Re: vlans and cloning

On Mon, 10 Jul 2006, Sam Leffler wrote:
root@homelynx# ifconfig vlan32 create
root@homelynx# ifconfig vlan32 vlan 32 vlandev rl0
root@homelynx# ifconfig vlan32 -vlandev
root@homelynx# ifconfig vlan32 vlan 33 vlandev rl0
root@homelynx#

Hmm, that did not work yesterday in my testing. That's the answer I've
been looking for. Thank you. OTOH I can easily see that plumbing a
vlan into firewall rules and then changing it's configuration might
generate very hard to find bugs; but whatever.

This (changing vlan binding w/o device destruction) is very handy for
providing software-assisted failover in some hardware configurations.
Suppose you have 2 VLAN trunks (say fxp2 and fxp3) which (via different
physical media) are connected to the same remote switch (which demultiplexes
VLANs to the different clients). Changing 'vlandev' on-the-fly (actually
removing old parent with -vlandev, then assigning the new one), you
can just move all vlans from e.g. fxp2 to fxp3 (in the event of fxp2's hardware link failure) w/o touching the firewall. I had this scheme in
production during several months, and didn't see any bugs (under RELENG_4,
but I doubt that such a simple yet efficient feature is broken
in newer branches).

Please don't break well-known and useful behaviour! Remember that it
allows
to switch easily physical vlanXXX device assignment (e.g., migration to the
another trunk) w/o reloading firewall rules.

I've got no plans. You'll note I committed the new stuff as completely
separate. I only asked now because I saw an opportunity to remove
cruft. But given that it's used that cruft can just stay around.

I hope I've managed to show that it isn't a cruft ;)


Sincerely, Dmitry
--
Atlantis ISP, System Administrator
e-mail: dmitry@xxxxxxxxxxxxxx
nic-hdl: LYNX-RIPE
_______________________________________________
freebsd-arch@xxxxxxxxxxx mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-arch
To unsubscribe, send any mail to "freebsd-arch-unsubscribe@xxxxxxxxxxx"