Hello,

I have been running a FreeBSD 4.10-STABLE server having 3 nics installed but
was using only 2 of them (1 for uplink and 1 for switch) to monitor, filter
and shape my network and had absolutely no problems at all.

However, in order to increase the ability of handling even more packets
(especially while filtering incoming DDoS), I decided to get a 2nd uplink
from backbone, connect it to em1, bond em0/em1 (uplinks) to ngeth0/fec0
(virtual interface) and bridge ngeth0/fec0 with em2 (switch link). In order
for this to work, etherchanneling is enabled between uplink1/uplink2 at the
backbone side.

The problem is although bonding seems to work fine as I can assign IPs at
fec0/ngeth0 and send/receive packet with both cards using the virtual
interface, I cannot get bridging to work at all between ngeth0/fec0(virtual)
and em2(switch). There are no errors in logs, it just doesn't seem to
bridge.

After doing a 2 days research in Google, FreeBSD maillists, web articles and
asking for help in freebsdhelp IRC channels, I ended up that someone in
FreeBSD maillists may be able to help me providing me a different
bonding/bridging way or even by applying a patch.

I was thinking that the solution may be to do both bonding & bridging using
netgraph, and not bridging using FreeBSD's kernel bridge. I'd be glad to try
this but unfortunately I haven't figured out how, even after reading several
articles. So if anyone can help me on this step-by-step, please do.

I will appreciate any replies after you take a look at the diagrams and
settings below, that are showing what exactly I have done until now.


Best Regards,

Angelos Pantazopoulos
[EMAIL PROTECTED]
SharkTECH Internet Services


====================================================
               S  E  T  T  I  N  G  S
====================================================

Using 1 uplink settings (works excellent)
-----------------------------------------
#bridging#
(options BRIDGE in kernel)
ifconfig em0 -arp
sysctl net.link.ether.bridge=1
sysctl net.link.ether.bridge_cfg=em0,em1
sysctl net.link.ether.bridge_ipfw=1


Using 2 uplinks with ng_fec (bridging problem)
----------------------------------------------
#bonding#
kldload ng_ether
kldload ng_fec
ngctl mkpeer fec dummy fec
ngctl msg fec0: add_iface '"em0"'
ngctl msg fec0: add_iface '"em1"'
ngctl msg fec0: set_mode_inet
ifconfig em0 promisc
ifconfig em1 promisc
ifconfig fec0 promisc

#bridging#
(options BRIDGE in kernel)
sysctl net.link.ether.bridge=1
sysctl net.link.ether.bridge_cfg=fec0,em2
sysctl net.link.ether.bridge_ipfw=1


Using 2 uplinks with ng_one2many (bridging problem)
---------------------------------------------------
#bonding#
kldload ng_ether
kldload ng_one2many
ifconfig em0 promisc -arp up
ifconfig em1 promisc -arp up
ngctl mkpeer . eiface hook ether
ngctl mkpeer ngeth0: one2many lower one
ngctl connect em0: ngeth0:lower lower many0
ngctl connect em1: ngeth0:lower lower many1
ifconfig ngeth0 -arp up

#bridging#
(options BRIDGE in kernel)
sysctl net.link.ether.bridge=1
sysctl net.link.ether.bridge_cfg=ngeth0,em2
sysctl net.link.ether.bridge_ipfw=1



====================================================
               D  I  A  G  R  A  M  S
====================================================


Using 1 uplink (works excellent):
----------------------
INTERNET UPLINK
----------------------
              |
              |
           em0
***************
FREEBSD BOX FOR   <<-- Bridging em0 and em2
IPFW FILTERING
***************
           em2
              |
              |
----------------------
      SWITCH
----------------------


Using 2 uplinks (bridging problem):
----------------------
INTERNET UPLINK
----------------------
         |        |
         |        |
      em0   em1
           \   /
            \ /
        (virtual)
***************
FREEBSD BOX FOR  <<-- Bonding em0/em1 and bridging with em2
IPFW FILTERING
***************
           em2
              |
              |
----------------------
      SWITCH
----------------------
_______________________________________________
[EMAIL PROTECTED] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to