From owner-freebsd-net@FreeBSD.ORG Thu Jun 10 14:02:16 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id A0B231065673 for ; Thu, 10 Jun 2010 14:02:16 +0000 (UTC) (envelope-from freebsd-net@m.gmane.org) Received: from lo.gmane.org (lo.gmane.org [80.91.229.12]) by mx1.freebsd.org (Postfix) with ESMTP id 2AED18FC1A for ; Thu, 10 Jun 2010 14:02:15 +0000 (UTC) Received: from list by lo.gmane.org with local (Exim 4.69) (envelope-from ) id 1OMiKk-0004O3-Ac for freebsd-net@freebsd.org; Thu, 10 Jun 2010 16:02:14 +0200 Received: from lara.cc.fer.hr ([161.53.72.113]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 10 Jun 2010 16:02:14 +0200 Received: from ivoras by lara.cc.fer.hr with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Thu, 10 Jun 2010 16:02:14 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-net@freebsd.org connect(): No such file or directory From: Ivan Voras Date: Thu, 10 Jun 2010 16:02:06 +0200 Lines: 64 Message-ID: References: Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit X-Complaints-To: usenet@dough.gmane.org X-Gmane-NNTP-Posting-Host: lara.cc.fer.hr User-Agent: Mozilla/5.0 (X11; U; FreeBSD amd64; en-US; rv:1.9.1.9) Gecko/20100518 Thunderbird/3.0.4 In-Reply-To: X-Enigmail-Version: 1.0.1 Subject: Re: VLANs, routing, multicast and HP switches, oh my... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 10 Jun 2010 14:02:16 -0000 On 06/09/10 22:35, Kurt Buff wrote: > All, > > I have in place a router that I built with FreeBSD (currently it's an > i386 build - 7.0-STABLE FreeBSD 7.0-STABLE #1: Mon Jul 28 18:59:13 PDT > 2008) on a whitebox with 3 dual-port NICs. > > the relevant data from /etc/rc.conf: > > defaultrouter="192.168.27.1" > gateway_enable="YES" > hostname="zrouter.example.com" > ifconfig_fxp0="inet 192.168.27.2 netmask 255.255.255.0" > ifconfig_fxp1="inet 10.0.0.1 netmask 255.255.255.0" > ifconfig_fxp2="inet 10.0.1.1 netmask 255.255.255.0" > ifconfig_fxp3="inet 10.0.2.1 netmask 255.255.255.0" > ifconfig_fxp4="inet 10.0.3.1 netmask 255.255.255.0" > ifconfig_fxp5="inet 10.0.4.1 netmask 255.255.255.0" > static_routes="nistnet" > route_nistnet="-net 10.0.5.0/24 10.0.4.60" > > It serves as a gateway between our production network > (192.168.27.0/24) and a set of engineering test/dev subnets - no > firewalling at the moment, just a simple router. Straightforward enough. > Now, however, the subnet on fxp4 is going to have an HP 2610 switch > attached to it, and they want to hang multiple subnets from that > interface. ... which doesn't necessarily translate to VLANs. You can assign an arbitrary number IP addresses to a single NIC without problems. > So, it looks to me as if I need to set up this box with a VLAN > configuration and some more routing intelligence than it has at the > moment. > > I'm looking at, among other pages, this one > http://www.cyberciti.biz/faq/howto-configure-freebsd-vlans-with-ifconfig-command/, > though I don't see much addressing these two subjects in the handbook. There's not much to say on the topic. The section which describes VLAN setup in the link you have given is correct. Each new virtual vlan device will behave as another NIC. The story behind VLANs is that they are an Ethernet-level routing kludge. Instead of having a flat topology, they divide it into chunks which may be routed separately on L2. On the FreeBSD side, the representation of this will be additional NICs which operate only on these "chunks" - virtual Ethernets which don't see packets from other VLANs even if they travel on the same wire(s). The physical NIC will need to "see" all packets indiscriminately (which is sometimes called a "trunk"), and the OS logic will then "divide" those packets into individual virtual vlan devices. Note that if you use VLANs, all active equipment involved will probably need to be able to understand and work with VLANs, and you will need to configure them all. To be able to use generic Ethernet clients (like Windows with low-end NICs), some kind of end-point equipment will need to strip VLAN tags before the packets reach them. But as I've said, maybe you don't need VLANs. Simply hang multiple IP subnets on normal Ethernet NICs.