PF + BRIDGE still causes system freezing

Jeremy Chadwick freebsd at jdc.parodius.com
Mon May 31 08:32:19 UTC 2010


On Mon, May 31, 2010 at 08:03:09AM +0200, Giulio Ferro wrote:
> Max Laier wrote:
> >On Friday 28 May 2010 07:46:07 Giulio Ferro wrote:
> >>Months ago I reported a system freezing whenever bridge was used
> >>with pf. This still happens now in 8.1 prerelease: after several minutes
> >>to hours
> >>that the bridge is active the system becomes unresponsive.
> >
> >as I told you last time your reported this problem: you need to
> >simplify your setup in order to track down the problem.  For all I
> >know, you have created a routing or ethernet loop that is the
> >cause of your problems.  Unless you can provide a simple setup
> >that can be reproduced, you have to track down the issue yourself
> >- sorry.
> >
> >Max
> 
> Ok, I've moved the vpn-bridging service to a server without pf, and now
> it seems to work correctly.
> 
> I maintain that this issue would need to look into, anyway...
> I don't think that a system freezing is acceptable, even when the
> administrator
> makes some configuration mistakes: the o.s. should complain about
> "routing or ethernet loop", without leaving him wondering...

We don't know if physical cabling loops are the problem here, but I'll
chime in with my two cents regardless.

If you're prone to making cabling mistakes that result in layer 2 loops
in your network, you should consider using protocols like spanning
tree[1] on your switches.  Be aware that STP induces a lot of other
problems and complexities which very likely *will* be seen as issues
within the OS (such as physical Ethernet link not coming up quickly,
taking instead maybe 60-120 full seconds).  I believe there are
extension protocols that address this (such as RSTP).

If you're actually using FreeBSD as a "smart switch", then there may be
some spanning tree software that works on FreeBSD.  I'm not familiar
with this setup or what software may be available.  The majority of
folks connect their FreeBSD machines to a switch, and those switches can
handle STP.

[1]: http://en.wikipedia.org/wiki/Spanning_tree_protocol

-- 
| Jeremy Chadwick                                   jdc at parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |



More information about the freebsd-stable mailing list