Antoine Benkemoun
2010-Mar-25 17:27 UTC
[crossbow-discuss] Using tun interface with dladm and flowadm
Hello, I am a rather new user to OpenSolaris and I have been loving every minute of it. I have spent quite a lot of time looking around for bandwidth management features and Project Crossbow is just amazing. It is truly amazing compared to what Linux has to offer. I would like to use flowadm to do some bandwidth management on a tun interface. The problem is that it is not recognized by the dladm utility. It appears in *ifconfig -a* but not in *dladm show-link*. Is this normal ? Did I miss something ? Since my tun interface is not recognized by dladm, I am unable to use the flowadm utility on it. Is there anything I can do ? Thank you in advance for your help, Antoine Benkemoun -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/crossbow-discuss/attachments/20100325/6189dcc8/attachment.html>
Dan McDonald
2010-Mar-25 17:47 UTC
[crossbow-discuss] [networking-discuss] Using tun interface with dladm and flowadm
On Thu, Mar 25, 2010 at 06:27:48PM +0100, Antoine Benkemoun wrote:> I would like to use flowadm to do some bandwidth management on a tun > interface. The problem is that it is not recognized by the dladm utility. It > appears in *ifconfig -a* but not in *dladm show-link*.Do you mean iptun(7d) that went back in build 125? That should be there. My build 135 system shows it: (0)# dladm show-link LINK CLASS MTU STATE BRIDGE OVER e1000g0 phys 1500 up -- -- iwh0 phys 1500 down -- -- ip.tun0 iptun 1402 up -- -- (0)#> Is this normal ? Did I miss something ?What version are you running again? Are you actually running S10? Or are you talking about some other tun? Dan
Antoine Benkemoun
2010-Mar-25 18:05 UTC
[crossbow-discuss] [networking-discuss] Using tun interface with dladm and flowadm
Hello, Thank you for your quick answer. I am running OpenSolaris 2009.06. I realize that this is not a sufficient answer but I have no idea how to find out what my build is... My login banner displays "snv_111b November 2008". I guess this is an older build. How would I upgrade to a newer build ? Do you know a good tutorial for this ? I installed the Universal Tun/Tap driver from this source : http://vtun.sourceforge.net/tun/. My goal is to use OpenVPN. Is the iptun interface you mention compatible with OpenVPN ? Thank you for your help, Antoine Benkemoun On Thu, Mar 25, 2010 at 6:47 PM, Dan McDonald <danmcd at sun.com> wrote:> On Thu, Mar 25, 2010 at 06:27:48PM +0100, Antoine Benkemoun wrote: > > I would like to use flowadm to do some bandwidth management on a tun > > interface. The problem is that it is not recognized by the dladm utility. > It > > appears in *ifconfig -a* but not in *dladm show-link*. > > Do you mean iptun(7d) that went back in build 125? That should be there. > My > build 135 system shows it: > > (0)# dladm show-link > LINK CLASS MTU STATE BRIDGE OVER > e1000g0 phys 1500 up -- -- > iwh0 phys 1500 down -- -- > ip.tun0 iptun 1402 up -- -- > (0)# > > > Is this normal ? Did I miss something ? > > What version are you running again? Are you actually running S10? Or are > you talking about some other tun? > > Dan >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/crossbow-discuss/attachments/20100325/8366daa8/attachment.html>
Dan McDonald
2010-Mar-25 18:11 UTC
[crossbow-discuss] [networking-discuss] Using tun interface with dladm and flowadm
On Thu, Mar 25, 2010 at 07:05:36PM +0100, Antoine Benkemoun wrote:> Thank you for your quick answer. > > I am running OpenSolaris 2009.06. I realize that this is not a sufficient > answer but I have no idea how to find out what my build is... My login > banner displays "snv_111b November 2008". I guess this is an older build. > How would I upgrade to a newer build ? Do you know a good tutorial for this > ?You reparent your publisher to pkg.opensolaris.org/dev.> I installed the Universal Tun/Tap driver from this source : > http://vtun.sourceforge.net/tun/. My goal is to use OpenVPN. Is the iptun > interface you mention compatible with OpenVPN ?Ahhh yes. That driver is IP-over-SSL, and is not a Generic Lan Driver (GLDv3) device. The iptun driver is merely IP-in-IP, but it does present as a GLDv3 device, so it can be flow-sliced, virtualized, or anything else you want. You can then use ipsecconf(1M) to set up tunnel-mode IPsec on a particular IP-in-IP device. Standard question: What problem are you trying to solve? Dan
Antoine Benkemoun
2010-Mar-25 18:20 UTC
[crossbow-discuss] [networking-discuss] Using tun interface with dladm and flowadm
Ok I understand. I am trying to limit the bandwidth of the users coming out of my OpenVPN VPN. Is this possible with flowadm ? Thanks for your help, Antoine On Thu, Mar 25, 2010 at 7:11 PM, Dan McDonald <danmcd at sun.com> wrote:> On Thu, Mar 25, 2010 at 07:05:36PM +0100, Antoine Benkemoun wrote: > > Thank you for your quick answer. > > > > I am running OpenSolaris 2009.06. I realize that this is not a sufficient > > answer but I have no idea how to find out what my build is... My login > > banner displays "snv_111b November 2008". I guess this is an older build. > > How would I upgrade to a newer build ? Do you know a good tutorial for > this > > ? > > You reparent your publisher to pkg.opensolaris.org/dev. > > > I installed the Universal Tun/Tap driver from this source : > > http://vtun.sourceforge.net/tun/. My goal is to use OpenVPN. Is the > iptun > > interface you mention compatible with OpenVPN ? > > Ahhh yes. > > That driver is IP-over-SSL, and is not a Generic Lan Driver (GLDv3) device. > > The iptun driver is merely IP-in-IP, but it does present as a GLDv3 device, > so it can be flow-sliced, virtualized, or anything else you want. You can > then use ipsecconf(1M) to set up tunnel-mode IPsec on a particular IP-in-IP > device. > > Standard question: What problem are you trying to solve? > > Dan >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/crossbow-discuss/attachments/20100325/b91cd765/attachment.html>
Michael Hunter
2010-Mar-25 18:22 UTC
[crossbow-discuss] [networking-discuss] Using tun interface with dladm and flowadm
On Thu, 25 Mar 2010 19:05:36 +0100 Antoine Benkemoun <antoine.benkemoun at gmail.com> wrote:> Hello, > > Thank you for your quick answer. > > I am running OpenSolaris 2009.06. I realize that this is not a sufficient > answer but I have no idea how to find out what my build is... My login > banner displays "snv_111b November 2008". I guess this is an older build. > How would I upgrade to a newer build ? Do you know a good tutorial for this > ?Look at http://hub.opensolaris.org/bin/view/Main/downloads and scroll down to developer builds. Install a BE with the dev build and experiment with that. If you want to install from scratch you can get cd images from genunix.org.> > I installed the Universal Tun/Tap driver from this source : > http://vtun.sourceforge.net/tun/. My goal is to use OpenVPN. Is the iptun > interface you mention compatible with OpenVPN ?I do not know. Michael> > Thank you for your help, > > Antoine Benkemoun > > On Thu, Mar 25, 2010 at 6:47 PM, Dan McDonald <danmcd at sun.com> wrote: > > > On Thu, Mar 25, 2010 at 06:27:48PM +0100, Antoine Benkemoun wrote: > > > I would like to use flowadm to do some bandwidth management on a tun > > > interface. The problem is that it is not recognized by the dladm utility. > > It > > > appears in *ifconfig -a* but not in *dladm show-link*. > > > > Do you mean iptun(7d) that went back in build 125? That should be there. > > My > > build 135 system shows it: > > > > (0)# dladm show-link > > LINK CLASS MTU STATE BRIDGE OVER > > e1000g0 phys 1500 up -- -- > > iwh0 phys 1500 down -- -- > > ip.tun0 iptun 1402 up -- -- > > (0)# > > > > > Is this normal ? Did I miss something ? > > > > What version are you running again? Are you actually running S10? Or are > > you talking about some other tun? > > > > Dan > >
Dan McDonald
2010-Mar-25 18:25 UTC
[crossbow-discuss] [networking-discuss] Using tun interface with dladm and flowadm
On Thu, Mar 25, 2010 at 07:20:41PM +0100, Antoine Benkemoun wrote:> Ok I understand. > > I am trying to limit the bandwidth of the users coming out of my OpenVPN > VPN. Is this possible with flowadm ?If all of the flows using OpenVPN share the same port (e.g. 443, which is SSL), you can use flowadm and restrict traffic on that port. Dan
Sebastien Roy
2010-Mar-25 18:39 UTC
[crossbow-discuss] [networking-discuss] Using tun interface with dladm and flowadm
On 03/25/10 02:20 PM, Antoine Benkemoun wrote:> I am trying to limit the bandwidth of the users coming out of my OpenVPN > VPN. Is this possible with flowadm ?Can you perhaps create appropriate flows based on your users'' public IP addresses on underlying physical link that packets are arriving on? -Seb
Antoine Benkemoun
2010-Mar-25 18:41 UTC
[crossbow-discuss] [networking-discuss] Using tun interface with dladm and flowadm
I was looking for something a little more complicated. I wanted to allow X Mbps for certain IPs in the VPN. This is why I was thinking about using flowadm on the tun interface. Antoine On Thu, Mar 25, 2010 at 7:25 PM, Dan McDonald <danmcd at sun.com> wrote:> On Thu, Mar 25, 2010 at 07:20:41PM +0100, Antoine Benkemoun wrote: > > Ok I understand. > > > > I am trying to limit the bandwidth of the users coming out of my OpenVPN > > VPN. Is this possible with flowadm ? > > If all of the flows using OpenVPN share the same port (e.g. 443, which is > SSL), you can use flowadm and restrict traffic on that port. > > Dan >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/crossbow-discuss/attachments/20100325/f477ca3a/attachment-0001.html>
Antoine Benkemoun
2010-Mar-25 18:43 UTC
[crossbow-discuss] [networking-discuss] Using tun interface with dladm and flowadm
Good idea ! My problem is allowing each client to have X Mbps. The IPs are random so I can''t base any rules on them. Would flowadm allow me to specify "X Mbps for each IP connecting to port 443" ? Thanks, Antoine On Thu, Mar 25, 2010 at 7:39 PM, Sebastien Roy <sebastien.roy at oracle.com>wrote:> On 03/25/10 02:20 PM, Antoine Benkemoun wrote: > >> I am trying to limit the bandwidth of the users coming out of my OpenVPN >> VPN. Is this possible with flowadm ? >> > > Can you perhaps create appropriate flows based on your users'' public IP > addresses on underlying physical link that packets are arriving on? > > -Seb >-------------- next part -------------- An HTML attachment was scrubbed... URL: <http://mail.opensolaris.org/pipermail/crossbow-discuss/attachments/20100325/be73cb0e/attachment.html>
Sebastien Roy
2010-Mar-25 19:59 UTC
[crossbow-discuss] [networking-discuss] Using tun interface with dladm and flowadm
On 03/25/10 02:43 PM, Antoine Benkemoun wrote:> Good idea ! My problem is allowing each client to have X Mbps. The IPs > are random so I can''t base any rules on them. > > Would flowadm allow me to specify "X Mbps for each IP connecting to port > 443" ?No, each flow would need to be specified using a specific IP address (see the the "add-flow" and "Flow Attributes" sections of flowadm(1M)). The creation of a flow associated with a specific VPN "connection" (identified by a specific client public IP address) would need to be done dynamically somehow by your infrastructure. -Seb