Max number of procs in global zone
hi,
Does anyone knows if we have any sorts of max no of procs in the global zone?
I assumed that v.v_porc & v.v_maxup are set dinamically in Solaris 10 and no limit of 30K procs is valid there!
we have V890 runing Sol2.10 and run the processes in the default project, so i believe we can even pass this value as long as other system resources are fine.
any comments or opinion would be greatly appreciated,
Babak
[http://fav.or.it/post/814539/solaris-10-increasing-number-of-processes-per-user|http://fav.or.it/post/814539/solaris-10-increasing-number-of-processes-per-user]
Similar Messages
-
Changing process.max-file-descriptor in non global zone
Hello Folks,
I have non global zone.
i wanted to change process.max-file-descriptor to 8192 so i issued the below command
projmod -s -K 'process.max-file-descriptor=(basic,8192,deny)' default
i have rebooted zone, after reboot system is not showing the value as 8192.
can u someone help me to find out the missed# id -p
uid=0(root) gid=0(root) projid=1(user.root)
# prctl -P $$ | grep file
process.max-file-descriptor basic 256 - deny 19452
process.max-file-descriptor privileged 65536 - deny -
process.max-file-descriptor system 2147483647 max deny -
process.max-file-size privileged 9223372036854775807 max deny,signal=XFSZ -
process.max-file-size system 9223372036854775807 max deny -
# ulimit -n
256
# cat /etc/project | grep file
default:3::::process.max-file-descriptor=(basic,8192,deny)
# -
What is the maximum number of datasets you can use in a non-global zone.
I have been trying to assign 8 datasets to a non-global zone. Whilst I can create as many as I like using the zonecfg command, when I boot the zone only the first 7 ever get mounted. Running zfs list in the zone also only displays the first 7 datasets.
Any assitance will be greatly appreciated.
I am running
Solaris 10 8/07 s10s_u4wos_12b SPARC
Chrishttp://download-west.oracle.com/docs/cd/B19306_01/server.102/b14200/expressions014.htm
A comma-delimited list of expressions can contain no more than 1000 expressions. A comma-delimited list of sets of expressions can contain any number of sets, but each set can contain no more than 1000 expressions.
The following are some valid expression lists in conditions:
(10, 20, 40)
('SCOTT', 'BLAKE', 'TAYLOR')
( ('Guy', 'Himuro', 'GHIMURO'),('Karen', 'Colmenares', 'KCOLMENA') ) -
How to retrieve # on-line procs in a non-global zone with resource pool
Is there any way to retrieve the #of on line processors of the machine running in a non global zone with resource pool ?
sysconf does not return this value. In fact this is an excerpt of the man:
"If the caller is in a non-global zone and the pools facility is active, sysconf(_SC_NPROCESSORS_CONF) and sysconf_SC_NPROCESSORS_ONLN) return the number of processors in the processor set of the pool to which the zone is bound."So, from within a local zone that's in a pool (i.e. in a pool with 8 CPUs) , you want to query how many CPUs really exist in the global zone (i.e. the global zone may actually have 16 CPUs)? I don't think that's possible: in fact for security reasons it's probably intentionally disabled.
A quick workaround would be a script/cron-job in the global zone that writes a small file in the filesystem of the local zone... then from within that zone you could read the CPU count.
I'm interested though: what are you trying to set up?
Regards,
[email protected] -
Oracle 10g install is not working on Global zone
We installed Solaris 10 (below) in a T2000 using the same standards we have for many other hosts.After the installation was finished, three zones were exported from a M5000 class machine and imported into this T2000. From inside the zones we can call the Oracle10g installer and the graphical screen is presented. When executing the installed from the Global zone, we can see a java process running, using 100% of a thread, but no graphical interface is presented at all. Checking truss, we see a lot of pollsys being called. Any ideas?
# uname -a
SunOS wgsst2k01 5.10 Generic_127127-11 sun4v sparc SUNW,SPARC-Enterprise-T2000
# memconf -v
memconf: V2.6 06-May-2008 http://www.4schmidts.com/unix.html
hostname: wgsst2k01
banner: SPARC Enterprise T2000 (8-core quad-thread UltraSPARC-T1 1000MHz)
manufacturer: Sun Microsystems, Inc.
model: SPARC-Enterprise-T2000
Sun development codename: Ontario
Sun Family Part Number: SEB
Solaris 10 5/08 s10s_u5wos_10 SPARC, 64-bit kernel, SunOS 5.10
1 8-core quad-thread UltraSPARC-T1 1000MHz cpu, system freq: 200MHz
socket MB/CMP0/CH0/R0/D0 has a 1024MB (1GB) DIMM (address 0x000800000-0x4007fffff)
socket MB/CMP0/CH0/R0/D1 has a 1024MB (1GB) DIMM (address 0x000800000-0x4007fffff)
socket MB/CMP0/CH1/R0/D0 has a 1024MB (1GB) DIMM (address 0x000800000-0x4007fffff)
socket MB/CMP0/CH1/R0/D1 has a 1024MB (1GB) DIMM (address 0x000800000-0x4007fffff)
socket MB/CMP0/CH2/R0/D0 has a 1024MB (1GB) DIMM (address 0x000800000-0x4007fffff)
socket MB/CMP0/CH2/R0/D1 has a 1024MB (1GB) DIMM (address 0x000800000-0x4007fffff)
socket MB/CMP0/CH3/R0/D0 has a 1024MB (1GB) DIMM (address 0x000800000-0x4007fffff)
socket MB/CMP0/CH3/R0/D1 has a 1024MB (1GB) DIMM (address 0x000800000-0x4007fffff)
socket MB/CMP0/CH0/R1/D0 has a 1024MB (1GB) DIMM (address 0x000800000-0x4007fffff)
socket MB/CMP0/CH0/R1/D1 has a 1024MB (1GB) DIMM (address 0x000800000-0x4007fffff)
socket MB/CMP0/CH1/R1/D0 has a 1024MB (1GB) DIMM (address 0x000800000-0x4007fffff)
socket MB/CMP0/CH1/R1/D1 has a 1024MB (1GB) DIMM (address 0x000800000-0x4007fffff)
socket MB/CMP0/CH2/R1/D0 has a 1024MB (1GB) DIMM (address 0x000800000-0x4007fffff)
socket MB/CMP0/CH2/R1/D1 has a 1024MB (1GB) DIMM (address 0x000800000-0x4007fffff)
socket MB/CMP0/CH3/R1/D0 has a 1024MB (1GB) DIMM (address 0x000800000-0x4007fffff)
socket MB/CMP0/CH3/R1/D1 has a 1024MB (1GB) DIMM (address 0x000800000-0x4007fffff)
empty sockets: None
total memory = 16384MB (16GB)Cheers
AndreasThis pretty much says it all:
No connection could be made because the target machine actively refused it.What version of Vista?
What version of the agent? ... 10g is not a version number it is a marketing label
Did you check to see if the agent is compatible with your operating system?
My recommendation would be to get a real operating system: Either Oracle Linux or XP. -
Add tape device to non-global zone
Hi,
I have a SCSI attached Ultrium tape device attached and configured against the global zone.
The /dev/rmt/0* definitions in the global zone are links to ../../devices/pci@2*
I need to be able to use this tape device from the non-global zones.
To enable this, I have done the following:
zonecfg -z <zone name>
add device
set match=/dev/rmt/0
end
verify
commit
exit
I repeated the above for /dev/rmt/0m and /dev/rmt/0mn
Then I restarted the zone with the command:
zoneadm -z <zone name> reboot
After the reboot, I can see the device when using "mt -f /dev/rmt/0 status", but whenever I try to write a SAP brbackup to the new (initialised and not write protected) tape within the drive I get the following error:
BR0278E Command output of 'LANG=C cd /oracle/<SID>/sapbackup && /usr/sap/<SID>/SYS/exe/run/brtools -f detach LANG=C cpio -iuvB .tape
sh: /dev/rmt/0mn: cannot open
BR0280I BRBACKUP time stamp: 2012-04-04 08.21.41
BR0279E Return code from 'LANG=C cd /oracle/<SID>/sapbackup && /usr/sap/<SID>/SYS/exe/run/brtools -f detach LANG=C cpio -iuvB .tape.
BR0359E Restore of /oracle/<SID>/sapbackup/.tape.hdr0 from /dev/rmt/0mn failed due to previous errors
Have I created the device incorrectly, or does anyone have any ideas what could be the reason the write fails?
Any help appreciated.
Edited by: user11329299 on 04-Apr-2012 01:09Hi,
Just to bring you up to speed, I have now fixed the issue.
The resolution was all within the iniSID.sap file that the backup is using. I have changed a number of parameters within this file:
1. tape_copy_cmd = dd (was cpio)
2. rewind = "mt -f $ rew; sleep 30" (was " mt -f $ rew")
3. rewind_offline = "mt -f $ offline; sleep 30" (was "mt -f $ offline")
4. tape_pos_cmd = "mt -f $ fsf $: sleep 30" (was "mt -f $ fsf $")
5. tape_size = 500G (was 18000M)
After making those changes, the backup started from within DB13. I believe that the main culprit was the tape_copy_cmd, but the others were changed to allow the tape drive time to become online again after any query. -
Capped zones not getting discovered automatically after global zone discovr
On solaris 10.
We have global zones with capped and uncapped zones.
Zones which are uncapped getting discovered under global zone.
But zones which are capped are not getting discovered.
As per all documents:http://docs.oracle.com/cd/E27363_01/doc.121/e27511/ftr_zones_mgmt.htm
All the non-global zones in the selected global zone are automatically discovered
Edited by: vtadmin on Aug 25, 2012 9:46 PMThe most common reason this usually occurs is because the of the shared memory issue with the Sun MC database. Looks like this issue has been passed on to 4.0. Please try doing the following:
When installing a Server in a whole-root Zone, edit /etc/project to set the shared memory setting first.
Change the "default:3:::" entry to look like this:
default:3::::project.max-shm-memory=(privileged,1073741824,deny)
...where 1073741824 indicates a 1GB setting (you may tune it lower). For more details, go here:
http://docs.sun.com/app/docs/doc/819-5418/6n7gk6ilo?a=view
Mostly this is a problem in whole root zones, but sometimes also applies to the global zones. -
Failing to install pkg on non-global zone
(root)@syslog1:~# pkgadd -d . SUNWant
Processing package instance <SUNWant> from </home/iqbala>
Jakarta ANT(sparc) 11.10.0,REV=2005.01.08.05.16
WARNING: Stale lock installed for pkgrm, pkg SUNWaspell quit in remove-initial state.
Removing lock.
Using </> as the package base directory.
## Processing package information.
ERROR: Cannot allocate memory for package object array.
pkgadd: ERROR: memory allocation failure
pkgadd: ERROR: unable to process pkgmap
Installation of <SUNWant> failed (internal error).
No changes were made to the system.
(root)@syslog1:~#
(root)@syslog1:~# zonename
syslog
This non-global zone is capped to 1G phy memory out of 2G total of the T1000
(root)@syslog-global:~# uname -a
SunOS syslog-global 5.10 Generic_137137-09 sun4v sparc SUNW,Sun-Fire-T1000
(root)@syslog-global:~# zoneadm list
global
syslog
(root)@syslog-global:~# zonename
global
(root)@syslog-global:~# zonecfg -z syslog info
zonename: syslog
zonepath: /syslog
brand: native
autoboot: true
bootargs: -m verbose
pool:
limitpriv: default,sys_time
scheduling-class: FSS
ip-type: shared
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
fs:
dir: /var/logs
special: /var/logs
raw not specified
type: lofs
options: []
fs:
dir: /usr/local
special: /syslog-local/usr/local
raw not specified
type: lofs
options: []
net:
address: 192.168.0.114
physical: aggr1
defrouter: 192.168.0.1
dedicated-cpu:
ncpus: 1-8
importance: 10
capped-memory:
physical: 1G
[swap: 512M]
attr:
name: comment
type: string
value: "syslog server"
rctl:
name: zone.max-swap
value: (priv=privileged,limit=536870912,action=deny)
(root)@syslog-global:~# prstat -Z
PID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP
13118 root 7184K 5952K sleep 1 0 52:00:54 0.5% nco_p_syslog/10
11730 root 162M 123M sleep 59 0 38:51:35 0.1% splunkd/22
7324 root 12M 8280K sleep 59 0 0:58:06 0.0% syslogd/25
266 root 97M 24M sleep 49 0 31:45:02 0.0% poold/8
209 daemon 8104K 3080K sleep 59 0 24:39:56 0.0% rcapd/1
29553 root 2496K 2024K cpu4 59 5 0:00:00 0.0% splunk-optimize/1
21578 root 38M 36M sleep 59 0 0:01:10 0.0% puppetd/2
29554 root 6088K 3712K cpu0 49 0 0:00:00 0.0% prstat/1
24244 root 5760K 3104K sleep 49 0 0:00:00 0.0% bash/1
1024 noaccess 171M 96M sleep 59 0 8:41:32 0.0% java/18
27771 noaccess 189M 100M sleep 1 0 4:44:36 0.0% java/18
274 daemon 3192K 496K sleep 59 0 0:00:00 0.0% statd/1
279 daemon 2816K 576K sleep 60 -20 0:00:00 0.0% nfs4cbd/2
326 root 2304K 40K sleep 59 0 0:00:00 0.0% cimomboot/1
151 root 2576K 344K sleep 59 0 0:00:00 0.0% drd/2
ZONEID NPROC SWAP RSS MEMORY TIME CPU ZONE
3 47 465M 513M 25% 99:54:00 0.7% syslog
0 42 391M 466M 23% 71:04:39 0.1% global
Total: 89 processes, 386 lwps, load averages: 0.21, 0.26, 0.26
Am I hitting a bug?If your pkg wants to be installed in /usr or another inherit-pkg-dir, it can't because they are share as read-only.
Verify wherer the pkg copies its files. -
Problem to migrate a non-global zone to a different machine.
Hi, recently, I had try to migrate a non-global zone to a different machine but its doesnt work.
1. First, this is the structure of my machine with my non-global zone:
host1# uname -a
SunOS testsolaris 5.11 snv_101b i86pc i386 i86pc
host1# zfs list
NAME USED AVAIL REFER MOUNTPOINT
big-zone 1.71G 1.64G 20K /big-zone
big-zone/export 1.71G 1.64G 22K /big-zone/export
big-zone/export/big-zone 1.67G 1.64G 21K /big-zone/export/big-zon e
big-zone/export/big-zone/ROOT 1.67G 1.64G 18K legacy
big-zone/export/big-zone/ROOT/zbe 1.67G 1.64G 1.66G legacy
big-zone/export/zonetest 41.8M 1.64G 21K /big-zone/export/zonetes t
big-zone/export/zonetest/ROOT 41.8M 1.64G 18K legacy
big-zone/export/zonetest/ROOT/zbe 41.8M 1.64G 1.66G /big-zone/export/zonetes t/root
rpool 8.35G 7.28G 72K /rpool
rpool/ROOT 6.86G 7.28G 18K legacy
rpool/ROOT/opensolaris 6.86G 7.28G 6.73G /
rpool/dump 575M 7.28G 575M -
rpool/export 375M 7.28G 21K /export
rpool/export/home 18K 7.28G 18K /export/home
rpool/export/small-zone 375M 7.28G 21K /export/small-zone
rpool/export/small-zone/ROOT 375M 7.28G 18K legacy
rpool/export/small-zone/ROOT/zbe 375M 7.28G 375M legacy
rpool/swap 575M 7.78G 56.8M -
2. In second, I had detach my non-global zone zonetest whit this commands :
host1# zoneadm z zonetest halt
host1# zoneadm z zonetest detach
3. In third, I had move my zonepath to my new host.
host1# cd /big-zone/export
host1# tar cf zonetest.tar zonetest
host1# sftp jay@new-host
host1# put zonetest.tar
Uploading .
host1# quit
4. Unpack my .tar file
host2# cd /big-zone/export
host2# tar xf zonetest.tar
So, after this, I think that my zonepath is transfert to my new host.
This is the structure of my new host :
jay@alien:~$ uname -a
SunOS alien 5.11 snv_101b i86pc i386 i86pc Solaris
jay@alien:~$ zfs list
NAME USED AVAIL REFER MOUNTPOINT
rpool 18.3G 73.3G 72K /rpool
rpool/ROOT 2.98G 73.3G 18K legacy
rpool/ROOT/opensolaris 2.98G 73.3G 2.85G /
rpool/dump 1023M 73.3G 1023M -
rpool/export 13.3G 73.3G 19K /export
rpool/export/home 13.3G 73.3G 19K /export/home
rpool/export/home/jay 13.3G 73.3G 13.3G /export/home/jay
rpool/swap 1023M 73.9G 321M -
zdata 10.7G 80.8G 9.65G /zdata
zdata/zones 1.08G 80.8G 18K /zdata/zones
zdata/zones/zonetest 1.08G 80.8G 1.08G /big-zone/export/
*I have a mountpoint to /big-zone/export
5. I had try to configure my zone on my new host and I receive and error message:
host2# zonecfg -z zonetest
zonetest: No such zone configured
Use 'create' to begin configuring a new zone.
zonecfg:zonetest> create -a /big-zone/export/zonetest
invalid path to detached zone
zonecfg:zonetest>And my new big-zone (on the second host) show this in the /big-zone/export/zonetest folder :
jay@alien:/zdata/zones# zfs list
NAME USED AVAIL REFER MOUNTPOINT
rpool 23.5G 68.0G 72K /rpool
rpool/ROOT 6.31G 68.0G 18K legacy
rpool/ROOT/opensolaris 6.31G 68.0G 6.18G /
rpool/dump 1023M 68.0G 1023M -
rpool/export 15.2G 68.0G 19K /export
rpool/export/home 15.2G 68.0G 19K /export/home
rpool/export/home/jay 15.2G 68.0G 15.2G /export/home/jay
rpool/swap 1023M 68.6G 361M -
zdata 11.6G 79.9G 10.7G /zdata
zdata/zones 921M 79.9G 18K /zdata/zones
zdata/zones/web 921M 79.9G 21K /zdata/zones/web
zdata/zones/web/ROOT 921M 79.9G 18K legacy
zdata/zones/web/ROOT/zbe 921M 79.9G 921M legacy
zdata/zones/zonetest 54K 79.9G 18K /big-zone/export/zonetest
zdata/zones/zonetest/ROOT 36K 79.9G 18K legacy
zdata/zones/zonetest/ROOT/zbe 18K 79.9G 18K legacy
jay@alien:/zdata/zones/zonetest# pwd
/zdata/zones/zonetest
jay@alien:/zdata/zones/zonetest# ls -ls
total 6
3 drwxr-xr-x 2 root sys 2 Feb 8 2009 dev
3 drwxr-xr-x 16 root root 19 Feb 8 2009 root
jay@alien:/zdata/zones/zonetest# cd root
jay@alien:/zdata/zones/zonetest/root# ls -ls
total 52902
1 lrwxrwxrwx 1 root root 9 Feb 1 20:29 bin -> ./usr/bin
3 drwxr-xr-x 13 root sys 15 Feb 8 2009 dev
11 drwxr-xr-x 55 root sys 168 Feb 8 2009 etc
3 dr-xr-xr-x 2 root root 2 Jan 22 16:26 home
15 drwxr-xr-x 9 root bin 241 Feb 4 2009 lib
3 drwxr-xr-x 2 root sys 2 Jan 22 16:23 mnt
3 dr-xr-xr-x 2 root root 2 Jan 22 16:26 net
3 drwxr-xr-x 4 root sys 4 Jan 24 15:26 opt
3 dr-xr-xr-x 2 root root 2 Jan 22 16:23 proc
3 drwx------ 3 root root 7 Feb 6 2009 root
5 drwxr-xr-x 2 root sys 47 Jan 22 16:24 sbin
3 drwxr-xr-x 4 root root 4 Jan 22 16:23 system
3 drwxrwxrwt 2 root sys 2 Feb 8 2009 tmp
5 drwxr-xr-x 30 root sys 42 Feb 6 2009 usr
3 drwxr-xr-x 32 root sys 32 Feb 6 2009 var
52835 -rw-r--r-- 1 root root 42882560 Jan 22 16:35 webmin-1.441.pkg
jay@alien:/zdata/zones/zonetest/root#
I think my problem is there ...
jay@alien:/big-zone/export/zonetest# pwd
/big-zone/export/zonetest
jay@alien:/big-zone/export/zonetest# ls -ls
total 8
2 ---------- 1 root root 114 Dec 31 1969 @LongLink
3 drwxr-xr-x 2 root root 2 Feb 1 21:10 root
3 drwx------ 4 root root 4 Feb 1 21:10 zonetest
jay@alien:/big-zone/export/zonetest# cd zonetest/
jay@alien:/big-zone/export/zonetest/zonetest# ls -ls
total 6
3 drwxr-xr-x 2 root sys 2 Feb 8 2009 dev
3 drwxr-xr-x 4 root root 5 Feb 1 21:10 root
jay@alien:/big-zone/export/zonetest/zonetest# cd root
jay@alien:/big-zone/export/zonetest/zonetest/root# ls -ls
total 7
1 lrwxrwxrwx 1 root root 9 Feb 1 21:10 bin -> ./usr/bin
3 drwxr-xr-x 4 root root 4 Jan 22 16:23 system
3 drwxr-xr-x 23 root sys 28 Feb 1 21:11 usr
I think I have a problem with my zfs mountpoint but I don't how to resolve this.
Edited by: jaymachine on Feb 26, 2009 6:16 PM -
Format disks in a non-global zone
Hi
Can i format a disk inside a non global zone which has been assigned (add device) to this non-global zone.
thanksIn order to allow managing his/her disk to the zone "administrator".
This is what i�ve got when i try to format the disk in the non-global zone:
AVAILABLE DISK SELECTIONS:
0. c4t600A0B8000179A5000002EFD42AFC76Fd0 <SUN-CSM100_R_FC-0610 cyl 20478 alt 2 hd 64 sec 64> sx2_v2
ssd22 at scsi_vhci0 slave 0
1. c4t600A0B8000179A5000002F0A4355CEE9d0 <SUN-CSM100_R_FC-0610 cyl 20478 alt 2 hd 64 sec 64>
ssd24 at scsi_vhci0 slave 0
Specify disk (enter its number): 1
selecting c4t600A0B8000179A5000002F0A4355CEE9d0
[disk unformatted]
FORMAT MENU:
disk - select a disk
type - select (define) a disk type
partition - select (define) a partition table
current - describe the current disk
format - format and analyze the disk
repair - repair a defective sector
label - write label to the disk
analyze - surface analysis
defect - defect list management
backup - search for backup labels
verify - read and display labels
save - save new disk/partition definitions
inquiry - show vendor, product and revision
volname - set 8-character volume name
!<cmd> - execute <cmd>, then return
quit
format> format
Ready to format. Formatting cannot be interrupted.
Continue? yes
Beginning format. The current time is Thu Nov 10 12:59:50 2005
Inquiry failed
failed
Warning: Unable to get capacity. Cannot check geometry
Warning: error reading backup label.
Warning: error reading backup label.
Warning: error reading backup label.
Warning: error reading backup label.
Warning: error reading backup label. -
Non-global zone sending TCP SYN-ACK packet over wrong interface.
After spending many hours looking at ipmon/ethereal logs, I believe I've found
a explanation (a bug?) for the following strange behaviour (Solaris 10u1):
I've got a non-global zone with Apache2 with dedicated IP and bound to interface e1000g2 of a Sun X4200 box. The global zone has a different dedicated IP bound to a different interface e1000g0.
When I point a browser at the web site, the HTML page often comes up immediately, but sometimes it will hang and only load when I press the reload browser button one or multiple times. This is reproducible with different browsers from different networks with or without DNS resolution. It's reproducible with other non-local zones configured alike and running different TCP based services (namely SSH or non-Apache HTTP).
This is what happens in a failing case (Ethereal client dump "dump_failed.txt" and IPF log "att1.txt" lines 1-3 pp): the incoming TCP SYN comes over interface e1000g2 (correct) and is passed by IPF. However, the non-global zone sends the TCP SYN-ACK package back over interface e1000g0, which is wrong and causes IPF to fail to build a correct state entry. Then, afterwards, the response packets from the webserver will be filtered by IPF, since it has no state entry.
In the success case (Ethereal client dump "dump_success.txt" and IPF log "att1.txt" lines 19-21 pp), the incoming TCP SYN is answered correctly by a TCP SYN-ACK both over interface e1000g2. IPF can build a state entry and all subsequent packets from the webserver reach the client.
=====
The non-global zone has this setup:
zonecfg:ws1> info
...snip...
net:
address: 62.146.25.34
physical: e1000g2
zonecfg:ws1>
=====
The relevant (as of the IPF log) IPF rules are:
rule 1: block out log all
rule 16: pass in log quick proto tcp from any to 62.146.25.34 port = 80 keep state
=====
If I didn't miss an important point, I suspect this to be a bug in Zones and/or IPF.
Any hints?
Thx,
Tobias
"att1.txt":
LINE PACKET_DT PACKET_FS PACKET_IFC RULE_NUMBER RULE_ACTION SOURCE_IP SOURCE_PORT DEST_IP DEST_PORT PROTOCOL TCP_FLAGS
1 08.05.2006 21:24:09 786741 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp S
2 08.05.2006 21:24:09 786863 e1000g0 16 p 62.146.25.34 80 84.56.16.159 60693 tcp AS
3 08.05.2006 21:24:09 808218 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp A
4 08.05.2006 21:24:09 837170 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp AP
5 08.05.2006 21:24:09 837189 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp A
6 08.05.2006 21:24:09 837479 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AP
7 08.05.2006 21:24:12 823801 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp AP
8 08.05.2006 21:24:12 823832 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp A
9 08.05.2006 21:24:13 210039 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AP
10 08.05.2006 21:24:18 839318 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp AP
11 08.05.2006 21:24:18 839351 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp A
12 08.05.2006 21:24:19 970040 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AP
13 08.05.2006 21:24:24 840073 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AF
14 08.05.2006 21:24:30 870503 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp AP
15 08.05.2006 21:24:30 870538 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp A
16 08.05.2006 21:24:33 480059 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
17 08.05.2006 21:24:45 347464 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp AF
18 08.05.2006 21:24:45 347498 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp A
19 08.05.2006 21:24:47 857068 e1000g2 16 p 84.56.16.159 60694 62.146.25.34 80 tcp S
20 08.05.2006 21:24:47 857118 e1000g2 16 p 62.146.25.34 80 84.56.16.159 60694 tcp AS
21 08.05.2006 21:24:47 878257 e1000g2 16 p 84.56.16.159 60694 62.146.25.34 80 tcp A
22 08.05.2006 21:24:47 907630 e1000g2 16 p 84.56.16.159 60694 62.146.25.34 80 tcp AP
23 08.05.2006 21:24:47 907644 e1000g2 16 p 62.146.25.34 80 84.56.16.159 60694 tcp A
24 08.05.2006 21:24:47 907892 e1000g2 16 p 62.146.25.34 80 84.56.16.159 60694 tcp AP
25 08.05.2006 21:24:47 976361 e1000g2 16 p 84.56.16.159 60694 62.146.25.34 80 tcp AP
26 08.05.2006 21:24:47 976375 e1000g2 16 p 62.146.25.34 80 84.56.16.159 60694 tcp A
27 08.05.2006 21:24:47 976487 e1000g2 16 p 62.146.25.34 80 84.56.16.159 60694 tcp AP
28 08.05.2006 21:24:48 127599 e1000g2 16 p 84.56.16.159 60694 62.146.25.34 80 tcp A
29 08.05.2006 21:24:54 932569 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp AFP
30 08.05.2006 21:24:54 932595 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp A
31 08.05.2006 21:25:00 490052 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
32 08.05.2006 21:25:02 980057 e1000g2 16 p 62.146.25.34 80 84.56.16.159 60694 tcp AF
33 08.05.2006 21:25:03 1890 e1000g2 16 p 84.56.16.159 60694 62.146.25.34 80 tcp A
34 08.05.2006 21:25:09 907916 e1000g2 16 p 84.56.16.159 60694 62.146.25.34 80 tcp AF
35 08.05.2006 21:25:09 907949 e1000g2 16 p 62.146.25.34 80 84.56.16.159 60694 tcp A
36 08.05.2006 21:25:42 948502 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp AFP
37 08.05.2006 21:25:42 948535 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp A
38 08.05.2006 21:25:54 500051 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
39 08.05.2006 21:26:54 510046 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
40 08.05.2006 21:27:54 520041 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
41 08.05.2006 21:28:54 530040 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
42 08.05.2006 21:29:54 540039 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
43 08.05.2006 21:30:54 550039 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
44 08.05.2006 21:31:54 560041 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
"dump_failed.txt":
No. Time Source Destination Protocol Info
1 0.000000 192.168.1.101 62.146.25.34 TCP 1079 > http [SYN] Seq=0 Len=0 MSS=1460
Frame 1 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 48
Identification: 0x0269 (617)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xde9d [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 0, Len: 0
Source port: 1079 (1079)
Destination port: http (80)
Sequence number: 0 (relative sequence number)
Header length: 28 bytes
Flags: 0x0002 (SYN)
Window size: 65535
Checksum: 0x5c3c [correct]
Options: (8 bytes)
No. Time Source Destination Protocol Info
2 0.022698 62.146.25.34 192.168.1.101 TCP http > 1079 [SYN, ACK] Seq=0 Ack=1 Win=49368 Len=0 MSS=1452
Frame 2 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 48
Identification: 0x002f (47)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 50
Protocol: TCP (0x06)
Header checksum: 0x2ed8 [correct]
Source: 62.146.25.34 (62.146.25.34)
Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1079 (1079), Seq: 0, Ack: 1, Len: 0
Source port: http (80)
Destination port: 1079 (1079)
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 28 bytes
Flags: 0x0012 (SYN, ACK)
Window size: 49368
Checksum: 0xd017 [correct]
Options: (8 bytes)
No. Time Source Destination Protocol Info
3 0.022749 192.168.1.101 62.146.25.34 TCP 1079 > http [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
Frame 3 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0x026a (618)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdea4 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: 1079 (1079)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
Window size: 65535
Checksum: 0x19dc [incorrect, should be 0xbdac]
No. Time Source Destination Protocol Info
4 0.022919 192.168.1.101 62.146.25.34 HTTP GET / HTTP/1.1
Frame 4 (476 bytes on wire, 476 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 462
Identification: 0x026b (619)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdcfd [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
Source port: 1079 (1079)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Next sequence number: 423 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 65535
Checksum: 0x1b82 [incorrect, should be 0xcda5]
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
5 3.013084 192.168.1.101 62.146.25.34 HTTP [TCP Retransmission] GET / HTTP/1.1
Frame 5 (476 bytes on wire, 476 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 462
Identification: 0x0276 (630)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdcf2 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
Source port: 1079 (1079)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Next sequence number: 423 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 65535
Checksum: 0x1b82 [incorrect, should be 0xcda5]
SEQ/ACK analysis
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
6 9.029003 192.168.1.101 62.146.25.34 HTTP [TCP Retransmission] GET / HTTP/1.1
Frame 6 (476 bytes on wire, 476 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 462
Identification: 0x027f (639)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdce9 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
Source port: 1079 (1079)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Next sequence number: 423 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 65535
Checksum: 0x1b82 [incorrect, should be 0xcda5]
SEQ/ACK analysis
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
7 21.060827 192.168.1.101 62.146.25.34 HTTP [TCP Retransmission] GET / HTTP/1.1
Frame 7 (476 bytes on wire, 476 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 462
Identification: 0x0284 (644)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdce4 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
Source port: 1079 (1079)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Next sequence number: 423 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 65535
Checksum: 0x1b82 [incorrect, should be 0xcda5]
SEQ/ACK analysis
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
8 35.561984 192.168.1.101 62.146.25.34 TCP 1079 > http [FIN, ACK] Seq=423 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
Frame 8 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0x029a (666)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xde74 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 423, Ack: 1, Len: 0
Source port: 1079 (1079)
Destination port: http (80)
Sequence number: 423 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0011 (FIN, ACK)
Window size: 65535
Checksum: 0x19dc [incorrect, should be 0xbc05]
"dump_success.txt":
No. Time Source Destination Protocol Info
1 0.000000 192.168.1.101 62.146.25.34 TCP 1083 > http [SYN] Seq=0 Len=0 MSS=1460
Frame 1 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 48
Identification: 0x02a3 (675)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xde63 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 0, Len: 0
Source port: 1083 (1083)
Destination port: http (80)
Sequence number: 0 (relative sequence number)
Header length: 28 bytes
Flags: 0x0002 (SYN)
Window size: 65535
Checksum: 0x70ca [correct]
Options: (8 bytes)
No. Time Source Destination Protocol Info
2 0.020553 62.146.25.34 192.168.1.101 TCP http > 1083 [SYN, ACK] Seq=0 Ack=1 Win=49368 Len=0 MSS=1452
Frame 2 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 48
Identification: 0x006b (107)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 50
Protocol: TCP (0x06)
Header checksum: 0x2e9c [correct]
Source: 62.146.25.34 (62.146.25.34)
Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 0, Ack: 1, Len: 0
Source port: http (80)
Destination port: 1083 (1083)
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 28 bytes
Flags: 0x0012 (SYN, ACK)
Window size: 49368
Checksum: 0xb530 [correct]
Options: (8 bytes)
No. Time Source Destination Protocol Info
3 0.020599 192.168.1.101 62.146.25.34 TCP 1083 > http [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
Frame 3 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0x02a4 (676)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xde6a [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: 1083 (1083)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
Window size: 65535
Checksum: 0x19dc [incorrect, should be 0xa2c5]
No. Time Source Destination Protocol Info
4 0.020746 192.168.1.101 62.146.25.34 HTTP GET / HTTP/1.1
Frame 4 (476 bytes on wire, 476 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 462
Identification: 0x02a5 (677)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdcc3 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
Source port: 1083 (1083)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Next sequence number: 423 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 65535
Checksum: 0x1b82 [incorrect, should be 0xb2be]
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
5 0.071290 62.146.25.34 192.168.1.101 TCP http > 1083 [ACK] Seq=1 Ack=423 Win=49368 Len=0
Frame 5 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0x006c (108)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 50
Protocol: TCP (0x06)
Header checksum: 0x2ea3 [correct]
Source: 62.146.25.34 (62.146.25.34)
Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 1, Ack: 423, Len: 0
Source port: http (80)
Destination port: 1083 (1083)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 423 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
Window size: 49368
Checksum: 0xe046 [correct]
No. Time Source Destination Protocol Info
6 0.075838 62.146.25.34 192.168.1.101 HTTP HTTP/1.1 200 OK (text/html)
Frame 6 (413 bytes on wire, 413 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 399
Identification: 0x006d (109)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 50
Protocol: TCP (0x06)
Header checksum: 0x2d3b [correct]
Source: 62.146.25.34 (62.146.25.34)
Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 1, Ack: 423, Len: 359
Source port: http (80)
Destination port: 1083 (1083)
Sequence number: 1 (relative sequence number)
Next sequence number: 360 (relative sequence number)
Acknowledgement number: 423 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 49368
Checksum: 0x29b8 [correct]
Hypertext Transfer Protocol
Line-based text data: text/html
No. Time Source Destination Protocol Info
7 0.095473 192.168.1.101 62.146.25.34 HTTP GET /favicon.ico HTTP/1.1
Frame 7 (407 bytes on wire, 407 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 393
Identification: 0x02aa (682)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdd03 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 423, Ack: 360, Len: 353
Source port: 1083 (1083)
Destination port: http (80)
Sequence number: 423 (relative sequence number)
Next sequence number: 776 (relative sequence number)
Acknowledgement number: 360 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 65176
Checksum: 0x1b3d [incorrect, should be 0x1e0c]
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
8 0.139786 62.146.25.34 192.168.1.101 TCP http > 1083 [ACK] Seq=360 Ack=776 Win=49368 Len=0
Frame 8 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0x006e (110)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 50
Protocol: TCP (0x06)
Header checksum: 0x2ea1 [correct]
Source: 62.146.25.34 (62.146.25.34)
Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 360, Ack: 776, Len: 0
Source port: http (80)
Destination port: 1083 (1083)
Sequence number: 360 (relative sequence number)
Acknowledgement number: 776 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
Window size: 49368
Checksum: 0xdd7e [correct]
No. Time Source Destination Protocol Info
9 0.144850 62.146.25.34 192.168.1.101 HTTP HTTP/1.1 404 Not Found (text/html)
Frame 9 (464 bytes on wire, 464 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 450
Identification: 0x006f (111)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 50
Protocol: TCP (0x06)
Header checksum: 0x2d06 [correct]
Source: 62.146.25.34 (62.146.25.34)
Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 360, Ack: 776, Len: 410
Source port: http (80)
Destination port: 1083 (1083)
Sequence number: 360 (relative sequence number)
Next sequence number: 770 (relative sequence number)
Acknowledgement number: 776 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 49368
Checksum: 0x7a71 [correct]
Hypertext Transfer Protocol
Line-based text data: text/html
No. Time Source Destination Protocol Info
10 0.269307 192.168.1.101 62.146.25.34 TCP 1083 > http [ACK] Seq=776 Ack=770 Win=64766 [TCP CHECKSUM INCORRECT] Len=0
Frame 10 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0x02af (687)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xde5f [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 776, Ack: 770, Len: 0
Source port: 1083 (1083)
Destination port: http (80)
Sequence number: 776 (relative sequence number)
Acknowledgement number: 770 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
Window size: 64766
Checksum: 0x19dc [incorrect, should be 0x9fbe]lev wrote:This performance regression renders openvpn with a tun adapter unusable if client and server use kernel 3.14 .
Thus I created a bug report: https://bugs.archlinux.org/task/40089
i actually noticed it to be an "either-or" type of thing; my Windows clients were seeing the same thing coming off a 3.14 openvpn server.
yeah, weird issue. like i noticed spurts of even-powers-of-2 sized packets
Client connecting to 10.10.10.6, TCP port 5001
TCP window size: 416 KByte
[ 3] local 10.10.10.1 port 40643 connected with 10.10.10.6 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 2.0 sec 512 KBytes 2.10 Mbits/sec
[ 3] 2.0- 4.0 sec 0.00 Bytes 0.00 bits/sec
[ 3] 4.0- 6.0 sec 0.00 Bytes 0.00 bits/sec
[ 3] 6.0- 8.0 sec 0.00 Bytes 0.00 bits/sec
[ 3] 8.0-10.0 sec 128 KBytes 524 Kbits/sec
[ 3] 10.0-12.0 sec 128 KBytes 524 Kbits/sec
[ 3] 12.0-14.0 sec 512 KBytes 2.10 Mbits/sec
[ 3] 14.0-16.0 sec 128 KBytes 524 Kbits/sec
[ 3] 16.0-18.0 sec 512 KBytes 2.10 Mbits/sec
[ 3] 18.0-20.0 sec 128 KBytes 524 Kbits/sec
[ 3] 20.0-22.0 sec 384 KBytes 1.57 Mbits/sec
[ 3] 22.0-24.0 sec 256 KBytes 1.05 Mbits/sec
[ 3] 24.0-26.0 sec 512 KBytes 2.10 Mbits/sec
[ 3] 26.0-28.0 sec 384 KBytes 1.57 Mbits/sec
[ 3] 28.0-30.0 sec 256 KBytes 1.05 Mbits/sec
[ 3] 30.0-32.0 sec 128 KBytes 524 Kbits/sec
[ 3] 32.0-34.0 sec 640 KBytes 2.62 Mbits/sec
[ 3] 34.0-36.0 sec 384 KBytes 1.57 Mbits/sec
[ 3] 36.0-38.0 sec 384 KBytes 1.57 Mbits/sec
[ 3] 38.0-40.0 sec 384 KBytes 1.57 Mbits/sec
[ 3] 40.0-42.0 sec 128 KBytes 524 Kbits/sec -
How to dynamically set max-rss size for a local zone?
Running solaris 10 05/08.
Following situation: Three local zones in a Veritas cluster. The zones
can fail over but normally not all three are on the same physical box.
I want to be able to restrict physical memory usage for the zones in
situations where certain combinations of them end up on the same
physical box. So, I need to be able to dynamically change memory
resources. I know how to do this with, for example locked memory:
prctl -n zone.max-locked-memory -r -v <mem> `pgrep -z <zone name>
init`
but i need to do this for physical memory and I can't see that there
is a zone resource for this? I thought this was added in 05/08?Hi
You can do this by using rcapd from the global zone
- start rcapd from the global zone:
svcadm enable svc:/system/rcap:default
- set a physical memory caping value for each zone
rcapadm -z your_zone -m max_rss_value
- check the memory use for all the zone capped
rcapstat -gz
You can set the rss capping value in the zone configuration:
# zonecfg -z your_zone
zonecfg:busi-app-prod> add capped-memory
zonecfg:busi-app-prod:capped-memory> set physical=900m
zonecfg:busi-app-prod:capped-memory> end
zonecfg:busi-app-prod> verify
zonecfg:busi-app-prod> commit
zonecfg:busi-app-prod> exit
This will be take in account at the next reboot of this zone.
Have a also a look to rcapadm to tune rcapd
Bye
Fred -
Unexpected behavior: Solaris10 , vlan , ipmp, non-global zones
I've configured a System with several non-global zones.
Each of them has ip - connection via a seperate vlan (1 vlan for each nonglobal zone). The vlans are established by the global zone. They are additionally brought under control of ipmp.
I followed the instructions described at:
http://forum.sun.com/thread.jspa?threadID=21225&messageID=59653#59653
to create the defaultrouters for the non-global zones.
In addition to that, I've created the default route for the 2nd ipmp-interface. (to keep the route in the non-global Zone in case of ipmp-failover)
ie:
route add default 172.16.3.1 -ifp ce1222000
route add default 172.16.3.1 -ifp ce1222002Furthermore, i' ve put the 172.16.3.1 in the /etc/defaultrouter of the global zone, to ensure it will be the 1st entry in the routing table (because it's the defaultrouter for the global zone)
Here the unexpected:
Tried to reach a ip-target ouside the configured subnets, say 172.16.1.3 , via icmp. The router 172.16.3.1 knows the proper route to get it. The 1st tries (can't remember the exact number) went through ce1222000 and associated icmp-replies travelled back trough ce1222000. But suddenly the outgoing interface changed to ce1322000 or ce1122000 ! The defaultrouters configured on these vlans are not aware of the 172.16.1.3 (172.16.1.0/24), and there was no answer. The defaultroutes seemed to be "cycled" between the configured.
Furthermore the connection from the outside to the nonglobal-zones (wich do have only 1 defaultrouter configured: the one of the vlan the non-global Zone belongs to) was broken intermittent.
So, how to get the combination of VLAN ,IPMP, diff. defaultrouters, non-global Zones running?
Got the following config visible in the global zone:
(the 172.13.x.y are sc3.1u4 priv. interconnect)
netstat -rn
Routing Table: IPv4
Destination Gateway Flags Ref Use Interface
172.31.193.1 127.0.0.1 UH 1 0 lo0
172.16.19.0 172.16.19.6 U 1 4474 ce1322000
172.16.19.0 172.16.19.6 U 1 0 ce1322000:1
172.16.19.0 172.16.19.6 U 1 1791 ce1322002
172.31.1.0 172.31.1.2 U 1 271194 ce5
172.31.0.128 172.31.0.130 U 1 271158 ce1
172.16.11.0 172.16.11.6 U 1 8715 ce1122000
172.16.11.0 172.16.11.6 U 1 0 ce1122000:1
172.16.11.0 172.16.11.6 U 1 7398 ce1122002
172.16.3.0 172.16.3.6 U 1 4888 ce1222000
172.16.3.0 172.16.3.6 U 1 0 ce1222000:1
172.16.3.0 172.16.3.6 U 1 4236 ce1222002
172.16.27.0 172.16.27.6 U 1 0 ce1411000
172.16.27.0 172.16.27.6 U 1 0 ce1411000:1
172.16.27.0 172.16.27.6 U 1 0 ce1411002
192.168.0.0 192.168.0.62 U 1 24469 ce3
172.31.193.0 172.31.193.2 U 1 651 clprivnet0
172.16.11.0 172.16.11.6 U 1 0 ce1122002:1
224.0.0.0 192.168.0.62 U 1 0 ce3
default 172.16.3.1 UG 1 1454
default 172.16.19.1 UG 1 0 ce1322000
default 172.16.19.1 UG 1 0 ce1322002
default 172.16.11.1 UG 1 0 ce1122000
default 172.16.11.1 UG 1 0 ce1122002
default 172.16.3.1 UG 1 0 ce1222000
default 172.16.3.1 UG 1 0 ce1222002
127.0.0.1 127.0.0.1 UH 41048047 lo
#ifconfig -a
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
zone Z-BTO1-1
inet 127.0.0.1 netmask ff000000
lo0:2: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
zone Z-BTO1-2
inet 127.0.0.1 netmask ff000000
lo0:3: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
zone Z-ITR1-1
inet 127.0.0.1 netmask ff000000
lo0:4: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
zone Z-TDN1-1
inet 127.0.0.1 netmask ff000000
lo0:5: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232
index 1
zone Z-DRB1-1
inet 127.0.0.1 netmask ff000000
ce1: flags=1008843<UP,BROADCAST,RUNNING,MULTICAST,PRIVATE,IPv4> mtu 1500
index 10
inet 172.31.0.130 netmask ffffff00 broadcast 172.31.0.255
ether 0:3:ba:f:63:95
ce3: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 8
inet 192.168.0.62 netmask ffffff00 broadcast 192.168.0.255
groupname ipmp0
ether 0:3:ba:f:68:1
ce5: flags=1008843<UP,BROADCAST,RUNNING,MULTICAST,PRIVATE,IPv4> mtu 1500
index 9
inet 172.31.1.2 netmask ffffff00 broadcast 172.31.1.127
ether 0:3:ba:d5:b1:44
ce1122000: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500
index 2
inet 172.16.11.6 netmask ffffff00 broadcast 172.16.11.127
groupname ipmp2
ether 0:3:ba:f:63:94
ce1122000:1:
flags=209040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,CoS>
mtu 1500 index 2
inet 172.16.11.7 netmask ffffff00 broadcast 172.16.11.127
ce1122002:
flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu
1500 index 3
inet 172.16.11.8 netmask ffffff00 broadcast 172.16.11.127
groupname ipmp2
ether 0:3:ba:f:68:0
ce1122002:1: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4>
mtu 1500 index 3
inet 172.16.11.10 netmask ffffff00 broadcast 172.16.11.255
ce1122002:2: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4>
mtu 1500 index 3
zone Z-ITR1-1
inet 172.16.11.9 netmask ffffff00 broadcast 172.16.11.255
ce1222000: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500
index 4
inet 172.16.3.6 netmask ffffff00 broadcast 172.16.3.127
groupname ipmp3
ether 0:3:ba:f:63:94
ce1222000:1:
flags=209040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,CoS>
mtu 1500 index 4
inet 172.16.3.7 netmask ffffff00 broadcast 172.16.3.127
ce1222002:
flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu
1500 index 5
inet 172.16.3.8 netmask ffffff00 broadcast 172.16.3.127
groupname ipmp3
ether 0:3:ba:f:68:0
ce1222002:1: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4>
mtu 1500 index 5
zone Z-BTO1-1
inet 172.16.3.9 netmask ffffff00 broadcast 172.16.3.255
ce1222002:2: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4>
mtu 1500 index 5
zone Z-BTO1-2
inet 172.16.3.10 netmask ffffff00 broadcast 172.16.3.255
ce1322000: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500
index 6
inet 172.16.19.6 netmask ffffff00 broadcast 172.16.19.127
groupname ipmp1
ether 0:3:ba:f:63:94
ce1322000:1:
flags=209040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,CoS>
mtu 1500 index 6
inet 172.16.19.7 netmask ffffff00 broadcast 172.16.19.127
ce1322002:
flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu
1500 index 7
inet 172.16.19.8 netmask ffffff00 broadcast 172.16.19.127
groupname ipmp1
ether 0:3:ba:f:68:0
ce1322002:1: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4>
mtu 1500 index 7
zone Z-TDN1-1
inet 172.16.19.9 netmask ffffff00 broadcast 172.16.19.255
ce1411000: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500
index 12
inet 172.16.27.6 netmask ffffff00 broadcast 172.16.27.255
groupname ipmp4
ether 0:3:ba:f:63:94
ce1411000:1:
flags=209040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER,CoS>
mtu 1500 index 12
inet 172.16.27.7 netmask ffffff00 broadcast 172.16.27.255
ce1411002:
flags=9040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4,NOFAILOVER> mtu
1500 index 13
inet 172.16.27.8 netmask ffffff00 broadcast 172.16.27.255
groupname ipmp4
ether 0:3:ba:f:68:0
ce1411002:1: flags=1040843<UP,BROADCAST,RUNNING,MULTICAST,DEPRECATED,IPv4>
mtu 1500 index 13
zone Z-DRB1-1
inet 172.16.27.9 netmask ffffff00 broadcast 172.16.27.255
clprivnet0:
flags=1009843<UP,BROADCAST,RUNNING,MULTICAST,MULTI_BCAST,PRIVATE,IPv4> mtu
1500 index 11
inet 172.31.193.2 netmask ffffff00 broadcast 172.31.193.255
ether 0:0:0:0:0:2 -
Hi - I'm trying to get my head around Live Upgrades now that I've switched to ZFS on Solaris 10 for our test servers. The problem I have is we have a number of non-global zones and when I ran the lucreate command I get a number of warnings:
lucreate -n CPU_2012-07
Analyzing system configuration.
Updating boot environment description database on all BEs.
Updating system configuration files.
Creating configuration for boot environment <CPU_2012-07>.
Source boot environment is <10>.
Creating file systems on boot environment <CPU_2012-07>.
Populating file systems on boot environment <CPU_2012-07>.
Temporarily mounting zones in PBE <10>.
Analyzing zones.
WARNING: Directory </export/zones/tdukwxstestz01> zone <global> lies on a filesystem shared between BEs, remapping path to </export/zones/tdukwxstestz01-CPU_2012-07>.
WARNING: Device <rpool/export/zones/tdukwxstestz01> is shared between BEs, remapping to <rpool/export/zones/tdukwxstestz01-CPU_2012-07>.
WARNING: Directory </export/zones/tdukwbprepz01> zone <global> lies on a filesystem shared between BEs, remapping path to </export/zones/tdukwbprepz01-CPU_2012-07>.
WARNING: Device <rpool/export/zones/tdukwbprepz01> is shared between BEs, remapping to <rpool/export/zones/tdukwbprepz01-CPU_2012-07>.
Duplicating ZFS datasets from PBE to ABE.
Creating snapshot for <rpool/export/zones/tdukwbprepz01> on <rpool/export/zones/tdukwbprepz01@CPU_2012-07>.
Creating clone for <rpool/export/zones/tdukwbprepz01@CPU_2012-07> on <rpool/export/zones/tdukwbprepz01-CPU_2012-07>.
Creating snapshot for <rpool/export/zones/tdukwxstestz01> on <rpool/export/zones/tdukwxstestz01@CPU_2012-07>.
Creating clone for <rpool/export/zones/tdukwxstestz01@CPU_2012-07> on <rpool/export/zones/tdukwxstestz01-CPU_2012-07>.
Creating snapshot for <rpool/ROOT/10> on <rpool/ROOT/10@CPU_2012-07>.
Creating clone for <rpool/ROOT/10@CPU_2012-07> on <rpool/ROOT/CPU_2012-07>.
Creating snapshot for <rpool/ROOT/10/var> on <rpool/ROOT/10/var@CPU_2012-07>.
Creating clone for <rpool/ROOT/10/var@CPU_2012-07> on <rpool/ROOT/CPU_2012-07/var>.
Mounting ABE <CPU_2012-07>.
Generating file list.
Finalizing ABE.
Fixing zonepaths in ABE.
Unmounting ABE <CPU_2012-07>.
Fixing properties on ZFS datasets in ABE.
Reverting state of zones in PBE <10>.
Making boot environment <CPU_2012-07> bootable.
Population of boot environment <CPU_2012-07> successful.
Creation of boot environment <CPU_2012-07> successful.
So ALL my non-global zones live under /export/zones/<zonename> - what do all the WARNINGS mean?
I then applied the Oracle CPU, activated the ABE and shutdown the server. When it came back up non of the zones would start and this seems to be because now all the zonepaths and references to the zones are labelled with CPU_2012-07 on the end. Now I can edit the zone xml files to fix this but am sure this is not the recommended method and something I would prefer not to do.
So basically I think I have not set my ZFS resource pools up correctly to take into account my non-global zones and where I have created them.
My zfs list output looks like this now, unfortunately I don't have the output prior to me starting this work:
zfs list
NAME USED AVAIL REFER MOUNTPOINT
rpool 91.2G 456G 106K /rpool
rpool/ROOT 9.06G 456G 31K legacy
rpool/ROOT/10 38.2M 456G 4.34G /.alt.10
rpool/ROOT/10/var 22.6M 24.0G 3.60G /.alt.10/var
rpool/ROOT/CPU_2012-07 9.02G 456G 4.34G /
rpool/ROOT/CPU_2012-07@CPU_2012-07 566M - 4.34G -
rpool/ROOT/CPU_2012-07/var 4.12G 456G 4.11G /var
rpool/ROOT/CPU_2012-07/var@CPU_2012-07 13.8M - 3.58G -
rpool/dump 2.00G 456G 2.00G -
rpool/export 5.94G 456G 35K /export
rpool/export/home 76.9M 23.9G 76.9M /export/home
rpool/export/zones 5.87G 456G 36K /export/zones
rpool/export/zones/tdukwbprepz01 21.7M 456G 323M /export/zones/tdukwbprepz01
rpool/export/zones/tdukwbprepz01-10 321M 31.7G 312M /export/zones/tdukwbprepz01-10
rpool/export/zones/tdukwbprepz01-10@CPU_2012-07 8.50M - 312M -
rpool/export/zones/tdukwxstestz01 29.6M 456G 5.49G /export/zones/tdukwxstestz01
rpool/export/zones/tdukwxstestz01-10 5.51G 26.5G 5.47G /export/zones/tdukwxstestz01-10
rpool/export/zones/tdukwxstestz01-10@CPU_2012-07 32.1M - 5.48G -
rpool/logs 8.23G 23.8G 8.23G /logs
rpool/swap 66.0G 458G 64.0G -
Any help would be greatly appreciated.
Thanks - Julian.OK, so been tinkering with this. I'm not sure this is my exact problem but a few people have reported issues with the following package:
121430-xx
In that it gives the exact same WARNINGS when trying to create an ABE via lucreate and you have non-global zones. So one of the suggestions was to go back to an earlier version of this patch and then someone said it was fixed in version 71 of the patch. So I installed the very latest version 121430-81 and now it fails with a different error. Fortunately this time I have a screen shot of the before and after:
BEFORE:
bash-3.2# zoneadm list -cv
ID NAME STATUS PATH BRAND IP
0 global running / native shared
1 build14 running /export/zones/build14 native shared
bash-3.2# zfs list
NAME USED AVAIL REFER MOUNTPOINT
rpool 70.0G 477G 106K /rpool
rpool/ROOT 1.98G 477G 31K legacy
rpool/ROOT/10 1.98G 477G 1.95G /
rpool/ROOT/10/var 28.8M 24.0G 28.8M /var
rpool/dump 2.00G 477G 2.00G -
rpool/export 36.5M 477G 33K /export
rpool/export/home 35K 24.0G 35K /export/home
rpool/export/zones 36.4M 477G 32K /export/zones
rpool/export/zones/build14 36.4M 32.0G 36.4M /export/zones/build14
rpool/logs 3.78M 32.0G 3.78M /logs
rpool/swap 66.0G 543G 16K -
bash-3.2# df -h |grep rpool
rpool/ROOT/10 547G 1.9G 477G 1% /
rpool/ROOT/10/var 24G 29M 24G 1% /var
rpool/export 547G 33K 477G 1% /export
rpool/export/home 24G 35K 24G 1% /export/home
rpool/export/zones 547G 32K 477G 1% /export/zones
rpool/export/zones/build14 32G 36M 32G 1% /export/zones/build14
rpool/logs 32G 3.8M 32G 1% /logs
rpool 547G 106K 477G 1% /rpool
bash-3.2# lustatus
Boot Environment Is Active Active Can Copy
Name Complete Now On Reboot Delete Status
10 yes yes yes no -
bash-3.2# lucreate -n 10-CPU_2012_07
Analyzing system configuration.
Updating boot environment description database on all BEs.
Updating system configuration files.
Creating configuration for boot environment <10-CPU_2012_07>.
Source boot environment is <10>.
Creating file systems on boot environment <10-CPU_2012_07>.
Populating file systems on boot environment <10-CPU_2012_07>.
Temporarily mounting zones in PBE <10>.
Analyzing zones.
Duplicating ZFS datasets from PBE to ABE.
Creating snapshot for <rpool/ROOT/10> on <rpool/ROOT/10@10-CPU_2012_07>.
Creating clone for <rpool/ROOT/10@10-CPU_2012_07> on <rpool/ROOT/10-CPU_2012_07>.
Creating snapshot for <rpool/ROOT/10/var> on <rpool/ROOT/10/var@10-CPU_2012_07>.
Creating clone for <rpool/ROOT/10/var@10-CPU_2012_07> on <rpool/ROOT/10-CPU_2012_07/var>.
Mounting ABE <10-CPU_2012_07>.
Generating file list.
Copying data from PBE <10> to ABE <10-CPU_2012_07>.
100% of filenames transferred
Finalizing ABE.
Fixing zonepaths in ABE.
Unmounting ABE <10-CPU_2012_07>.
Fixing properties on ZFS datasets in ABE.
Reverting state of zones in PBE <10>.
Making boot environment <10-CPU_2012_07> bootable.
ERROR: Unable to mount zone <build14> in </.alt.tmp.b-0ob.mnt>.
zoneadm: zone 'build14': zone root /export/zones/build14/root already in use by zone build14
zoneadm: zone 'build14': call to zoneadmd failed
ERROR: Unable to mount non-global zones of ABE <10-CPU_2012_07>: cannot make ABE bootable.
ERROR: umount: /.alt.tmp.b-0ob.mnt/var/run busy
ERROR: cannot unmount </.alt.tmp.b-0ob.mnt/var/run>
ERROR: failed to unmount </.alt.tmp.b-0ob.mnt/var/run>
ERROR: cannot fully unmount boot environment - <1>: file systems remain mounted
ERROR: Unable to make boot environment <10-CPU_2012_07> bootable.
ERROR: Unable to populate file systems on boot environment <10-CPU_2012_07>.
Removing incomplete BE <10-CPU_2012_07>.
ERROR: Cannot make file systems for boot environment <10-CPU_2012_07>.
bash-3.2# lustatus
Boot Environment Is Active Active Can Copy
Name Complete Now On Reboot Delete Status
10 yes yes yes no -
10-CPU_2012_07 no no no yes -
So the very latest Live Upgrade patch doesn't seem to have fix this, I get even more errors now.
Again any help would be greatly appreciated.
Thanks - Julian. -
Max number of entries in the variable input list (F4) of Bex Analyzer Query
Dear BW experts,
When I run the Bex Analyzer query, it pops up the variable input screen.
If I don't know the specific value of the variable, then I can click on the input help (F4) to get a list of available values. There is a max number of entries coming back to the list. For my BW system, it is currently returning 500 values. For other people and SAP Help document, it could be 1000.
My question is: Do you know where we can configure/set this max value? Is it a global setting?
Thanks in advance for your help in this matter.
Kevin-Murali & Pra,
Thanks for both of your answers. I think the answers that you provided are for BW 7.X version.
It is flexible and exactly the way it should be for each user to customize a specific variable.
I am running BW 3.5 query, and don't see the "Settings" option/button after I got the list of single values back.
Is there a way to set this up for BW 3.5 query Analyzer? My max value is always 500 for all variables. Is there a place for setting this value and save for the next time.
Any help from any BW experts is appreciated.
Maybe you are looking for
-
2013-06-24 21:16:28,551 [bxapp2.healthnet.com] [ STANDARD] [ ] (l.access.RuleCandidateIterator) INFO - Single candidate rule resolution optimization is enabled Error retrieving JNDI initial context: 2013-06-24 21:16:28,952 [bxa
-
Why every time i tried to install iswifter Flash browser i had messege that it was unabel to procces the transactino??
-
Do I need to add datafile right now
Hi Friends, I saw a tablespace there are two datafile. one is full. second file information as below File Size 3072MB and online Automatically extend datafile when full (AUTOEXTEND) Increment 1024 KB Maximum File Size value 32767MB I saw size 6144.0
-
Blur out multiple objects in a single clip?
I found a tutorial which explains how to blur an object in a frame by having the source clip on track1, a duplicate on track3 with gaussian blur and a shape on track 2 and then you do composite mode travel matte-luna on the clip on track 3, but how d
-
Installing iPhone To New Computer
I'm planning on getting a new computer this week, and wanted to know what I have to do, to be able to use my iPhone on it, as well as my iPod? Thanks