On 2013/02/12 12:49, Jeremie Le Hen wrote: > On Tue, Feb 12, 2013 at 12:06:24AM +0000, Stuart Henderson wrote: > > On 2013-02-11, Jeremie Le Hen <[email protected]> wrote: > > > Hi list, > > > > > > What is the advised way to assign an IP address to a bridge(4) > > > interface? > > > > http://marc.info/?l=openbsd-misc&m=128268726102239&w=2 > > > > > Last thing: if it was documented, where should it be? I might spare > > > some time to submit a documentation patch. > > > > This would be a really useful addition. It should probably go in > > http://www.openbsd.org/faq/faq6.html#Bridge > > > > Ideally make a cvs checkout of the faq: > > > > $ cvs -d [email protected]:/cvs get -P -d obsd-faq www/faq > > > > then edit faq6.html, and send a cvs diff. > > Thanks. Can you have a glance at the attached patch please? > > I am not aware of OpenBSD documentation rules, so excuse me if I broke > any of them. Also, feel free to propose any better wording, English is > not my primary language. > > If you want to look at the rendering: > http://people.chchile.org/~jlh/tmp/faq6.html
The attachment is probably stripped in the copy to the mailing list so I will include it in full below however I will respond to points inline with the quoted text first. > +Let's say we have a Soekris net5501, which has four > +<a > href="http://www.openbsd.org/cgi-bin/man.cgi?query=vr&sektion=4";>vr(4)</a> > +interfaces, vr0 through vr3. We want to bridge all of them so the > +Soekris box actually acts as a switch. hmm..I'd prefer not to give people the impression that bridging the ports on a soekris is really equivalent to using a switch if possible.. It might also be better to leave one interface out of the bridge (e.g. to use as an uplink to a router), of course people shouldn't blindly follow FAQ examples, but in the event they do, we probably don't want them to end up doing something like bridging their internal lan to a cable modem network segment.. > But we also want to serve IP > +addresses through DHCP from it, which requires to have an IP address > +assigned to the bridge. No need to talk about the mechanism of assigning IP addresses in this paragraph, and this sentence talks about assigning an IP to the bridge, then the next paragraph says that you can't assign an IP to the bridge. So maybe just: We want to use dhcpd to serve IP addresses over the bridged interfaces. > +<p> > +It is not possible to assign an IP address to a maybe "It is not possible to assign an IP address directly to a" > +<a > href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4";>bridge(4)</a> > +interface. The IP address should be added to one of the underlying s/underlying/member/, it's simpler and more consistent with ifconfig(8) wording. > +interfaces, but we cannot use them as we are not guaranteed to have an > +up link on them. With some Ethernet drivers indeed, dhcpd(8) will not > +work unless there is a plugged cable. ..."but we cannot use a physical interface as the link might be down, in which case the address would not be reachable." Probably skip the "With some Ethernet drivers.."? > Fortunately, starting with > +OpenBSD 4.7, there is a vitual Ethernet interface driver s/vitual/virtual/ > +<a > href="http://www.openbsd.org/cgi-bin/man.cgi?query=vether&sektion=4";>vether(4)</a> > +that can be used for that purpose. We will add it to the bridge, assign > +the IP address to it and make dhcpd(8) listen there. > + > +<p> > +Note: the <a href="#DHCPserver">DHCP server configuration</a> is not > +described yet again in this section but the addressing scheme used here is > +the same. We will use IP address 192.168.1.2. > + > +<p>First mark the vr(4) interfaces as up: > + > +<blockquote><pre> > +$ <b>cat /etc/hostname.vr0</b> > +up > +$ <b>cat /etc/hostname.vr1</b> > +up > +$ <b>cat /etc/hostname.vr2</b> > +up > +$ <b>cat /etc/hostname.vr3</b> > +up > +</pre></blockquote> skip one interface (probably vr0) here (and in hostname.bridge0) I think, as mentioned above. > + > +<p> > +Then create the vether0 configuration: > + > +<blockquote><pre> > +$ <b>cat /etc/hostname.vether0</b> > +inet 192.168.1.2 255.255.255.0 192.168.1.255 > +up > +</pre></blockquote> > + > +<p> > +We configure the bridge interface to contain all the above > +interfaces: > + > +<blockquote><pre> > +$ <b>cat /etc/hostname.bridge0</b> > +add vether0 > +add vr0 > +add vr1 > +add vr2 > +add vr3 > +up > +</pre></blockquote> > + > +<p> > +And finally we make dhcpd(8) listen on the vether0 interface: > + > +<blockquote><pre> > +$ <b>grep ^dhcpd_flags= /etc/rc.conf.local</b> > +dhcpd_flags="vether0" > +</pre></blockquote> > + > +<p> > +Reboot and voilà! > > <p> > <h3>Filtering on a bridge</h3> Rest looks good to me. -- snip -- -- -- -- -- Index: faq6.html =================================================================== RCS file: /cvs/www/faq/faq6.html,v retrieving revision 1.304 diff -u -p -r1.304 faq6.html --- faq6.html 2 Nov 2012 11:25:12 -0000 1.304 +++ faq6.html 12 Feb 2013 11:10:41 -0000 @@ -1295,7 +1295,7 @@ address, the bridge will pass network da maintainable (which can be a feature). <p> -<h3>An example of a bridge application</h3> +<h3>A simple example of a bridge application</h3> <p> One of my computer racks has a number of older systems, none of which @@ -1367,6 +1367,81 @@ directions. <p> That's it! Reboot, and you now have a functioning bridge. + +<p> +<h3>A bridge acting as a DHCP server</h3> + +<p> +Let's say we have a Soekris net5501, which has four +<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vr&sektion=4";>vr(4)</a> +interfaces, vr0 through vr3. We want to bridge all of them so the +Soekris box actually acts as a switch. But we also want to serve IP +addresses through DHCP from it, which requires to have an IP address +assigned to the bridge. + +<p> +It is not possible to assign an IP address to a +<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=bridge&sektion=4";>bridge(4)</a> +interface. The IP address should be added to one of the underlying +interfaces, but we cannot use them as we are not guaranteed to have an +up link on them. With some Ethernet drivers indeed, dhcpd(8) will not +work unless there is a plugged cable. Fortunately, starting with +OpenBSD 4.7, there is a vitual Ethernet interface driver +<a href="http://www.openbsd.org/cgi-bin/man.cgi?query=vether&sektion=4";>vether(4)</a> +that can be used for that purpose. We will add it to the bridge, assign +the IP address to it and make dhcpd(8) listen there. + +<p> +Note: the <a href="#DHCPserver">DHCP server configuration</a> is not +described yet again in this section but the addressing scheme used here is +the same. We will use IP address 192.168.1.2. + +<p>First mark the vr(4) interfaces as up: + +<blockquote><pre> +$ <b>cat /etc/hostname.vr0</b> +up +$ <b>cat /etc/hostname.vr1</b> +up +$ <b>cat /etc/hostname.vr2</b> +up +$ <b>cat /etc/hostname.vr3</b> +up +</pre></blockquote> + +<p> +Then create the vether0 configuration: + +<blockquote><pre> +$ <b>cat /etc/hostname.vether0</b> +inet 192.168.1.2 255.255.255.0 192.168.1.255 +up +</pre></blockquote> + +<p> +We configure the bridge interface to contain all the above +interfaces: + +<blockquote><pre> +$ <b>cat /etc/hostname.bridge0</b> +add vether0 +add vr0 +add vr1 +add vr2 +add vr3 +up +</pre></blockquote> + +<p> +And finally we make dhcpd(8) listen on the vether0 interface: + +<blockquote><pre> +$ <b>grep ^dhcpd_flags= /etc/rc.conf.local</b> +dhcpd_flags="vether0" +</pre></blockquote> + +<p> +Reboot and voilà! <p> <h3>Filtering on a bridge</h3>
