Home stretch on new network - if_bridge looking better

Matthew Dillon dillon at apollo.backplane.com
Thu Feb 24 09:55:42 PST 2011


    I'm in the home stretch of finishing up the new DragonFly network!
    It's been pretty unstable the last week or so as I struggled first
    with the (now failed) attempt at using an at&t static block with
    U-Verse and then gave up on that and started working on running
    a VPN over a dynamic-IP based at&t U-Verse + comcast internet.
    I wanted bonding with failover.

    Most of my struggles with U-Verse were in dealing with the stateful
    firewall at&t has that cannot be turned off, even for the static
    IP block.  It had serious issues dealing with many concurrent
    connections and would drop connections randomly (it would send a
    RST!).  The VPN bypasses the whole mess.

    The last few days have been spent essentially rewriting half of
    if_bridge so it would work properly, and testing it while I am
    still tripple-homed (DSL, U-Verse, and ComCast).  Well, it caused
    a lot of havoc on my network while I was beating it into shape
    and that's putting it mildly!

    But I think I now have if_bridge and openvpn and my ipfw and PF
    rules smacked into shape.  I am going to implement line bonding
    in if_bridge today (on top of the spanning tree and failover
    which now works) and track down one or two remaining ARP issues
    and then I'll call it done.  The basic setup is as shown below:

	http://apollo-vc.backplane.com/DFlyMisc/bridge1.txt
	http://apollo-vc.backplane.com/DFlyMisc/bridge2.txt

	+ There are PF rules and ALTQs on each TAP interface to manage
	  its outgoing bandwidth and keep network latencies down (on
	  both sides of the VC).

	+ IPFW forwarding (fwd) rules to manage multiple default routes
	  based on the source IP.

    The spanning tree appears to be working properly with the 2x2 and
    the 3x3 'real' configuration I'm testing it with.  Once I get
    line bonding working I expect my downlink to achieve ~30MBits+
    and my uplink will be 4.8MBits.  I'm seriously considering keeping
    both U-Verse and ComCast and just paring the service levels down
    a little (top tier isn't needed).  The poor old DSL with its 600KBit
    uplink is going to hit the trash heap.  It might have been slow, but
    that ISP served my old /26 static block fairly well for many years.

					-Matt
					Matthew Dillon 
					<dillon at backplane.com>





More information about the Users mailing list