Date: Wed, 24 Dec 2003 15:56:16 -0800 From: Michael Sierchio <kudzu@tenebras.com> To: Robert Watson <rwatson@freebsd.org> Cc: Ian Smith <smithi@nimnet.asn.au> Subject: Re: bridge with access on both interfaces Message-ID: <3FEA27A0.7030902@tenebras.com> In-Reply-To: <Pine.NEB.3.96L.1031224184144.66152G-100000@fledge.watson.org> References: <Pine.NEB.3.96L.1031224184144.66152G-100000@fledge.watson.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Robert Watson wrote: > On Wed, 24 Dec 2003, Ian Smith wrote: > > <snip> > >>What I can't get to is setting up both NICs for the same /24, using >>either one or two separate addresses. I'd hoped to get away with one >>IP, which some of the docs (and bridge.c, skimmed) led me to believe >>that any local IPs of this host, on whatever of the bridged interfaces, >>should provide unbridged local stack access - however if we need to have >>'inside' and 'outside' IPs separately on each bridge interface, fine. >> >>In short, ifconfig appears unwilling to have two NICs covering the same >>/24. Can this be set up? I'm also at a bit of a loss with the routing, >>so inside packets to the bridge box (ie unbridged packets) are responded >>to on the same interface, and outside unbridged packets go only to/from >>the gw. Some tcpdumps on both in and outside interfaces suggest an ARP >>response problem also, perhaps; no responses on the inside iface at all. >> >>I'm unsure if that's too little initial detail or too much? > > <snip> > > If you want to use IP while bridging, you'll typically want to configure > IP on one of the interfaces making up the bridge, and then simply > "ifconfig up" the remaining interfaces without explicitly configuring IP > on them. If you get ARP warnings, you can silence them using a sysctl (I > can't remember if I got them last time I did this, however). > > At one point I rewrote bits of our bridge code to create virtual bridge > interfaces, the idea being that you'd configure IP on the virtual > interface rather than on one of the member interfaces. However, I never > got around to merging those changes -- my real goal was to allow sniffing > of packets to/from the host on any component interface, and BPF only > picked up packets from/to a specific interface (or leaked bridge packets > for unknown target addresses). I'm sure at some point, someone will get > to reimplementing our bridge code to take this approach, however. Robert - when digging into the bridging code, you may want to look at an apparent performance bug. This was discovered by Soekris users -- when two of three interfaces were configured in the bridge, performance was significantly less than when all interfaces were, even if one interface was unused/uncabled. From: Soren Kristensen <soren@soekris.com> Organization: Soekris Engineering To: timg@tpi.com CC: Soekris-tech <soekris-tech@lists.soekris.com> Subject: Re: [Soekris] Slow net speed on Net4801 I just did a little testing on the net4801 ethernet performance, as I wanted to make sure there wasn't any hardware problems. I wanted to be sure as the Geode used to have some serious PCI bus performance issues, but those problems should be fixed on the SC1100 if you program it up correctly. Also, one difference between the net4501 and net4801 is that the 3 ethernet controllers now share one interrupt. As I had limited interrupts available on the SC1100, I decided that I would prefer that chips using the same drivers are sharing rather than random chips used on the expansion slots.... Sharing interrupts will reduce performance a little, but not very much on a correct implemented shared interrupt system. So I set up a full FreeBSD 4.9 Release (on one of those nice new 2.2Gbyte Microdrives....) and enabled bridging. I quickly found performance problems, but after testing I now believe I instead found a bug in FreeBSD interrupt code.... At first I got about 35 Mbit/sec with 99% interrupt time. I then tried on a net4501 and got 50 Mbit/sec with 60% interrupt time. But after some testing I found out that when I on the net4801 configured all 3 ethernet controllers for bridging instead of the first 2 as I started with, the net4801 got 50 Mbit/sec with 40% interrupt time, much better and beating the net4501 as you would expect. You should also expect higher raw speed, but my test setup was limited to 50 Mbit/sec. (hand timing filecopy in msdos window on win2000....). As soon as I set net.link.ether.bridge_cfg=sis0,sis1,sis2, performance was much better on the net4801, but didn't affect the net4501. So the conclusion so far is that you should be able to get very good performance, but the ethernet drivers and operating systems need to handle shared interrupts correctly. Apperently there is a problem with FreeBSD when you have 3 ethernet controllers sharing one interrupt and only bridging 2 of them. When doing that, the processor spend a lot of time in interrupt.... Can one of the FreeBSD gurus (Poul-Henning ?) look into the FreeBSD interrupt and/or bridging code ? Regards, Soren Kristensen _____________________________________________________________________ Soekris Engineering, technical discussion mailing list [un]subscribe: http://lists.soekris.com/mailman/listinfo/soekris-tech
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?3FEA27A0.7030902>