DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD Security

OpenBSD Security Functionally paranoid!

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 4th April 2017
roggy roggy is offline
Port Guard
 
Join Date: Nov 2013
Posts: 41
Default Slow network interface

Hi,

We hired a dedicated server in a cloud and XenServer 6.5 was installed on it. In it we will create an infrastructure with firewall, active directory etc.
Inside this Xen I installed openbsd, which served as a firewall for the local network. In the firewall there is an interface with public ip, which is the interface of exit, and another with private ip, which will be the gateway of the local network.
The firewall is already working and interconnected with our company via vpn.
The communication between my network in the company and the cloud network via vpn is very slow.
Analyzing, I saw that openbsd is with the network interface as "Ethernet manual" rather than "Ethernet autoselect (1000baseT full-duplex, rxpause, txpause)"
Code:
root@fw~# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
        index 4 priority 0 llprio 3
        groups: lo
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
        inet 127.0.0.1 netmask 0xff000000
xnf0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr ce:b9:92:83:93:26
        index 1 priority 0 llprio 3
        groups: egress
        media: Ethernet manual
        status: active
        inet 104.xxx.xx.xxx netmask 0xfffffffc broadcast 104.xxx.xx.xxx
xnf1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 3a:19:53:f8:c5:ce
        index 2 priority 0 llprio 3
        media: Ethernet manual
        status: active
        inet 192.168.50.1 netmask 0xffffff00 broadcast 192.168.50.255

root@fw~# cat /etc/hostname.xnf0
inet 104.xxx.xx.xxx 255.255.255.252

root@fw~# cat /etc/hostname.xnf1
inet 192.168.50.1 255.255.255.0
I'm guessing the problem is in this "Ethernet manual".
From our company, we communicate with two other desktops using the same firewall configuration.
Does anyone know if this interface that XenServer passes to openbsd works correctly?

Last edited by ocicat; 4th April 2017 at 08:47 PM. Reason: Please use [code] & [/code] tags when posting command output.
Reply With Quote
  #2   (View Single Post)  
Old 4th April 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,891
Default

The xnf(4) driver is a Xen-specific driver. I do not know if "manual" has any impact, but I do know that OpenBSD 6.0 is using revision 1.22 of the driver, and OpenBSD 6.1, which will be released shortly, will use revision 1.54, so there are 32 patches to the driver between releases.

If you are using OpenBSD 6.0, try a -current snapshot. If this solves the performance problem, then you know the problem will be fixed with OpenBSD 6.1 when it is released.

See the commit log here: http://cvsweb.openbsd.org/cgi-bin/cv...ev/pv/if_xnf.c

Last edited by jggimi; 5th April 2017 at 01:05 AM. Reason: I am unable to count
Reply With Quote
  #3   (View Single Post)  
Old 5th April 2017
roggy roggy is offline
Port Guard
 
Join Date: Nov 2013
Posts: 41
Default

jggimi,

I tried with the 6.1 snapshot but it did not work. The same slowness remains.
To be sure, I replicated the same configuration to another environment outside the cloud, on an adsl link, and it worked instantly.
Reply With Quote
  #4   (View Single Post)  
Old 5th April 2017
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 5,891
Default

That is helpful news. I recommend reaching out to mikeb@, as he continues to be the lead developer for the driver.

Even though this would be an informal problem report, be sure to include your dmesg(8) and your Xen guest provisioning information.
Reply With Quote
  #5   (View Single Post)  
Old 7th April 2017
roggy roggy is offline
Port Guard
 
Join Date: Nov 2013
Posts: 41
Default

Problem solved. When this slow problem occurs, you must disable the checksum on the physical and virtual cards and restart the XenServer.
Now everything is very good!!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
OpenBDS 5.5 Problems with network interface during installation. tastelessbit OpenBSD Installation and Upgrading 9 29th August 2014 07:47 PM
Changing Which Interface Is Assigned To Network Interface (physical) Port EverydayDiesel OpenBSD General 2 18th July 2014 10:25 AM
system slow when plugged to network albator OpenBSD General 9 14th November 2013 07:56 PM
Device-agnostic network interface sean OpenBSD General 2 28th January 2010 06:24 PM
Web interface for pf? windependence OpenBSD Security 4 20th May 2008 03:58 AM


All times are GMT. The time now is 08:31 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick