Re: bridge with access on both interfaces
From: Michael Sierchio (kudzu_at_tenebras.com)
Date: 12/25/03
- Previous message: Robert Watson: "Re: bridge with access on both interfaces"
- In reply to: Robert Watson: "Re: bridge with access on both interfaces"
- Next in thread: Luigi Rizzo: "Re: bridge with access on both interfaces"
- Reply: Luigi Rizzo: "Re: bridge with access on both interfaces"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Wed, 24 Dec 2003 15:56:16 -0800 To: Robert Watson <rwatson@freebsd.org>
Robert Watson wrote:
> On Wed, 24 Dec 2003, Ian Smith wrote:
>
> <snip>
>
>>What I can't get to is setting up both NICs for the same /24, using
>>either one or two separate addresses. I'd hoped to get away with one
>>IP, which some of the docs (and bridge.c, skimmed) led me to believe
>>that any local IPs of this host, on whatever of the bridged interfaces,
>>should provide unbridged local stack access - however if we need to have
>>'inside' and 'outside' IPs separately on each bridge interface, fine.
>>
>>In short, ifconfig appears unwilling to have two NICs covering the same
>>/24. Can this be set up? I'm also at a bit of a loss with the routing,
>>so inside packets to the bridge box (ie unbridged packets) are responded
>>to on the same interface, and outside unbridged packets go only to/from
>>the gw. Some tcpdumps on both in and outside interfaces suggest an ARP
>>response problem also, perhaps; no responses on the inside iface at all.
>>
>>I'm unsure if that's too little initial detail or too much?
>
> <snip>
>
> If you want to use IP while bridging, you'll typically want to configure
> IP on one of the interfaces making up the bridge, and then simply
> "ifconfig up" the remaining interfaces without explicitly configuring IP
> on them. If you get ARP warnings, you can silence them using a sysctl (I
> can't remember if I got them last time I did this, however).
>
> At one point I rewrote bits of our bridge code to create virtual bridge
> interfaces, the idea being that you'd configure IP on the virtual
> interface rather than on one of the member interfaces. However, I never
> got around to merging those changes -- my real goal was to allow sniffing
> of packets to/from the host on any component interface, and BPF only
> picked up packets from/to a specific interface (or leaked bridge packets
> for unknown target addresses). I'm sure at some point, someone will get
> to reimplementing our bridge code to take this approach, however.
Robert -
when digging into the bridging code, you may want to look
at an apparent performance bug. This was discovered by
Soekris users -- when two of three interfaces were configured
in the bridge, performance was significantly less than when
all interfaces were, even if one interface was unused/uncabled.
From: Soren Kristensen <soren@soekris.com>
Organization: Soekris Engineering
To: timg@tpi.com
CC: Soekris-tech <soekris-tech@lists.soekris.com>
Subject: Re: [Soekris] Slow net speed on Net4801
I just did a little testing on the net4801 ethernet performance, as I
wanted to make sure there wasn't any hardware problems.
I wanted to be sure as the Geode used to have some serious PCI bus
performance issues, but those problems should be fixed on the SC1100 if
you program it up correctly. Also, one difference between the net4501
and net4801 is that the 3 ethernet controllers now share one interrupt.
As I had limited interrupts available on the SC1100, I decided that I
would prefer that chips using the same drivers are sharing rather than
random chips used on the expansion slots.... Sharing interrupts will
reduce performance a little, but not very much on a correct implemented
shared interrupt system.
So I set up a full FreeBSD 4.9 Release (on one of those nice new
2.2Gbyte Microdrives....) and enabled bridging.
I quickly found performance problems, but after testing I now believe I
instead found a bug in FreeBSD interrupt code....
At first I got about 35 Mbit/sec with 99% interrupt time.
I then tried on a net4501 and got 50 Mbit/sec with 60% interrupt time.
But after some testing I found out that when I on the net4801 configured
all 3 ethernet controllers for bridging instead of the first 2 as I
started with, the net4801 got 50 Mbit/sec with 40% interrupt time, much
better and beating the net4501 as you would expect. You should also
expect higher raw speed, but my test setup was limited to 50 Mbit/sec.
(hand timing filecopy in msdos window on win2000....).
As soon as I set net.link.ether.bridge_cfg=sis0,sis1,sis2, performance
was much better on the net4801, but didn't affect the net4501.
So the conclusion so far is that you should be able to get very good
performance, but the ethernet drivers and operating systems need to
handle shared interrupts correctly.
Apperently there is a problem with FreeBSD when you have 3 ethernet
controllers sharing one interrupt and only bridging 2 of them. When
doing that, the processor spend a lot of time in interrupt....
Can one of the FreeBSD gurus (Poul-Henning ?) look into the FreeBSD
interrupt and/or bridging code ?
Regards,
Soren Kristensen
_____________________________________________________________________
Soekris Engineering, technical discussion mailing list
[un]subscribe: http://lists.soekris.com/mailman/listinfo/soekris-tech
_______________________________________________
freebsd-net@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"
- Previous message: Robert Watson: "Re: bridge with access on both interfaces"
- In reply to: Robert Watson: "Re: bridge with access on both interfaces"
- Next in thread: Luigi Rizzo: "Re: bridge with access on both interfaces"
- Reply: Luigi Rizzo: "Re: bridge with access on both interfaces"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
