Date: Tue, 21 Apr 2009 11:47:41 -0700 From: Chris Cowart <ccowart@rescomp.berkeley.edu> To: Howard Jones <howie@thingy.com> Cc: freebsd-questions@freebsd.org Subject: Re: IPFW/Dummynet/Bridging with VLAN trunks? Message-ID: <20090421184741.GG40655@hal.rescomp.berkeley.edu> In-Reply-To: <49EDD6BE.1010404@thingy.com> References: <49EDD6BE.1010404@thingy.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Oiv9uiLrevHtW1RS Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable Howard Jones wrote: > I'm trying to use Dummynet+IPFW and bridging to make a packet shaper > that runs across multiple VLANs. So my intended set up is: >=20 > [users]->[Aggregate Switch]=3D>[FreeBSD]=3D>[Upstream Switch (with IP > interfaces for each vlan)]->The World >=20 > where -> is a single VLAN, and =3D> is a tagged dot1q trunk. The aim is to > drop the FreeBSD box in the middle, in one trunked uplink, and cover all > the VLANs downstream of that. >=20 > Should this work? >=20 > In practice, the bridging seems to work OK, but as soon as I add rules > to match traffic passing through and apply it to pipes, everything > stops. I can use tcpdump's vlan option to filter traffic on em0, em1 or > bridge0 and it does show only traffic for that vlan, so tags are being > preserved... >=20 > Ideally, I'd like to use the dot1q tag in ipfw rules directly, and avoid > ip ranges, but I don't think that's possible. Is there some special > incantation to make ipfw vlan-aware? >=20 > Has anyone else done this successfully? This is how I do it: ipfw pipe 1 all from any to any in via vlan20 ipfw pipe 2 all from any to any in via vlan40=20 But in my configuration, bridge0 has members vlan20 and vlan40. I would create a separate bridge with vlan21 and vlan41.=20 I don't think ipfw can filter on dot1q tags yet, though. There was a lot of layer 2 filtering capability in a patch floating around for 8-CURRENT, but I'm not sure of its status, nor whether dot1q filtering was implemented. --=20 Chris Cowart Network Technical Lead Network & Infrastructure Services, RSSP-IT UC Berkeley --Oiv9uiLrevHtW1RS Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.10 (FreeBSD) iQIcBAEBAwAGBQJJ7hTNAAoJEIGh6j3cHUNPbmwQAKOSXDF9fk7f31oc3et3XFxc S9TS0jLJROhwl/l3ybrcJgwBgS2E37Q5VjovCkyHPestVhUdDCNirPkkMQHzdqpa 5dwcRdO6vooYLoykfJqHPwMN9vNM9UOkWx0xNh9ypDYpPHNCzexCXlwLgA15lnnC RFgeu/umd2OKYopH3usHl5TcmhET3UfLn8wKc5s2itVoPSbKsKGI/uCt7aPIY+7T 7kLqrZj04AF3pZj+Oi7KZ3aVwGA7ZY+QRookoO4QLwpYGNTDZ6xTmhRK1B6ZJJt5 3mGGOi/HZl09wlxm+/K/LBRdM28eGcVHtlDWM6zxz24HpTWbHa3pl2QbHbzb8muX wHleLgVP0sjRtC8eki162tfenhqDlv5IjMSwl4aXT+RW8BMkEE5ztB4TK49djH+J kDz7lD3SUOGHM56LlisJZ+9nLFxbNScxyRdEUkNKX1V5DFUJ9mHhQVZAhWNcnpFT nZaoPWgcExMGsUGWuHtn4Cg9yUqJWwgbnUEJGS+Pc/gTEbMG24N9lLAgcpvUj94r QgN+Lpz0eDwBf/jxBsSRjiA7Y/QeEu8dPIl0KegY08CN/hX/PyRiU+evCZkuhOIz J4iHkTiHYMTCtHGbUPJglp9/y39RauUUJcu2NXAhQvPhNXokUA2io94x17EvCf5Z o+/8fMx1jJU1Q8bx98UI =RF63 -----END PGP SIGNATURE----- --Oiv9uiLrevHtW1RS--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20090421184741.GG40655>