Date: Mon, 06 Mar 2006 08:20:22 -0800 From: "Shawn Saunders" <saundersconsult@hotmail.com> To: dionch@freemail.gr Cc: freebsd-net@freebsd.org Subject: Re: Trying to make a Host into a gigabit hub for testing Message-ID: <BAY115-F28E51B366A84A480DF4600BAE90@phx.gbl> In-Reply-To: <4356E47D.605@freemail.gr>
next in thread | previous in thread | raw e-mail | index | archive | help
>From: Chris Dionissopoulos <dionch@freemail.gr> >Reply-To: dionch@freemail.gr >To: Shawn Saunders <saundersconsult@hotmail.com> >CC: freebsd-net@freebsd.org >Subject: Re: Trying to make a Host into a gigabit hub for testing >Date: Thu, 20 Oct 2005 03:27:41 +0300 >MIME-Version: 1.0 >Received: from mx2.freebsd.org ([216.136.204.119]) by mc7-f42.hotmail.com >with Microsoft SMTPSVC(6.0.3790.211); Wed, 19 Oct 2005 17:29:08 -0700 >Received: from hub.freebsd.org (hub.freebsd.org [216.136.204.18])by >mx2.freebsd.org (Postfix) with ESMTP id 656895B21A;Thu, 20 Oct 2005 >00:29:05 +0000 (GMT)(envelope-from owner-freebsd-net@freebsd.org) >Received: from hub.freebsd.org (localhost [127.0.0.1])by hub.freebsd.org >(Postfix) with ESMTP id C0E6216A423;Thu, 20 Oct 2005 00:29:01 +0000 >(GMT)(envelope-from owner-freebsd-net@freebsd.org) >Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])by >hub.freebsd.org (Postfix) with ESMTP id DD73616A41Ffor ><freebsd-net@freebsd.org>; Thu, 20 Oct 2005 00:28:47 +0000 >(GMT)(envelope-from dionch@freemail.gr) >Received: from smtp.freemail.gr (smtp.freemail.gr [213.239.180.35])by >mx1.FreeBSD.org (Postfix) with ESMTP id 5364843D5Afor ><freebsd-net@freebsd.org>; Thu, 20 Oct 2005 00:28:47 +0000 >(GMT)(envelope-from dionch@freemail.gr) >Received: by smtp.freemail.gr (Postfix, from userid 101)id C34DCBC047; Thu, >20 Oct 2005 03:28:45 +0300 (EEST) >Received: from [10.0.0.1] (vdp1003.ath03.dsl.hol.gr >[62.38.168.4])bysmtp.freemail.gr (Postfix) with ESMTP id 18E14BC037;Thu, 20 >Oct 2005 03:28:44 +0300 (EEST) >X-Message-Info: JGTYoYF78jEHjJx36Oi8+Z3TmmkSEdPtfpLB7P/ybN8= >X-Original-To: freebsd-net@freebsd.org >Delivered-To: freebsd-net@freebsd.org >User-Agent: Mozilla Thunderbird 1.0.6 (Windows/20050716) >X-Accept-Language: en-us, en >References: <BAY101-F311E5D4CB110662746F404BA700@phx.gbl> >X-BeenThere: freebsd-net@freebsd.org >X-Mailman-Version: 2.1.5 >Precedence: list >List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org> >List-Unsubscribe: ><http://lists.freebsd.org/mailman/listinfo/freebsd-net>,<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>; >List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>; >List-Post: <mailto:freebsd-net@freebsd.org> >List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help> >List-Subscribe: ><http://lists.freebsd.org/mailman/listinfo/freebsd-net>,<mailto:freebsd-net-request@freebsd.org?subject=subscribe>; >Errors-To: owner-freebsd-net@freebsd.org >Return-Path: owner-freebsd-net@freebsd.org >X-OriginalArrivalTime: 20 Oct 2005 00:29:08.0388 (UTC) >FILETIME=[48E05640:01C5D50D] > >SS>I am setting up a test environment with multiple IDS's. ngctl looks >like a solution but it is not broadcasting all packets to all interfaces as >the documentation appears to state it should. I've probably made some >error in configuration. >SS> >SS>My goal is to put em0 into a spanned port in promiscuous mode and >broadcast all traffic from that port out the other network interfaces. I >plan on having em0 (gigabit) and 6 other gigabit interfaces. Each will >then echo the same traffic to six other machines (IDS's) for testing. >SS> >SS>The proof of concept with a gigabit (EM0) and 4 10/100 ethernets (sfx). >The 10/100's will be replaced for implementation. >SS> >SS>Any help would be appreciated. My config follows: > >Hi, >Why to use ng_fec and ng_one2many together? >how about something simplier, like: > > +----------+ -->-sf0:lower--->wire >wire>--em:lower->| one2many | -->-sf1:lower--->wire > | | -->-sf2:lower--->wire > +----------+ -->sf3:lower--->wire > >ngctl mkpeer em0: one2many lower one >ngctl name em0:lower o2m >ngctl connect sf0: o2m lower many0 >ngctl connect sf1: o2m lower many1 >ngctl connect sf2: o2m lower many2 >ngctl connect sf3: o2m lower many3 >ngctl msg o2m setconfig "{ xmitAlg=2 failAlg=1 enabledLinks=[1 1 1 1 1] }" > >ngctl msg sf0: setpromisc 1 >ngctl msg sf0: setautosrc 0 >ngctl msg sf1: setpromisc 1 >ngctl msg sf1: setautosrc 0 >ngctl msg sf2: setpromisc 1 >ngctl msg sf2: setautosrc 0 >ngctl msg sf3: setpromisc 1 >ngctl msg sf3: setautosrc 0 >ngctl msg em0: setpromisc 1 >ngctl msg em0: setautosrc 0 > >This keeps kernel-stack isolated from traffic, I think >(and all interfaces involved layer2 unreachable from outsiders). > >Just tell us if its working for you. > >Chris. > Chris, Your help was greatly appreciated. I posted the STATS on our tests and hope that was informative. It went very well. Now we have a slightly different scenario, and ng_hub sounds like the perfect solution: I need to have 2 different incoming ports data put together and out as a group to 4 other ports. I need to have 3 differnet incoming ports data put together and then redirected out 2 other ports. Basically will ng_hub allow me to have a setup whereby I can have data coming in via Port A, B, and C, and it goes out on only ports, D, E, F, and G? Not ports A, B, or C? Shawn
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?BAY115-F28E51B366A84A480DF4600BAE90>