From owner-freebsd-net@FreeBSD.ORG Thu Mar 2 05:34:32 2006 Return-Path: X-Original-To: freebsd-net@freebsd.org Delivered-To: freebsd-net@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B1B5316A420 for ; Thu, 2 Mar 2006 05:34:32 +0000 (GMT) (envelope-from freebsdnik@j2d.lam.net.au) Received: from ichimail.justnet.info (ichiban.broadband.sublimeip.com [203.217.17.194]) by mx1.FreeBSD.org (Postfix) with ESMTP id AF18D43D46 for ; Thu, 2 Mar 2006 05:34:30 +0000 (GMT) (envelope-from freebsdnik@j2d.lam.net.au) Received: from localhost (unknown [127.0.0.1]) by ichiban-mailfilter.justnet.info (Postfix) with ESMTP id 055E968877 for ; Thu, 2 Mar 2006 16:34:28 +1100 (EST) Received: from ichimail.justnet.info ([127.0.0.1]) by localhost (ichiban.justnet.info [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 23515-09 for ; Thu, 2 Mar 2006 16:34:27 +1100 (EST) Received: from [192.168.0.231] (dhcp1 [192.168.0.231]) by ichimail.justnet.info (Postfix) with ESMTP id E68E567F45 for ; Thu, 2 Mar 2006 16:34:25 +1100 (EST) Message-ID: <440683E2.8000009@j2d.lam.net.au> Date: Thu, 02 Mar 2006 16:34:26 +1100 From: Nik Lam User-Agent: Thunderbird 1.5 (Macintosh/20051201) MIME-Version: 1.0 To: freebsd-net@freebsd.org X-Virus-Scanned: amavisd-new at ichiban.justnet.info Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 8bit X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Subject: configuring if_bridge with stp at boot in /etc/rc.conf X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 02 Mar 2006 05:34:32 -0000 Hi, I'm trying to set up a pair of redundant (firewall) bridges which will allow fail-over using the spanning tree protocol (802.1d). Both hosts have similar hardware, HP NetServer LPr servers with dual pentium IIIs and and 4 interfaces - the onboard card (fxp0), a single port intel pro 1000 (em0) and a dual port intel pro 1000 (em1 and em2). fxp0 will be used used for management of the host (i.e. ssh etc) and has an IP address em0 will be used for pfsync with each host's counterpart via crossover cable em1 will be the "outside" end of the bridge connected to the switch with the gateway on it em2 will be the "inside" end of the bridge connected to the switch with the rest of the hosts on the LAN I'm running the GENERIC + SMP kernel built from 6.1-PRERELEASE from about the 23rd of February on both machines. I've not introduced anything to do with the firewall yet, I'm just trying to get STP working right now, however I'm having trouble in that the bridges don't seem to be set up properly if I try to configure them using directives in /etc/rc.conf. Here is my /etc/rc.conf which does not work: #--------- start rc.conf ------------------- defaultrouter="192.168.0.1" hostname="hashi-0.example.com" ifconfig_em1="up" ifconfig_em2="up" cloned_interfaces="bridge0" ifconfig_bridge0="addm em1 stp em1 addm em2 stp em2 hellotime 2 maxage 5 fwddelay 6 priority 10 up" ifconfig_fxp0="inet 192.168.0.245 netmask 255.255.255.0" ifconfig_em0="inet 192.168.100.245 netmask 255.255.255.0" ntpdate_enable="YES" ntpdate_flags="au.pool.ntp.org" sshd_enable="YES" usbd_enable="NO" sendmail_enable="NO" #--------- end rc.conf ------------------- At boot up, everything seems to be configured properly except that one of the members of the bridge stays disabled: hashi-0# ifconfig bridge0 bridge0: flags=8043 mtu 1500 ether ac:de:48:47:13:38 priority 10 hellotime 2 fwddelay 6 maxage 5 member: em2 flags=7 port 4 priority 128 path cost 55 disabled member: em1 flags=7 port 3 priority 128 path cost 55 forwarding hashi-0# ifconfig em2 em2: flags=8943 mtu 1500 options=8 inet6 fe80::204:23ff:fec9:1dc9%em2 prefixlen 64 scopeid 0x4 ether 00:04:23:c9:1d:c9 media: Ethernet autoselect (100baseTX ) status: active On the bright side, I _can_ get it to work if I use a variation on suggestion I saw here from Igor Madera Sepúlveda: http://lists.freebsd.org/mailman/htdig/freebsd-net/2006-January/009460.html Basically I remove all bridge configuration from /etc/rc.conf and just use a shell script from cron as follows: #-------- start if_bridgeStart.sh ------------- #!/bin/sh # Starts the bridge /sbin/ifconfig em1 up /sbin/ifconfig em2 up sleep 1 /sbin/ifconfig bridge0 create sleep 1 /sbin/ifconfig bridge0 addm em1 addm em2 sleep 1 /sbin/ifconfig bridge0 stp em1 stp em2 hellotime 2 maxage 5 fwddelay 6 sleep 1 /sbin/ifconfig bridge0 ifpriority em1 10 ifpathcost em1 10 sleep 1 /sbin/ifconfig bridge0 ifpriority em2 20 ifpathcost em2 20 sleep 1 /sbin/ifconfig bridge0 priority 10 sleep 1 /sbin/ifconfig bridge0 up #-------- end if_bridgeStart.sh ------------- Interestingly, if i replace all the "sleep 1" statements with "sleep 0" I get the same symptoms as with the rc.conf. So it would seem to be some kind of timing issue??? I've also tried switching things around in rc.conf to see if that would help such as the following, but it actually made things worse in that no member interfaces existed in bridge0: #--------- start rc.conf ------------------- defaultrouter="192.168.0.1" hostname="hashi-0.example.com" ifconfig_em1="up" ifconfig_em2="up" cloned_interfaces="bridge0" ifconfig_bridge0="addm em1 addm em2 up" ifconfig_bridge0="stp em1 stp em2 hellotime 2 maxage 5 fwddelay 6" ifconfig_bridge0="ifpriority em1 10 ifpathcost 10" ifconfig_bridge0="ifpriority em2 20 ifpathcost 20" ifconfig_bridge0="priority 10" ifconfig_bridge0="up" ifconfig_fxp0="inet 192.168.0.245 netmask 255.255.255.0" ifconfig_em0="inet 192.168.100.245 netmask 255.255.255.0" ntpdate_enable="YES" ntpdate_flags="au.pool.ntp.org" sshd_enable="YES" usbd_enable="NO" sendmail_enable="NO" #--------- end rc.conf ------------------- So, are there some secret rc.conf directives I can use or should I just stick with the cron kludge for the moment? Also, should we be disabling txcsum for em cards at the moment? Thanks in advance, Nik