From owner-freebsd-questions@FreeBSD.ORG  Tue Apr 21 15:05:55 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 732E61065670
	for <freebsd-questions@freebsd.org>;
	Tue, 21 Apr 2009 15:05:55 +0000 (UTC)
	(envelope-from "e1019@network-i.net"@relay.network-i.net)
Received: from relay.network-i.net (relay.network-i.net [212.21.121.179])
	by mx1.freebsd.org (Postfix) with ESMTP id 3D4D08FC1E
	for <freebsd-questions@freebsd.org>;
	Tue, 21 Apr 2009 15:05:55 +0000 (UTC)
	(envelope-from "e1019@network-i.net"@relay.network-i.net)
Received: from nat1.network-i.net ([212.21.99.52] helo=[10.1.1.134])
	by relay.network-i.net with esmtpsa (TLSv1:AES256-SHA:256)
	(Exim 4.69 (FreeBSD))
	(envelope-from <"e1019@network-i.net"@relay.network-i.net>)
	id 1LwGsL-000HXo-Ro
	for freebsd-questions@freebsd.org; Tue, 21 Apr 2009 15:23:06 +0100
Message-ID: <49EDD6BE.1010404@thingy.com>
Date: Tue, 21 Apr 2009 15:22:54 +0100
From: Howard Jones <howie@thingy.com>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Sender: "e1019@network-i.net"@relay.network-i.net
Subject: IPFW/Dummynet/Bridging with VLAN trunks?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 21 Apr 2009 15:05:55 -0000

I'm trying to use Dummynet+IPFW and bridging to make a packet shaper
that runs across multiple VLANs. So my intended set up is:

[users]->[Aggregate Switch]=>[FreeBSD]=>[Upstream Switch (with IP
interfaces for each vlan)]->The World

where -> is a single VLAN, and => is a tagged dot1q trunk. The aim is to
drop the FreeBSD box in the middle, in one trunked uplink, and cover all
the VLANs downstream of that.

Should this work?

In practice, the bridging seems to work OK, but as soon as I add rules
to match traffic passing through and apply it to pipes, everything
stops. I can use tcpdump's vlan option to filter traffic on em0, em1 or
bridge0 and it does show only traffic for that vlan, so tags are being
preserved...

Ideally, I'd like to use the dot1q tag in ipfw rules directly, and avoid
ip ranges, but I don't think that's possible. Is there some special
incantation to make ipfw vlan-aware?

Has anyone else done this successfully?

Best Regards,

Howie