Date: Thu, 02 Mar 2006 16:34:26 +1100 From: Nik Lam <freebsdnik@j2d.lam.net.au> To: freebsd-net@freebsd.org Subject: configuring if_bridge with stp at boot in /etc/rc.conf Message-ID: <440683E2.8000009@j2d.lam.net.au>
next in thread | raw e-mail | index | archive | help
Hi,
I'm trying to set up a pair of redundant (firewall) bridges which will
allow fail-over using the spanning tree protocol (802.1d).
Both hosts have similar hardware, HP NetServer LPr servers with dual
pentium IIIs and and 4 interfaces - the onboard card (fxp0), a single
port intel pro 1000 (em0) and a dual port intel pro 1000 (em1 and em2).
fxp0 will be used used for management of the host (i.e. ssh etc) and has
an IP address
em0 will be used for pfsync with each host's counterpart via crossover cable
em1 will be the "outside" end of the bridge connected to the switch with
the gateway on it
em2 will be the "inside" end of the bridge connected to the switch with
the rest of the hosts on the LAN
I'm running the GENERIC + SMP kernel built from 6.1-PRERELEASE from
about the 23rd of February on both machines.
I've not introduced anything to do with the firewall yet, I'm just
trying to get STP working right now, however I'm having trouble in that
the bridges don't seem to be set up properly if I try to configure them
using directives in /etc/rc.conf.
Here is my /etc/rc.conf which does not work:
#--------- start rc.conf -------------------
defaultrouter="192.168.0.1"
hostname="hashi-0.example.com"
ifconfig_em1="up"
ifconfig_em2="up"
cloned_interfaces="bridge0"
ifconfig_bridge0="addm em1 stp em1 addm em2 stp em2 hellotime 2 maxage 5
fwddelay 6 priority 10 up"
ifconfig_fxp0="inet 192.168.0.245 netmask 255.255.255.0"
ifconfig_em0="inet 192.168.100.245 netmask 255.255.255.0"
ntpdate_enable="YES"
ntpdate_flags="au.pool.ntp.org"
sshd_enable="YES"
usbd_enable="NO"
sendmail_enable="NO"
#--------- end rc.conf -------------------
At boot up, everything seems to be configured properly except that one
of the members of the bridge stays disabled:
hashi-0# ifconfig bridge0
bridge0: flags=8043<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether ac:de:48:47:13:38
priority 10 hellotime 2 fwddelay 6 maxage 5
member: em2 flags=7<LEARNING,DISCOVER,STP>
port 4 priority 128 path cost 55 disabled
member: em1 flags=7<LEARNING,DISCOVER,STP>
port 3 priority 128 path cost 55 forwarding
hashi-0# ifconfig em2
em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
options=8<VLAN_MTU>
inet6 fe80::204:23ff:fec9:1dc9%em2 prefixlen 64 scopeid 0x4
ether 00:04:23:c9:1d:c9
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
On the bright side, I _can_ get it to work if I use a variation on
suggestion I saw here from Igor Madera Sepúlveda:
http://lists.freebsd.org/mailman/htdig/freebsd-net/2006-January/009460.html
Basically I remove all bridge configuration from /etc/rc.conf and just
use a shell script from cron as follows:
#-------- start if_bridgeStart.sh -------------
#!/bin/sh
# Starts the bridge
/sbin/ifconfig em1 up
/sbin/ifconfig em2 up
sleep 1
/sbin/ifconfig bridge0 create
sleep 1
/sbin/ifconfig bridge0 addm em1 addm em2
sleep 1
/sbin/ifconfig bridge0 stp em1 stp em2 hellotime 2 maxage 5 fwddelay 6
sleep 1
/sbin/ifconfig bridge0 ifpriority em1 10 ifpathcost em1 10
sleep 1
/sbin/ifconfig bridge0 ifpriority em2 20 ifpathcost em2 20
sleep 1
/sbin/ifconfig bridge0 priority 10
sleep 1
/sbin/ifconfig bridge0 up
#-------- end if_bridgeStart.sh -------------
Interestingly, if i replace all the "sleep 1" statements with "sleep 0"
I get the same symptoms as with the rc.conf. So it would seem to be
some kind of timing issue???
I've also tried switching things around in rc.conf to see if that would
help such as the following, but it actually made things worse in that no
member interfaces existed in bridge0:
#--------- start rc.conf -------------------
defaultrouter="192.168.0.1"
hostname="hashi-0.example.com"
ifconfig_em1="up"
ifconfig_em2="up"
cloned_interfaces="bridge0"
ifconfig_bridge0="addm em1 addm em2 up"
ifconfig_bridge0="stp em1 stp em2 hellotime 2 maxage 5 fwddelay 6"
ifconfig_bridge0="ifpriority em1 10 ifpathcost 10"
ifconfig_bridge0="ifpriority em2 20 ifpathcost 20"
ifconfig_bridge0="priority 10"
ifconfig_bridge0="up"
ifconfig_fxp0="inet 192.168.0.245 netmask 255.255.255.0"
ifconfig_em0="inet 192.168.100.245 netmask 255.255.255.0"
ntpdate_enable="YES"
ntpdate_flags="au.pool.ntp.org"
sshd_enable="YES"
usbd_enable="NO"
sendmail_enable="NO"
#--------- end rc.conf -------------------
So, are there some secret rc.conf directives I can use or should I just
stick with the cron kludge for the moment?
Also, should we be disabling txcsum for em cards at the moment?
Thanks in advance,
Nik
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?440683E2.8000009>