Interface Bonding & Bridging problem

From: SharkTECH Maillists (freebsd_at_sharktech.net)
Date: 09/11/04

  • Next message: Julian Elischer: "[Fwd: Interface Bonding & Bridging problem]" 
    To: <freebsd-net@freebsd.org>
Date: Sat, 11 Sep 2004 15:22:36 +0300

    Hello,

    I have been running a FreeBSD 4.10-STABLE server having 3 nics installed but
    was using only 2 of them (1 for uplink and 1 for switch) to monitor, filter
    and shape my network and had absolutely no problems at all.

    However, in order to increase the ability of handling even more packets
    (especially while filtering incoming DDoS), I decided to get a 2nd uplink
    from backbone, connect it to em1, bond em0/em1 (uplinks) to ngeth0/fec0
    (virtual interface) and bridge ngeth0/fec0 with em2 (switch link). In order
    for this to work, etherchanneling is enabled between uplink1/uplink2 at the
    backbone side.

    The problem is although bonding seems to work fine as I can assign IPs at
    fec0/ngeth0 and send/receive packet with both cards using the virtual
    interface, I cannot get bridging to work at all between ngeth0/fec0(virtual)
    and em2(switch). There are no errors in logs, it just doesn't seem to
    bridge.

    After doing a 2 days research in Google, FreeBSD maillists, web articles and
    asking for help in freebsdhelp IRC channels, I ended up that someone in
    FreeBSD maillists may be able to help me providing me a different
    bonding/bridging way or even by applying a patch.

    I was thinking that the solution may be to do both bonding & bridging using
    netgraph, and not bridging using FreeBSD's kernel bridge. I'd be glad to try
    this but unfortunately I haven't figured out how, even after reading several
    articles. So if anyone can help me on this step-by-step, please do.

    I will appreciate any replies after you take a look at the diagrams and
    settings below, that are showing what exactly I have done until now.

    Best Regards,

    Angelos Pantazopoulos
    freebsd@sharktech.net
    SharkTECH Internet Services

    ====================================================
                   S E T T I N G S
    ====================================================

    Using 1 uplink settings (works excellent)
    -----------------------------------------
    #bridging#
    (options BRIDGE in kernel)
    ifconfig em0 -arp
    sysctl net.link.ether.bridge=1
    sysctl net.link.ether.bridge_cfg=em0,em1
    sysctl net.link.ether.bridge_ipfw=1

    Using 2 uplinks with ng_fec (bridging problem)
    ----------------------------------------------
    #bonding#
    kldload ng_ether
    kldload ng_fec
    ngctl mkpeer fec dummy fec
    ngctl msg fec0: add_iface '"em0"'
    ngctl msg fec0: add_iface '"em1"'
    ngctl msg fec0: set_mode_inet
    ifconfig em0 promisc
    ifconfig em1 promisc
    ifconfig fec0 promisc

    #bridging#
    (options BRIDGE in kernel)
    sysctl net.link.ether.bridge=1
    sysctl net.link.ether.bridge_cfg=fec0,em2
    sysctl net.link.ether.bridge_ipfw=1

    Using 2 uplinks with ng_one2many (bridging problem)
    ---------------------------------------------------
    #bonding#
    kldload ng_ether
    kldload ng_one2many
    ifconfig em0 promisc -arp up
    ifconfig em1 promisc -arp up
    ngctl mkpeer . eiface hook ether
    ngctl mkpeer ngeth0: one2many lower one
    ngctl connect em0: ngeth0:lower lower many0
    ngctl connect em1: ngeth0:lower lower many1
    ifconfig ngeth0 -arp up

    #bridging#
    (options BRIDGE in kernel)
    sysctl net.link.ether.bridge=1
    sysctl net.link.ether.bridge_cfg=ngeth0,em2
    sysctl net.link.ether.bridge_ipfw=1

    ====================================================
                   D I A G R A M S
    ====================================================

    Using 1 uplink (works excellent):
    ----------------------
    INTERNET UPLINK
    ----------------------
                  |
                  |
               em0
    ***************
    FREEBSD BOX FOR <<-- Bridging em0 and em2
    IPFW FILTERING
    ***************
               em2
                  |
                  |
    ----------------------
          SWITCH
    ----------------------

    Using 2 uplinks (bridging problem):
    ----------------------
    INTERNET UPLINK
    ----------------------
             | |
             | |
          em0 em1
               \ /
                \ /
            (virtual)
    ***************
    FREEBSD BOX FOR <<-- Bonding em0/em1 and bridging with em2
    IPFW FILTERING
    ***************
               em2
                  |
                  |
    ----------------------
          SWITCH
    ----------------------

    _______________________________________________
    freebsd-net@freebsd.org mailing list
    http://lists.freebsd.org/mailman/listinfo/freebsd-net
    To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org"

  • Next message: Julian Elischer: "[Fwd: Interface Bonding & Bridging problem]"

    Relevant Pages

    • Interface Bonding & Bridging problem
      ... I have been running a FreeBSD 4.10-STABLE server having 3 nics installed but ... was using only 2 of them (1 for uplink and 1 for switch) to monitor, ... I was thinking that the solution may be to do both bonding & bridging using ... sysctl net.link.ether.bridge_cfg=em0,em1 ...
      (freebsd-questions)
    • Interface Bonding & Bridging problem
      ... I have been running a FreeBSD 4.10-STABLE server having 3 nics installed but ... was using only 2 of them (1 for uplink and 1 for switch) to monitor, ... I was thinking that the solution may be to do both bonding & bridging using ... sysctl net.link.ether.bridge_cfg=em0,em1 ...
      (freebsd-hackers)
    • [Fwd: Interface Bonding & Bridging problem]
      ... Interface Bonding & Bridging problem ... was using only 2 of them (1 for uplink and 1 for switch) to monitor, ... The problem is although bonding seems to work fine as I can assign IPs at ... sysctl net.link.ether.bridge_cfg=em0,em1 ...
      (freebsd-net)