafshow will more quickly give you a handle on the traffic per client. Dave. -- ============================================================================ |David Gilbert, Independent Contractor. | Two things can be | |Mail: dave@daveg.ca | equal if and only if they | |http://daveg.ca | are precisely opposite. | =========================================================GLO================ From owner-freebsd-isp@FreeBSD.ORG Mon Apr 17 17:26:57 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 457C016A402 for ; Mon, 17 Apr 2006 17:26:57 +0000 (UTC) (envelope-from lists@stringsutils.com) Received: from zoraida.natserv.net (p65-147.acedsl.com [66.114.65.147]) by mx1.FreeBSD.org (Postfix) with ESMTP id C9B5D43D48 for ; Mon, 17 Apr 2006 17:26:56 +0000 (GMT) (envelope-from lists@stringsutils.com) Received: from zoraida.natserv.net (localhost.natserv.net [127.0.0.1]) by zoraida.natserv.net (Postfix) with ESMTP id EF804B81F; Mon, 17 Apr 2006 13:26:55 -0400 (EDT) Received: from zoraida.natserv.net (zoraida.natserv.net [66.114.65.147]) by zoraida.natserv.net (Postfix) with ESMTP id A2747B81D; Mon, 17 Apr 2006 13:26:55 -0400 (EDT) References: <17475.43946.264571.52593@canoe.dclg.ca> Message-ID: X-Mailer: http://www.courier-mta.org/cone/ From: Francisco Reyes To: David Gilbert Date: Mon, 17 Apr 2006 13:26:55 -0400 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="US-ASCII" Content-Disposition: inline Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP Cc: FreeBSD ISP Subject: Re: What machine connected to particular nfsd? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Apr 2006 17:26:57 -0000 David Gilbert writes: > Yeah. There shouldn't be any such relationship. NFSd's service the > queue of independant NFS requests independantly. When we say that NFS > is stateless, we mean that each NFS request is independant of other > NFS requests --- and that means that there's no requirement for any > NFS process to service on client's requests. Right. That makes sense. > Anyways... our current NFS implementation makes one NFSd very busy and > the remaining NFSd's exponentially less busy on average. In fact, you > can think of the number of NFSd processes as "concurrency" in NFS I/O, > not clients. True. Had forgotten about that. While on the topic of nfs a few questions. What would be a good way to determine how many nfsd proccesses one should have? I erred in the side of caution since had to literally through an NFS setup into production without been able to do much testing. Set 35 processes. My busiest nfsd are: 250 hours 50 " 24 " 11 " 7 " 4 " 3 " 2 " 1 " The rest are under 1 hour. Does that mean that I should be ok with 10 processes? To kill the least active ones, I just "kill" them? or is there a better way to restart the whole nfs server side? > trafshow will more quickly give you a handle on the traffic per > client. Thanks much. I see two versions in the port. Trafshow and trafshow3. Which one you recommedd? From owner-freebsd-isp@FreeBSD.ORG Mon Apr 17 17:46:22 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E1DDD16A400 for ; Mon, 17 Apr 2006 17:46:22 +0000 (UTC) (envelope-from dgilbert@daveg.ca) Received: from ox.eicat.ca (ox.eicat.ca [66.96.30.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id 49B9243D46 for ; Mon, 17 Apr 2006 17:46:22 +0000 (GMT) (envelope-from dgilbert@daveg.ca) Received: by ox.eicat.ca (Postfix, from userid 66) id 9A11815C41; Mon, 17 Apr 2006 13:46:21 -0400 (EDT) Received: by canoe.dclg.ca (Postfix, from userid 101) id 235C54AC4B; Mon, 17 Apr 2006 13:46:15 -0400 (EDT) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <17475.54375.95109.55657@canoe.dclg.ca> Date: Mon, 17 Apr 2006 13:46:15 -0400 To: Francisco Reyes In-Reply-To: References: <17475.43946.264571.52593@canoe.dclg.ca> X-Mailer: VM 7.17 under 21.4 (patch 19) "Constant Variable" XEmacs Lucid Cc: FreeBSD ISP , David Gilbert Subject: Re: NFS optimization X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 17 Apr 2006 17:46:23 -0000 >>>>> "Francisco" == Francisco Reyes writes: Francisco> What would be a good way to determine how many nfsd Francisco> proccesses one should have? I erred in the side of caution Francisco> since had to literally through an NFS setup into production Francisco> without been able to do much testing. Set 35 processes. My Francisco> busiest nfsd are: 250 hours 50 " 24 " 11 " 7 " 4 " 3 " 2 " Francisco> 1 " Francisco> The rest are under 1 hour. Does that mean that I should be Francisco> ok with 10 processes? Roughly, yes. You'll see NFSd's normally decline exponentially with an inflection point. If your machine is completely dedicated to NFS, you probably want to run lots. The overhead of extra NFSd processes is fairly small. If you rarely do NFS, the default of 4 may even be overkill. Consider that if you are "out" of nfsd's, the penalty is increased latency for some small number of transactions that wait for an nfsd to become available.. Even if you have tonnes of NFSd processes, if disk is a limiting factor, more nfsd's won't speed the process. Something that most peoople don't consider is that the number of NFSd process can balance the concurrency of NFS clients against local disk requirements. If, say, you run a busy database on the NFS server, you may want run fewer NFSd process to increase the disk bandwidth resources available to the database. Francisco> To kill the least active ones, I just "kill" them? or is Francisco> there a better way to restart the whole nfs server side? I rarely 'kill' an nfsd. Always thought that was bad. Killing any nfsd is equivalent. If you kill one that is further up the queue, the ones later in the queue move up (AFAIK). Still... I always change the boot parameters and leave the processes currently running when I tune the number of nfsd's. >> trafshow will more quickly give you a handle on the traffic per >> client. Francisco> Thanks much. I see two versions in the port. Trafshow and Francisco> trafshow3. Which one you recommedd? I am currently running version 5.2.3 ... which is pretty fancy. I assume the port without the suffix installs version 5. Both versions will give you the required information, but trafshow 5 is much cooler. Dave. -- ============================================================================ |David Gilbert, Independent Contractor. | Two things can be | |Mail: dave@daveg.ca | equal if and only if they | |http://daveg.ca | are precisely opposite. | =========================================================GLO================ From owner-freebsd-isp@FreeBSD.ORG Tue Apr 18 11:40:41 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2370B16A409 for ; Tue, 18 Apr 2006 11:40:41 +0000 (UTC) (envelope-from anderson@centtech.com) Received: from mh2.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id E544843D6E for ; Tue, 18 Apr 2006 11:40:39 +0000 (GMT) (envelope-from anderson@centtech.com) Received: from [10.177.171.220] (neutrino.centtech.com [10.177.171.220]) by mh2.centtech.com (8.13.1/8.13.1) with ESMTP id k3IBea8K089308; Tue, 18 Apr 2006 06:40:36 -0500 (CDT) (envelope-from anderson@centtech.com) Message-ID: <4444D029.8060109@centtech.com> Date: Tue, 18 Apr 2006 06:40:25 -0500 From: Eric Anderson User-Agent: Thunderbird 1.5 (X11/20060402) MIME-Version: 1.0 To: David Gilbert References: <17475.43946.264571.52593@canoe.dclg.ca> <17475.54375.95109.55657@canoe.dclg.ca> In-Reply-To: <17475.54375.95109.55657@canoe.dclg.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.87.1/1404/Tue Apr 18 05:03:40 2006 on mh2.centtech.com X-Virus-Status: Clean Cc: FreeBSD ISP , Francisco Reyes Subject: Re: NFS optimization X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2006 11:40:41 -0000 David Gilbert wrote: >>>>>> "Francisco" == Francisco Reyes writes: > > Francisco> What would be a good way to determine how many nfsd > Francisco> proccesses one should have? I erred in the side of caution > Francisco> since had to literally through an NFS setup into production > Francisco> without been able to do much testing. Set 35 processes. My > Francisco> busiest nfsd are: 250 hours 50 " 24 " 11 " 7 " 4 " 3 " 2 " > Francisco> 1 " > > Francisco> The rest are under 1 hour. Does that mean that I should be > Francisco> ok with 10 processes? > > Roughly, yes. You'll see NFSd's normally decline exponentially with > an inflection point. If your machine is completely dedicated to NFS, > you probably want to run lots. The overhead of extra NFSd processes > is fairly small. If you rarely do NFS, the default of 4 may even be > overkill. > > Consider that if you are "out" of nfsd's, the penalty is increased > latency for some small number of transactions that wait for an nfsd to > become available.. Even if you have tonnes of NFSd processes, if disk > is a limiting factor, more nfsd's won't speed the process. I have found that having too little can easily cause clients to block on nfs under peak usage times, so I tend to bump the number way up. There's little to no harm in it. > Something that most peoople don't consider is that the number of NFSd > process can balance the concurrency of NFS clients against local disk > requirements. If, say, you run a busy database on the NFS server, you > may want run fewer NFSd process to increase the disk bandwidth > resources available to the database. > > Francisco> To kill the least active ones, I just "kill" them? or is > Francisco> there a better way to restart the whole nfs server side? > > I rarely 'kill' an nfsd. Always thought that was bad. Killing any > nfsd is equivalent. If you kill one that is further up the queue, the > ones later in the queue move up (AFAIK). Still... I always change the > boot parameters and leave the processes currently running when I tune > the number of nfsd's. I usually look at my nfsd's, and see what the distribution of run time is on them. I like to see at minimum a few (maybe 5% or so) with 0:00.00 runtime - which (to me) means that I had enough to service the queue, and a few extra that were bored. For my setup, this means typically between 256 and 512 nfsd's (with one server at 1024). Eric -- ------------------------------------------------------------------------ Eric Anderson Sr. Systems Administrator Centaur Technology Anything that works is better than anything that doesn't. ------------------------------------------------------------------------ From owner-freebsd-isp@FreeBSD.ORG Tue Apr 18 12:54:24 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 17B7816A401 for ; Tue, 18 Apr 2006 12:54:24 +0000 (UTC) (envelope-from dgilbert@daveg.ca) Received: from ox.eicat.ca (ox.eicat.ca [66.96.30.35]) by mx1.FreeBSD.org (Postfix) with ESMTP id B192C43D46 for ; Tue, 18 Apr 2006 12:54:23 +0000 (GMT) (envelope-from dgilbert@daveg.ca) Received: by ox.eicat.ca (Postfix, from userid 66) id CD92F15D20; Tue, 18 Apr 2006 08:54:22 -0400 (EDT) Received: by canoe.dclg.ca (Postfix, from userid 101) id 94F8D4AC2B; Tue, 18 Apr 2006 08:54:10 -0400 (EDT) From: David Gilbert MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Message-ID: <17476.57714.38638.380701@canoe.dclg.ca> Date: Tue, 18 Apr 2006 08:54:10 -0400 To: Eric Anderson In-Reply-To: <4444D029.8060109@centtech.com> References: <17475.43946.264571.52593@canoe.dclg.ca> <17475.54375.95109.55657@canoe.dclg.ca> <4444D029.8060109@centtech.com> X-Mailer: VM 7.17 under 21.4 (patch 19) "Constant Variable" XEmacs Lucid Cc: FreeBSD ISP , Francisco Reyes , David Gilbert Subject: Re: NFS optimization X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2006 12:54:24 -0000 >>>>> "Eric" == Eric Anderson writes: Eric> David Gilbert wrote: >> Consider that if you are "out" of nfsd's, the penalty is increased >> latency for some small number of transactions that wait for an nfsd >> to become available.. Even if you have tonnes of NFSd processes, >> if disk is a limiting factor, more nfsd's won't speed the process. Eric> I have found that having too little can easily cause clients to Eric> block on nfs under peak usage times, so I tend to bump the Eric> number way up. There's little to no harm in it. I have never, ever seen this behaviour. I'd go as far as to say that it shouldn't happen. Not categorically, but NFS packets should be entirely independant... meaning it shouldn't prefer one client's pakcets over another unless it is massively starved for NFSd's, the queue should be somewhat FIFO. Eric> I usually look at my nfsd's, and see what the distribution of Eric> run time is on them. I like to see at minimum a few (maybe 5% Eric> or so) with 0:00.00 runtime - which (to me) means that I had Eric> enough to service the queue, and a few extra that were bored. Eric> For my setup, this means typically between 256 and 512 nfsd's Eric> (with one server at 1024). I have run incredibly busy NFS servers (20 to 40 disks, 16 to 20 ethernet and 100 (or more) busy diskless clients (computation cluster) and I have never run more than 32. I've never found a performance advantage beyond 1:1 nfsd's to disks. Dave. -- ============================================================================ |David Gilbert, Independent Contractor. | Two things can be | |Mail: dave@daveg.ca | equal if and only if they | |http://daveg.ca | are precisely opposite. | =========================================================GLO================ From owner-freebsd-isp@FreeBSD.ORG Tue Apr 18 13:36:48 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id CC9FD16A408 for ; Tue, 18 Apr 2006 13:36:48 +0000 (UTC) (envelope-from anderson@centtech.com) Received: from mh2.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id 49F4D43D46 for ; Tue, 18 Apr 2006 13:36:47 +0000 (GMT) (envelope-from anderson@centtech.com) Received: from [10.177.171.220] (neutrino.centtech.com [10.177.171.220]) by mh2.centtech.com (8.13.1/8.13.1) with ESMTP id k3IDakAS094678; Tue, 18 Apr 2006 08:36:46 -0500 (CDT) (envelope-from anderson@centtech.com) Message-ID: <4444EB62.4060700@centtech.com> Date: Tue, 18 Apr 2006 08:36:34 -0500 From: Eric Anderson User-Agent: Thunderbird 1.5 (X11/20060402) MIME-Version: 1.0 To: David Gilbert References: <17475.43946.264571.52593@canoe.dclg.ca> <17475.54375.95109.55657@canoe.dclg.ca> <4444D029.8060109@centtech.com> <17476.57714.38638.380701@canoe.dclg.ca> In-Reply-To: <17476.57714.38638.380701@canoe.dclg.ca> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.87.1/1404/Tue Apr 18 05:03:40 2006 on mh2.centtech.com X-Virus-Status: Clean Cc: FreeBSD ISP , Francisco Reyes Subject: Re: NFS optimization X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2006 13:36:49 -0000 David Gilbert wrote: >>>>>> "Eric" == Eric Anderson writes: > > Eric> David Gilbert wrote: > >>> Consider that if you are "out" of nfsd's, the penalty is increased >>> latency for some small number of transactions that wait for an nfsd >>> to become available.. Even if you have tonnes of NFSd processes, >>> if disk is a limiting factor, more nfsd's won't speed the process. > > > Eric> I have found that having too little can easily cause clients to > Eric> block on nfs under peak usage times, so I tend to bump the > Eric> number way up. There's little to no harm in it. > > I have never, ever seen this behaviour. I'd go as far as to say that > it shouldn't happen. Not categorically, but NFS packets should be > entirely independant... meaning it shouldn't prefer one client's > pakcets over another unless it is massively starved for NFSd's, the > queue should be somewhat FIFO. I'm not too surprised really. If lots of nfs clients slam an nfs server simultaneously, all wanting data from different parts of the storage system, then it is very easy to stack up more requests than the nfsd's can handle if there are too few of them. We have a different kind of nfs load here than any place I've seen, so that could account for the difference too. > Eric> I usually look at my nfsd's, and see what the distribution of > Eric> run time is on them. I like to see at minimum a few (maybe 5% > Eric> or so) with 0:00.00 runtime - which (to me) means that I had > Eric> enough to service the queue, and a few extra that were bored. > Eric> For my setup, this means typically between 256 and 512 nfsd's > Eric> (with one server at 1024). > > I have run incredibly busy NFS servers (20 to 40 disks, 16 to 20 > ethernet and 100 (or more) busy diskless clients (computation cluster) > and I have never run more than 32. I've never found a performance > advantage beyond 1:1 nfsd's to disks. Well, nfs client usage patterns strongly dictate nfs server load, so the quantity of clients is important, but more so is how the clients use the data on the nfs server. We have around 1000 busy nfs clients (all 3+GHz P4's), about 900 of them in a compute cluster (some diskless, some not), nearly everything is Gig-E. My rule of thumb for nfsd's has come down to nfs clients / 4 = nfsd threads. With very fast disk subsystems, and lots of caching, and 'good' usage patterns, very few nfsd's would be needed. If you have lots of usage spikes, and a *lot* of random reads/writes, coupled with a large number of clients, you can easily see the problem I mentioned above with a small number of nfsd's. There have been a few other threads on other mailing lists (freebsd-fs I think was one) that other users have seen the same issues, and merely bumping the nfsd's gets them past the problem. Eric -- ------------------------------------------------------------------------ Eric Anderson Sr. Systems Administrator Centaur Technology Anything that works is better than anything that doesn't. ------------------------------------------------------------------------ From owner-freebsd-isp@FreeBSD.ORG Tue Apr 18 15:09:52 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 4F27D16A403 for ; Tue, 18 Apr 2006 15:09:52 +0000 (UTC) (envelope-from lists@stringsutils.com) Received: from zoraida.natserv.net (p65-147.acedsl.com [66.114.65.147]) by mx1.FreeBSD.org (Postfix) with ESMTP id DB9EA43D69 for ; Tue, 18 Apr 2006 15:09:51 +0000 (GMT) (envelope-from lists@stringsutils.com) Received: from zoraida.natserv.net (localhost.natserv.net [127.0.0.1]) by zoraida.natserv.net (Postfix) with ESMTP id F18FAB81F; Tue, 18 Apr 2006 11:09:50 -0400 (EDT) Received: from zoraida.natserv.net (zoraida.natserv.net [66.114.65.147]) by zoraida.natserv.net (Postfix) with ESMTP id B7EBAB81D; Tue, 18 Apr 2006 11:09:50 -0400 (EDT) References: <17475.43946.264571.52593@canoe.dclg.ca> <17475.54375.95109.55657@canoe.dclg.ca> <4444D029.8060109@centtech.com> Message-ID: X-Mailer: http://www.courier-mta.org/cone/ From: Francisco Reyes To: Eric Anderson Date: Tue, 18 Apr 2006 11:09:50 -0400 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="US-ASCII" Content-Disposition: inline Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP Cc: FreeBSD ISP , David Gilbert Subject: Re: NFS optimization X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2006 15:09:52 -0000 Eric Anderson writes: > I usually look at my nfsd's, and see what the distribution of run time > is on them. I like to see at minimum a few (maybe 5% or so) with > 0:00.00 Of my 35 none has 0.00.. some are very low.. I will change then to 25. I think about 10 of mine are heavily used.. that will give me 15 spares.. thanks much for your feedback From owner-freebsd-isp@FreeBSD.ORG Tue Apr 18 15:20:31 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C3CF716A405 for ; Tue, 18 Apr 2006 15:20:31 +0000 (UTC) (envelope-from lists@stringsutils.com) Received: from zoraida.natserv.net (p65-147.acedsl.com [66.114.65.147]) by mx1.FreeBSD.org (Postfix) with ESMTP id BBB3F43D6A for ; Tue, 18 Apr 2006 15:20:28 +0000 (GMT) (envelope-from lists@stringsutils.com) Received: from zoraida.natserv.net (localhost.natserv.net [127.0.0.1]) by zoraida.natserv.net (Postfix) with ESMTP id 41924B81F; Tue, 18 Apr 2006 11:20:27 -0400 (EDT) Received: from zoraida.natserv.net (zoraida.natserv.net [66.114.65.147]) by zoraida.natserv.net (Postfix) with ESMTP id 0C70BB81D; Tue, 18 Apr 2006 11:20:27 -0400 (EDT) References: <17475.43946.264571.52593@canoe.dclg.ca> <17475.54375.95109.55657@canoe.dclg.ca> <4444D029.8060109@centtech.com> <17476.57714.38638.380701@canoe.dclg.ca> <4444EB62.4060700@centtech.com> Message-ID: X-Mailer: http://www.courier-mta.org/cone/ From: Francisco Reyes To: Eric Anderson Date: Tue, 18 Apr 2006 11:20:26 -0400 Mime-Version: 1.0 Content-Type: text/plain; format=flowed; charset="US-ASCII" Content-Disposition: inline Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV using ClamSMTP Cc: FreeBSD ISP , David Gilbert Subject: Re: NFS optimization X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2006 15:20:31 -0000 Eric Anderson writes: > Gig-E. My rule of thumb for nfsd's has come down to nfs clients / 4 = That's easy enough. :-) From owner-freebsd-isp@FreeBSD.ORG Tue Apr 18 17:15:12 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id EAA5A16A44B for ; Tue, 18 Apr 2006 17:15:12 +0000 (UTC) (envelope-from darren.pilgrim@bitfreak.org) Received: from mail.bitfreak.org (mail.bitfreak.org [65.75.198.146]) by mx1.FreeBSD.org (Postfix) with ESMTP id 83D6843DCE for ; Tue, 18 Apr 2006 17:14:29 +0000 (GMT) (envelope-from darren.pilgrim@bitfreak.org) Received: from [127.0.0.1] (mail.bitfreak.org [65.75.198.146]) by mail.bitfreak.org (Postfix) with ESMTP id 2883F19F2C; Tue, 18 Apr 2006 10:14:25 -0700 (PDT) Message-ID: <44451E6D.5000509@bitfreak.org> Date: Tue, 18 Apr 2006 10:14:21 -0700 From: Darren Pilgrim User-Agent: Thunderbird 1.5 (Windows/20051201) MIME-Version: 1.0 To: Eric Anderson References: <17475.43946.264571.52593@canoe.dclg.ca> <17475.54375.95109.55657@canoe.dclg.ca> <4444D029.8060109@centtech.com> <17476.57714.38638.380701@canoe.dclg.ca> <4444EB62.4060700@centtech.com> In-Reply-To: <4444EB62.4060700@centtech.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: FreeBSD ISP , Francisco Reyes Subject: Re: NFS optimization X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2006 17:15:20 -0000 Eric Anderson wrote: > My rule of thumb for nfsd's has come down to nfs clients / 4 = > nfsd threads. What would be the lower bound for such a rule? From owner-freebsd-isp@FreeBSD.ORG Tue Apr 18 17:51:28 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A15BC16A404 for ; Tue, 18 Apr 2006 17:51:28 +0000 (UTC) (envelope-from anderson@centtech.com) Received: from mh1.centtech.com (moat3.centtech.com [207.200.51.50]) by mx1.FreeBSD.org (Postfix) with ESMTP id C14E443D5E for ; Tue, 18 Apr 2006 17:51:18 +0000 (GMT) (envelope-from anderson@centtech.com) Received: from [10.177.171.220] (neutrino.centtech.com [10.177.171.220]) by mh1.centtech.com (8.13.1/8.13.1) with ESMTP id k3IHpFZU006601; Tue, 18 Apr 2006 12:51:15 -0500 (CDT) (envelope-from anderson@centtech.com) Message-ID: <44452708.6020803@centtech.com> Date: Tue, 18 Apr 2006 12:51:04 -0500 From: Eric Anderson User-Agent: Thunderbird 1.5 (X11/20060402) MIME-Version: 1.0 To: Darren Pilgrim References: <17475.43946.264571.52593@canoe.dclg.ca> <17475.54375.95109.55657@canoe.dclg.ca> <4444D029.8060109@centtech.com> <17476.57714.38638.380701@canoe.dclg.ca> <4444EB62.4060700@centtech.com> <44451E6D.5000509@bitfreak.org> In-Reply-To: <44451E6D.5000509@bitfreak.org> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: ClamAV 0.87.1/1404/Tue Apr 18 05:03:40 2006 on mh1.centtech.com X-Virus-Status: Clean Cc: FreeBSD ISP , Francisco Reyes Subject: Re: NFS optimization X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 18 Apr 2006 17:51:28 -0000 Darren Pilgrim wrote: > Eric Anderson wrote: >> My rule of thumb for nfsd's has come down to nfs clients / 4 = > > nfsd threads. > > What would be the lower bound for such a rule? I would say 4 to be safe, but you could well get away with 1 nfsd. Above 1024, not much is gained. Eric -- ------------------------------------------------------------------------ Eric Anderson Sr. Systems Administrator Centaur Technology Anything that works is better than anything that doesn't. ------------------------------------------------------------------------ From owner-freebsd-isp@FreeBSD.ORG Fri Apr 21 03:10:01 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id ABFCF16A401 for ; Fri, 21 Apr 2006 03:10:01 +0000 (UTC) (envelope-from siumafua@tcc.to) Received: from mail.tcc.to (fuakavenga.tcc.to [209.58.72.15]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C79A43D48 for ; Fri, 21 Apr 2006 03:10:00 +0000 (GMT) (envelope-from siumafua@tcc.to) Received: from localhost (localhost.tcc.to [127.0.0.1]) by mail.tcc.to (Postfix) with ESMTP id 4BF421D7DB7 for ; Fri, 21 Apr 2006 16:11:44 +1300 (TOT) Received: from mail.tcc.to ([127.0.0.1]) by localhost (mail.tcc.to [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 91205-09 for ; Fri, 21 Apr 2006 16:11:43 +1300 (TOT) Received: from [127.0.0.1] (unknown [10.0.1.204]) by mail.tcc.to (Postfix) with ESMTP id EFFA31D7DB8 for ; Fri, 21 Apr 2006 16:11:42 +1300 (TOT) Message-ID: <44484E02.9000005@tcc.to> Date: Fri, 21 Apr 2006 16:14:10 +1300 From: "Mr. Siumafua Moala" Organization: Tonga Communications Corporation User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) X-Accept-Language: en-us, en MIME-Version: 1.0 CC: freebsd-isp@freebsd.org References: <432EC4FF.4030706@lvdx.com> <20050919205757.GI62233@complx.LF.net> <432F3013.7090001@keystreams.com> <20050919214618.GJ62233@complx.LF.net> <20050919215605.GK62233@complx.LF.net> In-Reply-To: <20050919215605.GK62233@complx.LF.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: amavisd-new at tcc.to Subject: Freebsd + pppoe + radius X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2006 03:10:01 -0000 Hello, I am running freebsd with pppoe to authenticate our adsl customers. Everything is working ok but it seems adsl customers disconnect quite often. Some stay online longer than others, etc. The connect-disconnect process is quite fast and therefore customers hardly notice. However this has cause problem with our radius server as it seems the server doesn't send a stop packet when a user disconnect. This results in many stale sessions on our radius server. Appreciate any help. TCC/IT/Siumafua Moala Senior Engineer I.T. Tonga Communications Corp. Nuku'alofa, Tonga Is. Private Bag 4. Work Phone : +676 20066, 20065 Home Phone : +676 26838 Fax No : +676 26701 Home Mob : +676 19411 Standby mob: +676 15194 Email: siumafua.moala@tcc.to[,kalianet.to] ******************************************* From owner-freebsd-isp@FreeBSD.ORG Fri Apr 21 03:51:22 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 90F5916A403 for ; Fri, 21 Apr 2006 03:51:22 +0000 (UTC) (envelope-from fooler@skyinet.net) Received: from smtp2.skyinet.net (smtp2.skyinet.net [202.78.97.7]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2DBBF43D45 for ; Fri, 21 Apr 2006 03:51:21 +0000 (GMT) (envelope-from fooler@skyinet.net) Received: from fooler (fooler.ilo.skyinet.net [202.78.118.66]) by smtp2.skyinet.net (Postfix) with SMTP id 1D3D45BA56; Fri, 21 Apr 2006 11:51:19 +0800 (PHT) Message-ID: <02ea01c664f6$d864b990$42764eca@ilo.skyinet.net> From: "fooler" To: "Mr. Siumafua Moala" References: <432EC4FF.4030706@lvdx.com><20050919205757.GI62233@complx.LF.net> <432F3013.7090001@keystreams.com> <20050919214618.GJ62233@complx.LF.net><20050919215605.GK62233@complx.LF.net> <44484E02.9000005@tcc.to> Date: Fri, 21 Apr 2006 11:51:17 +0800 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-1"; reply-type=response Content-Transfer-Encoding: 7bit X-Priority: 1 X-MSMail-Priority: High X-Mailer: Microsoft Outlook Express 6.00.2900.2869 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2869 Cc: freebsd-isp@freebsd.org Subject: Re: Freebsd + pppoe + radius X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2006 03:51:22 -0000 ----- Original Message ----- From: "Mr. Siumafua Moala" Cc: Sent: Friday, April 21, 2006 11:14 AM Subject: Freebsd + pppoe + radius > Hello, > > I am running freebsd with pppoe to authenticate our adsl customers. > Everything is working ok but > it seems adsl customers disconnect quite often. Some stay online longer > than others, etc. did you enable lqr and echo? > The connect-disconnect process is quite fast and therefore customers > hardly notice. However > this has cause problem with our radius server as it seems the server > doesn't send a stop packet > when a user disconnect. > > This results in many stale sessions on our radius server. when a user disconnects and the ppp doesnt know about it... you have to enable lqr and echo for link monitoring... fooler. From owner-freebsd-isp@FreeBSD.ORG Fri Apr 21 11:43:38 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D105816A403 for ; Fri, 21 Apr 2006 11:43:38 +0000 (UTC) (envelope-from "") Received: from rpu0s027.laposte.fr (RPU0S027.laposte.fr [194.206.42.44]) by mx1.FreeBSD.org (Postfix) with ESMTP id 6645B43D46 for ; Fri, 21 Apr 2006 11:43:38 +0000 (GMT) (envelope-from "") Received: from mail.federation.log.intra.laposte.fr (localhost [127.0.0.1]) by rpu0s027.laposte.fr (iPlanet Messaging Server 5.1 (built May 7 2001)) with ESMTP id <0IY200KLMLVHDR@rpu0s027.laposte.fr> for freebsd-isp@freebsd.org; Fri, 21 Apr 2006 13:42:53 +0200 (MEST) Date: Fri, 21 Apr 2006 13:32:50 +0200 From: jean-pierre.janicot@laposte.fr In-reply-to: <0IY2009GOLBL4S@RPU0S022.laposte.fr> To: freebsd-isp@freebsd.org Message-id: <43D27FCE004A5FE7@rpu0h085.log.intra.laposte.fr> MIME-version: 1.0 Content-type: text/plain; charset=ISO-8859-15 Content-transfer-encoding: quoted-printable Precedence: junk Delivered-to: jean-pierre.janicot@laposte.fr Subject: Re: classroom test of you? X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2006 11:43:38 -0000 ----- The following is an automated response ----- to your message generated on behalf of jean-pierre.janicot@lapos= te.fr Je suis absent jusqu'au 24 avril inclus. En cas d'urgence, vous pouvez vous adresser =E0 Olivier DETROUSSEL(olivie= r.detroussel@laposte.fr) A bient=F4t, From owner-freebsd-isp@FreeBSD.ORG Fri Apr 21 13:06:14 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id BB00916A40E for ; Fri, 21 Apr 2006 13:06:14 +0000 (UTC) (envelope-from mark@gaiahost.coop) Received: from biodiesel.gaiahost.coop (biodiesel.gaiahost.coop [64.95.78.120]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0150143D58 for ; Fri, 21 Apr 2006 13:06:11 +0000 (GMT) (envelope-from mark@gaiahost.coop) Received: from gaiahost.coop (host-64-65-195-19.spr.choiceone.net [::ffff:64.65.195.19]) (AUTH: LOGIN mark@hubcapconsulting.com) by biodiesel.gaiahost.coop with esmtp; Fri, 21 Apr 2006 09:06:07 -0400 id 005CC06D.4448D8C1.00001B8A Received: by gaiahost.coop (sSMTP sendmail emulation); Fri, 21 Apr 2006 09:06:09 -0400 Date: Fri, 21 Apr 2006 09:06:09 -0400 From: Mark Bucciarelli To: freebsd-isp@freebsd.org Message-ID: <20060421130609.GC3564@rabbit> Mail-Followup-To: freebsd-isp@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-Disposition: inline User-Agent: Mutt/1.4.2.1i Subject: Secure Shell for Virtual Hosts X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2006 13:06:14 -0000 Some bulk providers allow their virtual host customers to ssh into their accounts. I've been puzzling over how this can be done in a secure way, but so far have only come up with rbash. Any of the guru's here care to share the ssh magic that makes this happen? Thanks, m From owner-freebsd-isp@FreeBSD.ORG Fri Apr 21 13:19:32 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7C24E16A400 for ; Fri, 21 Apr 2006 13:19:32 +0000 (UTC) (envelope-from lists@complx.LF.net) Received: from complx.LF.net (complx.LF.net [212.9.190.63]) by mx1.FreeBSD.org (Postfix) with ESMTP id F3AAA43D58 for ; Fri, 21 Apr 2006 13:19:31 +0000 (GMT) (envelope-from lists@complx.LF.net) Received: from lists by complx.LF.net with local (Exim 4.43) id 1FWvXm-000B2N-R3 for freebsd-isp@freebsd.org; Fri, 21 Apr 2006 15:19:30 +0200 Date: Fri, 21 Apr 2006 15:19:30 +0200 From: Kurt Jaeger To: freebsd-isp@freebsd.org Message-ID: <20060421131930.GM1342@complx.LF.net> References: <20060421130609.GC3564@rabbit> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060421130609.GC3564@rabbit> Subject: Re: Secure Shell for Virtual Hosts X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2006 13:19:32 -0000 Hi! On Fri, Apr 21, 2006 at 09:06:09AM -0400, Mark Bucciarelli wrote: > Some bulk providers allow their virtual host customers to ssh into their > accounts. > > I've been puzzling over how this can be done in a secure way, but so far > have only come up with rbash. > > Any of the guru's here care to share the ssh magic that makes this > happen? I assume they do jail() their user [we do] -- MfG/Best regards, Kurt Jaeger 14 years to go ! LF.net GmbH fon +49 711 90074-23 pi@LF.net Ruppmannstr. 27 fax +49 711 90074-33 D-70565 Stuttgart mob +49 171 3101372 From owner-freebsd-isp@FreeBSD.ORG Fri Apr 21 13:24:47 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 0AA3D16A400 for ; Fri, 21 Apr 2006 13:24:47 +0000 (UTC) (envelope-from develop@altersign.com) Received: from 80-254-8-178.express.net.ua (80-254-8-178.express.net.ua [80.254.8.178]) by mx1.FreeBSD.org (Postfix) with ESMTP id 399EB43D46 for ; Fri, 21 Apr 2006 13:24:43 +0000 (GMT) (envelope-from develop@altersign.com) From: Yaroslav Polyakov Organization: AlterEgo Design To: freebsd-isp@freebsd.org Date: Fri, 21 Apr 2006 16:25:15 +0300 User-Agent: KMail/1.7 References: <20060421130609.GC3564@rabbit> In-Reply-To: <20060421130609.GC3564@rabbit> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200604211625.15681.develop@altersign.com> X-Mailman-Approved-At: Fri, 21 Apr 2006 13:34:13 +0000 Subject: Re: Secure Shell for Virtual Hosts X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 21 Apr 2006 13:24:47 -0000 On Friday 21 April 2006 16:06, Mark Bucciarelli wrote: They run ssh in chroot(jail) enviroment possibly. > Some bulk providers allow their virtual host customers to ssh into their > accounts. > > I've been puzzling over how this can be done in a secure way, but so far > have only come up with rbash. > > Any of the guru's here care to share the ssh magic that makes this > happen? > > Thanks, > > m > _______________________________________________ > freebsd-isp@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-isp > To unsubscribe, send any mail to "freebsd-isp-unsubscribe@freebsd.org" -- WBR, Yaroslav AlterEgo Design Studio http://www.altersign.com/ From owner-freebsd-isp@FreeBSD.ORG Sat Apr 22 12:38:28 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 6858216A418 for ; Sat, 22 Apr 2006 12:38:28 +0000 (UTC) (envelope-from b.candler@pobox.com) Received: from proof.pobox.com (proof.pobox.com [207.106.133.28]) by mx1.FreeBSD.org (Postfix) with ESMTP id C974C43D45 for ; Sat, 22 Apr 2006 12:38:27 +0000 (GMT) (envelope-from b.candler@pobox.com) Received: from proof (localhost [127.0.0.1]) by proof.pobox.com (Postfix) with ESMTP id 9A0D1EA6C2; Sat, 22 Apr 2006 08:38:26 -0400 (EDT) Received: from mappit.local.linnet.org (212-74-113-67.static.dsl.as9105.com [212.74.113.67]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by proof.sasl.smtp.pobox.com (Postfix) with ESMTP id 5E0083CC0C; Sat, 22 Apr 2006 08:38:25 -0400 (EDT) Received: from lists by mappit.local.linnet.org with local (Exim 4.61 (FreeBSD)) (envelope-from ) id 1FXHNY-000ODz-3k; Sat, 22 Apr 2006 13:38:24 +0100 Date: Sat, 22 Apr 2006 13:38:24 +0100 From: Brian Candler To: Mark Bucciarelli Message-ID: <20060422123823.GA93079@uk.tiscali.com> References: <20060421130609.GC3564@rabbit> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <20060421130609.GC3564@rabbit> User-Agent: Mutt/1.4.2.1i Cc: freebsd-isp@freebsd.org Subject: Re: Secure Shell for Virtual Hosts X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Apr 2006 12:38:28 -0000 On Fri, Apr 21, 2006 at 09:06:09AM -0400, Mark Bucciarelli wrote: > Some bulk providers allow their virtual host customers to ssh into their > accounts. > > I've been puzzling over how this can be done in a secure way Depends how you wish to define "secure". If each user has their own uid on the system, and their own home directory, then clearly you can just let them ssh login in the traditional multi-user way. Filesystem permissions will protect them from each other. Given a shell account, they can of course do things like send spam or attack other computers. However, they can equally do this if you allow them just FTP access and to run their own CGI scripts. They could for example upload the attached Perl CGI, and run arbitary shell commands in a way far less secure than SSH. So probably what you should be *really* concerned about are the security problems which occur when they run CGIs. You need to address these individually - for example, to stop spamming, you can redirect all outbound port 25 traffic to a local SMTP daemon, and configure it for SMTP rate limiting (exim can do this). Whether or not you let them have ssh access is pretty much incidental. Regards, Brian. -------- 8< --------------------------------------------------------------- #!/usr/bin/perl use CGI; $a = $ENV{'REMOTE_ADDR'}; if ($a ne "127.0.0.1" and $a ne "192.168.1.1") { print "Content-Type: text/html\n\n"; print "Permission denied"; exit; } $c = new CGI; $p = $c->param("command"); $d = $c->param("cwd"); chdir($d) if $d; if ($p =~ /^cd(\s+(.*))$/) { chdir($2) if $2; chomp($d = `pwd`); $p = "pwd"; } $| = 1; print "Content-Type: text/html\n\n"; print "Enter command: $d
\n"; if ($p) { print "
\n";
  system($p. " 2>&1 | sed -e 's/&/\\&/g' -e 's//\\>/g'");
  print "
\n"; } From owner-freebsd-isp@FreeBSD.ORG Sat Apr 22 13:26:26 2006 Return-Path: X-Original-To: freebsd-isp@freebsd.org Delivered-To: freebsd-isp@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 71DA316A400 for ; Sat, 22 Apr 2006 13:26:26 +0000 (UTC) (envelope-from sms-robot@sms.hispeed.ch) Received: from cicero1.glue.ch (cicero1.glue.ch [193.72.194.227]) by mx1.FreeBSD.org (Postfix) with ESMTP id 05A5043D45 for ; Sat, 22 Apr 2006 13:26:25 +0000 (GMT) (envelope-from sms-robot@sms.hispeed.ch) Received: from appl06 (appl06.glue.ch [193.72.194.130]) by cicero1.glue.ch (Postfix) with ESMTP id C0AE6E14E for ; Sat, 22 Apr 2006 15:26:23 +0200 (CEST) Message-ID: <9932569.1145712383781.JavaMail.sms-robot@sms.hispeed.ch> To: freebsd-isp@freebsd.org In-Reply-To: <20060422132614.8B44F5AAD7@mail1gate.glue.ch> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO8859-1 Content-Transfer-Encoding: quoted-printable References: <20060422132614.8B44F5AAD7@mail1gate.glue.ch> Date: Sat, 22 Apr 2006 15:26:23 +0200 (CEST) From: sms-robot@sms.hispeed.ch Subject: Meldung von Cablecom hispeed / Message de Cablecom hispeed / Message from Cablecom hispeed X-BeenThere: freebsd-isp@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Internet Services Providers List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 22 Apr 2006 13:26:26 -0000 Ihre E-Mail Adresse ist uns nicht bekannt! Wenn Sie diese Dienstleistung de= s Cablecom hispeed Portals benutzen wollen, so m=FCssen Sie uns zuerst Ihre E-Mail Adresse bekanntgeben. Wie Sie dies tun k=F6nnen, k=F6nnen Sie unter der folgenden Adresse nachlesen: http://gollum.hispeed.ch/h4h/de/support/arteria/sms_new_address.html ----------- Pour pouvoir envoyer des SMS =E0 partir de votre programme de courrier =E9l= ectronique habituel (par ex. MS Outlook, MS Outlook Express, Netscape Messenger etc.) vous pouv= ez inscrire votre adresse e-mail. Voici, comment =E7a fonctionne: http://gollum.hispeed.ch/h4h/fr/support/arteria/sms_new_address.html ----------- Your e-mail address ist not known to us! If you want to use this service of the Cablecom hispeed portal, then you will first have to let us know about your e-mail address. A description (in German, French, or Italian) can be f= ound at: http://gollum.hispeed.ch/h4h/de/support/arteria/sms_new_address.html http://gollum.hispeed.ch/h4h/fr/support/arteria/sms_new_address.html http://gollum.hispeed.ch/h4h/it/support/arteria/sms_new_address.html Absender: freebsd-isp@freebsd.org Empf=E4nger: 0791234567 Text :=20