Date: Tue, 20 Oct 2020 11:36:27 +0200 From: "Patrick M. Hausen" <hausen@punkt.de> To: D'Arcy Cain <darcy@druid.net> Subject: Re: When is a switch not a switch? Message-ID: <30A67F82-312E-4651-A5E7-2E2AD926FF24@punkt.de> In-Reply-To: <3ed627e2-d99a-107e-4135-8aef1ad4ec71@druid.net> References: <57c32e6d-5572-3d3b-1a57-f3064bee7dc2@druid.net> <20201020065630.GE8272@funkthat.com> <CF189122-7D85-4BF1-9172-75D3EE0E77FB@punkt.de> <3ed627e2-d99a-107e-4135-8aef1ad4ec71@druid.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_D80FB223-AB2E-4B54-8905-F9131EDC930A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi all, > Am 20.10.2020 um 11:28 schrieb D'Arcy Cain <darcy@druid.net>: >=20 > On 10/20/20 4:36 AM, Patrick M. Hausen wrote: >> It's officially documented here: >> = https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridgin= g.html >=20 > I did see that. Does that mean that I don't even need to create = switches at all? What is a switch in this context? I use bridge interfaces to connect = jails via epair and VMs via tap. >> "If the bridge host needs an IP address, set it on the bridge = interface, not on the member interfaces." >=20 > But I don't necessarily need an IP on the bridge itself, right? Depends ;-) If the host has got e.g. em0 with an IP address and you want to make that physical interface part of e.g. bridge0 as well as all the VMs so = they can communicate on the wire ... you *must* move the IP address config from em0 to bridge0 and configure em0 "up". If em0 does not have an IP address on the host and should be used exclusively for VMs, then the bridge does not need an IP address, = either. Still you need to configure em0 "up". And additionally ... - you should disable all hardware acceleration features on the physical = interface - if you are using pf you should move the rule processing from the = members to the bridge like so: sysctl net.link.bridge.pfil_member=3D0 sysctl net.link.bridge.pfil_bridge=3D1 HTH, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de info@punkt.de AG Mannheim 108285 Gesch=C3=A4ftsf=C3=BChrer: J=C3=BCrgen Egeling, Daniel Lienert, Fabian = Stein --Apple-Mail=_D80FB223-AB2E-4B54-8905-F9131EDC930A Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEgzqrjO/mj9CSsTg2kG8u4u3aiVwFAl+Or8YACgkQkG8u4u3a iVyFjAf/T88YLm/BFeinpFnSV6yM2I1dXYG82Ife51J+E49k/oqQL8fo6I3wayQ4 hQLyuhldm3OiCJqWFzY+64hFdvEZ7GkJQDmiyRQZXpK1hUuJAvizC/xnv9AOfjss UevXItXoSfr+gDSJ1zEzyBYvNpI9EVe9dMsmafWorzBAc38+S8DPPIEn1hLbyMv/ A5oz6baX0P5bWY68mYNjiieeL07tQzbzfCMPXtmObxW5u+rpLd7d+qqnsvjCm0Hr XMm0ETCN9ktDbw02CSeSH0qbaNI17n09eMknejFz61xvhGTJbGSk2myKZ6JoBCw+ /Ywg1OZfGC3Kl4h0i0ONWjOca6zDXQ== =7nL1 -----END PGP SIGNATURE----- --Apple-Mail=_D80FB223-AB2E-4B54-8905-F9131EDC930A--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?30A67F82-312E-4651-A5E7-2E2AD926FF24>