[solved]Tables Entries ?

Started by BrandyWine, August 05, 2025, 07:07:52 AM

Previous topic - Next topic
Print
Go Down Pages 1 2
User actions
August 07, 2025, 10:22:01 AM #15
I don't even know what you're asking for in somebody else's thread.
August 07, 2025, 07:09:27 PM #16 Last Edit: August 07, 2025, 07:51:07 PM by BrandyWine
I just unchecked "allow ipv6" , and now in Aliases sections "bogons" still shows 2850, "bogonsv6" is blank.

So in summary, with "allow ipv6" enabled, my ifaces were v4+v6 and both bogons lists were there. I disable "ipv6" and my ifaces are now just ipv4 and only the "bogons" list is there.

August 07, 2025, 07:11:40 PM #17 Last Edit: August 07, 2025, 07:59:19 PM by BrandyWine
Quote from: hharry on August 07, 2025, 10:01:11 AM@Franco so you've just confirmed there no way to have IPv4+6 interfaces, with only bogons (v4), right ?
Why would you want the bogonsv6 list active if the iface is only ipv4? If ipv6 is disabled how would any ipv6 get fwd'd to the iface at layer-2?

Edit: even with ipvs disbale from OPNsense, it does appear ipv6 in the OS stacl is still there. See my later post.
August 07, 2025, 07:18:03 PM #18
Quote from: OPNenthu on August 07, 2025, 03:04:00 AMEDIT: I asked an LLM and it said that 1 million table entries in pf is on the order of 32-64 MB, so not a big deal for RAM requirements even if it's hallucinating on the exact amount.  Packet throughput is a potential issue.
I just now turned off ipv6, bogonsv6 table emptied out, yet mem usage in Lobby appears exactly the same. I had 16% aliases table entries, now it's at 2881/1mil, or 0%.

On my system, 16GB ram, just from gui numbers (no real looking), 16% of the 1mil was not even reflected in mem use. We know some mem is used, but it must be small.
If it's 64-128MB for 1mil entries, that's nothing really. If you change max and start to really load up on entries, then maybe mem becomes something to look at. I was thinking maybe get 32GB ram, but my research said I onlly need 16. These days getting 32GB is not much more over the 16. So far my 16ram 512disk seems to be plenty.
August 07, 2025, 07:50:01 PM #19 Last Edit: August 07, 2025, 08:09:51 PM by BrandyWine Reason: clerical errs
Just for some clarity on freeBSD OS, there's only one (1) tcp/ip statck loaded, "freebsd". This is an ipv6 stack that does ipv4 mapping by default. One stack that does both.

The "allow ipv6" setting in OPNsense is a OPNsense thing (control at layer3), not an OS stack control.

You can use sysctl to have stack be ipv4+ipv6 (the default), ipv4 only, or ipv6 only. This is at OS level.
I don't see any gains at OS level, like your not saving memory because the "freebsd" stack is the only stack that is loaded, and you need at least one, etc. Duly granted, a ipv6 stack that handle ipv4 has do mapping, which means more processing, but likely not relevant at this level of device.

https://www.siberoloji.com/how-to-enable-or-disable-ipv6-on-freebsd-operating-system/

If the OPNsense gui options were "4+6", "4only", "6only", it could essentially write the needed sysctl (or other cfg) items for boot time, then you would need to reboot to get those changes. You could essentially have a mix of support, like per iface settings, controlled at the tcp/ip stack level config.

I bolded only because that would be a good feature to have.
Print
Go Up Pages 1 2
User actions