Date: Sat, 11 Sep 2004 17:42:09 +0300 From: "SharkTECH Maillists" <freebsd@sharktech.net> To: <freebsd-questions@freebsd.org> Subject: Interface Bonding & Bridging problem Message-ID: <049601c4980d$859444e0$dec2fea9@psyxakias>
next in thread | raw e-mail | index | archive | help
Hello,
I have been running a FreeBSD 4.10-STABLE server having 3 nics installed =
but
was using only 2 of them (1 for uplink and 1 for switch) to monitor, =
filter
and shape my network and had absolutely no problems at all.
However, in order to increase the ability of handling even more packets
(especially while filtering incoming DDoS), I decided to get a 2nd =
uplink
from backbone, connect it to em1, bond em0/em1 (uplinks) to ngeth0/fec0
(virtual interface) and bridge ngeth0/fec0 with em2 (switch link). In =
order
for this to work, etherchanneling is enabled between uplink1/uplink2 at =
the
backbone side.
The problem is although bonding seems to work fine as I can assign IPs =
at
fec0/ngeth0 and send/receive packet with both cards using the virtual
interface, I cannot get bridging to work at all between =
ngeth0/fec0(virtual)
and em2(switch). There are no errors in logs, it just doesn't seem to
bridge.
After doing a 2 days research in Google, FreeBSD maillists, web articles =
and
asking for help in freebsdhelp IRC channels, I ended up that someone in
FreeBSD maillists may be able to help me providing me a different
bonding/bridging way or even by applying a patch.
I was thinking that the solution may be to do both bonding & bridging =
using
netgraph, and not bridging using FreeBSD's kernel bridge. I'd be glad to =
try
this but unfortunately I haven't figured out how, even after reading =
several
articles. So if anyone can help me on this step-by-step, please do.
I will appreciate any replies after you take a look at the diagrams and
settings below, that are showing what exactly I have done until now.
Best Regards,
Angelos Pantazopoulos
freebsd@sharktech.net
SharkTECH Internet Services
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
S E T T I N G S
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
Using 1 uplink settings (works excellent)
-----------------------------------------
#bridging#
(options BRIDGE in kernel)
ifconfig em0 -arp
sysctl net.link.ether.bridge=3D1
sysctl net.link.ether.bridge_cfg=3Dem0,em1
sysctl net.link.ether.bridge_ipfw=3D1
Using 2 uplinks with ng_fec (bridging problem)
----------------------------------------------
#bonding#
kldload ng_ether
kldload ng_fec
ngctl mkpeer fec dummy fec
ngctl msg fec0: add_iface '"em0"'
ngctl msg fec0: add_iface '"em1"'
ngctl msg fec0: set_mode_inet
ifconfig em0 promisc
ifconfig em1 promisc
ifconfig fec0 promisc
#bridging#
(options BRIDGE in kernel)
sysctl net.link.ether.bridge=3D1
sysctl net.link.ether.bridge_cfg=3Dfec0,em2
sysctl net.link.ether.bridge_ipfw=3D1
Using 2 uplinks with ng_one2many (bridging problem)
---------------------------------------------------
#bonding#
kldload ng_ether
kldload ng_one2many
ifconfig em0 promisc -arp up
ifconfig em1 promisc -arp up
ngctl mkpeer . eiface hook ether
ngctl mkpeer ngeth0: one2many lower one
ngctl connect em0: ngeth0:lower lower many0
ngctl connect em1: ngeth0:lower lower many1
ifconfig ngeth0 -arp up
#bridging#
(options BRIDGE in kernel)
sysctl net.link.ether.bridge=3D1
sysctl net.link.ether.bridge_cfg=3Dngeth0,em2
sysctl net.link.ether.bridge_ipfw=3D1
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
D I A G R A M S
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D
Using 1 uplink (works excellent):
----------------------
INTERNET UPLINK
----------------------
|
|
em0
***************
FREEBSD BOX FOR <<-- Bridging em0 and em2
IPFW FILTERING
***************
em2
|
|
----------------------
SWITCH
----------------------
Using 2 uplinks (bridging problem):
----------------------
INTERNET UPLINK
----------------------
| |
| |
em0 em1
\ /
\ /
(virtual)
***************
FREEBSD BOX FOR <<-- Bonding em0/em1 and bridging with em2
IPFW FILTERING
***************
em2
|
|
----------------------
SWITCH
----------------------
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?049601c4980d$859444e0$dec2fea9>