Home stretch on new network - if_bridge looking better
csszep at gmail.com
Thu Feb 24 10:34:01 PST 2011
Is there any chance to support more features in the bridge code? RSTP,
span port , filtering based on mac address â¦.
2011/2/24 Matthew Dillon <dillon at apollo.backplane.com>:
> Â Â I'm in the home stretch of finishing up the new DragonFly network!
> Â Â It's been pretty unstable the last week or so as I struggled first
> Â Â with the (now failed) attempt at using an at&t static block with
> Â Â U-Verse and then gave up on that and started working on running
> Â Â a VPN over a dynamic-IP based at&t U-Verse + comcast internet.
> Â Â I wanted bonding with failover.
> Â Â Most of my struggles with U-Verse were in dealing with the stateful
> Â Â firewall at&t has that cannot be turned off, even for the static
> Â Â IP block. Â It had serious issues dealing with many concurrent
> Â Â connections and would drop connections randomly (it would send a
> Â Â RST!). Â The VPN bypasses the whole mess.
> Â Â The last few days have been spent essentially rewriting half of
> Â Â if_bridge so it would work properly, and testing it while I am
> Â Â still tripple-homed (DSL, U-Verse, and ComCast). Â Well, it caused
> Â Â a lot of havoc on my network while I was beating it into shape
> Â Â and that's putting it mildly!
> Â Â But I think I now have if_bridge and openvpn and my ipfw and PF
> Â Â rules smacked into shape. Â I am going to implement line bonding
> Â Â in if_bridge today (on top of the spanning tree and failover
> Â Â which now works) and track down one or two remaining ARP issues
> Â Â and then I'll call it done. Â The basic setup is as shown below:
> Â Â Â Â http://apollo-vc.backplane.com/DFlyMisc/bridge1.txt
> Â Â Â Â http://apollo-vc.backplane.com/DFlyMisc/bridge2.txt
> Â Â Â Â + There are PF rules and ALTQs on each TAP interface to manage
> Â Â Â Â Â its outgoing bandwidth and keep network latencies down (on
> Â Â Â Â Â both sides of the VC).
> Â Â Â Â + IPFW forwarding (fwd) rules to manage multiple default routes
> Â Â Â Â Â based on the source IP.
> Â Â The spanning tree appears to be working properly with the 2x2 and
> Â Â the 3x3 'real' configuration I'm testing it with. Â Once I get
> Â Â line bonding working I expect my downlink to achieve ~30MBits+
> Â Â and my uplink will be 4.8MBits. Â I'm seriously considering keeping
> Â Â both U-Verse and ComCast and just paring the service levels down
> Â Â a little (top tier isn't needed). Â The poor old DSL with its 600KBit
> Â Â uplink is going to hit the trash heap. Â It might have been slow, but
> Â Â that ISP served my old /26 static block fairly well for many years.
> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â -Matt
> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Matthew Dillon
> Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â Â <dillon at backplane.com>
More information about the Users