Multiple NICs in non-global zone
Hi All
I have configured a whole-root zone using "ip-type=exclusive". I have configured two network interfaces bge1 and nxge1, but only bge1 seems to be working properly. From within the whole-root zone, I can ping the nxge1 interface, but from anywhere outside (even this machine's global zone), I cannot.
output of "ifconfig -a" in the whole-root zone:
bge1: flags=201000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4,CoS> mtu 1500 index 2
inet 192.168.100.162 netmask ffffff00 broadcast 192.168.100.255
ether 0:b:5d:e5:3c:b7
nxge1: flags=201000803<UP,BROADCAST,MULTICAST,IPv4,CoS> mtu 1500 index 3
inet 192.168.100.163 netmask ffffff00 broadcast 192.168.100.255
ether 0:21:28:38:d3:a7
The only difference I can see between the two interfaces is the "RUNNING" flag.
Any thoughts? Have I missed something basic that I just can't see?
TIA
Rick
Of course you may ask!
No this isn't going to be the "final" configuration - we will be installing Sun Cluster right away, I was just trying to prep things and make sure all interfaces are working.
On the original question I had, I'm pretty sure that all my troubles are due to mismatches between what my switch is set for, and what my NIC is set for. I'm in the process
of working through all those variables now.
Still kinda idd, thinking that this sort of mismatch could cause the weirdness I'm seeing.
I'll try to keep you posted...
Rick
Similar Messages
-
Installing multiple MySQLs in Non-Global Zones
Hi all,
We have db01 and db02 physical servers with latest Solaris and Sun Cluster software installed. Each one has the following zones:
db01z001 - db02z001
db01z002 - db02z002
db01z003 - db02z003
db01z004 - db02z004
db01zXXX - db02zXXX
Every zone is installed on zpool zones (on local disks):
root@db01:~$ zpool status zones
pool: zones
state: ONLINE
scrub: none requested
config:
NAME STATE READ WRITE CKSUM
zones ONLINE 0 0 0
mirror ONLINE 0 0 0
c2t0d0 ONLINE 0 0 0
c2t1d0 ONLINE 0 0 0
We want to install and configure a different MySQL application and data service in every pair of non-global zones.
We want to use two SAN logical devices for mysql data:
d3 db02:/dev/rdsk/c4t600508B4000906990001100000E70000d0
d3 db01:/dev/rdsk/c4t600508B4000906990001100000E70000d0
d7 db02:/dev/rdsk/c4t600508B40009069900011000008E0000d0
d7 db01:/dev/rdsk/c4t600508B40009069900011000008E0000d0
Is there any way to use this configuration for N pairs or we can only use 2?
Thanks,
GeorgeHi George,
You might get away creating global monunts, create directories below the mount pint. Now comes the trick, you create HAStoragePlus resources with filesystem_mountpoints=/global_mountmount/mysql1, you must set AffinityOn to false.
This creates a lofs mount into the zone.
I must admit, that I never tried this myself, but it should work. Of cause you will get a performance penalty if you create tables over the wire. Creating tables means creating small files. It is wortha a
It would be better, if you would have more and smaller luns, so that you could restrict on lun to a pair of zones.
Kind Regards
Detlef -
How to add a second nic card to non global zone
hi every one
i have a issue like
my non global zone has hme0 as the nic card
i want to add a secondary nic card like pcn0 to the non global zone . how can i add to the nonglobal zone so that both the nic cards should exist in the nonglobal zone
please tell me the command and procedure for that
thanks in advance ....If your non-global zone is a shared IP zone, then you can add like
zonecfg -z <zonename>
add net
set physical=pnc0
set address=<IP Address>
end
verify
commit
exit
If your non-global zone is an exclusive IP zone, then remember that the interface pnc0 you are adding will be in control of non-global zone exclusively.
Steps to add it are same as above. -
Failing to install pkg on non-global zone
(root)@syslog1:~# pkgadd -d . SUNWant
Processing package instance <SUNWant> from </home/iqbala>
Jakarta ANT(sparc) 11.10.0,REV=2005.01.08.05.16
WARNING: Stale lock installed for pkgrm, pkg SUNWaspell quit in remove-initial state.
Removing lock.
Using </> as the package base directory.
## Processing package information.
ERROR: Cannot allocate memory for package object array.
pkgadd: ERROR: memory allocation failure
pkgadd: ERROR: unable to process pkgmap
Installation of <SUNWant> failed (internal error).
No changes were made to the system.
(root)@syslog1:~#
(root)@syslog1:~# zonename
syslog
This non-global zone is capped to 1G phy memory out of 2G total of the T1000
(root)@syslog-global:~# uname -a
SunOS syslog-global 5.10 Generic_137137-09 sun4v sparc SUNW,Sun-Fire-T1000
(root)@syslog-global:~# zoneadm list
global
syslog
(root)@syslog-global:~# zonename
global
(root)@syslog-global:~# zonecfg -z syslog info
zonename: syslog
zonepath: /syslog
brand: native
autoboot: true
bootargs: -m verbose
pool:
limitpriv: default,sys_time
scheduling-class: FSS
ip-type: shared
inherit-pkg-dir:
dir: /lib
inherit-pkg-dir:
dir: /platform
inherit-pkg-dir:
dir: /sbin
inherit-pkg-dir:
dir: /usr
fs:
dir: /var/logs
special: /var/logs
raw not specified
type: lofs
options: []
fs:
dir: /usr/local
special: /syslog-local/usr/local
raw not specified
type: lofs
options: []
net:
address: 192.168.0.114
physical: aggr1
defrouter: 192.168.0.1
dedicated-cpu:
ncpus: 1-8
importance: 10
capped-memory:
physical: 1G
[swap: 512M]
attr:
name: comment
type: string
value: "syslog server"
rctl:
name: zone.max-swap
value: (priv=privileged,limit=536870912,action=deny)
(root)@syslog-global:~# prstat -Z
PID USERNAME SIZE RSS STATE PRI NICE TIME CPU PROCESS/NLWP
13118 root 7184K 5952K sleep 1 0 52:00:54 0.5% nco_p_syslog/10
11730 root 162M 123M sleep 59 0 38:51:35 0.1% splunkd/22
7324 root 12M 8280K sleep 59 0 0:58:06 0.0% syslogd/25
266 root 97M 24M sleep 49 0 31:45:02 0.0% poold/8
209 daemon 8104K 3080K sleep 59 0 24:39:56 0.0% rcapd/1
29553 root 2496K 2024K cpu4 59 5 0:00:00 0.0% splunk-optimize/1
21578 root 38M 36M sleep 59 0 0:01:10 0.0% puppetd/2
29554 root 6088K 3712K cpu0 49 0 0:00:00 0.0% prstat/1
24244 root 5760K 3104K sleep 49 0 0:00:00 0.0% bash/1
1024 noaccess 171M 96M sleep 59 0 8:41:32 0.0% java/18
27771 noaccess 189M 100M sleep 1 0 4:44:36 0.0% java/18
274 daemon 3192K 496K sleep 59 0 0:00:00 0.0% statd/1
279 daemon 2816K 576K sleep 60 -20 0:00:00 0.0% nfs4cbd/2
326 root 2304K 40K sleep 59 0 0:00:00 0.0% cimomboot/1
151 root 2576K 344K sleep 59 0 0:00:00 0.0% drd/2
ZONEID NPROC SWAP RSS MEMORY TIME CPU ZONE
3 47 465M 513M 25% 99:54:00 0.7% syslog
0 42 391M 466M 23% 71:04:39 0.1% global
Total: 89 processes, 386 lwps, load averages: 0.21, 0.26, 0.26
Am I hitting a bug?If your pkg wants to be installed in /usr or another inherit-pkg-dir, it can't because they are share as read-only.
Verify wherer the pkg copies its files. -
SMCnsnmp in shared-ip non-global zone errors due to duplicate I/F index
Hi all,
I have Solaris 10 zones using the shared-ip model, with Net SMTP installed in the global and non-global zones.
Smtpd starts normally in the global zone, but fails to start in the non-global zones, reporting this error ...
$ sudo tail /zones/roots/uxNNNz4/root/var/log/snmpd.log
error on subcontainer 'interface container' insert (-1)
error on subcontainer 'interface container' insert (-1)
error on subcontainer 'interface container' insert (-1)
error on subcontainer 'interface container' insert (-1)
error on subcontainer 'interface container' insert (-1)
error on subcontainer 'interface container' insert (-1)
error on subcontainer 'interface container' insert (-1)
error on subcontainer 'interface container' insert (-1)
error on subcontainer 'interface container' insert (-1)
error on subcontainer 'interface container' insert (-1)
This error was reported on OpenSolaris some time ago, reference ...
(http://prefetch.net/blog/index.php/2009/05/10/net-snmp-should-now-work-in-an-opensolaris-non-global-zone) ...
Net-snmp does not work in an opensolaris non-global zone:
+"error on subcontainer ‘interface container’ insert (-1)"+
These errors are caused by opensolaris bug #6640675, which causes all interfaces to be assigned an index value of 0 (this leads net-snmp to think there are duplicate interfaces). The fix was just integrated into Nevada, so hopefully the code will be back ported to Solaris 10.
Example ifconfig in global zone (note index 2 for global and shared-ip VIPs)...
lo0: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
inet 127.0.0.1 netmask ff000000
lo0:1: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
zone ux560z1
inet 127.0.0.1 netmask ff000000
lo0:2: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
zone ux560z2
inet 127.0.0.1 netmask ff000000
lo0:3: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
zone ux560z3
inet 127.0.0.1 netmask ff000000
lo0:4: flags=2001000849<UP,LOOPBACK,RUNNING,MULTICAST,IPv4,VIRTUAL> mtu 8232 index 1
zone ux560z4
inet 127.0.0.1 netmask ff000000
nxge0: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
inet 172.25.4.2 netmask fffffc00 broadcast 172.25.7.255
ether 0:21:28:ba:9e:e4
nxge0:1: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
zone ux560z1
inet 172.25.4.3 netmask fffffc00 broadcast 172.25.7.255
nxge0:2: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
zone ux560z2
inet 172.25.4.4 netmask fffffc00 broadcast 172.25.7.255
nxge0:3: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
zone ux560z3
inet 172.25.4.5 netmask fffffc00 broadcast 172.25.7.255
nxge0:4: flags=1000843<UP,BROADCAST,RUNNING,MULTICAST,IPv4> mtu 1500 index 2
zone ux560z4
inet 172.25.4.6 netmask fffffc00 broadcast 172.25.7.255
QUESTIONS:
1. Has the bug been reported for Solaris 10 ?
2. Is a Solaris 10 patch available ?
3. Is there a work-around or other ideas to get SMTP working in a Solaris shared-ip zoned.
4. Exclusive-IP should fix it, but does that require a dedicated NIC per zone ?
Thank You,
KWThe CR you cite: 6640675
was fixed in S10 over a year ago. You'll need a contract to get the patch. -
SFTP chroot from non-global zone to zfs pool
Hi,
I am unable to create an SFTP chroot inside a zone to a shared folder on the global zone.
Inside the global zone:
I have created a zfs pool (rpool/data) and then mounted it to /data.
I then created some shared folders: /data/sftp/ipl/import and /data/sftp/ipl/export
I then created a non-global zone and added a file system that loops back to /data.
Inside the zone:
I then did the ususal stuff to create a chroot sftp user, similar to: http://nixinfra.blogspot.com.au/2012/12/openssh-chroot-sftp-setup-in-linux.html
I modifed the /etc/ssh/sshd_config file and hard wired the ChrootDirectory to /data/sftp/ipl.
When I attempt to sftp into the zone an error message is displayed in the zone -> fatal: bad ownership or modes for chroot directory /data/
Multiple web sites warn that folder ownership and access privileges is important. However, issuing chown -R root:iplgroup /data made no difference. Perhaps it is something todo with the fact the folders were created in the global zone?
If I create a simple shared folder inside the zone it works, e.g. /data3/ftp/ipl......ChrootDirectory => /data3/ftp/ipl
If I use the users home directory it works. eg /export/home/sftpuser......ChrootDirectory => %h
FYI. The reason for having a ZFS shared folder is to allow separate SFTP and FTP zones and a common/shared data repository for FTP and SFTP exchanges with remote systems. e.g. One remote client pushes data to the FTP server. A second remote client pulls the data via SFTP. Having separate zones increases security?
Any help would be appreciated to solve this issue.
Regards Johnsanjaykumarfromsymantec wrote:
Hi,
I want to do IPC between inter-zones ( commnication between processes running two different zones). So what are the different techniques can be used. I am not interested in TCP/IP ( AF_INET) sockets.Zones are designed to prevent most visibility between non-global zones and other zones. So network communication (like you might use between two physical machines) are the most common method.
You could mount a global zone filesystem into multiple non-global zones (via lofs) and have your programs push data there. But you'll probably have to poll for updates. I'm not certain that's easier or better than network communication.
Darren -
I have a V20z running a global zone on an IANA private network of 172.30.0.x and nic bge0
I also have a non-global zone on a public IP of 207.246.20.169 and nic bge1.
I am unable to ping from one zone to the next via a gateway. Normally the global zone would use a standard gateway for that network and my public network would also use a standard gateway for that network.
What appears to be happening is that despite what is in my /etc/defaultrouter the zone itself is the gateway.
For example, to ping something from either zone which would require the gateway results in:
ICMP Host Unreachable from gateway 'zone name' (zone ip address)
What I want to happen is that the global zone honors the gateway that is normally used in this network and the non-global zone uses/honors the gateway that is normally used in that network.
It doesn't seem to matter if I have the normal internal gateway in my /etc/defaultrouter or if I have the normal public gateway in /etc/defaultrouter or if I have both in /etc/defaultrouter (all in the global zone of course).
Do I need to use routed to achieve this? Am I missing something here?I hammered the problem out by adding a static route in the global zone:
route add 172.30.0.0 207.246.20.161
Where 207.246.20.161 is my gateway on the public side.
I slapped this into an /etc/init.d script in the global zone and ran it from /etc/rc2.d like the article below suggests:
http://www.sun.com/bigadmin/content/submitted/persistent_routing.html -
Non-global zone sending TCP SYN-ACK packet over wrong interface.
After spending many hours looking at ipmon/ethereal logs, I believe I've found
a explanation (a bug?) for the following strange behaviour (Solaris 10u1):
I've got a non-global zone with Apache2 with dedicated IP and bound to interface e1000g2 of a Sun X4200 box. The global zone has a different dedicated IP bound to a different interface e1000g0.
When I point a browser at the web site, the HTML page often comes up immediately, but sometimes it will hang and only load when I press the reload browser button one or multiple times. This is reproducible with different browsers from different networks with or without DNS resolution. It's reproducible with other non-local zones configured alike and running different TCP based services (namely SSH or non-Apache HTTP).
This is what happens in a failing case (Ethereal client dump "dump_failed.txt" and IPF log "att1.txt" lines 1-3 pp): the incoming TCP SYN comes over interface e1000g2 (correct) and is passed by IPF. However, the non-global zone sends the TCP SYN-ACK package back over interface e1000g0, which is wrong and causes IPF to fail to build a correct state entry. Then, afterwards, the response packets from the webserver will be filtered by IPF, since it has no state entry.
In the success case (Ethereal client dump "dump_success.txt" and IPF log "att1.txt" lines 19-21 pp), the incoming TCP SYN is answered correctly by a TCP SYN-ACK both over interface e1000g2. IPF can build a state entry and all subsequent packets from the webserver reach the client.
=====
The non-global zone has this setup:
zonecfg:ws1> info
...snip...
net:
address: 62.146.25.34
physical: e1000g2
zonecfg:ws1>
=====
The relevant (as of the IPF log) IPF rules are:
rule 1: block out log all
rule 16: pass in log quick proto tcp from any to 62.146.25.34 port = 80 keep state
=====
If I didn't miss an important point, I suspect this to be a bug in Zones and/or IPF.
Any hints?
Thx,
Tobias
"att1.txt":
LINE PACKET_DT PACKET_FS PACKET_IFC RULE_NUMBER RULE_ACTION SOURCE_IP SOURCE_PORT DEST_IP DEST_PORT PROTOCOL TCP_FLAGS
1 08.05.2006 21:24:09 786741 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp S
2 08.05.2006 21:24:09 786863 e1000g0 16 p 62.146.25.34 80 84.56.16.159 60693 tcp AS
3 08.05.2006 21:24:09 808218 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp A
4 08.05.2006 21:24:09 837170 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp AP
5 08.05.2006 21:24:09 837189 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp A
6 08.05.2006 21:24:09 837479 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AP
7 08.05.2006 21:24:12 823801 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp AP
8 08.05.2006 21:24:12 823832 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp A
9 08.05.2006 21:24:13 210039 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AP
10 08.05.2006 21:24:18 839318 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp AP
11 08.05.2006 21:24:18 839351 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp A
12 08.05.2006 21:24:19 970040 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AP
13 08.05.2006 21:24:24 840073 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AF
14 08.05.2006 21:24:30 870503 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp AP
15 08.05.2006 21:24:30 870538 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp A
16 08.05.2006 21:24:33 480059 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
17 08.05.2006 21:24:45 347464 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp AF
18 08.05.2006 21:24:45 347498 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp A
19 08.05.2006 21:24:47 857068 e1000g2 16 p 84.56.16.159 60694 62.146.25.34 80 tcp S
20 08.05.2006 21:24:47 857118 e1000g2 16 p 62.146.25.34 80 84.56.16.159 60694 tcp AS
21 08.05.2006 21:24:47 878257 e1000g2 16 p 84.56.16.159 60694 62.146.25.34 80 tcp A
22 08.05.2006 21:24:47 907630 e1000g2 16 p 84.56.16.159 60694 62.146.25.34 80 tcp AP
23 08.05.2006 21:24:47 907644 e1000g2 16 p 62.146.25.34 80 84.56.16.159 60694 tcp A
24 08.05.2006 21:24:47 907892 e1000g2 16 p 62.146.25.34 80 84.56.16.159 60694 tcp AP
25 08.05.2006 21:24:47 976361 e1000g2 16 p 84.56.16.159 60694 62.146.25.34 80 tcp AP
26 08.05.2006 21:24:47 976375 e1000g2 16 p 62.146.25.34 80 84.56.16.159 60694 tcp A
27 08.05.2006 21:24:47 976487 e1000g2 16 p 62.146.25.34 80 84.56.16.159 60694 tcp AP
28 08.05.2006 21:24:48 127599 e1000g2 16 p 84.56.16.159 60694 62.146.25.34 80 tcp A
29 08.05.2006 21:24:54 932569 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp AFP
30 08.05.2006 21:24:54 932595 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp A
31 08.05.2006 21:25:00 490052 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
32 08.05.2006 21:25:02 980057 e1000g2 16 p 62.146.25.34 80 84.56.16.159 60694 tcp AF
33 08.05.2006 21:25:03 1890 e1000g2 16 p 84.56.16.159 60694 62.146.25.34 80 tcp A
34 08.05.2006 21:25:09 907916 e1000g2 16 p 84.56.16.159 60694 62.146.25.34 80 tcp AF
35 08.05.2006 21:25:09 907949 e1000g2 16 p 62.146.25.34 80 84.56.16.159 60694 tcp A
36 08.05.2006 21:25:42 948502 e1000g2 16 p 84.56.16.159 60693 62.146.25.34 80 tcp AFP
37 08.05.2006 21:25:42 948535 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp A
38 08.05.2006 21:25:54 500051 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
39 08.05.2006 21:26:54 510046 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
40 08.05.2006 21:27:54 520041 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
41 08.05.2006 21:28:54 530040 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
42 08.05.2006 21:29:54 540039 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
43 08.05.2006 21:30:54 550039 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
44 08.05.2006 21:31:54 560041 e1000g2 1 b 62.146.25.34 80 84.56.16.159 60693 tcp AFP
"dump_failed.txt":
No. Time Source Destination Protocol Info
1 0.000000 192.168.1.101 62.146.25.34 TCP 1079 > http [SYN] Seq=0 Len=0 MSS=1460
Frame 1 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 48
Identification: 0x0269 (617)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xde9d [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 0, Len: 0
Source port: 1079 (1079)
Destination port: http (80)
Sequence number: 0 (relative sequence number)
Header length: 28 bytes
Flags: 0x0002 (SYN)
Window size: 65535
Checksum: 0x5c3c [correct]
Options: (8 bytes)
No. Time Source Destination Protocol Info
2 0.022698 62.146.25.34 192.168.1.101 TCP http > 1079 [SYN, ACK] Seq=0 Ack=1 Win=49368 Len=0 MSS=1452
Frame 2 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 48
Identification: 0x002f (47)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 50
Protocol: TCP (0x06)
Header checksum: 0x2ed8 [correct]
Source: 62.146.25.34 (62.146.25.34)
Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1079 (1079), Seq: 0, Ack: 1, Len: 0
Source port: http (80)
Destination port: 1079 (1079)
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 28 bytes
Flags: 0x0012 (SYN, ACK)
Window size: 49368
Checksum: 0xd017 [correct]
Options: (8 bytes)
No. Time Source Destination Protocol Info
3 0.022749 192.168.1.101 62.146.25.34 TCP 1079 > http [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
Frame 3 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0x026a (618)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdea4 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: 1079 (1079)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
Window size: 65535
Checksum: 0x19dc [incorrect, should be 0xbdac]
No. Time Source Destination Protocol Info
4 0.022919 192.168.1.101 62.146.25.34 HTTP GET / HTTP/1.1
Frame 4 (476 bytes on wire, 476 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 462
Identification: 0x026b (619)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdcfd [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
Source port: 1079 (1079)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Next sequence number: 423 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 65535
Checksum: 0x1b82 [incorrect, should be 0xcda5]
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
5 3.013084 192.168.1.101 62.146.25.34 HTTP [TCP Retransmission] GET / HTTP/1.1
Frame 5 (476 bytes on wire, 476 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 462
Identification: 0x0276 (630)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdcf2 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
Source port: 1079 (1079)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Next sequence number: 423 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 65535
Checksum: 0x1b82 [incorrect, should be 0xcda5]
SEQ/ACK analysis
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
6 9.029003 192.168.1.101 62.146.25.34 HTTP [TCP Retransmission] GET / HTTP/1.1
Frame 6 (476 bytes on wire, 476 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 462
Identification: 0x027f (639)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdce9 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
Source port: 1079 (1079)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Next sequence number: 423 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 65535
Checksum: 0x1b82 [incorrect, should be 0xcda5]
SEQ/ACK analysis
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
7 21.060827 192.168.1.101 62.146.25.34 HTTP [TCP Retransmission] GET / HTTP/1.1
Frame 7 (476 bytes on wire, 476 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 462
Identification: 0x0284 (644)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdce4 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
Source port: 1079 (1079)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Next sequence number: 423 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 65535
Checksum: 0x1b82 [incorrect, should be 0xcda5]
SEQ/ACK analysis
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
8 35.561984 192.168.1.101 62.146.25.34 TCP 1079 > http [FIN, ACK] Seq=423 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
Frame 8 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0x029a (666)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xde74 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1079 (1079), Dst Port: http (80), Seq: 423, Ack: 1, Len: 0
Source port: 1079 (1079)
Destination port: http (80)
Sequence number: 423 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0011 (FIN, ACK)
Window size: 65535
Checksum: 0x19dc [incorrect, should be 0xbc05]
"dump_success.txt":
No. Time Source Destination Protocol Info
1 0.000000 192.168.1.101 62.146.25.34 TCP 1083 > http [SYN] Seq=0 Len=0 MSS=1460
Frame 1 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 48
Identification: 0x02a3 (675)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xde63 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 0, Len: 0
Source port: 1083 (1083)
Destination port: http (80)
Sequence number: 0 (relative sequence number)
Header length: 28 bytes
Flags: 0x0002 (SYN)
Window size: 65535
Checksum: 0x70ca [correct]
Options: (8 bytes)
No. Time Source Destination Protocol Info
2 0.020553 62.146.25.34 192.168.1.101 TCP http > 1083 [SYN, ACK] Seq=0 Ack=1 Win=49368 Len=0 MSS=1452
Frame 2 (62 bytes on wire, 62 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 48
Identification: 0x006b (107)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 50
Protocol: TCP (0x06)
Header checksum: 0x2e9c [correct]
Source: 62.146.25.34 (62.146.25.34)
Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 0, Ack: 1, Len: 0
Source port: http (80)
Destination port: 1083 (1083)
Sequence number: 0 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 28 bytes
Flags: 0x0012 (SYN, ACK)
Window size: 49368
Checksum: 0xb530 [correct]
Options: (8 bytes)
No. Time Source Destination Protocol Info
3 0.020599 192.168.1.101 62.146.25.34 TCP 1083 > http [ACK] Seq=1 Ack=1 Win=65535 [TCP CHECKSUM INCORRECT] Len=0
Frame 3 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0x02a4 (676)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xde6a [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 1, Ack: 1, Len: 0
Source port: 1083 (1083)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
Window size: 65535
Checksum: 0x19dc [incorrect, should be 0xa2c5]
No. Time Source Destination Protocol Info
4 0.020746 192.168.1.101 62.146.25.34 HTTP GET / HTTP/1.1
Frame 4 (476 bytes on wire, 476 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 462
Identification: 0x02a5 (677)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdcc3 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 1, Ack: 1, Len: 422
Source port: 1083 (1083)
Destination port: http (80)
Sequence number: 1 (relative sequence number)
Next sequence number: 423 (relative sequence number)
Acknowledgement number: 1 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 65535
Checksum: 0x1b82 [incorrect, should be 0xb2be]
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
5 0.071290 62.146.25.34 192.168.1.101 TCP http > 1083 [ACK] Seq=1 Ack=423 Win=49368 Len=0
Frame 5 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0x006c (108)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 50
Protocol: TCP (0x06)
Header checksum: 0x2ea3 [correct]
Source: 62.146.25.34 (62.146.25.34)
Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 1, Ack: 423, Len: 0
Source port: http (80)
Destination port: 1083 (1083)
Sequence number: 1 (relative sequence number)
Acknowledgement number: 423 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
Window size: 49368
Checksum: 0xe046 [correct]
No. Time Source Destination Protocol Info
6 0.075838 62.146.25.34 192.168.1.101 HTTP HTTP/1.1 200 OK (text/html)
Frame 6 (413 bytes on wire, 413 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 399
Identification: 0x006d (109)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 50
Protocol: TCP (0x06)
Header checksum: 0x2d3b [correct]
Source: 62.146.25.34 (62.146.25.34)
Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 1, Ack: 423, Len: 359
Source port: http (80)
Destination port: 1083 (1083)
Sequence number: 1 (relative sequence number)
Next sequence number: 360 (relative sequence number)
Acknowledgement number: 423 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 49368
Checksum: 0x29b8 [correct]
Hypertext Transfer Protocol
Line-based text data: text/html
No. Time Source Destination Protocol Info
7 0.095473 192.168.1.101 62.146.25.34 HTTP GET /favicon.ico HTTP/1.1
Frame 7 (407 bytes on wire, 407 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 393
Identification: 0x02aa (682)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xdd03 [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 423, Ack: 360, Len: 353
Source port: 1083 (1083)
Destination port: http (80)
Sequence number: 423 (relative sequence number)
Next sequence number: 776 (relative sequence number)
Acknowledgement number: 360 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 65176
Checksum: 0x1b3d [incorrect, should be 0x1e0c]
Hypertext Transfer Protocol
No. Time Source Destination Protocol Info
8 0.139786 62.146.25.34 192.168.1.101 TCP http > 1083 [ACK] Seq=360 Ack=776 Win=49368 Len=0
Frame 8 (60 bytes on wire, 60 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0x006e (110)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 50
Protocol: TCP (0x06)
Header checksum: 0x2ea1 [correct]
Source: 62.146.25.34 (62.146.25.34)
Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 360, Ack: 776, Len: 0
Source port: http (80)
Destination port: 1083 (1083)
Sequence number: 360 (relative sequence number)
Acknowledgement number: 776 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
Window size: 49368
Checksum: 0xdd7e [correct]
No. Time Source Destination Protocol Info
9 0.144850 62.146.25.34 192.168.1.101 HTTP HTTP/1.1 404 Not Found (text/html)
Frame 9 (464 bytes on wire, 464 bytes captured)
Ethernet II, Src: D-Link_9b:09:44 (00:0d:88:9b:09:44), Dst: FujitsuS_81:79:ea (00:30:05:81:79:ea)
Internet Protocol, Src: 62.146.25.34 (62.146.25.34), Dst: 192.168.1.101 (192.168.1.101)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 450
Identification: 0x006f (111)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 50
Protocol: TCP (0x06)
Header checksum: 0x2d06 [correct]
Source: 62.146.25.34 (62.146.25.34)
Destination: 192.168.1.101 (192.168.1.101)
Transmission Control Protocol, Src Port: http (80), Dst Port: 1083 (1083), Seq: 360, Ack: 776, Len: 410
Source port: http (80)
Destination port: 1083 (1083)
Sequence number: 360 (relative sequence number)
Next sequence number: 770 (relative sequence number)
Acknowledgement number: 776 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
Window size: 49368
Checksum: 0x7a71 [correct]
Hypertext Transfer Protocol
Line-based text data: text/html
No. Time Source Destination Protocol Info
10 0.269307 192.168.1.101 62.146.25.34 TCP 1083 > http [ACK] Seq=776 Ack=770 Win=64766 [TCP CHECKSUM INCORRECT] Len=0
Frame 10 (54 bytes on wire, 54 bytes captured)
Ethernet II, Src: FujitsuS_81:79:ea (00:30:05:81:79:ea), Dst: D-Link_9b:09:44 (00:0d:88:9b:09:44)
Internet Protocol, Src: 192.168.1.101 (192.168.1.101), Dst: 62.146.25.34 (62.146.25.34)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
Total Length: 40
Identification: 0x02af (687)
Flags: 0x04 (Don't Fragment)
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0xde5f [correct]
Source: 192.168.1.101 (192.168.1.101)
Destination: 62.146.25.34 (62.146.25.34)
Transmission Control Protocol, Src Port: 1083 (1083), Dst Port: http (80), Seq: 776, Ack: 770, Len: 0
Source port: 1083 (1083)
Destination port: http (80)
Sequence number: 776 (relative sequence number)
Acknowledgement number: 770 (relative ack number)
Header length: 20 bytes
Flags: 0x0010 (ACK)
Window size: 64766
Checksum: 0x19dc [incorrect, should be 0x9fbe]lev wrote:This performance regression renders openvpn with a tun adapter unusable if client and server use kernel 3.14 .
Thus I created a bug report: https://bugs.archlinux.org/task/40089
i actually noticed it to be an "either-or" type of thing; my Windows clients were seeing the same thing coming off a 3.14 openvpn server.
yeah, weird issue. like i noticed spurts of even-powers-of-2 sized packets
Client connecting to 10.10.10.6, TCP port 5001
TCP window size: 416 KByte
[ 3] local 10.10.10.1 port 40643 connected with 10.10.10.6 port 5001
[ ID] Interval Transfer Bandwidth
[ 3] 0.0- 2.0 sec 512 KBytes 2.10 Mbits/sec
[ 3] 2.0- 4.0 sec 0.00 Bytes 0.00 bits/sec
[ 3] 4.0- 6.0 sec 0.00 Bytes 0.00 bits/sec
[ 3] 6.0- 8.0 sec 0.00 Bytes 0.00 bits/sec
[ 3] 8.0-10.0 sec 128 KBytes 524 Kbits/sec
[ 3] 10.0-12.0 sec 128 KBytes 524 Kbits/sec
[ 3] 12.0-14.0 sec 512 KBytes 2.10 Mbits/sec
[ 3] 14.0-16.0 sec 128 KBytes 524 Kbits/sec
[ 3] 16.0-18.0 sec 512 KBytes 2.10 Mbits/sec
[ 3] 18.0-20.0 sec 128 KBytes 524 Kbits/sec
[ 3] 20.0-22.0 sec 384 KBytes 1.57 Mbits/sec
[ 3] 22.0-24.0 sec 256 KBytes 1.05 Mbits/sec
[ 3] 24.0-26.0 sec 512 KBytes 2.10 Mbits/sec
[ 3] 26.0-28.0 sec 384 KBytes 1.57 Mbits/sec
[ 3] 28.0-30.0 sec 256 KBytes 1.05 Mbits/sec
[ 3] 30.0-32.0 sec 128 KBytes 524 Kbits/sec
[ 3] 32.0-34.0 sec 640 KBytes 2.62 Mbits/sec
[ 3] 34.0-36.0 sec 384 KBytes 1.57 Mbits/sec
[ 3] 36.0-38.0 sec 384 KBytes 1.57 Mbits/sec
[ 3] 38.0-40.0 sec 384 KBytes 1.57 Mbits/sec
[ 3] 40.0-42.0 sec 128 KBytes 524 Kbits/sec -
Always install applications into non-global zones?
I am planning on taking full advantage of Containers and Zones as I migrate servers and applications to Solaris 10. During this migration process, I believe that I will have a need to initially just run just one application on a server. I fear that if I do this in the global zone I will lose flexibility down the road for future projects and workloads. So, should I consider always installing applications in a non-global zone and never install applications in the global zone? This would keep the global zone as the controller of the non-global zones and ensure that I can always add more non-global zones later without having to worry about what is running in the global zone.
Are there any thoughts or comments on this topic?Yes we've found it's best to run the applications in non-global zones. Here are a few benefits, basically we only put an application in the global zone if it requires it (like Oracle RAC). Note non-RAC instances of Oracle will run in a non-global zone just fine.
Reasons to put applications in non-global zones
o Increased security (self contained environment)
o Increased flexibility for provisioning resources (CPU, memory, etc) when/if we decide to run multiple applications on the same hardware
o Increased flexibility in starting up temporary environments to debug issues in parallel to the primary environment (i.e. in another non-global zone on the same server)
o Works well with Sun Cluster (i.e. we cluster the non-global zones so that they can run across several hosts)
o Improved trouble shooting and performance diagnosis as the applications are isolated to a non-global zone
o Simplified environment for the application admins as the environment can be fine tuned for their needs (i.e. only let them see what they need)
o Disaster recovery is much faster for a non-global zone -
Hi - wonder if someone could help with an issue I'm trying to troubleshoot. I have a number of T2000 servers all running multiple zones and at peak periods I'm seeing issues with a particular application access a plain text log file. The server although busy is coping well and not particularly loaded. I've wondered if I'm hitting some sort of open file limit on the server but am unsure on how to check this. I can see that ulimit -n reports 256.
I've also been trying to use lsof to see what open files an application has but this doesn't appear to work when logged into the non-global zone, all I get is:
lsof -p 5508
lsof-5.10: can't read namelist from /dev/ksyms
If I run the same command on the global zone I can see various output about the zone but non relate to the applications log file which is currently being written to.
Does anyone have any ideas on how to do this or what else I could check?
Thanks - Julian.For security/isolation reasons, /dev/ksyms is not presented to zones. You must run your lsof commands at the global zone. Sorry.
-
How do I share non-global zone filesystem?
I have a non-global zone that needs to have a UFS local filesystem. That file system also needs to be accessible (via NFS or whatever) to another non-global zone.
Can this be done?I have a non-global zone that needs to have a UFS
local filesystem. That file system also needs tobe
accessible (via NFS or whatever) to another
non-global zone.
Can this be done?Not directly by the non-global zone. You can't
currently serve NFS from them.
However, could you host the filesystem in the global
zone, then have both of the non-global zones access
it as a loopback filesystem?
DarrenOne of the non-global zones needs to write memory mapped files to the filesystem.
All zones need read/wite access.
Is it legit to have multiple zones having read/write access to a loopback filesystem? -
How can 2 non-global zones share a singe ethernet?
This may be a very basic question. I am new the this board and trying to learn more about the Solaris Zone.
I am trying to find out whether sharing an ethernet card between two non-global zones is possible.
Where can I get additional infor on this topic?
Thanks,I just found the answer to my question. Thanks, Can you post a link to where you found the answer?
Birdman >>I'm not exactly sure what he found, but you might try this link, to the zones documentation:
http://docs.sun.com/db/doc/817-1592/6mhahuos1?a=view#z.admin.ov-12
The answer to the question is "yes" you can do this, and in fact it is somewhat trivial. We've long had a feature in Solaris called "logical network interfaces". This allows multiple logical interfaces to be defined atop a single physical one. Zones uses this feature and creates logical interfaces atop a single virtual interface. You can even have multiple network interfaces assigned to the same zone, without any problem.
-dp -
GUI interface for non-global zones
My Goal:
Create multiple zones, each running different services thus eliminating the need for multiple servers w/out using VMware.
What I'm realizing:
Everything I've read points back to non-global zones being only a console based environment. Does anyone know if it's possible to login to non-global zones with a GUI interface?
Thanks,
RickWe use the CDE login mechanism. From the CDE login screen on the global zone:
[] Select Options, Remote Login, Enter Host Name from the CDE login screen.
[] Enter the hostname (not the zone name!) of the non-global zone in the Enter the host name box.
[] Click OK.
[] Once the CDE login screen appears with the hostname of the non-globalzone listed at the top, log in as sysadmin.
Notes: If the non-global zone or the system was recently booted, wait a few minutes and check to make sure that the cde-login service is running using the command:
svcs -a | grep cde-login
Also, if you have restricted /etc/Xaccess, you'll need to add your non-global zone to it.
Message was edited by:
r2ad
Message was edited by:
r2ad, http://www.r2ad.com -
Add tape device to non-global zone
Hi,
I have a SCSI attached Ultrium tape device attached and configured against the global zone.
The /dev/rmt/0* definitions in the global zone are links to ../../devices/pci@2*
I need to be able to use this tape device from the non-global zones.
To enable this, I have done the following:
zonecfg -z <zone name>
add device
set match=/dev/rmt/0
end
verify
commit
exit
I repeated the above for /dev/rmt/0m and /dev/rmt/0mn
Then I restarted the zone with the command:
zoneadm -z <zone name> reboot
After the reboot, I can see the device when using "mt -f /dev/rmt/0 status", but whenever I try to write a SAP brbackup to the new (initialised and not write protected) tape within the drive I get the following error:
BR0278E Command output of 'LANG=C cd /oracle/<SID>/sapbackup && /usr/sap/<SID>/SYS/exe/run/brtools -f detach LANG=C cpio -iuvB .tape
sh: /dev/rmt/0mn: cannot open
BR0280I BRBACKUP time stamp: 2012-04-04 08.21.41
BR0279E Return code from 'LANG=C cd /oracle/<SID>/sapbackup && /usr/sap/<SID>/SYS/exe/run/brtools -f detach LANG=C cpio -iuvB .tape.
BR0359E Restore of /oracle/<SID>/sapbackup/.tape.hdr0 from /dev/rmt/0mn failed due to previous errors
Have I created the device incorrectly, or does anyone have any ideas what could be the reason the write fails?
Any help appreciated.
Edited by: user11329299 on 04-Apr-2012 01:09Hi,
Just to bring you up to speed, I have now fixed the issue.
The resolution was all within the iniSID.sap file that the backup is using. I have changed a number of parameters within this file:
1. tape_copy_cmd = dd (was cpio)
2. rewind = "mt -f $ rew; sleep 30" (was " mt -f $ rew")
3. rewind_offline = "mt -f $ offline; sleep 30" (was "mt -f $ offline")
4. tape_pos_cmd = "mt -f $ fsf $: sleep 30" (was "mt -f $ fsf $")
5. tape_size = 500G (was 18000M)
After making those changes, the backup started from within DB13. I believe that the main culprit was the tape_copy_cmd, but the others were changed to allow the tape drive time to become online again after any query. -
PHP in Solaris 10 and Non-Global Zones: Problem of performance?
Hi friends
We are feeling a poor performance with applications developed with PHP in Solaris 10, with non-global and global zones, while Intel platform (Xeon and Pentium), performance is very good. Difference between both platforms is about 200% aprox, one second in Intel to 9, 12 or 20 seconds in Solaris depending of model.
Our tests were developed in:
1. SF T2000 server Solaris 10 global zone
2. SF T2000 server Solaris 10 non-global zone
3. SF280R server Solaris 10 non-global zone
4. V240 server with 1 GB memory, 1*US III-i 1.0 GHz and Solaris 9 (really this version for test and comparisons)
5. V240 server with 8GB memory, 2*US III-i 1.5Ghz and Solaris 9 (really this version for test and comparisons too)
Intel platforms were:
1. Intel Pentium 4 2GHz 2GB memory, Linux Fedora and PHP 4.4.4
2. Intel Xeon 2 core, 2.33GHz 2GB memory, Linux Fedora and PHP 4.4.3
Versions of products are:
1. Solaris 9 or Solaris 10
2. PHP 4.4.7 downloaded from http://www.php.net/downloads.php
3. Apache 2.0.59
4. MySQL 4.1.15-log
Our php compilation and installation were:
./configure --prefix=/usr/local/php-4.4.7 \
--with-pear \
--with-openssl=/usr/local/ssl \
--with-gettext \
--with-ldap=/usr/local \
--with-iconv \
--enable-ftp \
--with-dom \
--with-mime-magic \
--enable-mbstring \
--with-zlib \
--enable-track-vars \
--enable-sigchild \
--disable-ctype \
--disable-overload \
--disable-tokenizer \
--disable-posix \
--with-gd \
--with-apxs2=/usr/local/apache2.0.53/bin/apxs \
--with-mysql \
--with-pgsql \
--with-oci8=/oracle/product/9.2.0 \
--with-oracle=/oracle/product/9.2.0 \
--with-png-dir=/usr/local \
--with-zlib-dir=/usr/local \
--with-freetype-dir=/usr/local \
--with-jpeg-dir=/usr/local
make
make install
Questions:
Is there any problem of PHP with SunFire T2000 servers or 64-bits platforms?
Is there any flag of PHP would be use to compilarion PHP in 64-bits or multithread?
I wait for any comments or suggestions about our problem with PHP compilation and performance in Solaris 10. Thanks a lot.
Sergio.I presume you compiled php on the Sun server, was this done using gcc or the Sun One C compiler.
If the latter then you can also use the flag: --enable-nonportable-atomics when you run configure
Maybe you are looking for
-
After moving the library, itunes shows less songs than music folder in finder does
hi all. after moving my library manually, i have this situation: 1220 songs in music folder; 1091 songs in itunes. all the songs in itunes are regularly matched with the original file in the finder. now. how to find the 29 files which are not in
-
1) transporting Macbook 2) iTunes
I have two questions aobut my new Macbook. 1) How can I put my iTunes library on my Mac? My desktop computer is a PC, and that is where I do all of my downlading, etc. so the rest of my fmaily can access it. I am the only one that uses my laptop, so
-
Receiver determination is not showing communication channel
HI, I am working on file adpater scenario. I have created communication channel and later deleted it. Then created new communication channel and completed other steps like - creating- receiver determination and interface determination. But when I am
-
doing a disk permissions verification/repair i get Warning: SUID file "System/Library/CoreServices/RemoteManagement/ARDAgent.app/Contents/MacOS/ARDAg ent" has been modified and will not be repaired. now i did notice a softwre update recently for Remo
-
Seeing more than 7 emails in inbox
I can only see the 7 most recent messages in my Inbox for an imap account. How can I view more? If I select the Conversation view, I can scroll down a very long list. Why in Inbox view, only 7 and no ability to scroll?