Date: Thu, 10 Jun 2010 16:02:06 +0200 From: Ivan Voras <ivoras@freebsd.org> To: freebsd-net@freebsd.org Subject: Re: VLANs, routing, multicast and HP switches, oh my... Message-ID: <huqr8u$uak$1@dough.gmane.org> In-Reply-To: <AANLkTikZhyrufjNuUPhNDlDZ4iKp-KWN-AgcwUt1g1_p@mail.gmail.com> References: <AANLkTikZhyrufjNuUPhNDlDZ4iKp-KWN-AgcwUt1g1_p@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 06/09/10 22:35, Kurt Buff wrote: > All, > > I have in place a router that I built with FreeBSD (currently it's an > i386 build - 7.0-STABLE FreeBSD 7.0-STABLE #1: Mon Jul 28 18:59:13 PDT > 2008) on a whitebox with 3 dual-port NICs. > > the relevant data from /etc/rc.conf: > > defaultrouter="192.168.27.1" > gateway_enable="YES" > hostname="zrouter.example.com" > ifconfig_fxp0="inet 192.168.27.2 netmask 255.255.255.0" > ifconfig_fxp1="inet 10.0.0.1 netmask 255.255.255.0" > ifconfig_fxp2="inet 10.0.1.1 netmask 255.255.255.0" > ifconfig_fxp3="inet 10.0.2.1 netmask 255.255.255.0" > ifconfig_fxp4="inet 10.0.3.1 netmask 255.255.255.0" > ifconfig_fxp5="inet 10.0.4.1 netmask 255.255.255.0" > static_routes="nistnet" > route_nistnet="-net 10.0.5.0/24 10.0.4.60" > > It serves as a gateway between our production network > (192.168.27.0/24) and a set of engineering test/dev subnets - no > firewalling at the moment, just a simple router. Straightforward enough. > Now, however, the subnet on fxp4 is going to have an HP 2610 switch > attached to it, and they want to hang multiple subnets from that > interface. ... which doesn't necessarily translate to VLANs. You can assign an arbitrary number IP addresses to a single NIC without problems. > So, it looks to me as if I need to set up this box with a VLAN > configuration and some more routing intelligence than it has at the > moment. > > I'm looking at, among other pages, this one > http://www.cyberciti.biz/faq/howto-configure-freebsd-vlans-with-ifconfig-command/, > though I don't see much addressing these two subjects in the handbook. There's not much to say on the topic. The section which describes VLAN setup in the link you have given is correct. Each new virtual vlan device will behave as another NIC. The story behind VLANs is that they are an Ethernet-level routing kludge. Instead of having a flat topology, they divide it into chunks which may be routed separately on L2. On the FreeBSD side, the representation of this will be additional NICs which operate only on these "chunks" - virtual Ethernets which don't see packets from other VLANs even if they travel on the same wire(s). The physical NIC will need to "see" all packets indiscriminately (which is sometimes called a "trunk"), and the OS logic will then "divide" those packets into individual virtual vlan devices. Note that if you use VLANs, all active equipment involved will probably need to be able to understand and work with VLANs, and you will need to configure them all. To be able to use generic Ethernet clients (like Windows with low-end NICs), some kind of end-point equipment will need to strip VLAN tags before the packets reach them. But as I've said, maybe you don't need VLANs. Simply hang multiple IP subnets on normal Ethernet NICs.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?huqr8u$uak$1>