Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 31 May 2010 01:32:17 -0700
From:      Jeremy Chadwick <freebsd@jdc.parodius.com>
To:        Giulio Ferro <auryn@zirakzigil.org>
Cc:        Max Laier <max@love2party.net>, freebsd-stable@freebsd.org, freebsd-net@freebsd.org
Subject:   Re: PF + BRIDGE still causes system freezing
Message-ID:  <20100531083217.GA74108@icarus.home.lan>
In-Reply-To: <4C03511D.6070807@zirakzigil.org>
References:  <4BFF589F.2050102@zirakzigil.org> <201005281320.51027.max@love2party.net> <4C03511D.6070807@zirakzigil.org>

next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, May 31, 2010 at 08:03:09AM +0200, Giulio Ferro wrote:
> Max Laier wrote:
> >On Friday 28 May 2010 07:46:07 Giulio Ferro wrote:
> >>Months ago I reported a system freezing whenever bridge was used
> >>with pf. This still happens now in 8.1 prerelease: after several minutes
> >>to hours
> >>that the bridge is active the system becomes unresponsive.
> >
> >as I told you last time your reported this problem: you need to
> >simplify your setup in order to track down the problem.  For all I
> >know, you have created a routing or ethernet loop that is the
> >cause of your problems.  Unless you can provide a simple setup
> >that can be reproduced, you have to track down the issue yourself
> >- sorry.
> >
> >Max
> 
> Ok, I've moved the vpn-bridging service to a server without pf, and now
> it seems to work correctly.
> 
> I maintain that this issue would need to look into, anyway...
> I don't think that a system freezing is acceptable, even when the
> administrator
> makes some configuration mistakes: the o.s. should complain about
> "routing or ethernet loop", without leaving him wondering...

We don't know if physical cabling loops are the problem here, but I'll
chime in with my two cents regardless.

If you're prone to making cabling mistakes that result in layer 2 loops
in your network, you should consider using protocols like spanning
tree[1] on your switches.  Be aware that STP induces a lot of other
problems and complexities which very likely *will* be seen as issues
within the OS (such as physical Ethernet link not coming up quickly,
taking instead maybe 60-120 full seconds).  I believe there are
extension protocols that address this (such as RSTP).

If you're actually using FreeBSD as a "smart switch", then there may be
some spanning tree software that works on FreeBSD.  I'm not familiar
with this setup or what software may be available.  The majority of
folks connect their FreeBSD machines to a switch, and those switches can
handle STP.

[1]: http://en.wikipedia.org/wiki/Spanning_tree_protocol

-- 
| Jeremy Chadwick                                   jdc@parodius.com |
| Parodius Networking                       http://www.parodius.com/ |
| UNIX Systems Administrator                  Mountain View, CA, USA |
| Making life hard for others since 1977.              PGP: 4BD6C0CB |




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20100531083217.GA74108>