From owner-svn-doc-projects@FreeBSD.ORG Sun May 19 00:23:56 2013 Return-Path: Delivered-To: svn-doc-projects@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id E260B3CF; Sun, 19 May 2013 00:23:56 +0000 (UTC) (envelope-from dru@FreeBSD.org) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) by mx1.freebsd.org (Postfix) with ESMTP id D2FAEAFF; Sun, 19 May 2013 00:23:56 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.6/8.14.6) with ESMTP id r4J0NuWf099779; Sun, 19 May 2013 00:23:56 GMT (envelope-from dru@svn.freebsd.org) Received: (from dru@localhost) by svn.freebsd.org (8.14.6/8.14.5/Submit) id r4J0Nugl099778; Sun, 19 May 2013 00:23:56 GMT (envelope-from dru@svn.freebsd.org) Message-Id: <201305190023.r4J0Nugl099778@svn.freebsd.org> From: Dru Lavigne Date: Sun, 19 May 2013 00:23:56 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-projects@freebsd.org Subject: svn commit: r41669 - projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/advanced-networking X-SVN-Group: doc-projects MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-projects@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: SVN commit messages for doc projects trees List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 19 May 2013 00:23:57 -0000 Author: dru Date: Sun May 19 00:23:56 2013 New Revision: 41669 URL: http://svnweb.freebsd.org/changeset/doc/41669 Log: This patch addresses the following: - fix "file system" - fix acronyms - change command/app tags to entities as needed - grammar tightening - Etherboot section removed as the port is on ignore (i386 only) - ISDN section removed as no longer in base or ports This will be followed by a subsequent white space fix. Approved by: bcr (mentor) Modified: projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml Modified: projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml ============================================================================== --- projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml Sun May 19 00:06:03 2013 (r41668) +++ projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml Sun May 19 00:23:56 2013 (r41669) @@ -38,7 +38,7 @@ How to set up network PXE booting with an - NFS root filesystem. + NFS root file system. @@ -46,7 +46,7 @@ - How to set up IPv6 on a &os; machine. + How to set up IPv6 on a &os; machine. @@ -3117,20 +3117,21 @@ rfcomm_sppd[94692]: Starting on /dev/tty Introduction - IP subnet + IP subnet bridge - It is sometimes useful to divide one physical network - (such as an Ethernet segment) into two separate network - segments without having to create IP subnets and use a router + It is sometimes useful to divide one physical network, + such as an Ethernet segment, into two separate network + segments without having to create IP + subnets and use a router to connect the segments together. A device that connects two networks together in this fashion is called a bridge. A &os; system with two network interface cards can act as a bridge. - The bridge works by learning the MAC layer addresses - (Ethernet addresses) of the devices on each of its network + The bridge works by learning the MAC + layer (Ethernet) addresses of the devices on each of its network interfaces. It forwards traffic between two networks only - when its source and destination are on different + when the source and destination are on different networks. In many respects, a bridge is like an Ethernet switch with @@ -3149,8 +3150,8 @@ rfcomm_sppd[94692]: Starting on /dev/tty The basic operation of a bridge is to join two or more network segments together. There are many reasons to use a host based bridge over plain networking equipment such as - cabling constraints, firewalling or connecting pseudo - networks such as a Virtual Machine interface. A bridge can + cabling constraints, firewalling, or connecting pseudo + networks such as a virtual machine interface. A bridge can also connect a wireless interface running in hostap mode to a wired network and act as an access point. @@ -3162,51 +3163,60 @@ rfcomm_sppd[94692]: Starting on /dev/tty NAT A common situation is where firewall functionality is - needed without routing or network address translation - (NAT). + needed without routing or Network Address Translation + (NAT). - An example is a small company that is connected via DSL - or ISDN to their ISP. They have a 13 globally-accessible IP - addresses from their ISP and have 10 PCs on their network. + An example is a small company that is connected via + DSL + or ISDN to an ISP. + There are thirteen globally-accessible IP + addresses from the ISP and ten computers + on the network. In this situation, using a router-based firewall is difficult because of subnetting issues. router - DSL - ISDN + DSL + ISDN A bridge-based firewall can be configured and dropped - into the path just downstream of their DSL/ISDN router - without any IP numbering issues. + into the path just downstream of the DSL + or ISDN router + without any IP numbering issues. Network Tap A bridge can join two network segments and be used to - inspect all Ethernet frames that pass between them. This - can either be from using &man.bpf.4;/&man.tcpdump.1; on the + inspect all Ethernet frames that pass between them using + &man.bpf.4; and &man.tcpdump.1; on the bridge interface or by sending a copy of all frames out an - additional interface (span port). + additional interface known as a span port. - Layer 2 VPN + Layer 2 <acronym>VPN</acronym> - Two Ethernet networks can be joined across an IP link by + Two Ethernet networks can be joined across an + IP link by bridging the networks to an EtherIP tunnel or a &man.tap.4; - based solution such as OpenVPN. + based solution such as + OpenVPN. Layer 2 Redundancy A network can be connected together with multiple links - and use the Spanning Tree Protocol to block redundant paths. - For an Ethernet network to function properly only one active - path can exist between two devices, Spanning Tree will + and use the Spanning Tree Protocol STP + to block redundant paths. + For an Ethernet network to function properly, only one active + path can exist between two devices. STP + will detect loops and put the redundant links into a blocked - state. Should one of the active links fail then the - protocol will calculate a different tree and reenable one of + state. Should one of the active links fail, + STP will calculate a different tree and + enable one of the blocked paths to restore connectivity to all points in the network. @@ -3215,15 +3225,16 @@ rfcomm_sppd[94692]: Starting on /dev/tty Kernel Configuration - This section covers &man.if.bridge.4; bridge - implementation, a netgraph bridging driver is also available, - for more information see &man.ng.bridge.4; manual page. + This section covers the &man.if.bridge.4; + implementation. A netgraph bridging driver is also available, + and is described in &man.ng.bridge.4;. - The bridge driver is a kernel module and will be + In &os;, &man.if.bridge.4; is a kernel module which is automatically loaded by &man.ifconfig.8; when creating a - bridge interface. It is possible to compile the bridge in to + bridge interface. It is also possible to compile the bridge + in to the kernel by adding device if_bridge to - your kernel configuration file. + a custom kernel configuration file. Packet filtering can be used with any firewall package that hooks in via the &man.pfil.9; framework. The firewall @@ -3237,9 +3248,7 @@ rfcomm_sppd[94692]: Starting on /dev/tty Enabling the Bridge The bridge is created using interface cloning. To create - a bridge use &man.ifconfig.8;, if the bridge driver is not - present in the kernel then it will be loaded - automatically. + a bridge use &man.ifconfig.8;: &prompt.root; ifconfig bridge create bridge0 @@ -3250,16 +3259,18 @@ bridge0: flags=8802<BROADCAST,SIMPLEX maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200 root id 00:00:00:00:00:00 priority 0 ifcost 0 port 0 - A bridge interface is created and is automatically + When a bridge interface is created, it is automatically assigned a randomly generated Ethernet address. The maxaddr and timeout - parameters control how many MAC addresses the bridge will keep + parameters control how many MAC addresses + the bridge will keep in its forwarding table and how many seconds before each entry is removed after it is last seen. The other parameters - control how Spanning Tree operates. + control how STP operates. - Add the member network interfaces to the bridge. For the - bridge to forward packets all member interfaces and the bridge + Next, add the member network interfaces to the bridge. + For the + bridge to forward packets, all member interfaces and the bridge need to be up: &prompt.root; ifconfig bridge0 addm fxp0 addm fxp1 up @@ -3268,23 +3279,25 @@ bridge0: flags=8802<BROADCAST,SIMPLEX The bridge is now forwarding Ethernet frames between fxp0 and - fxp1. The equivalent configuration - in /etc/rc.conf so the bridge is created - at startup is: + fxp1. Add the following lines to + /etc/rc.conf so the bridge is created + at startup: cloned_interfaces="bridge0" ifconfig_bridge0="addm fxp0 addm fxp1 up" ifconfig_fxp0="up" ifconfig_fxp1="up" - If the bridge host needs an IP address then the correct + If the bridge host needs an IP + address, the correct place to set this is on the bridge interface itself rather than one of the member interfaces. This can be set statically - or via DHCP: + or via DHCP: &prompt.root; ifconfig bridge0 inet 192.168.0.1/24 - It is also possible to assign an IPv6 address to a bridge + It is also possible to assign an IPv6 + address to a bridge interface. @@ -3294,14 +3307,15 @@ ifconfig_fxp1="up" firewall When packet filtering is enabled, bridged packets will - pass through the filter inbound on the originating interface, - on the bridge interface and outbound on the appropriate + pass through the filter inbound on the originating interface + on the bridge interface, and outbound on the appropriate interfaces. Either stage can be disabled. When direction of - the packet flow is important it is best to firewall on the + the packet flow is important, it is best to firewall on the member interfaces rather than the bridge itself. The bridge has several configurable settings for passing - non-IP and ARP packets, and layer2 firewalling with IPFW. See + non-IP and IP packets, + and layer2 firewalling with &man.ipfw.8;. See &man.if.bridge.4; for more information. @@ -3309,21 +3323,26 @@ ifconfig_fxp1="up" Spanning Tree The bridge driver implements the Rapid Spanning Tree - Protocol (RSTP or 802.1w) with backwards compatibility with - the legacy Spanning Tree Protocol (STP). Spanning Tree is - used to detect and remove loops in a network topology. RSTP - provides faster Spanning Tree convergence than legacy STP, the + Protocol (RSTP or 802.1w) with backwards + compatibility with + legacy STP. STP is + used to detect and remove loops in a network topology. + RSTP + provides faster convergence than legacy STP, + the protocol will exchange information with neighbouring switches to quickly transition to forwarding without creating loops. - &os; supports RSTP and STP as operating modes, with RSTP + &os; supports RSTP and STP + as operating modes, with RSTP being the default mode. - Spanning Tree can be enabled on member interfaces using - the stp command. For a bridge with + STP can be enabled on member interfaces + using + &man.ifconfig.8;. For a bridge with fxp0 and fxp1 as the current interfaces, - enable STP with the following: + enable STP with: &prompt.root; ifconfig bridge0 stp fxp0 stp fxp1 bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 @@ -3341,10 +3360,10 @@ bridge0: flags=8843<UP,BROADCAST,RUNN This bridge has a spanning tree ID of 00:01:02:4b:d4:50 and a priority of 32768. As the root id - is the same it indicates that this is the root bridge for the + is the same, it indicates that this is the root bridge for the tree. - Another bridge on the network also has spanning tree + Another bridge on the network also has STP enabled: bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 @@ -3361,8 +3380,8 @@ bridge0: flags=8843<UP,BROADCAST,RUNN The line root id 00:01:02:4b:d4:50 priority 32768 ifcost 400000 port 4 shows that the root bridge is - 00:01:02:4b:d4:50 as above and has a path - cost of 400000 from this bridge, the path + 00:01:02:4b:d4:50 and has a path + cost of 400000 from this bridge. The path to the root bridge is via port 4 which is fxp0. @@ -3374,7 +3393,7 @@ bridge0: flags=8843<UP,BROADCAST,RUNN Reconstruct Traffic Flows The bridge supports monitor mode, where the packets are - discarded after &man.bpf.4; processing, and are not + discarded after &man.bpf.4; processing and are not processed or forwarded further. This can be used to multiplex the input of two or more interfaces into a single &man.bpf.4; stream. This is useful for reconstructing the @@ -3393,8 +3412,8 @@ bridge0: flags=8843<UP,BROADCAST,RUNN A copy of every Ethernet frame received by the bridge will be transmitted out a designated span port. The number - of span ports configured on a bridge is unlimited, if an - interface is designated as a span port then it may not also + of span ports configured on a bridge is unlimited, but if an + interface is designated as a span port, it cannot also be used as a regular bridge port. This is most useful for snooping a bridged network passively on another host connected to one of the span ports of the bridge. @@ -3411,49 +3430,54 @@ bridge0: flags=8843<UP,BROADCAST,RUNN A private interface does not forward any traffic to any other port that is also a private interface. The traffic is blocked unconditionally so no Ethernet frames will be - forwarded, including ARP. If traffic needs to be - selectively blocked then a firewall should be used + forwarded, including ARP. If traffic + needs to be + selectively blocked, a firewall should be used instead. Sticky Interfaces - If a bridge member interface is marked as sticky then + If a bridge member interface is marked as sticky, dynamically learned address entries are treated at static once entered into the forwarding cache. Sticky entries are never aged out of the cache or replaced, even if the address is seen on a different interface. This gives the benefit of static address entries without the need to pre-populate the - forwarding table, clients learnt on a particular segment of + forwarding table. Clients learned on a particular segment of the bridge can not roam to another segment. - Another example of using sticky addresses would be to - combine the bridge with VLANs to create a router where - customer networks are isolated without wasting IP address + Another example of using sticky addresses is to + combine the bridge with VLANs to create + a router where + customer networks are isolated without wasting + IP address space. Consider that CustomerA is on vlan100 and CustomerB is on vlan101. The bridge has the address 192.168.0.1 and is also an - internet router. + Internet router. &prompt.root; ifconfig bridge0 addm vlan100 sticky vlan100 addm vlan101 sticky vlan101 &prompt.root; ifconfig bridge0 inet 192.168.0.1/24 - Both clients see + In this example, both clients see 192.168.0.1 as their default - gateway and since the bridge cache is sticky they can not - spoof the MAC address of the other customer to intercept + gateway. Since the bridge cache is sticky, one host can not + spoof the MAC address of the other + customer in order to intercept their traffic. - Any communication between the VLANs can be blocked using - private interfaces (or a firewall): + Any communication between the VLANs + can be blocked using a firewall or, as seen in this example, + private interfaces: &prompt.root; ifconfig bridge0 private vlan100 private vlan101 - The customers are completely isolated from each other, + The customers are completely isolated from each other and the full /24 address range can be allocated without subnetting. @@ -3461,52 +3485,57 @@ bridge0: flags=8843<UP,BROADCAST,RUNN Address Limits - The number of unique source MAC addresses behind an - interface can be limited. Once the limit is reached packets + The number of unique source MAC + addresses behind an + interface can be limited. Once the limit is reached, packets with unknown source addresses are dropped until an existing host cache entry expires or is removed. The following example sets the maximum number of Ethernet devices for CustomerA on - vlan100 to 10. + vlan100 to 10: &prompt.root; ifconfig bridge0 ifmaxaddr vlan100 10 - SNMP Monitoring + <acronym>SNMP</acronym> Monitoring - The bridge interface and STP parameters can be monitored - via the SNMP daemon which is included in the &os; base - system. The exported bridge MIBs conform to the IETF - standards so any SNMP client or monitoring package can be + The bridge interface and STP + parameters can be monitored + via &man.bsnmpd.1; which is included in the &os; base + system. The exported bridge MIBs + conform to the IETF + standards so any SNMP client or monitoring + package can be used to retrieve the data. - On the bridge machine uncomment the + On the bridge, uncomment the begemotSnmpdModulePath."bridge" = "/usr/lib/snmp_bridge.so" line from - /etc/snmp.config and start the - bsnmpd daemon. Other - configuration such as community names and access lists may + /etc/snmp.config and start + &man.bsnmpd.1;. Other + configuration, such as community names and access lists, may need to be modified. See &man.bsnmpd.1; and &man.snmp.bridge.3; for more information. The following examples use the Net-SNMP software (net-mgmt/net-snmp) to - query a bridge, the + query a bridge from a client system. The net-mgmt/bsnmptools port - can also be used. From the SNMP client host add to - $HOME/.snmp/snmp.conf the following - lines to import the bridge MIB definitions in to - Net-SNMP: + can also be used. From the SNMP client + which is running Net-SNMP, + add the following lines to + $HOME/.snmp/snmp.conf in order to + import the bridge MIB definitions: mibdirs +/usr/share/snmp/mibs mibs +BRIDGE-MIB:RSTP-MIB:BEGEMOT-MIB:BEGEMOT-BRIDGE-MIB - To monitor a single bridge via the IETF BRIDGE-MIB - (RFC4188) do + To monitor a single bridge using the IETF BRIDGE-MIB + (RFC4188): &prompt.user; snmpwalk -v 2c -c public bridge1.example.com mib-2.dot1dBridge BRIDGE-MIB::dot1dBaseBridgeAddress.0 = STRING: 66:fb:9b:6e:5c:44 @@ -3525,16 +3554,18 @@ BRIDGE-MIB::dot1dStpPortDesignatedPort.3 BRIDGE-MIB::dot1dStpPortForwardTransitions.3 = Counter32: 1 RSTP-MIB::dot1dStpVersion.0 = INTEGER: rstp(2) - The dot1dStpTopChanges.0 value is two - which means that the STP bridge topology has changed twice, - a topology change means that one or more links in the + The dot1dStpTopChanges.0 value is + two, + indicating that the STP bridge topology + has changed twice. + A topology change means that one or more links in the network have changed or failed and a new tree has been calculated. The dot1dStpTimeSinceTopologyChange.0 value will show when this happened. - To monitor multiple bridge interfaces one may use the - private BEGEMOT-BRIDGE-MIB: + To monitor multiple bridge interfaces, the + private BEGEMOT-BRIDGE-MIB can be used: &prompt.user; snmpwalk -v 2c -c public bridge1.example.com enterprises.fokus.begemot.begemotBridge @@ -3553,7 +3584,7 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeStpDesi BEGEMOT-BRIDGE-MIB::begemotBridgeStpDesignatedRoot."bridge2" = Hex-STRING: 80 00 00 50 8B B8 C6 A9 To change the bridge interface being monitored via the - mib-2.dot1dBridge subtree do: + mib-2.dot1dBridge subtree: &prompt.user; snmpset -v 2c -c private bridge1.example.com BEGEMOT-BRIDGE-MIB::begemotBridgeDefaultBridgeIf.0 s bridge2 @@ -3575,8 +3606,8 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeDefault lagg failover - fec - lacp + FEC + LACP loadbalance roundrobin @@ -3591,6 +3622,9 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeDefault Operating Modes + The following operating modes are supported by + &man.lagg.4;: + Failover @@ -3598,7 +3632,8 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeDefault Sends and receives traffic only through the master port. If the master port becomes unavailable, the next active port is used. The first interface added is the - master port; any interfaces added after that are used as + master port and any interfaces added after that are used + as failover devices. If failover to a non-master port occurs, the original port will become master when it becomes available again. @@ -3608,40 +3643,52 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeDefault &cisco; Fast ðerchannel; - &cisco; Fast ðerchannel; (FEC), is a static setup + &cisco; Fast ðerchannel; (FEC) + is a static setup and does not negotiate aggregation with the peer or exchange frames to monitor the link. If the switch - supports LACP then that should be used instead. + supports LACP, that should be used + instead. FEC balances outgoing traffic across the active ports based on hashed protocol header information and accepts incoming traffic from any active port. The hash includes the Ethernet source and - destination address, and, if available, the VLAN tag, - and the IPv4/IPv6 source and destination address. + destination address and, if available, the + VLAN tag, + and the IPv4 or + IPv6 source and + destination address. - LACP + LACP The &ieee; 802.3ad Link Aggregation Control Protocol - (LACP) and the Marker Protocol. LACP will negotiate a + (LACP) and the Marker Protocol. + LACP will negotiate a set of aggregable links with the peer in to one or more - Link Aggregated Groups (LAG). Each LAG is composed of + Link Aggregated Groups (LAGs). + Each LAG is composed of ports of the same speed, set to full-duplex operation. - The traffic will be balanced across the ports in the LAG - with the greatest total speed, in most cases there will - only be one LAG which contains all ports. In the event - of changes in physical connectivity, Link Aggregation + The traffic will be balanced across the ports in the + LAG + with the greatest total speed. In most cases, there will + only be one LAG which contains all ports. + In the event + of changes in physical connectivity, + LACP will quickly converge to a new configuration. LACP balances outgoing traffic across the active ports based on hashed protocol header information and accepts incoming traffic from any active port. The hash includes the Ethernet source and - destination address, and, if available, the VLAN tag, - and the IPv4/IPv6 source and destination address. + destination address and, if available, the + VLAN tag, + and the IPv4 or IPv6 source and + destination address. @@ -3659,7 +3706,7 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeDefault Distributes outgoing traffic using a round-robin scheduler through all active ports and accepts incoming traffic from any active port. This mode violates - Ethernet Frame ordering and should be used with + Ethernet frame ordering and should be used with caution. @@ -3670,23 +3717,23 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeDefault Examples - LACP Aggregation with a &cisco; Switch + <acronym>LACP</acronym> Aggregation with a &cisco; Switch This example connects two interfaces on a &os; machine to the switch as a single load balanced and fault tolerant link. More interfaces can be added to increase throughput - and fault tolerance. Since frame ordering is mandatory on - Ethernet links then any traffic between two stations always - flows over the same physical link limiting the maximum speed + and fault tolerance. Frame ordering is mandatory on + Ethernet links and any traffic between two stations always + flows over the same physical link, limiting the maximum speed to that of one interface. The transmit algorithm attempts to use as much information as it can to distinguish different traffic flows and balance across the available interfaces. - On the &cisco; switch add the + On the &cisco; switch, add the FastEthernet0/1 and - FastEthernet0/2 interfaces to the - channel-group 1: + FastEthernet0/2 interfaces to + channel group 1: interface FastEthernet0/1 channel-group 1 mode active @@ -3699,7 +3746,7 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeDefault Create the &man.lagg.4; interface using fxp0 and fxp1, and bring the interfaces up - with the IP Address of + with the IP address of 10.0.0.3/24: &prompt.root; ifconfig fxp0 up @@ -3713,9 +3760,10 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeDefault Ports marked as ACTIVE are part of the active aggregation group that has been negotiated with - the remote switch and traffic will be transmitted and - received. Use the verbose output of &man.ifconfig.8; to - view the LAG identifiers. + the remote switch. Traffic will be transmitted and + received through active ports. Use the verbose output of + &man.ifconfig.8; to + view the LAG identifiers. lagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=8<VLAN_MTU> @@ -3726,7 +3774,7 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeDefault laggport: fxp1 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING> laggport: fxp0 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING> - To see the port status on the switch, use + To see the port status on the &cisco; switch, use show lacp neighbor: switch# show lacp neighbor @@ -3743,8 +3791,8 @@ Port Flags Priority Dev ID Fa0/1 SA 32768 0005.5d71.8db8 29s 0x146 0x3 0x3D Fa0/2 SA 32768 0005.5d71.8db8 29s 0x146 0x4 0x3D - For more detail use the show lacp neighbor - detail command. + For more detail, type show lacp neighbor + detail. To retain this configuration across reboots, the following entries can be added to @@ -3761,11 +3809,12 @@ ifconfig_lagg0Failover mode can be used to switch over to a secondary interface if the link is lost on the master interface. - Bring the underlying physical interfaces up. Create the + To configure failover mode, first bring the underlying + physical interfaces up. Then, create the &man.lagg.4; interface, using fxp0 as the master interface and - fxp1 as the secondary interface - and assign an IP Address of + fxp1 as the secondary interface, + and assign an IP address of 10.0.0.15/24: &prompt.root; ifconfig fxp0 up @@ -3773,9 +3822,7 @@ ifconfig_lagg0ifconfig lagg0 create &prompt.root; ifconfig lagg0 up laggproto failover laggport fxp0 laggport fxp1 10.0.0.15/24 - The interface will look something like this, the major - differences will be the MAC address and - the device names: + The interface should now look something like this: &prompt.root; ifconfig lagg0 lagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 @@ -3790,9 +3837,9 @@ lagg0: flags=8843<UP,BROADCAST,RUNNIN Traffic will be transmitted and received on fxp0. If the link is lost on - fxp0 then + fxp0, fxp1 will become the active link. - If the link is restored on the master interface then it will + If the link is restored on the master interface, it will once again become the active link. To retain this configuration across reboots, the @@ -3809,27 +3856,27 @@ ifconfig_lagg0Failover Mode Between Wired and Wireless Interfaces - For laptop users, it is usually desirable to make - wireless as a secondary interface, which is to be used when + For laptop users, it is usually desirable to configure the + wireless device as a secondary interface, which is used when the wired connection is not available. With &man.lagg.4;, - it is possible to use one IP address, prefer the wired + it is possible to use one IP address, prefer the wired connection for both performance and security reasons, while maintaining the ability to transfer data over the wireless connection. - In this setup, we will need to override the underlying + In this setup, override the underlying wireless interface's MAC address to match - the &man.lagg.4;'s, which is inherited from the master - interface being used, the wired interface. + that of the &man.lagg.4;, which is inherited from the wired + interface. - In this setup, we will treat the wired interface, - bge0, as the master, and the - wireless interface, wlan0, as the + In this example, the wired interface, + bge0, is the master, and the + wireless interface, wlan0, is the failover interface. The wlan0 - was created from iwn0 which we - will set up with the wired connection's - MAC address. The first step would be to - obtain the MAC address from the wired + device was created from iwn0, which + will be configured with the wired connection's + MAC address. The first step is to + determine the MAC address of the wired interface: &prompt.root; ifconfig bge0 @@ -3841,32 +3888,30 @@ bge0: flags=8843<UP,BROADCAST,RUNNING media: Ethernet autoselect (1000baseT <full-duplex>) status: active - You can replace the bge0 to - match your reality, and will get a different - ether line which is the - MAC address of your wired interface. - Now, we change the underlying wireless interface, - iwn0: + Replace bge0 to + match the system's interface name. The + ether line will contain the + MAC address of the wired interface. + Now, change the MAC address of the + underlying wireless interface: &prompt.root; ifconfig iwn0 ether 00:21:70:da:ae:37 - Bring the wireless interface up, but do not set an IP - address on it: + Bring the wireless interface up, but do not set an IP + address: &prompt.root; ifconfig wlan0 create wlandev iwn0 ssid my_router up Bring the bge0 interface up. Create the &man.lagg.4; interface with bge0 as master, and failover to - wlan0 if necessary: + wlan0: &prompt.root; ifconfig bge0 up &prompt.root; ifconfig lagg0 create &prompt.root; ifconfig lagg0 up laggproto failover laggport bge0 laggport wlan0 - The interface will look something like this, the major - differences will be the MAC address and - the device names: + The interface will now look something like this: &prompt.root; ifconfig lagg0 lagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 @@ -3878,7 +3923,8 @@ lagg0: flags=8843<UP,BROADCAST,RUNNIN laggport: wlan0 flags=0<> laggport: bge0 flags=5<MASTER,ACTIVE> - Then start the DHCP client to obtain an IP + Then, start the DHCP client to + obtain an IP address: &prompt.root; dhclient lagg0 @@ -3920,57 +3966,30 @@ ifconfig_lagg0diskless operation A &os; machine can boot over the network and operate - without a local disk, using filesystems mounted from an + without a local disk, using file systems mounted from an NFS server. No system modification is necessary, beyond standard configuration files. Such a system is relatively easy to set up because all the necessary elements are readily available: - - - There are at least two possible methods to load the - kernel over the network: - - - - PXE: The &intel; Preboot - eXecution Environment system is a form of smart boot ROM - built into some networking cards or motherboards. See - &man.pxeboot.8; for more details. - - - - The Etherboot port - (net/etherboot) - produces ROM-able code to boot kernels over the network. - The code can be either burnt into a boot PROM on a - network card, or loaded from a local floppy (or hard) - disk drive, or from a running &ms-dos; system. Many - network cards are supported. - - - - - - A sample script - (/usr/share/examples/diskless/clone_root) - eases the creation and maintenance of the workstation's root - filesystem on the server. The script will probably require - a little customization but it will get you started very - quickly. - - - - Standard system startup files exist - in /etc - to detect and support a diskless system startup. - + The &intel; Preboot eXecution Environment + (PXE) can be used to load the kernel over + the network. It provides a form of smart boot + ROM built into some networking cards or + motherboards. See &man.pxeboot.8; for more details. + + A sample script + (/usr/share/examples/diskless/clone_root) + eases the creation and maintenance of the workstation's root + file system on the server. The script will probably require + a little customization. + + Standard system startup files exist + in /etc + to detect and support a diskless system startup. - - Swapping, if needed, can be done either to an - NFS file or to a local disk. - - + Swapping, if needed, can be done either to an + NFS file or to a local disk. There are many ways to set up diskless workstations. Many elements are involved, and most can be customized to suit local @@ -3981,38 +4000,28 @@ ifconfig_lagg0 - The diskless workstations use a shared read-only - / filesystem, - and a shared read-only + The diskless workstations use a shared, read-only + / + and /usr. - The root filesystem is a copy of a standard &os; - root (typically the server's), with some configuration files + The root file system is a copy of a standard &os; + root, with some configuration files overridden by ones specific to diskless operation or, possibly, to the workstation they belong to. The parts of the root which have to be writable are - overlaid with &man.md.4; filesystems. Any changes will be + overlaid with &man.md.4; file systems. Any changes will be lost when the system reboots. - - - The kernel is transferred and loaded either with - Etherboot or - PXE as some situations may mandate the - use of either method. - As described, this system is insecure. It should live in - a protected area of a network, and be untrusted by other + a protected area of a network and be untrusted by other hosts. - All the information in this section has been tested using - &os; 5.2.1-RELEASE. - Background Information @@ -4034,7 +4043,7 @@ ifconfig_lagg0 In this context, having some knowledge of the background - mechanisms involved is very useful to solve the problems that + mechanisms involved is useful to solve the problems that may arise. Several operations need to be performed for a successful @@ -4043,26 +4052,29 @@ ifconfig_lagg0 The machine needs to obtain initial parameters such as - its IP address, executable filename, server name, root + its IP address, executable filename, + server name, and root path. This is done using the DHCP or - BOOTP protocols. DHCP is a compatible - extension of BOOTP, and uses the same port numbers and - basic packet format. - - It is possible to configure a system to use only - BOOTP. The &man.bootpd.8; server program is included in + BOOTP protocols. + DHCP is a compatible + extension of BOOTP, and uses the same + port numbers and + basic packet format. It is possible to configure a + system to use only + BOOTP and &man.bootpd.8; is included in the base &os; system. - - However, DHCP has a number of - advantages over BOOTP (nicer configuration files, - possibility of using PXE, plus many - others not directly related to diskless operation), and we - will describe mainly a DHCP + + + + DHCP has a number of + advantages over BOOTP such as nicer + configuration files and support for + PXE. This section + describes mainly a DHCP configuration, with equivalent examples using &man.bootpd.8; when possible. The sample configuration - will use the ISC DHCP software - package (release 3.0.1.r12 was installed on the test - server). + uses ISC DHCP which is + available in the Ports Collection. @@ -4071,56 +4083,33 @@ ifconfig_lagg0