From owner-freebsd-net@FreeBSD.ORG Mon Jun 13 17:35:14 2005 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id A7C8E16A41F for ; Mon, 13 Jun 2005 17:35:14 +0000 (GMT) (envelope-from josh.kayse@gmail.com) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.197]) by mx1.FreeBSD.org (Postfix) with ESMTP id 4293043D53 for ; Mon, 13 Jun 2005 17:35:13 +0000 (GMT) (envelope-from josh.kayse@gmail.com) Received: by wproxy.gmail.com with SMTP id 69so1081484wra for ; Mon, 13 Jun 2005 10:35:12 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=uh2zQ/B7hcgUt6DFMuOGKBwCg+eX4wWN6CmVJlCgzly0RyU6FxG9g6EkBxnNpCX1I5BClqYDF3K99KJjEnITtuwCZz1gEqPm25bjw7CsI3xp17Lc24VTYGrgUSNo74QOEqZRTwcQY/RhHklizO8iHRrnByFC4N3BjOyP92ARi6U= Received: by 10.54.30.40 with SMTP id d40mr2672843wrd; Mon, 13 Jun 2005 10:35:12 -0700 (PDT) Received: by 10.54.23.52 with HTTP; Mon, 13 Jun 2005 10:35:12 -0700 (PDT) Message-ID: <7c8f27920506131035841d5d0@mail.gmail.com> Date: Mon, 13 Jun 2005 13:35:12 -0400 From: Josh Kayse To: Greg Hennessy In-Reply-To: <20050613165202.51063DA@gw2.local.net> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline References: <7c8f2792050613090040c924c3@mail.gmail.com> <20050613165202.51063DA@gw2.local.net> Cc: freebsd-net@freebsd.org, freebsd-pf@freebsd.org Subject: Re: Carp Suppression X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: gtg062h@mail.gatech.edu List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 13 Jun 2005 17:35:14 -0000 On 6/13/05, Greg Hennessy wrote: >=20 > > The reason we are using CARP on a PLIP interface is to allow > > us to have redundant connections between 2 transparent > > bridging firewalls. >=20 > CARP is not going to work with a layer 2 firewall. It's running over the PLIP interface and the crossover cable.=20 ifstated will change the advskew of the carp interfaces if one of the bridging interfaces goes down. >=20 > > Instead of sending packets over our network, we isolate them > > onto a PLIP interface and crossover interface. >=20 > That not going to work on a point to point connection, the other party > cannot see the carp traffic. > never mind the overhead that running plip puts on a system, a length of > baling twine would make for a better physical transport. Both firewalls can see the carp information over the PLIP connection, so I assume it works. And it wasn't my choice to use the plip interface. >=20 > > We then use > > ifstaded to monitor the carp interfaces and shut down > > bridging on one of the machines. >=20 > Spanning tree is a no brainer for such a setup, pfsync takes care of the > rest. >=20 We did not want to go with STP because it would not be a self contained solution. Now we can use these firewalls anywhere without having to modify any routers, just plug them in inline and it is set.=20 We also wanted to stick with FreeBSD because we have a knowledgebase already set up for it and we know how to use it. Unfortunately, there is no support for STP in freebsd bridging. Yes, I had already looked into using pfsync and STP, we also considered just using scripts. Anyway, I don't want to try and defend myself on our setup. We have everything working now and I just wanted to let others know how they could use carp over PLIP if they so needed to. > http://www.seattlecentral.edu/~dmartin/docs/bridge.html >=20 >=20 >=20 > Greg >=20 >=20 > > > > I will refrain from submitting any code to the community in > > the future. > > > > On 6/13/05, Yar Tikhiy wrote: > > > On Mon, Jun 13, 2005 at 10:10:54AM -0400, Josh Kayse wrote: > > > > One last comment, > > > > > > > > I managed to fix it so that carp runs on the plip > > interface by adding: > > > > ifp->if_flags =3D LINK_STATE_UP; > > > > > > > > Here is the diff: > > > > > > > > diff -Nur /usr.orig/src/sys/dev/ppbus/if_plip.c > > /usr/src/sys/dev/ppbus/if_plip.c > > > > --- /usr.orig/src/sys/dev/ppbus/if_plip.c Wed Sep > > 15 11:14:18 2004 > > > > +++ /usr/src/sys/dev/ppbus/if_plip.c Mon Jun 13 10:05:56 2005 > > > > @@ -359,6 +359,7 @@ > > > > > > > > ppb_wctr(ppbus, IRQENABLE); > > > > ifp->if_flags |=3D IFF_RUNNING; > > > > + ifp->if_flags =3D LINK_STATE_UP; > > > > } > > > > break; > > > > > > I'm afraid you're totally wrong here. > > > > > > First, I can't see how CARP is supposed to work on a PLIP > > interface or > > > any point-to-point interface at all. CARP is for broadcast > > > interfaces, such as Ethernet or FDDI, which do ARP. You > > seem to miss > > > the point. > > > > > > Second, you can't store an arbitrary value into a variable or field > > > and expect the things to work right. LINK_STATE_UP simply > > is not for > > > ifp->if_flags. Please make yourself familiar with the basics of > > > computer programming before offering your patches to the community. > > > > > > -- > > > Yar > > > > > > > > > -- > > Joshua Kayse > > Computer Engineering > > _______________________________________________ > > freebsd-pf@freebsd.org mailing list > > http://lists.freebsd.org/mailman/listinfo/freebsd-pf > > To unsubscribe, send any mail to "freebsd-pf-unsubscribe@freebsd.org" > > > > >=20 > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >=20 --=20 Joshua Kayse Computer Engineering