Date: Thu, 16 Apr 2020 10:38:52 +0200 From: peter.blok@bsd4all.org Cc: FreeBSD Stable <freebsd-stable@freebsd.org> Subject: Re: CFT: if_bridge performance improvements Message-ID: <95EF05A2-5193-4BF0-A775-021819ABD961@bsd4all.org> In-Reply-To: <26AE78A9-551E-4118-9955-DABD9745B380@FreeBSD.org> References: <0C115843-FB05-40D7-B1D7-F9B7842E9B54@FreeBSD.org> <467E538C-05C3-45B7-935B-FB20F6E20B01@longcount.org> <26AE78A9-551E-4118-9955-DABD9745B380@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Mark/Kristof, I have been using ng_bridge for more than a year. It was very stable and = it allowed to have members with different MTU. My jails were using jng = to setup the bridge and I changed iohyve to use ng_bridge. But I recently switched to if_bridge. I needed to have pf work on a = member interface, which wasn=E2=80=99t easy with ng_bridge. It was not = easy to make it work due to two members (VLAN) coming frome the same = trunk.The behavior was erratic. I have a trusted VLAN bridged to an untrusted physical and Wifi network. = All members are on the same IP segment, but with pf I can make sure that = the untrusted IOT devices are only able to go outside towards the = internet. The untrusted devices can=E2=80=99t create connections to the = trusted devices, but the trusted devices can create connections to the = untrusted devices. Another issue I found with pf was with "set skip on bridge=E2=80=9D. It = doesn=E2=80=99t work on the interface group, unless a bridge exists = prior to enabling pf. Makes sense, but I didn=E2=80=99t think of it. = Other rules work fine with interface groups. My jails and bhyve now runs fine with if_bridge, which is easier to = setup and I don=E2=80=99t need any changes in iohyve. Peter=20 > On 16 Apr 2020, at 09:44, Kristof Provost <kp@FreeBSD.org> wrote: >=20 > Hi Mark, >=20 > I wouldn=E2=80=99t expect these changes to make a difference in the = performance of this setup. > My work mostly affects setups with multi-core systems that see a lot = of traffic. Even before these changes I=E2=80=99d expect the if_bridge = code to saturate a wifi link easily. >=20 > I also wouldn=E2=80=99t expect ng_bridge vs. if_bridge to make a = significant difference in wifi features. >=20 > Best regards, > Kristof >=20 > On 16 Apr 2020, at 3:56, Mark Saad wrote: >=20 >> Kristof >> Up until a month ago I ran a set of FreeBSD based ap in my house and = even long ago at work . They were Pc engines apu =E2=80=98s or Alix=E2=80=99= s with one em/igb nic and one ath nic in a bridge . They worked well = for a long time however the need for more robust wifi setup caused me to = swap them out with cots aps from tp-link . The major issues were the = lack of WiFi features and standards that work oob on Linux based aps . >>=20 >> So I always wanted to experiment with ng_bridge vs if_bridge for the = same task . But I never got around to it . Do you have any insight into = using one vs the other . Imho if_bridge is easier to setup and get = working . >>=20 >>=20 >> --- >> Mark Saad | nonesuch@longcount.org >>=20 >>> On Apr 15, 2020, at 1:37 PM, Kristof Provost <kp@freebsd.org> wrote: >>>=20 >>> =EF=BB=BFOn 15 Apr 2020, at 19:16, Mark Saad wrote: >>>> All >>>> Should this improve wifi to wired bridges in some way ? Has this = been tested ? >>>>=20 >>> What sort of setup do you have to bridge wired and wireless? Is the = FreeBSD box also a wifi AP? >>>=20 >>> I=E2=80=99ve not done any tests involving wifi. >>>=20 >>> Best regards, >>> Kristof > _______________________________________________ > freebsd-stable@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to = "freebsd-stable-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?95EF05A2-5193-4BF0-A775-021819ABD961>