CFR: bridge locking

Doug Ambrisko ambrisko at ambrisko.com
Thu Aug 21 10:13:17 PDT 2003

Previous message: CFR: bridge locking
Next message: CFR: bridge locking
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Daniel C. Sobral writes:
| Doug Ambrisko wrote:
| > Daniel C. Sobral writes:
| > | If you get bridge to send/receive packets to/from vlan interfaces 
| > | attached to them, I'll be forever grateful.
| > | 
| > | I've been trying to configure a setup where a firewall is connected to 
| > | redundant switches, but no solution I found could handle the vlan 
| > | attachments. :-(
| > 
| > I assuming you are using SW VLANs then you need this.  There is supposed
| > to be work to fix this correctly in progress but this works for
| > me when bridging VLANs.
| 
| This didn't work for me. I don't know if I'm using SW or HW vlans. But 
| since I can see the vlan packets with tcpdump, I tend to believe it 
| would be SW vlans.
| 
| The test I'm doing is the following:
| 
| kldload bridge
| sysctl net.link.ether.bridge=1
| sysctl net.link.ether.bridge_cfg="fxp1 fxp3"
| ifconfig fxp1 up
| ifconfig fxp3 up
| ifconfig vlan0 create
| ifconfig vlan0 vlan 999 vlandev fxp1
| ifconfig vlan0 200.220.254.190/26
| 
| On the switch side, the port connected to fxp1 is down and the one 
| connected to fxp3 is up. Next, I ping all around. What I see with your 
| patch is:
| 
| ARP packets received on fxp3 go to fxp1 but not vlan0.
| ARP packets sent through vlan0 go to fxp1 but not fxp3.
| 
| This is 4.7-RELEASE. The patch did not apply cleanly, but I went through 
| it and fixed all failed chunks.
| 
| (yes, this is pretty much like the other message I sent -- the results 
| were the same, but then I wondered if I hadn't made an error in one of 
| the above steps and went back to test it again, so, in the mean time, I 
| copied the above to the other message, adjusted, and set that reply. :)

No my mistake ... I was thinking you were trying to bridge the
traffic out of the FreeBSD vlan device.  That is what my patch fixes.
Sorry.

For kicks you could try netgraph bridging.  I found it sometimes works
better.  Tweak the script in /usr/share/example/netgraph.  For some
purposes I use bridge others I use the netgraph version.  Depends on
the need.

FWIW I have created a vmnet iface then bridged to it.  However, for it
to work with netgraph you need to make it work.  I use vmnet since it
is persistant and I can just do an
	echo -n > /dev/vmnet1
to create it.  Then I can do various things to it.  So you could run
the vlan off vmnet1 and then bridge it to the others. 

Doug A.

Index: if_tap.c
===================================================================
RCS file: /cvs/src/sys/net/if_tap.c,v
retrieving revision 1.3.2.3
diff -c -r1.3.2.3 if_tap.c
*** if_tap.c	14 Apr 2002 21:41:48 -0000	1.3.2.3
--- if_tap.c	22 Aug 2003 00:08:45 -0000
***************
*** 426,431 ****
--- 426,432 ----
  			return (dummy);
  
  		case SIOCSIFFLAGS: /* XXX -- just like vmnet does */
+ 			tapifinit(tp);
  		case SIOCADDMULTI:
  		case SIOCDELMULTI:
  		break;

Previous message: CFR: bridge locking
Next message: CFR: bridge locking
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the freebsd-net mailing list