From owner-freebsd-questions@FreeBSD.ORG Sat Sep 11 14:42:15 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7370F16A4CE for ; Sat, 11 Sep 2004 14:42:15 +0000 (GMT) Received: from FreeBSD.SharkTECH.net (usr1-123.sharktech.net [66.90.92.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 14E4343D2D for ; Sat, 11 Sep 2004 14:42:15 +0000 (GMT) (envelope-from freebsd@sharktech.net) Received: (qmail 65553 invoked from network); 11 Sep 2004 14:42:11 -0000 Received: from unknown (HELO psyxakias) (212.54.222.248) by 66.90.92.240 with SMTP; 11 Sep 2004 14:42:11 -0000 Message-ID: <049601c4980d$859444e0$dec2fea9@psyxakias> From: "SharkTECH Maillists" To: Date: Sat, 11 Sep 2004 17:42:09 +0300 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Content-Type: text/plain; charset="iso-8859-7" Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.1 Subject: Interface Bonding & Bridging problem X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Sep 2004 14:42:15 -0000 Hello, I have been running a FreeBSD 4.10-STABLE server having 3 nics installed = but was using only 2 of them (1 for uplink and 1 for switch) to monitor, = filter and shape my network and had absolutely no problems at all. However, in order to increase the ability of handling even more packets (especially while filtering incoming DDoS), I decided to get a 2nd = uplink from backbone, connect it to em1, bond em0/em1 (uplinks) to ngeth0/fec0 (virtual interface) and bridge ngeth0/fec0 with em2 (switch link). In = order for this to work, etherchanneling is enabled between uplink1/uplink2 at = the backbone side. The problem is although bonding seems to work fine as I can assign IPs = at fec0/ngeth0 and send/receive packet with both cards using the virtual interface, I cannot get bridging to work at all between = ngeth0/fec0(virtual) and em2(switch). There are no errors in logs, it just doesn't seem to bridge. After doing a 2 days research in Google, FreeBSD maillists, web articles = and asking for help in freebsdhelp IRC channels, I ended up that someone in FreeBSD maillists may be able to help me providing me a different bonding/bridging way or even by applying a patch. I was thinking that the solution may be to do both bonding & bridging = using netgraph, and not bridging using FreeBSD's kernel bridge. I'd be glad to = try this but unfortunately I haven't figured out how, even after reading = several articles. So if anyone can help me on this step-by-step, please do. I will appreciate any replies after you take a look at the diagrams and settings below, that are showing what exactly I have done until now. Best Regards, Angelos Pantazopoulos freebsd@sharktech.net SharkTECH Internet Services =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D S E T T I N G S =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D Using 1 uplink settings (works excellent) ----------------------------------------- #bridging# (options BRIDGE in kernel) ifconfig em0 -arp sysctl net.link.ether.bridge=3D1 sysctl net.link.ether.bridge_cfg=3Dem0,em1 sysctl net.link.ether.bridge_ipfw=3D1 Using 2 uplinks with ng_fec (bridging problem) ---------------------------------------------- #bonding# kldload ng_ether kldload ng_fec ngctl mkpeer fec dummy fec ngctl msg fec0: add_iface '"em0"' ngctl msg fec0: add_iface '"em1"' ngctl msg fec0: set_mode_inet ifconfig em0 promisc ifconfig em1 promisc ifconfig fec0 promisc #bridging# (options BRIDGE in kernel) sysctl net.link.ether.bridge=3D1 sysctl net.link.ether.bridge_cfg=3Dfec0,em2 sysctl net.link.ether.bridge_ipfw=3D1 Using 2 uplinks with ng_one2many (bridging problem) --------------------------------------------------- #bonding# kldload ng_ether kldload ng_one2many ifconfig em0 promisc -arp up ifconfig em1 promisc -arp up ngctl mkpeer . eiface hook ether ngctl mkpeer ngeth0: one2many lower one ngctl connect em0: ngeth0:lower lower many0 ngctl connect em1: ngeth0:lower lower many1 ifconfig ngeth0 -arp up #bridging# (options BRIDGE in kernel) sysctl net.link.ether.bridge=3D1 sysctl net.link.ether.bridge_cfg=3Dngeth0,em2 sysctl net.link.ether.bridge_ipfw=3D1 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D D I A G R A M S =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D Using 1 uplink (works excellent): ---------------------- INTERNET UPLINK ---------------------- | | em0 *************** FREEBSD BOX FOR <<-- Bridging em0 and em2 IPFW FILTERING *************** em2 | | ---------------------- SWITCH ---------------------- Using 2 uplinks (bridging problem): ---------------------- INTERNET UPLINK ---------------------- | | | | em0 em1 \ / \ / (virtual) *************** FREEBSD BOX FOR <<-- Bonding em0/em1 and bridging with em2 IPFW FILTERING *************** em2 | | ---------------------- SWITCH ----------------------