[9fans] auth server with two NICs

[9fans] auth server with two NICs

[Akshat Kumar]

I have an auth server with two cards,
ether0 and ether1; it's connected to
an fs server on ether1 and a public
network on ether0 - it has to get root
from the fs server:

root is from il -g 192.168.100.1 ether /net/ether1 192.168.100.2 255.255.255.0

in /cfg/$sys/cpurc, I have the following:

ip/ipconfig -g 192.168.2.1 ether /net/ether0 192.168.2.141 255.255.255.0
ip/ipconfig -g 192.168.100.1 ether /net/ether1 192.168.100.2 255.255.255.0

I get the root fs just fine, and I can ping
nodes on both networks (fs on the fs net,
my laptop on the public net) just fine.

now, I have one concern and one problem -
the concern: only ether0 is bound into /net,
ether1 doesn't show up in there.
the problem: dns on the public network
doesn't work - I get dns failure when trying
to resolve google.com, for example - I have
described both networks as separate ipnets
in /lib/ndb/local, with a specification of dns
for the public network, but it doesn't seem
to take effect.

Is there some more proper way of dealing
with this? Anything I obvious that I might
be doing wrong?


Thanks,
ak

Re: [9fans] auth server with two NICs

[erik quanstrom]

> now, I have one concern and one problem -
> the concern: only ether0 is bound into /net,
> ether1 doesn't show up in there.

you need to add it to /lib/namespace.$node.
you also need to do the bind by hand in cpurc.

- erik

Re: [9fans] auth server with two NICs

[Akshat Kumar]

also, I should add that I cannot ping outside of the
local network, on the card attached to the public
network, even if I specify IP. so... there's some
problem in the setup here, it seems.

On Wed, Jul 21, 2010 at 12:58 AM, Akshat Kumar
<akumar@mail.nanosouffle.net> wrote:
> I have an auth server with two cards,
> ether0 and ether1; it's connected to
> an fs server on ether1 and a public
> network on ether0 - it has to get root
> from the fs server:
>
> root is from il -g 192.168.100.1 ether /net/ether1 192.168.100.2 255.255.255.0
>
> in /cfg/$sys/cpurc, I have the following:
>
> ip/ipconfig -g 192.168.2.1 ether /net/ether0 192.168.2.141 255.255.255.0
> ip/ipconfig -g 192.168.100.1 ether /net/ether1 192.168.100.2 255.255.255.0
>
> I get the root fs just fine, and I can ping
> nodes on both networks (fs on the fs net,
> my laptop on the public net) just fine.
>
> now, I have one concern and one problem -
> the concern: only ether0 is bound into /net,
> ether1 doesn't show up in there.
> the problem: dns on the public network
> doesn't work - I get dns failure when trying
> to resolve google.com, for example - I have
> described both networks as separate ipnets
> in /lib/ndb/local, with a specification of dns
> for the public network, but it doesn't seem
> to take effect.
>
> Is there some more proper way of dealing
> with this? Anything I obvious that I might
> be doing wrong?
>
>
> Thanks,
> ak
>

Re: [9fans] auth server with two NICs

[Akshat Kumar]

I put a bind in /rc/bin/cpurc.local,
but why the need to also put one
in /lib/namespace.$sysname?

On Wed, Jul 21, 2010 at 5:38 AM, erik quanstrom <quanstro@quanstro.net> wrote:
>> now, I have one concern and one problem -
>> the concern: only ether0 is bound into /net,
>> ether1 doesn't show up in there.
>
> you need to add it to /lib/namespace.$node.
> you also need to do the bind by hand in cpurc.
>
> - erik
>
>

Re: [9fans] auth server with two NICs

[Akshat Kumar]

oxen# cat /net/ndb
ip=192.168.100.2 ipmask=/120 ipgw=192.168.100.1

the IP for the public network isn't even
shown here...

I think the information in /net/ndb is
directly from

bootargs=il -g 192.168.100.1 ether /net/ether1 192.168.100.2 255.255.255.0

in plan9.ini

Re: [9fans] auth server with two NICs

[erik quanstrom]

On Wed Jul 21 12:13:20 EDT 2010, akumar@mail.nanosouffle.net wrote:
> I put a bind in /rc/bin/cpurc.local,
> but why the need to also put one
> in /lib/namespace.$sysname?

because /lib/namespace is used by cpu to
construct a namespace from scratch.
cpu does not use the namespace of the
process group running on the console as
a basis for new namespaces.

- erik

Re: [9fans] auth server with two NICs

[Akshat Kumar]

the following bootargs line:

bootargs=il -x /net.alt -g 192.168.100.1 ether /net.alt/ether0
192.168.100.2 255.255.255.0

gives the following startup error:

boot: bind #I: %r
: '/net/net.alt': does not exist

what's the proper way to bind the interface from which I get root,
into /net.alt?

Re: [9fans] auth server with two NICs

[Akshat Kumar]

the real problem I'm having is that in the process
of getting its root fs, the auth server associates
#I with #l; I would like for it to associate #I1 with
#l instead. If I switch ether0 and ether1 around,
it will associate #I with #l1, but in that case, I
would like #I1 to be associated with #l1... so
this problem persists no matter what. Any
setup suggestions? how do people usually
handle multiple networks on multiple interfaces?

with the current setup, I'd have to start all my
listeners on /net.alt, where #I1 is bound, but
that seems messier than just fixing one thing.


On Wed, Jul 21, 2010 at 2:50 PM, Akshat Kumar
<akumar@mail.nanosouffle.net> wrote:
> the following bootargs line:
>
> bootargs=il -x /net.alt -g 192.168.100.1 ether /net.alt/ether0
> 192.168.100.2 255.255.255.0
>
> gives the following startup error:
>
> boot: bind #I: %r
> : '/net/net.alt': does not exist
>
> what's the proper way to bind the interface from which I get root,
> into /net.alt?
>

Re: [9fans] auth server with two NICs

[Akshat Kumar]

I ended up doing:

bind -b '#l1' /net
bind -b '#I1' /net

so that the public network is
what's used by default... but
in plan9.ini, I have:

fs=192.168.100.1
auth=192.168.100.2

where 192.168.100.2 is the IP
of the CPU/Auth server on the
internal network, so whenever
anything (say, auth/factotum)
looks for $auth, it can't connect
to 192.168.100.2... is there any
way to setup this multi-network
multi-stack crap, so it isn't so
messy??

On Wed, Jul 21, 2010 at 3:01 PM, Akshat Kumar
<akumar@mail.nanosouffle.net> wrote:
> the real problem I'm having is that in the process
> of getting its root fs, the auth server associates
> #I with #l; I would like for it to associate #I1 with
> #l instead. If I switch ether0 and ether1 around,
> it will associate #I with #l1, but in that case, I
> would like #I1 to be associated with #l1... so
> this problem persists no matter what. Any
> setup suggestions? how do people usually
> handle multiple networks on multiple interfaces?
>
> with the current setup, I'd have to start all my
> listeners on /net.alt, where #I1 is bound, but
> that seems messier than just fixing one thing.
>
>
> On Wed, Jul 21, 2010 at 2:50 PM, Akshat Kumar
> <akumar@mail.nanosouffle.net> wrote:
>> the following bootargs line:
>>
>> bootargs=il -x /net.alt -g 192.168.100.1 ether /net.alt/ether0
>> 192.168.100.2 255.255.255.0
>>
>> gives the following startup error:
>>
>> boot: bind #I: %r
>> : '/net/net.alt': does not exist
>>
>> what's the proper way to bind the interface from which I get root,
>> into /net.alt?
>>
>

Re: [9fans] auth server with two NICs

[Akshat Kumar]

if I have an 'internal' stack and interface bound to
/net.alt and an 'external stack' and interface bound
to /net, I get quite a lot of packet loss when trying
to ping the computer from another computer on the
external network... even drawterm is much more
lagging. Any ideas on what could be the cause of this?


Thanks,
ak

Re: [9fans] auth server with two NICs

[erik quanstrom]

On Thu Jul 22 13:26:51 EDT 2010, akumar@mail.nanosouffle.net wrote:
> if I have an 'internal' stack and interface bound to
> /net.alt and an 'external stack' and interface bound
> to /net, I get quite a lot of packet loss when trying
> to ping the computer from another computer on the
> external network... even drawterm is much more
> lagging. Any ideas on what could be the cause of this?

a bad network?

- erik

Re: [9fans] auth server with two NICs

[Akshat Kumar]

On Thu, Jul 22, 2010 at 10:30 AM, erik quanstrom <quanstro@quanstro.net> wrote:
> a bad network?

I thought so at first, but if instead of using separate /net and /net.alt
mountpoints for the two networks, I simply, as I said before,

bind -b '#l1' /net
bind -b '#I1' /net

and start auth service, etc., afterwards (so that they start only on
the external interface), then from testing last night, there is no such
lag in drawterm or dropped packets on ping. now, it could just be
the timing of things (like, when I tested, etc.)... but if I drawterm to
a remote network, it's *much* faster, and pinging around to other
things doesn't cause dropped packets.

So, I'm lead to believe that the problem is in a configuration of
two network interfaces, where the default is the internal network,
which is bound to /net, and the external network is bound to /net.alt
is there some reason or way that incoming calls could be confused,
or it might take time for the server to find the right place to reply
from? I dunno... but the performance is killing me.

Re: [9fans] auth server with two NICs

[Akshat Kumar]

nevermind, it's the network... or hardware...

I tried just the very basic setup at the top of

http://www.9grid.fr/www.9grid.fr/wiki/plan9/Drawterm_to_your_terminal/

and I get the same poor performance. network
sux!

On Thu, Jul 22, 2010 at 10:55 AM, Akshat Kumar
<akumar@mail.nanosouffle.net> wrote:
> On Thu, Jul 22, 2010 at 10:30 AM, erik quanstrom <quanstro@quanstro.net> wrote:
>> a bad network?
>
> I thought so at first, but if instead of using separate /net and /net.alt
> mountpoints for the two networks, I simply, as I said before,
>
> bind -b '#l1' /net
> bind -b '#I1' /net
>
> and start auth service, etc., afterwards (so that they start only on
> the external interface), then from testing last night, there is no such
> lag in drawterm or dropped packets on ping. now, it could just be
> the timing of things (like, when I tested, etc.)... but if I drawterm to
> a remote network, it's *much* faster, and pinging around to other
> things doesn't cause dropped packets.
>
> So, I'm lead to believe that the problem is in a configuration of
> two network interfaces, where the default is the internal network,
> which is bound to /net, and the external network is bound to /net.alt
> is there some reason or way that incoming calls could be confused,
> or it might take time for the server to find the right place to reply
> from? I dunno... but the performance is killing me.
>