Re: FreeBSD Networking Questions / vlan, lagg, routing, FIBs, ezjail
Now, it is my suspicion that the apparent need for promisc at the router end indeed is an apperent one and not really the router's fault but rather the other end's. The other end, in this case, is the server below. If the server, with its single MIB, default-routes its packets through one specific of its vlans which may not be the one, at the router's end, with the corresponding IP network the traffic entered into the net, would it be possible that there's something preventing them be received? Unless there's promisc on, of course... I'll grab the laptop next time I think of it and have the switch monitor traffic to it to see what really is on the wire, maybe that helps and gives me a clue. I just keep forgetting the bl**dy thing each time I leave... Ok, after a good portion of fiddling with the switch, it seems that you cannot copy traffic from link-aggregated ports to a monitor port on a Linksys SRW2016. Now out at my wits end here it seems. I'll try the FIB approach hopefully next week then. - On my server, is there any way to set up individual default routes (to the router) for each of the vlans short of tucking the ezjails behind the vlan interfaces each into their own FIB (btw,. has anyone ever done that?)? Yes, from FreeBSD-7.1 and beyond, there is support for up to 16 routing tables. Use the setfib command to select routing table for outgoing connections. So, I interpret your response as that I am correct, I have a single default route per FIB, and that's it. Which effectively means that I do need FIBs. I agree that this behaviour might make some sense :) Something like, setfib 10 jail $JAILOPTSANDARGS, in the jail case. You have to compile a kernel with the option ROUTETABLES=n. Read the message for revision 1.1485 from here: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/conf/NOTES (...) Generally speaking, or rather, inquiring, has anyone ever done FIBs with ezjail? It probably is very easy, and I consider(ed) looking into it myself but I currently spend about max. an hour every 2-3 days on FreeBSE so I don't really progress. Well, might eventually, but that'll be dunno when. But well, such is life, and this is pleasure not work :) and I hope to learn something useful on the way. (...) [1] http://lists.freebsd.org/pipermail/freebsd-arch/2007-December/007331.html Regards, Peter. -- Pt! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger01 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Networking Questions / vlan, lagg, routing, FIBs, ezjail
Hiya Nikos, re list, Hm, the promiscuous mode must be needed for the vlan driver. But you don't have to set it. It does not work without, at the router end. Suspicions, please see below. I can't think of any implication in a switched ethernet environment. It is just that every frame received from the cable is offered to the operating system for further evaluation. In a switched ethernet environment every frame that will reach your card will be either: 1) for you. 2) a broadcast frame. 3) a multicast frame. And hence there should be no (notable) effect. That is my interpretation, yes. Things would be very different, if your system was connected to a hub where a multitude of frames(every frame on the ethernet) would be interrupting the kernel for no reason. Exactly. But I connect to a switch and hence expect the behaviour detailed above. Now, it is my suspicion that the apparent need for promisc at the router end indeed is an apperent one and not really the router's fault but rather the other end's. The other end, in this case, is the server below. If the server, with its single MIB, default-routes its packets through one specific of its vlans which may not be the one, at the router's end, with the corresponding IP network the traffic entered into the net, would it be possible that there's something preventing them be received? Unless there's promisc on, of course... I'll grab the laptop next time I think of it and have the switch monitor traffic to it to see what really is on the wire, maybe that helps and gives me a clue. I just keep forgetting the bl**dy thing each time I leave... - On my server, is there any way to set up individual default routes (to the router) for each of the vlans short of tucking the ezjails behind the vlan interfaces each into their own FIB (btw,. has anyone ever done that?)? Yes, from FreeBSD-7.1 and beyond, there is support for up to 16 routing tables. Use the setfib command to select routing table for outgoing connections. So, I interpret your response as that I am correct, I have a single default route per FIB, and that's it. Which effectively means that I do need FIBs. I agree that this behaviour might make some sense :) Something like, setfib 10 jail $JAILOPTSANDARGS, in the jail case. You have to compile a kernel with the option ROUTETABLES=n. Read the message for revision 1.1485 from here: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/conf/NOTES I have seen that section as a separate posting [1] which is why I suspected to possibly be able to resolve my issues above with it. It is my intention to insert 4 to 8 FIBs asap but I currently don't know when I take my time doing so. Generally speaking, or rather, inquiring, has anyone ever done FIBs with ezjail? It probably is very easy, and I consider(ed) looking into it myself but I currently spend about max. an hour every 2-3 days on FreeBSE so I don't really progress. Well, might eventually, but that'll be dunno when. But well, such is life, and this is pleasure not work :) and I hope to learn something useful on the way. Thanks a lot, and All the best, Peter. [1] http://lists.freebsd.org/pipermail/freebsd-arch/2007-December/007331.html -- Pt! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger01 ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
Re: FreeBSD Networking Questions / vlan, lagg, routing, FIBs, ezjail
Peter Cornelius wrote: - On my router, why do I have to set the base interface to promiscuous mode in order to get packets from/to my vlans through? Am I doing something wrong? Are there any implications of working this way? Hm, the promiscuous mode must be needed for the vlan driver. But you don't have to set it. I can't think of any implication in a switched ethernet environment. It is just that every frame received from the cable is offered to the operating system for further evaluation. In a switched ethernet environment every frame that will reach your card will be either: 1) for you. 2) a broadcast frame. 3) a multicast frame. Things would be very different, if your system was connected to a hub where a multitude of frames(every frame on the ethernet) would be interrupting the kernel for no reason. - On my server, is there any way to set up individual default routes (to the router) for each of the vlans short of tucking the ezjails behind the vlan interfaces each into their own FIB (btw,. has anyone ever done that?)? Yes, from FreeBSD-7.1 and beyond, there is support for up to 16 routing tables. Use the setfib command to select routing table for outgoing connections. Something like, setfib 10 jail $JAILOPTSANDARGS, in the jail case. You have to compile a kernel with the option ROUTETABLES=n. Read the message for revision 1.1485 from here: http://www.freebsd.org/cgi/cvsweb.cgi/src/sys/conf/NOTES Nikos ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
FreeBSD Networking Questions / vlan, lagg, routing, FIBs, ezjail
Dear all, While I'm at it, I don't seem to be able to get my head around some networking items I observed (currently only vlan(4), not ng_vlan(4), if that makes a difference): - On my router, why do I have to set the base interface to promiscuous mode in order to get packets from/to my vlans through? Am I doing something wrong? Are there any implications of working this way? - On my server, is there any way to set up individual default routes (to the router) for each of the vlans short of tucking the ezjails behind the vlan interfaces each into their own FIB (btw,. has anyone ever done that?)? So I'm stuck and would appreciate a hand. It probably is something pretty obvious which I persistently ignore, or something stupid I attempt to do here but I got curious now :) Thanks a lot, and All the best, Peter. -- Nur bis 16.03.! DSL-Komplettanschluss inkl. WLAN-Modem für nur 17,95 ¿/mtl. + 1 Monat gratis!* http://dsl.gmx.de/?ac=OM.AD.PD003K11308T4569a ___ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to freebsd-questions-unsubscr...@freebsd.org
