bonding NICs with netgraph

Urbanski, William urbanski at vt.edu
Thu Feb 25 16:10:09 UTC 2010 

Hi, I am setting up a freebsd box to act as a snort sensor on a network. The box has three nics, one internal nic for talking on the network and to the management server, and two nics on a single pci card that each connect to SPAN ports on my switch. I am trying to bind the two adapters on the freebsd box so I have one virtual adapter that snort can listen to.

I have been researching netgraph for some time and the script I have been using to configure the adapters is:
Code:
#!/bin/sh
echo "Trying kldload ng_ether..."
kldload ng_ether
echo "Putting dual adapters into promisc mode..."
ifconfig em0 promisc -arp up
ifconfig em1 promisc -arp up
echo "Trying mkpeer . eiface hook ether"
ngctl mkpeer . eiface hook ether
echo "Trying mkpeer ngeth0: one2many lower one"
ngctl mkpeer ngeth0: one2many lower one
echo "Trying ngctl connect em0: ngeth0: lower lower many0"
ngctl connect em0: ngeth0:lower lower many0
echo "Trying ngctl connect em1: ngeth0: lower lower many1"
ngctl connect em1: ngeth0:lower lower many1
echo "Tryinh ifconfig ngeth0 -arp up"
ifconfig ngeth0 -arp up

However when I run the script I get:
Code:
Trying kldload ng_ether...
Putting dual adapters into promisc mode...
Trying mkpeer . eiface hook ether
Trying mkpeer ngeth0: one2many lower one
ngctl: send msg: Protocol family not supported
Trying ngctl connect em0: ngeth0: lower lower many0
ngctl: send msg: No such file or directory
Trying ngctl connect em1: ngeth0: lower lower many1
ngctl: send msg: No such file or directory
Tryinh ifconfig ngeth0 -arp up

Now 'ngeth0' appears in ifconfig:
Code:
ngeth0: flags=88c3<UP,BROADCAST,RUNNING,NOARP,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 00:00:00:00:00:00

but when I TCPDUMP from it it never records any packets even though I know the span ports are sending the individual NICs data.

I have been googling the error messages that are returned by the bonding script but have been unable to get packets to cross ngeth0. Any advice or tips for troubleshooting this would be greatly appreciated. Thank you in advance.


Will Urbanski

More information about the freebsd-questions mailing list