From owner-freebsd-questions  Sun Sep  2 22:22:23 2001
Delivered-To: freebsd-questions@freebsd.org
Received: from pioneernet.net (mail.pioneernet.net [207.115.64.224])
	by hub.freebsd.org (Postfix) with ESMTP id 9106037B408
	for <freebsd-questions@FreeBSD.ORG>; Sun,  2 Sep 2001 22:22:17 -0700 (PDT)
Received: from chip.wiegand.org [66.114.152.128] by pioneernet.net
  (SMTPD32-6.06) id A4182540148; Sun, 02 Sep 2001 22:24:40 -0700
Content-Type: text/plain;
  charset="iso-8859-1"
From: Chip <chip@wiegand.org>
To: Joe Clarke <marcus@marcuscom.com>
Subject: Re: replacing a cisco router with a fbsd box
Date: Sun, 2 Sep 2001 22:23:01 -0700
X-Mailer: KMail [version 1.2]
Cc: Ted Mittelstaedt <tedm@toybox.placo.com>,
	<freebsd-questions@FreeBSD.ORG>
References: <20010902234540.I17519-100000@shumai.marcuscom.com>
In-Reply-To: <20010902234540.I17519-100000@shumai.marcuscom.com>
MIME-Version: 1.0
Message-Id: <01090222230108.44697@chip.wiegand.org>
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

On Sunday 02 September 2001 20:46, Joe Clarke wrote:
> Telnet is one way of going, but if the router isn't allowing connections,
> you'll need to do it from the console.  I can also send you a good list of
> SNMP objects for polling if you'd like that.
>
> Joe

That'd be great, or just point me to a web site where I can get the info.

--
Chip

> On Sun, 2 Sep 2001, Chip wrote:
> > On Sunday 02 September 2001 09:40, Joe Clarke wrote:
> > > I believe the NAT bug you're referring to has been fixed.  However, if
> > > you send me some details, I'd be happy to verify for you.
> > >
> > > Yes, FreeBSD's NAT isn't as feature-rich as Cisco's, but the libalias
> > > stuff is easy to add protocol support to.  I just added TFTP to the
> > > tree, and internal to Cisco, I've added another protocol for IP
> > > telephony.
> > >
> > > As for the crash/hang.  Yeah, if it hangs, you're screwed.  It's hard
> > > to troubleshoot those kind of things if you can't produce any kind of
> > > error messages.  In those cases, obtaining information regularly like
> > > show proc, show proc cpu, show buff, and show log can help.
> >
> > Are those run on the router via telnet?
> >
> > --
> > Chip
> >
> > > Joe
> > >
> > > On Sun, 2 Sep 2001, Ted Mittelstaedt wrote:
> > > > >-----Original Message-----
> > > > >From: owner-freebsd-questions@FreeBSD.ORG
> > > > >[mailto:owner-freebsd-questions@FreeBSD.ORG]On Behalf Of Joe Clarke
> > > > >
> > > > >I realize I'm coming in a bit late on this, but I work for Cisco
> > > > > TAC, and can say that with the recent Code Red thing, our NAT has
> > > > > seen a lot of work.  There have been bugs filed to be sure.
> > > >
> > > > I hope that you fix the one where the Cisco NAT doesen't tear down
> > > > the address map as soon as the connection is closed.  I saw that one
> > > > on a 1005 running early 12.0 code when someone asked us why they
> > > > could Telnet into a JetDirect card from the Internet that in reality
> > > > had a private network number. Turned out they were telnetting into
> > > > the overload number on a nat pool on the 1005.  I never did get
> > > > around to writing that one up because I figured it was an
> > > > obvious hole that would be caught, but if your interested I'll dig up
> > > > the particulars.
> > > >
> > > >   Offloading NAT from a
> > > >
> > > > >router with a small amount of RAM will improve packet flow to be
> > > > > sure. In fact, if you're experiencing lock-ups, I'd try that.  It
> > > > > may help you isolate the problem.  FreeBSD's NAT is pretty good for
> > > > > most standard protocols.  I've found it's relatively easy to add
> > > > > support to.
> > > >
> > > > But it doesen't so the DNS trick that you guys do which is very
> > > > useful.
> > > >
> > > > :-(
> > > > :
> > > > >Also, if you do find yourself having to reload, see if you're
> > > > > getting any tracebacks.  Do a show ver or show stack, and see what
> > > > > you can see. Those memory addresses can be useful for tracking down
> > > > > bugs.
> > > >
> > > > He was saying that when the router got hosed that they had to
> > > > power-cycle which I take it to mean the device froze.  It sounds
> > > > suspiciously like flakey hardware to me.  Maybe someone upgraded the
> > > > ram with some random PC memory they had lying around?
> > > >
> > > >
> > > > Ted Mittelstaedt
> > > > tedm@toybox.placo.com Author of:                           The
> > > > FreeBSD Corporate Networker's Guide Book website:
> > > > http://www.freebsd-corp-net-guide.com
> >
> > --
> > --
> > Chip W.

-- 
--
Chip W.

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message