Great news! Is there any chance to support more features in the bridge code? RSTP, span port , filtering based on mac address ….
Godot 2011/2/24 Matthew Dillon <dil...@apollo.backplane.com>: > I'm in the home stretch of finishing up the new DragonFly network! > It's been pretty unstable the last week or so as I struggled first > with the (now failed) attempt at using an at&t static block with > U-Verse and then gave up on that and started working on running > a VPN over a dynamic-IP based at&t U-Verse + comcast internet. > I wanted bonding with failover. > > Most of my struggles with U-Verse were in dealing with the stateful > firewall at&t has that cannot be turned off, even for the static > IP block. It had serious issues dealing with many concurrent > connections and would drop connections randomly (it would send a > RST!). The VPN bypasses the whole mess. > > The last few days have been spent essentially rewriting half of > if_bridge so it would work properly, and testing it while I am > still tripple-homed (DSL, U-Verse, and ComCast). Well, it caused > a lot of havoc on my network while I was beating it into shape > and that's putting it mildly! > > But I think I now have if_bridge and openvpn and my ipfw and PF > rules smacked into shape. I am going to implement line bonding > in if_bridge today (on top of the spanning tree and failover > which now works) and track down one or two remaining ARP issues > and then I'll call it done. The basic setup is as shown below: > > http://apollo-vc.backplane.com/DFlyMisc/bridge1.txt > http://apollo-vc.backplane.com/DFlyMisc/bridge2.txt > > + There are PF rules and ALTQs on each TAP interface to manage > its outgoing bandwidth and keep network latencies down (on > both sides of the VC). > > + IPFW forwarding (fwd) rules to manage multiple default routes > based on the source IP. > > The spanning tree appears to be working properly with the 2x2 and > the 3x3 'real' configuration I'm testing it with. Once I get > line bonding working I expect my downlink to achieve ~30MBits+ > and my uplink will be 4.8MBits. I'm seriously considering keeping > both U-Verse and ComCast and just paring the service levels down > a little (top tier isn't needed). The poor old DSL with its 600KBit > uplink is going to hit the trash heap. It might have been slow, but > that ISP served my old /26 static block fairly well for many years. > > -Matt > Matthew Dillon > <dil...@backplane.com> >