Re: Bug in MACSec - stops passing traffic after approx 5TB

I see it reusing SAs, so I'm good. Joshua Coombs On Wed, Oct 17, 2018 at 9:45 AM Josh Coombs wrote: > > I've got wpa_supplicant working with macsec on Fedora, my test bed has > shuffled 16 billion packets so far without interruption. I am a bit > concerned that I'

Re: Bug in MACSec - stops passing traffic after approx 5TB

and RX, it appears to negotiate a new pair every 3 to 3.5 billion packets. It doesn't appear to be ripping down old SAs. What happens when available SA slots run out? Joshua Coombs GWI office 207-494-2140 www.gwi.net On Mon, Oct 15, 2018 at 11:45 AM Josh Coombs wrote: > > And confi

Re: Bug in MACSec - stops passing traffic after approx 5TB

ven't tested Gentoo's ebuilds yet to see if they do. Josh Coombs On Sun, Oct 14, 2018 at 4:52 PM Josh Coombs wrote: > > On Sun, Oct 14, 2018 at 4:24 PM Sabrina Dubroca wrote: > > > > 2018-10-14, 10:59:31 -0400, Josh Coombs wrote: > > > I initially mistook t

Re: Bug in MACSec - stops passing traffic after approx 5TB

On Sun, Oct 14, 2018 at 4:24 PM Sabrina Dubroca wrote: > > 2018-10-14, 10:59:31 -0400, Josh Coombs wrote: > > I initially mistook this for a traffic control issue, but after > > stripping the test beds down to just the MACSec component, I can still > > replicate the iss

Bug in MACSec - stops passing traffic after approx 5TB

port 1 sa 0 pn 1 on key 01 "$rxkey" ip link set "$eif" type macsec encrypt on # Bring up the interfaces: echo "* Light tunnel NICS" ip link set "$dif" up ip link set "$eif" up # Set IP ifconfig $eif 192.168.211.1/30 Once you can ping across th

Re: Possible bug in traffic control?

set "$dif" up ip link set "$eif" up # Set IP ifconfig $eif 192.168.211.1/30 echo " --=[ MACSec Up ]=--" On Thu, Oct 11, 2018 at 10:05 AM Josh Coombs wrote: > > I'm actually leaning towards macsec now. I'm at 6TB transferred in a > double hop, no ma

Re: Possible bug in traffic control?

trip the issue there.That should determine if it's macsec itself, or an interaction between macsec and traffic control. Joshua Coombs GWI office 207-494-2140 www.gwi.net On Wed, Oct 10, 2018 at 12:39 PM Cong Wang wrote: > > On Wed, Oct 10, 2018 at 8:54 AM Josh Coombs wrote:

Re: Possible bug in traffic control?

u32 to matchall didn't change the performance. Going back to the four machine test bed, again removing macsec and just bridging through radically decreased the throughput to around 8Mbits. Flip on macsec for the bridge and 1.3Gbits? On Tue, Oct 9, 2018 at 11:58 AM Josh Coombs wrote: > >

Possible bug in traffic control?

ll \ u32 match u8 0 0 \ action mirred egress mirror dev "$eif" # eif to sif tc qdisc add dev "$eif" ingress tc filter add dev "$eif" parent : \ protocol all \ u32 match u8 0 0 \ action mirred egress mirror dev "$sif" # Bring up the interfaces: echo "* Light tunnel NICS" ip link set "$sif" up ip link set "$dif" up ip link set "$eif" up echo " --=[ MACSec Up ]=--" --- Josh Coombs