Interface Bonding & Bridging problem

Subhro subhro.kar at gmail.com
Sun Sep 12 06:33:48 PDT 2004 

I am not 100% sure of what I speak about. Bridge works in layer 2 i.e.
the data link layer. The virtual interface does not have a data link
layer so it is not possible to get the bridging done as the way you
are saying

Regards
S.


On Sat, 11 Sep 2004 17:42:09 +0300, SharkTECH Maillists
<freebsd at sharktech.net> wrote:
> Hello,
> 
> I have been running a FreeBSD 4.10-STABLE server having 3 nics installed but
> was using only 2 of them (1 for uplink and 1 for switch) to monitor, filter
> and shape my network and had absolutely no problems at all.
> 
> However, in order to increase the ability of handling even more packets
> (especially while filtering incoming DDoS), I decided to get a 2nd uplink
> from backbone, connect it to em1, bond em0/em1 (uplinks) to ngeth0/fec0
> (virtual interface) and bridge ngeth0/fec0 with em2 (switch link). In order
> for this to work, etherchanneling is enabled between uplink1/uplink2 at the
> backbone side.
> 
> The problem is although bonding seems to work fine as I can assign IPs at
> fec0/ngeth0 and send/receive packet with both cards using the virtual
> interface, I cannot get bridging to work at all between ngeth0/fec0(virtual)
> and em2(switch). There are no errors in logs, it just doesn't seem to
> bridge.
> 
> After doing a 2 days research in Google, FreeBSD maillists, web articles and
> asking for help in freebsdhelp IRC channels, I ended up that someone in
> FreeBSD maillists may be able to help me providing me a different
> bonding/bridging way or even by applying a patch.
> 
> I was thinking that the solution may be to do both bonding & bridging using
> netgraph, and not bridging using FreeBSD's kernel bridge. I'd be glad to try
> this but unfortunately I haven't figured out how, even after reading several
> articles. So if anyone can help me on this step-by-step, please do.
> 
> I will appreciate any replies after you take a look at the diagrams and
> settings below, that are showing what exactly I have done until now.
> 
> Best Regards,
> 
> Angelos Pantazopoulos
> freebsd at sharktech.net
> SharkTECH Internet Services
> 
> ====================================================
>               S  E  T  T  I  N  G  S
> ====================================================
> 
> Using 1 uplink settings (works excellent)
> -----------------------------------------
> #bridging#
> (options BRIDGE in kernel)
> ifconfig em0 -arp
> sysctl net.link.ether.bridge=1
> sysctl net.link.ether.bridge_cfg=em0,em1
> sysctl net.link.ether.bridge_ipfw=1
> 
> Using 2 uplinks with ng_fec (bridging problem)
> ----------------------------------------------
> #bonding#
> kldload ng_ether
> kldload ng_fec
> ngctl mkpeer fec dummy fec
> ngctl msg fec0: add_iface '"em0"'
> ngctl msg fec0: add_iface '"em1"'
> ngctl msg fec0: set_mode_inet
> ifconfig em0 promisc
> ifconfig em1 promisc
> ifconfig fec0 promisc
> 
> #bridging#
> (options BRIDGE in kernel)
> sysctl net.link.ether.bridge=1
> sysctl net.link.ether.bridge_cfg=fec0,em2
> sysctl net.link.ether.bridge_ipfw=1
> 
> Using 2 uplinks with ng_one2many (bridging problem)
> ---------------------------------------------------
> #bonding#
> kldload ng_ether
> kldload ng_one2many
> ifconfig em0 promisc -arp up
> ifconfig em1 promisc -arp up
> ngctl mkpeer . eiface hook ether
> ngctl mkpeer ngeth0: one2many lower one
> ngctl connect em0: ngeth0:lower lower many0
> ngctl connect em1: ngeth0:lower lower many1
> ifconfig ngeth0 -arp up
> 
> #bridging#
> (options BRIDGE in kernel)
> sysctl net.link.ether.bridge=1
> sysctl net.link.ether.bridge_cfg=ngeth0,em2
> sysctl net.link.ether.bridge_ipfw=1
> 
> ====================================================
>               D  I  A  G  R  A  M  S
> ====================================================
> 
> Using 1 uplink (works excellent):
> ----------------------
> INTERNET UPLINK
> ----------------------
>              |
>              |
>           em0
> ***************
> FREEBSD BOX FOR   <<-- Bridging em0 and em2
> IPFW FILTERING
> ***************
>           em2
>              |
>              |
> ----------------------
>      SWITCH
> ----------------------
> 
> Using 2 uplinks (bridging problem):
> ----------------------
> INTERNET UPLINK
> ----------------------
>         |        |
>         |        |
>      em0   em1
>           \   /
>            \ /
>        (virtual)
> ***************
> FREEBSD BOX FOR  <<-- Bonding em0/em1 and bridging with em2
> IPFW FILTERING
> ***************
>           em2
>              |
>              |
> ----------------------
>      SWITCH
> ----------------------
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
> 



-- 
Subhro Sankha Kar
School of Information Technology
Block AQ-13/1 Sector V
ZIP 700091
India

More information about the freebsd-questions mailing list