From owner-freebsd-net@FreeBSD.ORG Sat Jun 12 21:22:53 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 42AF11065670 for ; Sat, 12 Jun 2010 21:22:53 +0000 (UTC) (envelope-from kurt.buff@gmail.com) Received: from mail-iw0-f182.google.com (mail-iw0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 0B0E08FC14 for ; Sat, 12 Jun 2010 21:22:52 +0000 (UTC) Received: by iwn7 with SMTP id 7so3211327iwn.13 for ; Sat, 12 Jun 2010 14:22:52 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:received:in-reply-to :references:date:message-id:subject:from:to:content-type; bh=IguAlHlC82KW4d7Ls/t7jWZbSYGms4BzSEwSmPidCnc=; b=FIvgNCHOgEu55CppnFKeh/2JktbzxKLZiQP6Q/46eVKDN2K97X+TAedPwRFpR3BJdB vWUvf4RKvhdyN8Ie3ExXWqPl1sLbYCKmPOitVdMQklEEnaDRUTQodAwkpIP9o7iPdQTY YJaF3fU0iJ6chIKHAAYFiNqHM87DzeVYe7UtA= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=GvIu1KAWx2PKwJ0gOIaz2VovIWkuaUuLh5wgmYQs34swI3I0OZvhIFHms7LSPYCLfd XGiAdVktkMto4XNbpH0wHKFi5/BYRTd7fYa33gGZHNBExDnQubU6VKRHx6/2rT+MLaw2 U8/r68I98a8XkCEztH2t3HwZXXaj8RcHiNVqY= MIME-Version: 1.0 Received: by 10.231.124.229 with SMTP id v37mr3344028ibr.184.1276377772269; Sat, 12 Jun 2010 14:22:52 -0700 (PDT) Received: by 10.231.38.8 with HTTP; Sat, 12 Jun 2010 14:22:52 -0700 (PDT) In-Reply-To: References: Date: Sat, 12 Jun 2010 14:22:52 -0700 Message-ID: From: Kurt Buff To: freebsd-net@freebsd.org Content-Type: text/plain; charset=UTF-8 Subject: Re: VLANs, routing, multicast and HP switches, oh my... X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 12 Jun 2010 21:22:53 -0000 On Thu, Jun 10, 2010 at 07:02, Ivan Voras wrote: > On 06/09/10 22:35, Kurt Buff wrote: >> All, >> Now, however, the subnet on fxp4 is going to have an HP 2610 switch >> attached to it, and they want to hang multiple subnets from that >> interface. > > ... which doesn't necessarily translate to VLANs. You can assign an > arbitrary number IP addresses to a single NIC without problems. True - but they are apparently going to be simulating hundreds of machines on two subnets, as I found out a day later. Sorry for the late reply - been slammed at work. >> So, it looks to me as if I need to set up this box with a VLAN >> configuration and some more routing intelligence than it has at the >> moment. >> >> I'm looking at, among other pages, this one >> http://www.cyberciti.biz/faq/howto-configure-freebsd-vlans-with-ifconfig-command/, >> though I don't see much addressing these two subjects in the handbook. > > There's not much to say on the topic. The section which describes VLAN > setup in the link you have given is correct. Each new virtual vlan > device will behave as another NIC. Good to know. Thanks for that. > The story behind VLANs is that they are an Ethernet-level routing > kludge. Instead of having a flat topology, they divide it into chunks > which may be routed separately on L2. Yep - do that with my HP switches in the rest of the environment. > On the FreeBSD side, the > representation of this will be additional NICs which operate only on > these "chunks" - virtual Ethernets which don't see packets from other > VLANs even if they travel on the same wire(s). The physical NIC will > need to "see" all packets indiscriminately (which is sometimes called a > "trunk"), and the OS logic will then "divide" those packets into > individual virtual vlan devices. Note that if you use VLANs, all active > equipment involved will probably need to be able to understand and work > with VLANs, and you will need to configure them all. To be able to use > generic Ethernet clients (like Windows with low-end NICs), some kind of > end-point equipment will need to strip VLAN tags before the packets > reach them. > > But as I've said, maybe you don't need VLANs. Simply hang multiple IP > subnets on normal Ethernet NICs. Again - they'll be putting up to 200 busy machines on each subnet. It seems reasonable to limit the broadcast domains with VLANs. Thanks for the feedback. Kurt