Date: Sun, 17 Oct 2010 12:23:19 -0500 From: Brandon Gooch <jamesbrandongooch@gmail.com> To: "Li, Qing" <qing.li@bluecoat.com> Cc: zeus.panchenko@gmail.com, freebsd-net@freebsd.org Subject: Re: RADIX_MPATH usage information Message-ID: <AANLkTi=%2B7WP=o=n8WqoxSpxNp5DDgOk6UpmXb=zBDvoe@mail.gmail.com> In-Reply-To: <B583FBF374231F4A89607B4D08578A4307FA40AC@bcs-mail03.internal.cacheflow.com> References: <201008262259.QAA25138@lariat.net> <20100827062454.GB7160@relay.ibs.dn.ua> <B583FBF374231F4A89607B4D08578A4307FA40AC@bcs-mail03.internal.cacheflow.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Aug 27, 2010 at 10:47 AM, Li, Qing <qing.li@bluecoat.com> wrote:
> There are a couple of items I need to take care of
> in this area, including the documentation, so I will get
> it done this weekend.
>
> --Qing
>
>
>> -----Original Message-----
>> From: owner-freebsd-net@freebsd.org [mailto:owner-freebsd-
>> net@freebsd.org] On Behalf Of Zeus V Panchenko
>> Sent: Thursday, August 26, 2010 11:25 PM
>> To: freebsd-net@freebsd.org
>> Subject: Re: RADIX_MPATH usage information
>>
>> +1
>>
>> --
>> Zeus V. Panchenko
>> IT Dpt., IBS ltd =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=
=A0 =A0 =A0 =A0 =A0GMT+2 (EET)
Qing, I've been looking for the documentation regarding this new
feature, as I have the requirement of needing an ipfw(8) (or other
firewall) setup. Unfortunately, I could find nothing, aside from the
source code (which I'm attempting to read ATM).
I have a computer with one em(4) interface with multiple VLANs running
on top. I let the em0 interface configuration happen via DHCP, and I
set the VLAN interfaces manually. I run 3 instances of sshd(8) on each
separate VLAN interface, but I run into the issue of having the
connection to each VLAN's sshd(8) instance attempt the return
connection to the client via the default gateway of em0. So I've
simply created an rc(8) script to handle manually configuring the
routing table for each fib, something like a "my_networks.sh":
#!/bin/sh
#
# PROVIDE: my_networks
# REQUIRE: dhclient netif routing cleanvar
#
. /etc/rc.subr
name=3D"my_networks"
rcvar=3D${name}_enable
start_cmd=3D"my_networks_start"
stop_cmd=3D"my_networks_stop"
my_networks_start()
{
setfib 1 route add default 192.168.1.1 -ifp vlan10
setfib 3 route delete 192.168.2.0/24
setfib 3 route delete 192.168.3.0/24
setfib 2 route add default 192.168.2.1 -ifp vlan20
setfib 3 route delete 192.168.1.0/24
setfib 3 route delete 192.168.3.0/24
setfib 3 route add default 192.168.3.1 -ifp vlan30
setfib 3 route delete 192.168.1.0/24
setfib 3 route delete 192.168.2.0/24
setfib 1 /usr/sbin/sshd -f /usr/local/etc/sshd_config_fib_1
setfib 2 /usr/sbin/sshd -f /usr/local/etc/sshd_config_fib_2
setfib 3 /usr/sbin/sshd -f /usr/local/etc/sshd_config_fib_3
}
my_networks_stop()
{
setfib 1 route flush
setfib 2 route flush
setfib 3 route flush
killall sshd
}
load_rc_config $name
: ${my_networks_enable=3D"NO"}
run_rc_command "$1"
...and it seems to work. I'm not sure how technically sound this
method is, but I haven't found or read anything to confirm, condone or
condemn the methodology.
If I were to use the RADIX_MPATH option in the kernel, would this
eliminate the need to delete routes from the "foreign" VLAN
interfaces' routing table (to prevent return connection packets
heading out the default gateway of em0, configured via DHCP)?
Thanks!
-Brandon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?AANLkTi=%2B7WP=o=n8WqoxSpxNp5DDgOk6UpmXb=zBDvoe>