Herramientas de usuario

Herramientas del sitio


openbsd:networking

OpenBSD networking

Esta página recoge temáticamente los conceptos básicos para comprender la gestión de redes en OpenBSD. Cuando la explicación que ofrecen las páginas man de OpenBSD son suficientes se ha copiado literalmente la explicación que contienen. En los casos en los que he considerado necesaria alguna explicación adicional o más concisa la he incluído también. Además de estar disponibles en cada instalación de OpenBSD, las páginas man están disponibles online.

Además de la información contenida en las páginas man he recogido información de la sección 6 ("Networking") de la página de preguntas frecuentes (FAQ) del proyecto OpenBSD:

Introducción a los interfaces de red

Según netintro(4):

   Each network interface in a system corresponds to a path through which
   messages may be sent and received.  A network interface usually has a
   hardware device associated with it, though certain interfaces such as the
   loopback interface, lo(4), do not.
   A network interface is similar to a device interface.  Network interfaces
   comprise the lowest layer of the networking subsystem, interacting with
   the actual transport hardware.  An interface may support one or more
   protocol families and/or address formats.  The SYNOPSIS section of each
   network interface entry gives a sample specification of the related
   drivers for use in providing a system description to the config(8)
   program.  The DIAGNOSTICS section lists messages which may appear on the
   console and/or in the system error log, /var/log/messages (see
   syslogd(8)), due to errors in device operation.

Hay que distinguir entre network interface y device interface. El primero es la capa de abstracción de más bajo nivel de un dispositivo hardware, aunque hay casos como el interface de red lo(4) donde la capa de abstracción no corresponde con ningún dispositivo hardware sino que lo emula.

Creación de los interfaces de red

Durante el proceso de arranque de OpenBSD se descubre el hardware instalado y se asocia con aquellos dispositivos compilados en el kernel. En este caso estos interfaces son llamados hardware devices.

Según intro(4)

     A hardware device is identified to the system at configuration time and
     the appropriate device or network interface driver is then compiled into
     the system.  
     
     When the resultant system is booted, the autoconfiguration
     facilities in the system probe for the device and, if found, enable the
     software support for it.  If a device does not respond at
     autoconfiguration time it is not accessible at any time afterwards.  To
     enable a device which did not autoconfigure, the system will have to be
     rebooted.

Según autoconf(4):

     When OpenBSD bootstraps it probes the innards of the machine on which it
     is running and locates controllers, drives, and other devices, printing
     out what it finds on the console.  This procedure is driven by a system
     configuration table which is processed by config(8) and compiled into
     each kernel.  Devices which exist in the machine but are not configured
     into the kernel are usually not detected.

Sin embargo no todos los interfaces de red corresponden con dispositivos físicos. Algunos interfaces se denominan pseudo devices porque son interfaces a otras capas de abstracción de más bajo nivel. Estos pseudo devices están siempre disponibles y no dependen de un proceso de detección de hardware como es el caso de los hardware devices.

Los pseudo devices relacionados con networking son:

bridge(4) - Ethernet bridge interface
carp(4) - Common Address Redundancy Protocol
gre(4) - encapsulating network device
pf(4) - packet filter
pflog(4) - packet filter logging interface
pfsync(4) - packet filter state table logging interface
ppp(4) - Point-to-Point Protocol network interface
pty(4) - pseudo terminal driver
sl(4) - slip network interface
sppp(4) - PPP and Link Control Protocol
tun(4) - network tunnel pseudo-device
vlan(4) - IEEE 802.1Q encapsulation/decapsulation pseudo-device

Nomenclatura de los interfaces de red

Los interfaces de red reciben un nombre en función con el dispositivo hardware al que dan servicio y no en función del tipo de conexión. Esta nomenclatura se aleja de las usadas en Linux que generalizan los interfaces ethernet y los numeran en orden de detección (eth0, eth1, …). OpenBSD usa un nombre de interfaz específico del hardware detectado y añade un ordinal en función del orden de detección. Por ejemplo, si se disponen de varias tarjetas fxp (Intel EtherExpress PRO/100) aparecerán como los dispositivos fxp0, fxp1, etc.

Los nombres de dispositivo asociados al hardware detectado son listados en los mensajes que aperecen con fondo azul al arrancar el sistema. Dichos mensajes pueden ser reproducidos en cualquier momento mediante el comando dmesg(8).

Por ejemplo, la tarjeta de red Intel mencionada antes se visualiza así durante el proceso de boot:

   fxp0 at pci0 dev 2 function 0 "Intel 8255x" rev 0x08, i82559: irq 9, address 00:e0:18:cb:3a:48
   inphy0 at fxp0 phy 1: i82555 10/100 PHY, rev. 4

Este mensaje indica que se ha detectado en el bus pci0 un dispositivo con la familia de chips Intel 8255x, que es gestionado en el kernel por el dispositivo de OpenBSD denominado fxp y, al ser el primero de esta clase detectado se le ha asignado el nombre fxp0. El dispositivo concreto detectado es un chip i82559 y es gestionado a través de la Interrupt Request 9 (irq 9) según las reglas generales aplicables a los dispositivos PCI. La dirección universal Ethernet detectada en el dispositivo es la 00:e0:18:cb:3a:48.

La familia de dispositivos Intel i82555, i82562EM, i82562ET y i82562G comparten una misma forma de operación que OpenBSD configura como una capa de abstracción denominada Media Independent Interface o mii, y sirve para la compartición de código común entre distintas familias de drivers. La capa de abstracción mii aplicable a esta tarjeta de red detectada se corresponde con el dispositivo inphy(4) y se ha configurado en esta tarjeta con el nombre de dispositivo inphy0. Las tarjetas de red más antiguas no requieren esta capa de abstracción, que solo ha sido implementada para hardware más reciente y avanzado.

Según mii(4):

     Media Independent Interface is an IEEE standard serial bus for connecting
     MACs (network controllers) to PHYs (physical media interfaces).  The mii
     layer allows network device drivers to share support code for various PHY
     models, and allows unused support for PHYs which are not present in a
     system to be removed from the kernel.

     Network device drivers which use the mii layer carry the ``mii''
     autoconfiguration attribute.  This allows kernel configuration files to
     simply specify PHYs as described above in SYNOPSIS.

     The following is an example of the messages displayed when a network
     interface with an attached PHY is detected by the kernel:

           hme0 at sbus0 slot 1 offset 0x8c00000 pri 7: address 08:00:20:22:86:b8 rev 34
           nsphy0 at hme0 phy 1: DP83840 10/100 PHY, rev. 1

     ifconfig(8) can be used to display the media types supported by the PHY.
     These media types are valid media keywords for use with the ifconfig(8)
     program.

Ver más adelante en este documento Ethernet devices para una lista de dispositivos hardware soportados y nombre del interfaz correspondiente.

Ver la lista de hardware soportado en la página oficial del proyecto OpenBSD para una relación actualizada.

Configuración de un interfaz de red

Según hostname.if(5)

     The hostname.* files contain information regarding the configuration of
     each network interface.  One file should exist for each interface that is
     to be configured, such as hostname.fxp0 or hostname.bridge0.  A
     configuration file is not needed for lo0.

     The configuration information is expressed in a line-by-line packed
     format which makes the most common cases simpler; those dense formats are
     described below.  Any lines not matching these packed formats are passed
     directly to ifconfig(8).  The packed formats are converted using a
     somewhat inflexible parser and the administrator should not expect magic
     -- if in doubt study ifconfig(8) and the per-driver manual pages to see
     what arguments are permitted.

     Arguments containing either whitespace or single quote characters must be
     double quoted.  For example:

           inet 10.0.0.1 255.255.255.0 10.0.0.255 description "Bob's uplink"

Por ejemplo, para configurar la dirección 192.168.0.120 en el interfaz fxp0 habrá que crear el fichero /etc/hostname.fxp0 y escribir en él la siguiente línea

inet 192.168.0.120 255.255.255.0 191.168.0.0

O si deseamos que el interfaz autoconfigure su IP mediante DHCP entonces el contenido de dicho archivo sería simplemente:

dhcp

Inicialización de un interfaz de red

Según netstart(8):

     netstart is the command script that is invoked by rc(8) during an
     automatic reboot and after single user mode is exited; it performs
     network initialization.

     The netstart script can also be used to start newly created bridges or
     interfaces, or reset existing interfaces to their default state.  The
     behaviour of this script is (or can be) controlled to some extent by
     variables defined in rc.conf(8), which specifies which daemons and
     services are to be run.

     During the system boot, netstart is executed.  netstart performs the
     following operations, in the sequence given:

           o   Set the machine's name.
           o   Configure the loopback interface.
           o   Configure all the physical interfaces.
           o   Configure the following non-physical interfaces: trunk(4),
               vlan(4), pfsync(4), and carp(4).
           o   Initialize the routing table and set up the default routes.
           o   Configure the remaining non-physical interfaces: pppoe(4),
               gif(4), and gre(4).
           o   Configure all bridge(4) interfaces.

     After the system is completely initialized, it is possible to start a
     newly created interface or bridge(4), or reset an existing interface to
     its default state, by invoking the following, where foo0 is the interface
     or bridge name:

           # sh /etc/netstart foo0
           

Visualización de la configuración de un interfaz de red

Para eso usamos el comando ifconfig añadiendo opcionalmente el nombre del interfaz de red del que quedemos información.

$ ifconfig fxp0
fxp0: flags=28843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,NOINET6> mtu 1500
        lladdr 00:e0:18:cb:3a:48
        priority: 0
        groups: egress
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 192.168.21.222 netmask 0xffffff00 broadcast 192.168.21.255

La información que se nos suministra es la siguiente:

fxp0: flags=28843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,NOINET6> mtu 1500

El nombre del interfaz (fxp0) seguido de una serie de flags que indican el estado de driver asociado. El flag UP indica la situación administrativa del interfaz, que en este caso es operativo, pudiendo deshabilitarse administrativamente mediante el comando “ifconfig fxp0 down”.

lladdr 00:e0:18:cb:3a:48

La dirección del interfaz Ethernet (dirección MAC).

priority: 0

El nivel de prioridad de un interfaz se refiere a la prioridad que tiene este interfaz al seleccionar el camino para rutas estáticas añadidas al kernel. Este número tiene los valores 0 a 16, siendo más prioritario cuanto más bajo sea el número.

groups: egress

Un interface puede pertenecer a múltiples grupos (groups) y usar el nombre de ese grupo para reglas de packet filter y hacer ingeniería de tráfico. Por defecto un interfaz comienza perteneciendo de manera estándar a ciertos grupos, tal como señala ifconfig(8):

                     -       All interfaces are members of the all interface
                             group.
                     -       Cloned interfaces are members of their interface
                             family group.  For example, a PPP interface such
                             as ppp0 is a member of the ppp interface family
                             group.
                     -       pppx(4) interfaces are members of the pppx
                             interface group.
                     -       The interface(s) the default route(s) point to
                             are members of the egress interface group.
                     -       IEEE 802.11 wireless interfaces are members of
                             the wlan interface group.
                     -       Any interfaces used for network booting are
                             members of the netboot interface group.

media: Ethernet autoselect (100baseTX full-duplex)

Indica el tipo de medio físico usado por el interfaz de red. Usando el comando “ifconfig fxp0 media” podemos ver el tipo de medio físico compatible con dicho interfaz de red:

        supported media:
                media 10baseT
                media 10baseT mediaopt full-duplex
                media 100baseTX
                media 100baseTX mediaopt full-duplex
                media autoselect

status: active

Indica que el estado del interfaz es correcto y está operativo.

Otros estados que encontraremos en función del tipo de medio físico si el interfaz no está activo son:

status: no carrier
status: no network

inet 192.168.1.0 netmask 0xffffff00 broadcast 192.168.1.255

Este dato indica los datos del stack inet asociado al interfaz.

Familias de protocolos

inet

Según inet(4):

     The Internet protocol family is a collection of protocols layered atop
     the Internet Protocol (IP) transport layer, and utilizing the Internet
     address format.  The Internet family provides protocol support for the
     SOCK_STREAM, SOCK_DGRAM, and SOCK_RAW socket types; the SOCK_RAW
     interface provides access to the IP protocol.

     The Internet protocol family is comprised of the IP transport protocol,
     Internet Control Message Protocol (ICMP), Transmission Control Protocol
     (TCP), and User Datagram Protocol (UDP).  TCP is used to support the
     SOCK_STREAM abstraction while UDP is used to support the SOCK_DGRAM
     abstraction.  A raw interface to IP is available by creating an Internet
     socket of type SOCK_RAW.  The ICMP message protocol is accessible from a
     raw socket.

inet6

Según inet6(4):

     The inet6 family is an updated version of the inet(4) family.  While
     inet(4) implements Internet Protocol version 4, inet6 implements Internet
     Protocol version 6.

     inet6 is a collection of protocols layered atop the Internet Protocol
     version 6 (IPv6) transport layer, and utilizing the IPv6 address format.
     The inet6 family provides protocol support for the SOCK_STREAM,
     SOCK_DGRAM, and SOCK_RAW socket types; the SOCK_RAW interface provides
     access to the IPv6 protocol.

     The inet6 family is comprised of the IPv6 network protocol, Internet
     Control Message Protocol version 6 (ICMPv6), Transmission Control
     Protocol (TCP), and User Datagram Protocol (UDP).  TCP is used to support
     the SOCK_STREAM abstraction while UDP is used to support the SOCK_DGRAM
     abstraction.  Note that TCP and UDP are common to inet(4) and inet6.  A
     raw interface to IPv6 is available by creating an Internet socket of type
     SOCK_RAW.  The ICMPv6 message protocol is accessible from a raw socket.

Interacción entre inet e inet6

Según inet6(4):

     Interaction between IPv4/v6 sockets
     
     OpenBSD does not route IPv4 traffic to an AF_INET6 socket, for security
     reasons.  If both IPv4 and IPv6 traffic need to be accepted, listen on
     two sockets.

     The behavior of AF_INET6 TCP/UDP socket is documented in RFC 2553.
     Basically, it says the following:

     o   A specific bind to an AF_INET6 socket (bind(2) with address
         specified) should accept IPv6 traffic to that address only.
     o   If a wildcard bind is performed on an AF_INET6 socket (bind(2) to
         IPv6 address ::), and there is no wildcard bind AF_INET socket on
         that TCP/UDP port, IPv6 traffic as well as IPv4 traffic should be
         routed to that AF_INET6 socket.  IPv4 traffic should be seen as if it
         came from IPv6 address like ::ffff:10.1.1.1.  This is called IPv4
         mapped address.
     o   If there are both wildcard bind AF_INET socket and wildcard bind
         AF_INET6 socket on one TCP/UDP port, they should behave separately.
         IPv4 traffic should be routed to AF_INET socket and IPv6 should be
         routed to AF_INET6 socket.

     However, RFC 2553 does not define the constraint between the order of
     bind(2), nor how IPv4 TCP/UDP port numbers and IPv6 TCP/UDP port numbers
     relate to each other (should they be integrated or separated).
     Implemented behavior is very different from kernel to kernel.  Therefore,
     it is unwise to rely too much upon the behavior of AF_INET6 wildcard bind
     socket.  It is recommended to listen to two sockets, one for AF_INET and
     another for AF_INET6, if both IPv4 and IPv6 traffic are to be accepted.

     It should also be noted that malicious parties can take advantage of the
     complexity presented above, and are able to bypass access control, if the
     target node routes IPv4 traffic to AF_INET6 socket.  Caution should be
     taken when handling connections from IPv4 mapped addresses to AF_INET6
     sockets.

Deshabilitar IPv4 en un interfaz

Si queremos desconfigurar IP en un interfaz que ha sido configurado previamente mediante una entrada hostname.if como hemos visto en Configuración de un interfaz de red tenemos que usar el parámetro delete del comando ifconfig.

Según ifconfig(8):

     ifconfig [-AaC] [interface] [address_family] [address [dest_address]]
              [parameters]

     The following parameters may be set with ifconfig:

     delete          Remove the specified network address, including any
                     netmask or destination address configured with this
                     address.

Es decir, que para eliminar el stack inet asociado con la dirección 192.168.0.120 en el interfaz fxp0 el comando sería: ifconfig fxp0 192.168.0.120 delete. Aquí podemos ver el efecto de dicho comando en un interfaz que tiene asociado una dirección inet y otra dirección inet6

# ifconfig fxp0
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:e0:18:cb:3a:48
        priority: 0
        groups: egress
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 192.168.0.120 netmask 0xffffff00 broadcast 192.168.0.255
        inet6 fe80::2e0:18ff:fecb:3a48%fxp0 prefixlen 64 scopeid 0x1
# ifconfig fxp0 192.168.0.120 delete
# ifconfig fxp0
fxp0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
        lladdr 00:e0:18:cb:3a:48
        priority: 0
        groups: egress
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet6 fe80::2e0:18ff:fecb:3a48%fxp0 prefixlen 64 scopeid 0x1

Si dicha dirección IP es la única que tiene asociado el interfaz entonces el efecto de la instrucción ifconfig con la opción “delete” es, efectivamente, desasociar el interfaz del stack inet. Si hubiera otras direcciones IP secundarias asociadas a este interfaz entonces la acción “delete” solo eliminaría el stack asociado a dicha dirección.

Para volver a habilitar la configuración establecida en dicho interfaz habría que seguir el procedimiento estándar documentado en la anterior sección “Inicialización de un interfaz de red

Deshabilitar IPv6 en un interfaz

El caso para IPv6 (inet6) es distinto. Existe una opción del comando ifconfig que permite eliminar en un solo paso todas las direcciones inet6 asociadas al interfaz

Según ifconfig(8)

     -inet6          Disable inet6(4) on the given interface and remove all
                     configured inet6(4) addresses, including the link-local
                     ones.  To turn it on again, assign any inet6 address or
                     run rtsol(8).
# ifconfig fxp0 -inet6
fxp0: flags=28843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,NOINET6> mtu 1500
        lladdr 00:e0:18:cb:3a:48
        priority: 0
        groups: egress
        media: Ethernet autoselect (100baseTX full-duplex)
        status: active
        inet 192.168.0.120 netmask 0xffffff00 broadcast 192.168.0.255

Como se ve, se ha añadido el flag NOINET6 al interfaz

Troubleshooting

A continuación se muestran algunos comandos útiles para el diagnóstico de problemas.

fstat

   fstat identifies open files.  A file is considered open by a process if
   it was explicitly opened, is the working directory, root directory, ac-
   tive pure text, or kernel trace file for that process.  If no options are
   specified, fstat reports on all open files in the system.
$ fstat | grep ':25'
root     sendmail   25261    3* internet stream tcp 0xd5f4b324 *:25
root     sendmail   25261    5* internet6 stream tcp 0xd5f4b194 *:25

route

     route is a utility used to manually view and manipulate the network rout-
     ing tables.  Except for setting up the default route, it normally is not
     needed to manipulate routes, as a system routing table management daemon,
     such as routed(8), ospfd(8), or bgpd(8), should tend to this task.

     route can be used to modify nearly any aspect of the routing policy, ex-
     cept packet forwarding, which can be manipulated through the sysctl(8)
     command.

     The route utility provides several commands:

     add         Add a route.
     change      Change aspects of a route (such as its gateway).
     delete      Delete a specific route.
     flush       Remove all routes.
     get         Lookup and display the route for a destination.
     monitor     Continuously report any changes to the routing information
                 base, routing lookup misses, or suspected network partition-
                 ings.
     show        Print out the route table similar to "netstat -r" (see
                 netstat(1)).

netstat

Según netstat(1):

   The netstat command symbolically displays the contents of various net-
   work-related data structures.  There are a number of output formats, de-
   pending on the options for the information presented.

Algunas de las opciones de netstat nos permite evaluar el rendimiento de la red

mbufs

     -m      Show statistics recorded by the memory management routines (the
             network manages a private pool of memory buffers).
$ netstat -m
203 mbufs in use:
        186 mbufs allocated to data
        5 mbufs allocated to packet headers
        12 mbufs allocated to socket names and addresses
172/302/6144 mbuf clusters in use (current/peak/max)
688 Kbytes allocated to network (57% in use)
0 requests for memory denied
0 requests for memory delayed
0 calls to protocol drain routines

protocol statistics

     -s      Show per-protocol statistics.  If this option is repeated, coun-
             ters with a value of zero are suppressed.
$ netstat -ss
ip:
        6474590 total packets received
        16242 fragments received
        4635 packets reassembled ok
        6443026 packets for this host
        19957 packets for unknown/unsupported protocol
        6176589 packets sent from this host
        4152 packets sent with fabricated ip header
icmp:
        676 calls to icmp_error
        Output packet histogram:
                echo reply: 41
                destination unreachable: 676
        Input packet histogram:
                echo reply: 69
                destination unreachable: 19934
                echo: 41
                time exceeded: 23
        41 message responses generated
igmp:
ipencap:
tcp:
        2769696 packets sent
                1577253 data packets (723421038 bytes)
                6146 data packets (2145397 bytes) retransmitted
                24 fast retransmitted packets
                969285 ack-only packets (1579450 delayed)
                36501 window update packets
                180511 control packets
        2830932 packets received
                1645076 acks (for 719497657 bytes)
                162436 duplicate acks
                1855829 packets (429455094 bytes) received in-sequence
                12577 completely duplicate packets (373878 bytes)
                81 old duplicate packets
                40 packets with some duplicate data (10555 bytes duplicated)
                16095 out-of-order packets (2642520 bytes)
                7 packets (809 bytes) of data after window
                5 window probes
                11363 window update packets
                524 packets received after close
                14 discarded for bad checksums
        30540 connection requests
        128364 connection accepts
        145764 connections established (including accepts)
        172193 connections closed (including 932 drops)
        2151 embryonic connections dropped
        1623417 segments updated rtt (of 1451852 attempts)
        11497 retransmit timeouts
                149 connections dropped by rexmit timeout
        666 keepalive timeouts
                538 keepalive probes sent
                128 connections dropped by keepalive
        28474 correct ACK header predictions
        596484 correct data packet header predictions
        268246 PCB cache misses
                        cwr by fastrecovery: 2593
                        cwr by timeout: 11497
        788 bad connection attempts
        130147 SYN cache entries added
                128364 completed
                214 timed out
                1569 dropped due to RST
        1691 SYN,ACKs retransmitted
        948 duplicate SYNs received for entries already in the cache
        2569 SACK recovery episodes
                3546 segment rexmits in SACK recovery episodes
                3964937 byte rexmits in SACK recovery episodes
        24581 SACK options received
        5623 SACK options sent
udp:
        3611984 datagrams received
        1 with bad checksum
        1572 with no checksum
        676 dropped due to no socket
        223919 broadcast/multicast datagrams dropped due to no socket
        88 dropped due to full socket buffers
        3387300 delivered
        3400839 datagrams output
        3239387 missed PCB cache
esp:
ah:
etherip:
ipcomp:
carp:
pfsync:
ip6:
        17 packets sent from this host
        Mbuf statistics:
icmp6:
        Output packet histogram:
                multicast listener report: 14
                neighbor solicitation: 3
        Histogram of error messages to be generated:
pim6:
rip6:

interfaces

     -i      Show the state of interfaces which have been auto-configured (in-
             terfaces statically configured into a system but not located at
             boot-time are not shown).

     -f address_family
             Limit statistics or address control block reports to those of the
             specified address_family.

             The following address families are recognized:

                   Address Family    Constant      Description
                   inet              AF_INET       IP Version 4
                   inet6             AF_INET6      IP Version 6
                   ipx               AF_IPX        Novell IPX
                   atalk             AF_APPLETALK  AppleTalk
                   encap             PF_KEY        IPsec
                   local             AF_LOCAL      Local to Host (i.e., pipes)
                   unix              AF_UNIX       Local to Host (i.e., pipes)
$ netstat -i -f inet
Name    Mtu   Network     Address              Ipkts Ierrs    Opkts Oerrs Colls
lo0     33224 <Link>                          332430     0   332430     0     0
lo0     33224 localhost/1 ::1                 332430     0   332430     0     0
lo0     33224 fe80::%lo0/ fe80::1%lo0         332430     0   332430     0     0
lo0     33224 loopback    localhost           332430     0   332430     0     0
sis0    1500  <Link>      00:00:24:c7:a5:b8  6319779     0  5950423     0     0
sis0    1500  fe80::%sis0 fe80::200:24ff:fe  6319779     0  5950423     0     0
sis0    1500  192.168.22/ 192.168.22.1       6319779     0  5950423     0     0
sis0    1500  192.168.21/ 192.168.21.90      6319779     0  5950423     0     0
sis1    1500  <Link>      00:00:24:c7:a5:b9        0     0        0     0     0
sis1    1500  fe80::%sis1 fe80::200:24ff:fe        0     0        0     0     0
sis1    1500  192.168.23/ 192.168.23.90            0     0        0     0     0
sis2*   1500  <Link>      00:00:24:c7:a5:ba        0     0        0     0     0
ath0*   1500  <Link>      00:02:6f:39:cb:a6        0     0        5 135538     0
ath0*   1500  fe80::%ath0 fe80::202:6fff:fe        0     0        5 135538     0
pflog0* 33224 <Link>                               0     0        0     0     0
pfsync0 1348  <Link>                               0     0        0     0     0
enc0*   1536  <Link>                               0     0        0     0     0

iperf

Según iperf(1):

     iperf is a tool for performing network throughput measurements.  It can
     test either TCP or UDP throughput.  To perform an iperf test the user
     must establish both a server (to discard traffic) and a client (to
     generate traffic).

La utilidad iperf(1) es instalable desde el sistema de packages de OpenBSD

# pkg_add -vi iperf

Hay que ejecutar la utilidad como servidor en un servidor y como cliente en otro y la herramienta indica el ancho de banda efectivo entre ambos puntos

En el lado servidor

$ iperf -s
------------------------------------------------------------
Server listening on TCP port 5001
TCP window size: 16.0 KByte (default)
------------------------------------------------------------

En el lado cliente

$ iperf -c 192.168.1.1
------------------------------------------------------------
Client connecting to 192.168.1.1, TCP port 5001
TCP window size: 17.0 KByte (default)
------------------------------------------------------------
[  3] local 192.168.1.2 port 1940 connected with 192.168.1.1 port 5001
[ ID] Interval       Transfer     Bandwidth
[  3]  0.0-10.0 sec  46.2 MBytes  38.6 Mbits/sec

systat

Para evaluar el impacto en la eficacia de networking de la carga de proceso de la máquina conviene visualizar el estado general del kernel mediante el comando “systat”.

     systat displays various system statistics in a screen-oriented fashion
     using the curses(3) screen display library.

     While systat is running, the screen is divided into different areas.  The
     top line displays the current number of users, the three system load
     average figures over the last 1, 5, and 15 minute intervals, and the
     system time.  The bottom line of the screen is reserved for user input
     and error messages.  The information displayed in the rest of the screen
     comprises a view, and is the main interface for displaying different
     types of system statistics.  The vmstat view is the default.

La ejecución del comando se visualiza a pantalla completa con el siguiente aspecto:

    2 users    Load 0.29 0.28 0.25                     Tue Nov 12 13:07:24 2013

            memory totals (in KB)            PAGING   SWAPPING     Interrupts
           real   virtual     free           in  out   in  out      235 total
Active    54376     71988   522256   ops                                siop0
All      241032    258644  1552696   pages                           13 fxp0
                                                                        ahc0
Proc:r  d  s  w    Csw   Trp   Sys   Int   Sof  Flt       forks         com0
     1    18        27     7   613   236   115  162       fkppw      94 clock
                                                          fksvm     128 rtc
   0.0%Int   0.0%Sys   5.3%Usr   0.0%Nic  94.7%Idle       pwait
|    |    |    |    |    |    |    |    |    |    |       relck
>>>                                                       rlkok
                                                          noram
Namei         Sys-cache    Proc-cache    No-cache         ndcpy
    Calls     hits    %    hits     %    miss   %         fltcp
                                                          zfod
                                                          cow
Disks   sd0   cd0                                    6360 fmin
seeks                                                8480 ftarg
xfers                                               48817 itarg
speed                                                   1 wired
  sec                                                     pdfre
                                                          pdscn
                                                          pzidle
                                                      237 kmapent

Apéndice 1: Ethernet devices

acphy (4) - Altima AC101 and AC101L 10/100 Ethernet PHY
age (4) - Attansic L1 10/100/Gigabit Ethernet device
alc (4) - Atheros AR813x/AR815x 10/100/Gigabit Ethernet device
ale (4) - Atheros AR8121/AR8113/AR8114 10/100/Gigabit Ethernet device
amphy (4) - AMD AM79c873 Ethernet PHY
atphy (4) - Attansic Technology F1/F2 10/100/Gigabit Ethernet PHY
aue (4) - ADMtek AN986/ADM8511 Pegasus family 10/100 USB Ethernet device
axe (4) - ASIX Electronics AX88172/AX88178/AX88772 10/100/Gigabit USB Ethernet device
bce (4) - Broadcom BCM4401 10/100 Ethernet device
be (4/sparc) - SPARC 10/100 Ethernet device
be (4/sparc64) - SPARC64 10/100 Ethernet device
bge (4) - Broadcom BCM57xx/BCM590x 10/100/Gigabit Ethernet device
bm (4/macppc) - Apple BMAC Ethernet device
bmtphy (4) - Broadcom Mini-Theta Ethernet PHY
bnx (4) - Broadcom NetXtreme II 10/100/Gigabit Ethernet device
brgphy (4) - Broadcom BCM54xx/BCM57xx 10/100/Gigabit/2500 Ethernet PHY
bridge (4) - Ethernet bridge interface
cas (4) - Sun Cassini 10/100/Gigabit Ethernet device
cdce (4) - USB Communication Device Class Ethernet device
cdcef (4) - USB Communication Device Class Ethernet function
che, cheg (4) - Chelsio Communications 10Gb Ethernet device
ciphy (4) - Cicada/Vitesse CS82xx/VSC8211/VSC8601 10/100/Gigabit Ethernet PHY
cue (4) - CATC USB-EL1201A USB Ethernet device
dc (4) - DEC/Intel 21140/21142/21143/21145 and clones 10/100 Ethernet device
de (4) - DEC DC21x4x (Tulip) 10/100 Ethernet device
de (4/vax) - DEC DEUNA/DELUA Ethernet device
ec (4) - 3Com EtherLink II (3c503) Ethernet device
eephy (4) - Marvell 88E1000/88E1011/88E1111 Alaska Ethernet PHY
ef (4) - 3Com Fast EtherLink ISA (3c515) 10/100 Ethernet device
eg (4) - 3Com EtherLink Plus Ethernet (3c505) Ethernet device
el (4) - 3Com EtherLink (3C501) Ethernet device
em (4) - Intel PRO/1000 10/100/Gigabit Ethernet device
ep (4) - 3Com EtherLink III and Fast EtherLink III 10/100 Ethernet device
epic (4) - SMC 83C170 (EPIC/100) 10/100 Ethernet device
et (4) - Agere/LSI ET1310 10/100/Gigabit Ethernet device
ethers (5) - Ethernet host name database
etphy (4) - Agere/LSI ET1011 TruePHY Gigabit Ethernet PHY
ex (4) - Intel EtherExpress Pro/10 and Pro/10+ Ethernet device
exphy (4) - 3Com 3C905B-TX internal Ethernet PHY
fxp (4) - Intel EtherExpress PRO/100 10/100 Ethernet device
gem (4) - GEM 10/100/Gigabit Ethernet device
hme (4) - Sun Happy Meal 10/100 Ethernet device
icsphy (4) - Integrated Circuit Systems ICS189x 10/100 Ethernet PHY
ie (4/hppa) - Intel i82596 Ethernet device
ie (4/i386) - Intel i82586 Ethernet device
ie (4/mvme68k) - Intel i82596 Ethernet device
ie (4/mvme88k) - Intel i82596 Ethernet device
ie (4/sparc) - Intel i82586 Ethernet device
iec (4/sgi) - IOC3 Ethernet interface
inphy (4) - Intel i82555/i82562 10/100 Ethernet PHY
iophy (4) - Intel i82553 10/100 Ethernet PHY
ipgphy (4) - IC Plus IP1000A/IP1001 10/100/Gigabit Ethernet PHY
ix (4) - Intel 82598/82599 PCI Express 10Gb Ethernet device
ixgb (4) - Intel PRO/10GbE 10Gb Ethernet device
jme (4) - JMicron JMC25x/JMC26x 10/100/Gigabit Ethernet device
jmphy (4) - JMicron JMP202/JMP211 10/100/Gigabit Ethernet PHY
kue (4) - Kawasaki LSI KL5KUSB101B USB Ethernet device
lc (4) - DEC EtherWORKS III 10/100 Ethernet device
le (4/alpha) - AMD LANCE Ethernet device
le (4/aviion) - AMD LANCE Ethernet device
le (4/hp300) - AMD LANCE Ethernet device
le (4/i386) - AMD LANCE Ethernet device
le (4/luna88k) - AMD LANCE Ethernet device
le (4/mvme68k) - AMD LANCE Ethernet device
le (4/mvme88k) - MVME376 AMD LANCE Ethernet device
le (4/sparc) - AMD LANCE Ethernet device
le (4/sparc64) - AMD LANCE Ethernet device
le (4/vax) - AMD LANCE Ethernet device
lge (4) - Level 1 LXT1001 NetCellerator PCI Gigabit Ethernet device
lii (4) - Attansic L2 10/100 Ethernet device
luphy (4) - Lucent Technologies LU6612 10/100 Ethernet PHY
lxtphy (4) - Level One LXT-970/971 10/100 Ethernet PHY
mc (4/macppc) - Am79C940 (MACE) on-board Ethernet device
mec (4/sgi) - MAC-110 10/100 Ethernet device
mlphy (4) - MicroLinear 6692 Ethernet PHY
mos (4) - MosChip MCS7730/7830/7832 10/100 USB Ethernet device
msk, mskc (4) - Marvell Yukon-2 10/100/Gigabit Ethernet device
mtd (4) - Myson Technology MTD800/MTD803/MTD891 10/100/Gigabit Ethernet device
mtdphy (4) - Myson MTD972 10/100 Ethernet PHY
myx (4) - Myricom Myri-10G PCI Express 10Gb Ethernet device
ne (4) - NE2000 and compatible 10/100 Ethernet device
nfe (4) - NVIDIA nForce MCP 10/100/Gigabit Ethernet device
nge (4) - National Semiconductor PCI 10/100/Gigabit Ethernet device
nsgphy (4) - National Semiconductor DP83891/DP83861/DP83865 10/100/Gigabit Ethernet PHY
nsphy (4) - National Semiconductor DP83840 10/100 Ethernet PHY
nsphyter (4) - National Semiconductor DP83815/DP83843/DP83847 10/100 Ethernet PHY
owmac (4/sgi) - 1-Wire Ethernet address
pcn (4) - AMD PCnet-PCI 10/100 Ethernet device
pppoe (4) - PPP Over Ethernet protocol network interface
pppoe (8) - PPP Over Ethernet translator
qe (4/sparc) - SPARC 10/100 Ethernet device
qe (4/sparc64) - SPARC64 10/100 Ethernet device
qe (4/vax) - DEC DEQNA Q-bus Ethernet device
qec (4/sparc) - SPARC Quad Ethernet Controller
qec (4/sparc64) - SPARC64 Quad Ethernet Controller
qsphy (4) - Quality Semiconductor QS6612 10/100 Ethernet PHY
rdcphy (4) - RDC Semiconductor R6040 10/100 Ethernet PHY
re (4) - Realtek 8139C+/8169/816xS/811xS/8168/810xE 10/100/Gigabit Ethernet device
rgephy (4) - Realtek 8169S/8110S/8211B/8211C 10/100/Gigabit Ethernet PHY
rl (4) - Realtek 8129/8139 10/100 Ethernet device
rlphy (4) - Realtek 8139/8201L Ethernet PHY
se (4) - SiS 190/191 10/100/Gigabit Ethernet device
sf (4) - Adaptec AIC-6915 Starfire PCI 10/100 Ethernet device
sis (4) - SiS 900, SiS 7016, and NS DP83815/6 10/100 Ethernet device
sk, skc (4) - SysKonnect XMAC II and Marvell Yukon 10/100/Gigabit Ethernet device
sm (4) - SMC91C9x and SMC91C1xx-based 10/100 Ethernet device
sq (4/sgi) - Seeq 8003/80C03 Ethernet controller
sqphy (4) - Seeq 80220/80221, 80223, 80225 and 84220 10/100 Ethernet PHY
ste (4) - Sundance Technologies ST201 10/100 Ethernet device
stge (4) - Sundance/Tamarack TC9021 Gigabit Ethernet device
tht, thtc (4) - Tehuti Networks 10Gb Ethernet device
ti (4) - Alteon Networks Tigon I and II Gigabit Ethernet device
tl (4) - Texas Instruments ThunderLAN 10/100 Ethernet device
tlphy (4) - Texas Instruments ThunderLAN internal Ethernet PHY
tqphy (4) - TDK Semiconductor 78Q2120 10/100 Ethernet PHY
tsec (4/socppc) - three-speed 10/100/Gigabit Ethernet device
txp (4) - 3Com 3XP Typhoon/Sidewinder (3CR990) 10/100 Ethernet device
txphy (4) - Texas Instruments TNETE2101 10/100 Ethernet PHY
udav (4) - Davicom DM9601 10/100 USB Ethernet device
ukphy (4) - generic/unknown IEEE 802.3u Ethernet PHY
url (4) - Realtek RTL8150L 10/100 USB Ethernet device
urlphy (4) - Realtek RTL8150L Ethernet PHY
urndis (4) - USB Remote NDIS Ethernet device
vether (4) - virtual Ethernet interface
vge (4) - VIA VT6122 PCI 10/100/Gigabit Ethernet device
vr (4) - VIA VT3043/VT86C100A/VT6105/VT6105M 10/100 Ethernet device
vte (4) - RDC R6040 10/100 Ethernet device
wb (4) - Winbond W89C840F 10/100 Ethernet device
we (4) - Western Digital/SMC WD80x3, SMC Elite Ultra, and SMC EtherEZ Ethernet device
xe (4) - Xircom-based 16-bit PCMCIA 10/100 Ethernet device
xge (4) - Neterion Xframe/Xframe II 10Gb Ethernet device
xl (4) - 3Com EtherLink XL and Fast EtherLink XL 10/100 Ethernet device
xmphy (4) - XaQti XMAC-II Gigabit Ethernet PHY
ze (4/vax) - SGEC Ethernet device

Apéndice 2: Páginas man relacionadas

General commands (tools and utilities)
netstat(1)

System calls and error numbers
ioctl(2) socket(2)

Libraries
inet(3)

Device drivers
arp(4) bluetooth(4) bridge(4) ifmedia(4) inet(4) intro(4) ip(4) ip6(4) lo(4) netintro(4) pf(4) route(4) tcp(4) udp(4)

File formats
hosts(5) networks(5) hostname.if(5)

System maintenance and operation commands
bgpd(8) boot(8) boot.conf(8) config(8) ifconfig(8) mrouted(8) netstart(8) ospfd(8) ripd(8) route(8) rtsol(8) rtsold(8)

Apéndice 3: Papers y presentaciones

Inspecting packets with OpenBSD and PF

Henning Brauer and Reyk Flöter
vBSDcon 2013
http://quigon.bsws.de/papers/2013/vbsdcon/

The surprising complexity of TCP/IP checksums in the network stack

Using routing domains / routing tables in a production network

openbsd/networking.txt · Última modificación: 2013/11/22 09:05 por jherrero