From owner-freebsd-stable@freebsd.org Thu Apr 16 08:38:56 2020 Return-Path: Delivered-To: freebsd-stable@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 4125D2B66F4 for ; Thu, 16 Apr 2020 08:38:56 +0000 (UTC) (envelope-from peter.blok@bsd4all.org) Received: from smtpq5.tb.mail.iss.as9143.net (smtpq5.tb.mail.iss.as9143.net [212.54.42.168]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 492t1C511Sz4CM6 for ; Thu, 16 Apr 2020 08:38:55 +0000 (UTC) (envelope-from peter.blok@bsd4all.org) Received: from [212.54.42.135] (helo=smtp11.tb.mail.iss.as9143.net) by smtpq5.tb.mail.iss.as9143.net with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1jP02w-0005ZL-8T for freebsd-stable@freebsd.org; Thu, 16 Apr 2020 10:38:54 +0200 Received: from 94-209-85-88.cable.dynamic.v4.ziggo.nl ([94.209.85.88] helo=wan0.bsd4all.org) by smtp11.tb.mail.iss.as9143.net with esmtp (Exim 4.90_1) (envelope-from ) id 1jP02w-0002c4-4H for freebsd-stable@freebsd.org; Thu, 16 Apr 2020 10:38:54 +0200 Received: from newnas.bsd4all.local (localhost [127.0.0.1]) by wan0.bsd4all.org (Postfix) with ESMTP id BFFE5212 for ; Thu, 16 Apr 2020 10:38:53 +0200 (CEST) X-Virus-Scanned: amavisd-new at bsd4all.org Received: from wan0.bsd4all.org ([127.0.0.1]) by newnas.bsd4all.local (newnas.bsd4all.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id XU0s40zXBTJt for ; Thu, 16 Apr 2020 10:38:52 +0200 (CEST) Received: from [192.168.1.65] (unknown [192.168.1.65]) by wan0.bsd4all.org (Postfix) with ESMTPSA id B7711211 for ; Thu, 16 Apr 2020 10:38:52 +0200 (CEST) From: peter.blok@bsd4all.org Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.14\)) Subject: Re: CFT: if_bridge performance improvements Date: Thu, 16 Apr 2020 10:38:52 +0200 In-Reply-To: <26AE78A9-551E-4118-9955-DABD9745B380@FreeBSD.org> Cc: FreeBSD Stable References: <0C115843-FB05-40D7-B1D7-F9B7842E9B54@FreeBSD.org> <467E538C-05C3-45B7-935B-FB20F6E20B01@longcount.org> <26AE78A9-551E-4118-9955-DABD9745B380@FreeBSD.org> Message-Id: <95EF05A2-5193-4BF0-A775-021819ABD961@bsd4all.org> X-Mailer: Apple Mail (2.3445.104.14) X-SourceIP: 94.209.85.88 X-Ziggo-spambar: / X-Ziggo-spamscore: 0.0 X-Ziggo-spamreport: CMAE Analysis: v=2.3 cv=du1A92o4 c=1 sm=1 tr=0 a=LYXyOGYQqFYBMgK+Y6iqTg==:17 a=jpOVt7BSZ2e4Z31A5e1TngXxSK0=:19 a=9cW_t1CCXrUA:10 a=IkcTkHD0fZMA:10 a=cl8xLZFz6L8A:10 a=6I5d2MoRAAAA:8 a=AJXH2NDoAAAA:8 a=u47AiZt3kLW6PT0XFisA:9 a=QEXdDO2ut3YA:10 a=IjZwj45LgO3ly-622nXo:22 a=uCuhrRYJh29-2kTIydwK:22 X-Ziggo-Spam-Status: No X-Spam-Status: No X-Spam-Flag: No X-Rspamd-Queue-Id: 492t1C511Sz4CM6 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of peter.blok@bsd4all.org designates 212.54.42.168 as permitted sender) smtp.mailfrom=peter.blok@bsd4all.org X-Spamd-Result: default: False [-2.76 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; RCVD_COUNT_FIVE(0.00)[6]; RECEIVED_SPAMHAUS_PBL(0.00)[88.85.209.94.khpj7ygk5idzvmvt5x4ziurxhy.zen.dq.spamhaus.net : 127.0.0.11]; RCVD_TLS_LAST(0.00)[]; R_SPF_ALLOW(-0.20)[+a:smtp.ziggo.nl/16]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-stable@freebsd.org]; DMARC_NA(0.00)[bsd4all.org]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.99)[-0.992,0]; IP_SCORE(-2.90)[ip: (-8.00), ipnet: 212.54.32.0/20(-4.07), asn: 33915(-2.44), country: NL(0.03)]; TO_DN_ALL(0.00)[]; FROM_NO_DN(0.00)[]; MISSING_TO(2.00)[]; MV_CASE(0.50)[]; NEURAL_HAM_MEDIUM(-0.98)[-0.975,0]; RCVD_IN_DNSWL_LOW(-0.10)[168.42.54.212.list.dnswl.org : 127.0.5.1]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:33915, ipnet:212.54.32.0/20, country:NL]; MID_RHS_MATCH_FROM(0.00)[]; FROM_EQ_ENVFROM(0.00)[] X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 Apr 2020 08:38:56 -0000 Hi Mark/Kristof, I have been using ng_bridge for more than a year. It was very stable and = it allowed to have members with different MTU. My jails were using jng = to setup the bridge and I changed iohyve to use ng_bridge. But I recently switched to if_bridge. I needed to have pf work on a = member interface, which wasn=E2=80=99t easy with ng_bridge. It was not = easy to make it work due to two members (VLAN) coming frome the same = trunk.The behavior was erratic. I have a trusted VLAN bridged to an untrusted physical and Wifi network. = All members are on the same IP segment, but with pf I can make sure that = the untrusted IOT devices are only able to go outside towards the = internet. The untrusted devices can=E2=80=99t create connections to the = trusted devices, but the trusted devices can create connections to the = untrusted devices. Another issue I found with pf was with "set skip on bridge=E2=80=9D. It = doesn=E2=80=99t work on the interface group, unless a bridge exists = prior to enabling pf. Makes sense, but I didn=E2=80=99t think of it. = Other rules work fine with interface groups. My jails and bhyve now runs fine with if_bridge, which is easier to = setup and I don=E2=80=99t need any changes in iohyve. Peter=20 > On 16 Apr 2020, at 09:44, Kristof Provost wrote: >=20 > Hi Mark, >=20 > I wouldn=E2=80=99t expect these changes to make a difference in the = performance of this setup. > My work mostly affects setups with multi-core systems that see a lot = of traffic. Even before these changes I=E2=80=99d expect the if_bridge = code to saturate a wifi link easily. >=20 > I also wouldn=E2=80=99t expect ng_bridge vs. if_bridge to make a = significant difference in wifi features. >=20 > Best regards, > Kristof >=20 > On 16 Apr 2020, at 3:56, Mark Saad wrote: >=20 >> Kristof >> Up until a month ago I ran a set of FreeBSD based ap in my house and = even long ago at work . They were Pc engines apu =E2=80=98s or Alix=E2=80=99= s with one em/igb nic and one ath nic in a bridge . They worked well = for a long time however the need for more robust wifi setup caused me to = swap them out with cots aps from tp-link . The major issues were the = lack of WiFi features and standards that work oob on Linux based aps . >>=20 >> So I always wanted to experiment with ng_bridge vs if_bridge for the = same task . But I never got around to it . Do you have any insight into = using one vs the other . Imho if_bridge is easier to setup and get = working . >>=20 >>=20 >> --- >> Mark Saad | nonesuch@longcount.org >>=20 >>> On Apr 15, 2020, at 1:37 PM, Kristof Provost wrote: >>>=20 >>> =EF=BB=BFOn 15 Apr 2020, at 19:16, Mark Saad wrote: >>>> All >>>> Should this improve wifi to wired bridges in some way ? Has this = been tested ? >>>>=20 >>> What sort of setup do you have to bridge wired and wireless? Is the = FreeBSD box also a wifi AP? >>>=20 >>> I=E2=80=99ve not done any tests involving wifi. >>>=20 >>> Best regards, >>> Kristof > _______________________________________________ > freebsd-stable@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to = "freebsd-stable-unsubscribe@freebsd.org"