When is a switch not a switch?

D'Arcy Cain darcy at druid.net
Tue Oct 20 12:10:56 UTC 2020 

On 10/20/20 7:39 AM, Patrick M. Hausen wrote:
>> When I started I thought of a switch as analogous to a physical switch.  If I am in an office with one ethernet jack but I have multiple devices I might connect a switch (or hub) to the jack and plug my devices into the switch. I don't need to create a separate network for my office.  All of my devices are on the company network.
> 
> OK, the "switch" interface in FreeBSD is bridge(4).

Understood.

> Or to cite Radia Perlman:
> 
> A bridge is a network device making forwarding decisions based on layer 2 addresses.
> A router is a network device making forwarding decisions based on layer 3 addresses.
> "Switch" is a marketing term meaning "faster or cheaper than the competition".

I always thought that a switch was a hub with packet switching to avoid 
collisions.

>> cloned_interfaces="bridge0"
>> ifconfig_bridge0="a.b.c.d.1 addm bge0 addm switch0 up"
> 
>> Except that switch0 doesn't get created until vm-bhyve starts so it probably doesn't exist at that time.
> 
> What is "switch0"? I suspect it is just a bridge interface that gets renamed by
> your VM management software. In that case manually creating bridge0
> and all the things we discussed will not get you anywhere.

So in vm-bhyve I need to change;

@@ -3,9 +3,9 @@
  cpu=2
  memory=2G
  network0_type="virtio-net"
-network0_switch="public"
+network0_switch="bridge0"
  network1_type="virtio-net"
-network1_switch="private"
+network1_switch="bridge1"
  disk0_type="virtio-blk"
  disk0_name="disk0.img"
  disk0_dev="sparse-zvol"

Or else rename the bridges to "public" and "private".

> Real life example from our environment:
> 
> ifconfig_igb0="-rxcsum -rxcsum6 -txcsum -txcsum6 -tso -vlanhwtag -vlanhwtso up"
ifconfig_bge0="-rxcsum -rxcsum6 -txcsum -txcsum6 -tso -vlanhwtag -vlanhwtso up"

> cloned_interfaces="bridge0"
cloned_interfaces="bridge0 bridge1"

> ifconfig_bridge0_name="inet0"
ifconfig _bridge0_name="public"
ifconfig _bridge1_name="private"

> ifconfig_inet0="addm igb0 up"
ifconfig_public="addm bge0 up"
ifconfig_private="addm bge1 up"

> ifconfig_inet0_alias0="inet 1.2.3.4/24"
ifconfig_public_alias0="inet 1.2.3.4/24"
ifconfig_private_alias0="192.168.151.4/14"

So why alias?  Wouldn't "ifconfig_public=" work?

> Then we configure iocage to attach the jails to bridge0.
> 
> In your case you would have to tell your VM management tool to attach the
> VM tap interfaces to bridge0 instead of creating its own "switch0" - which I
> suspect is a bridge interface in disguise. As you can see above we rename
> all our Internet facing interfaces to "inet0" on all hosts. Then there are more
> like "mgmt0", "priv0", ... like that. So probably the bridge is renamed to "switch0".

If I do the above I guess I can keep the names "public" and "private".

> 
> Tell the tool not to do that and use the preconfigured bridge0 instead.

Or public?  inet0 in your example?

> 
> Another useful sysctl to get reproduceable static MAC addresses for the bridge
> itself accross reboots is:
> 
> loader.conf: if_bridge_load="YES"
> sysctl.conf: net.link.bridge.inherit_mac=1

Not sure I need this as long as arp works as it should.  Do I really care 
what the MAC is?

Cheers.

-- 
D'Arcy J.M. Cain <darcy at druid.net>         |  Democracy is three wolves
http://www.druid.net/darcy/                |  and a sheep voting on
+1 416 788 2246     (DoD#0082)    (eNTP)   |  what's for dinner.
IM: darcy at VybeNetworks.com, VoIP: sip:darcy at druid.net

Disclaimer: By sending an email to ANY of my addresses you
are agreeing that:

1.  I am by definition, "the intended recipient".
2.  All information in the email is mine to do with as I see
     fit and make such financial profit, political mileage, or
     good joke as it lends itself to. In particular, I may quote
     it where I please.
3.  I may take the contents as representing the views of
     your company if I so wish.
4.  This overrides any disclaimer or statement of
     confidentiality that may be included or implied in
     your message.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-virtualization/attachments/20201020/86cf13d0/attachment.sig>

More information about the freebsd-virtualization mailing list