Show Posts

since you have 4 routers and 2 eBGP or iBGP, you would need to separate the CARP interfaces for all 4 routers. As in Pri.Sec A and Pri,Sec B. I would just make sure that you have a interior routing protocol if you are planning on using eBGP. you might use static routes, but it's not recommended.

519

General Discussion / Re: New to opnsense. How different is it?

« on: September 15, 2021, 04:53:32 pm »

if you got a particular netgate, opnsense may not work... just a heads up...

520

21.7 Legacy Series / Re: IPv6 Configuration

« on: September 14, 2021, 11:53:43 am »

Quote from: andrema2 on September 13, 2021, 05:57:51 pm

Wow, the discussion has been very rich so far.

I think I'm still lost at this moment. Is there anything I can/should do ? Or the only solution is to ask for more than /64 for my ISP ?

Thanks

Once you have a /64, you can create a /80 or /96 for your internal network set up your DHCP and block your router to directly connecting to the internal network. This works just fine since your router is responsible to forward traffic.

OR
to calm everyone down here... you can use ULA Fc00:: address for your internal network as well.

https://datatracker.ietf.org/doc/html/rfc4193

521

21.7 Legacy Series / Re: Unable to ping VIP from various devices on the same subnet.

« on: September 13, 2021, 12:32:12 pm »

Would anyone help troubleshooting this?

I have disabled the firewalls and still unable to ping the loopback.

522

21.7 Legacy Series / Re: IPv6 Configuration

« on: September 13, 2021, 12:30:13 pm »

Quote from: IsaacFL on September 12, 2021, 07:53:06 pm

Quote from: bimbar on September 12, 2021, 06:57:16 pm
They are kind of right, you can subnet to a smaller size, only you really shouldn't.

RFC 4291 - IP Version 6 Addressing Architecture - Section 2.5.4. Global Unicast Addresses says you are constrained to 64 bit.

It doesn't make it optional and many things break if you try otherwise.

Obviously, you are NOT reading it correctly. So to clarify for you, the ISP is providing you a GUA which is /64 as it states in the section 2.5.4. Where you have an issue not reading correctly, it states:

Quote

where the global routing prefix is a (typically hierarchically-
structured) value assigned to a site (a cluster of subnets/links),
the subnet ID is an identifier of a link within the site, and the
interface ID is as defined in Section 2.5.1.

"A cluster of subnets" --- you can chop it up any which way as you please. it's quite simply a normal IP thing to do.

523

21.7 Legacy Series / Re: IPv6 Configuration

« on: September 11, 2021, 12:16:44 am »

you can subnet it out to smaller segments 80,96,112

https://www.ibm.com/docs/en/ts3500-tape-library?topic=formats-subnet-masks-ipv4-prefixes-ipv6

524

21.7 Legacy Series / Re: Unable to ping VIP from various devices on the same subnet.

« on: August 31, 2021, 09:37:35 pm »

From various devices I can ping the gateway. 192.168.1.1/24
I can ping from the gateway to the various devices. 192.168.1.45, 192.168.1.13, 192.168.1.15
I can ping from the gateway to the VIP 192.168.1.53, and 192.168.1.12

I cannot ping from 192.168.1.13, 15, and 45 the VIP's 192.168.1.12, or 53...

I have made no FW rule changes. what gives?

525

23.7 Legacy Series / Re: [Tutorial/Call for Testing] Enabling Receive Side Scaling on OPNsense

« on: August 31, 2021, 07:35:58 pm »

here's mine:

Code: [Select]

#lscpu
Architecture:            amd64
Byte Order:              Little Endian
Total CPU(s):            8
Thread(s) per core:      1
Core(s) per socket:      8
Socket(s):               1
Vendor:                  AuthenticAMD
CPU family:              23
Model:                   1
Model name:              AMD EPYC 3201 8-Core Processor
Stepping:                2
L1d cache:               32K
L1i cache:               64K
L2 cache:                512K
L3 cache:                16M
Flags:                   fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 cflsh mmx fxsr sse sse2 htt sse3 pclmulqdq monitor ssse3 fma cx16 sse4_1 sse4_2 popcnt aes xsave osxsave avx f16c rdrnd syscall nx mmxext fxsr_opt pdpe1gb rdtscp lm lahf_lm cmp_legacy svm extapic cr8_legacy lzcnt sse4a misalignsse 3dnowprefetch osvw skinit wdt tce topoext perfctr_core perfctr_nb pcx_l2i

#dmesg | grep vector
igb0: Using MSI-X interrupts with 5 vectors
igb1: Using MSI-X interrupts with 5 vectors
igb2: Using MSI-X interrupts with 5 vectors
igb3: Using MSI-X interrupts with 5 vectors
ax0: Using MSI-X interrupts with 12 vectors
ax1: Using MSI-X interrupts with 12 vectors

# sysctl -a | grep rss
hw.bxe.udp_rss: 0
hw.ix.enable_rss: 1

# sysctl -a | grep isr
net.route.netisr_maxqlen: 256
net.isr.numthreads: 1
net.isr.maxprot: 16
net.isr.defaultqlimit: 256
net.isr.maxqlimit: 10240
net.isr.bindthreads: 0
net.isr.maxthreads: 1
net.isr.dispatch: direct

Pages: 1 ... 33 34 [35] 36 37 ... 40