From owner-freebsd-hackers@FreeBSD.ORG Sat Sep 11 12:22:44 2004 Return-Path: Delivered-To: freebsd-hackers@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 8B11816A4DF for ; Sat, 11 Sep 2004 12:22:44 +0000 (GMT) Received: from FreeBSD.SharkTECH.net (usr1-123.sharktech.net [66.90.92.201]) by mx1.FreeBSD.org (Postfix) with ESMTP id 2A60343D45 for ; Sat, 11 Sep 2004 12:22:44 +0000 (GMT) (envelope-from freebsd@sharktech.net) Received: (qmail 46419 invoked from network); 11 Sep 2004 12:22:41 -0000 Received: from unknown (HELO psyxakias) (212.54.222.248) by 66.90.92.240 with SMTP; 11 Sep 2004 12:22:41 -0000 Message-ID: <006001c497fa$08f971c0$dec2fea9@psyxakias> From: "SharkTECH Maillists" To: Date: Sat, 11 Sep 2004 15:22:38 +0300 MIME-Version: 1.0 Content-Type: text/plain; format=flowed; charset="iso-8859-7"; reply-type=original Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.2180 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.2180 Subject: Interface Bonding & Bridging problem X-BeenThere: freebsd-hackers@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Technical Discussions relating to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 11 Sep 2004 12:22:44 -0000 Hello, I have been running a FreeBSD 4.10-STABLE server having 3 nics installed but was using only 2 of them (1 for uplink and 1 for switch) to monitor, filter and shape my network and had absolutely no problems at all. However, in order to increase the ability of handling even more packets (especially while filtering incoming DDoS), I decided to get a 2nd uplink from backbone, connect it to em1, bond em0/em1 (uplinks) to ngeth0/fec0 (virtual interface) and bridge ngeth0/fec0 with em2 (switch link). In order for this to work, etherchanneling is enabled between uplink1/uplink2 at the backbone side. The problem is although bonding seems to work fine as I can assign IPs at fec0/ngeth0 and send/receive packet with both cards using the virtual interface, I cannot get bridging to work at all between ngeth0/fec0(virtual) and em2(switch). There are no errors in logs, it just doesn't seem to bridge. After doing a 2 days research in Google, FreeBSD maillists, web articles and asking for help in freebsdhelp IRC channels, I ended up that someone in FreeBSD maillists may be able to help me providing me a different bonding/bridging way or even by applying a patch. I was thinking that the solution may be to do both bonding & bridging using netgraph, and not bridging using FreeBSD's kernel bridge. I'd be glad to try this but unfortunately I haven't figured out how, even after reading several articles. So if anyone can help me on this step-by-step, please do. I will appreciate any replies after you take a look at the diagrams and settings below, that are showing what exactly I have done until now. Best Regards, Angelos Pantazopoulos freebsd@sharktech.net SharkTECH Internet Services ==================================================== S E T T I N G S ==================================================== Using 1 uplink settings (works excellent) ----------------------------------------- #bridging# (options BRIDGE in kernel) ifconfig em0 -arp sysctl net.link.ether.bridge=1 sysctl net.link.ether.bridge_cfg=em0,em1 sysctl net.link.ether.bridge_ipfw=1 Using 2 uplinks with ng_fec (bridging problem) ---------------------------------------------- #bonding# kldload ng_ether kldload ng_fec ngctl mkpeer fec dummy fec ngctl msg fec0: add_iface '"em0"' ngctl msg fec0: add_iface '"em1"' ngctl msg fec0: set_mode_inet ifconfig em0 promisc ifconfig em1 promisc ifconfig fec0 promisc #bridging# (options BRIDGE in kernel) sysctl net.link.ether.bridge=1 sysctl net.link.ether.bridge_cfg=fec0,em2 sysctl net.link.ether.bridge_ipfw=1 Using 2 uplinks with ng_one2many (bridging problem) --------------------------------------------------- #bonding# kldload ng_ether kldload ng_one2many ifconfig em0 promisc -arp up ifconfig em1 promisc -arp up ngctl mkpeer . eiface hook ether ngctl mkpeer ngeth0: one2many lower one ngctl connect em0: ngeth0:lower lower many0 ngctl connect em1: ngeth0:lower lower many1 ifconfig ngeth0 -arp up #bridging# (options BRIDGE in kernel) sysctl net.link.ether.bridge=1 sysctl net.link.ether.bridge_cfg=ngeth0,em2 sysctl net.link.ether.bridge_ipfw=1 ==================================================== D I A G R A M S ==================================================== Using 1 uplink (works excellent): ---------------------- INTERNET UPLINK ---------------------- | | em0 *************** FREEBSD BOX FOR <<-- Bridging em0 and em2 IPFW FILTERING *************** em2 | | ---------------------- SWITCH ---------------------- Using 2 uplinks (bridging problem): ---------------------- INTERNET UPLINK ---------------------- | | | | em0 em1 \ / \ / (virtual) *************** FREEBSD BOX FOR <<-- Bonding em0/em1 and bridging with em2 IPFW FILTERING *************** em2 | | ---------------------- SWITCH ----------------------