DragonFly users List (threaded) for 2011-02
Re: Home stretch on new network - if_bridge looking better
Is there any chance to support more features in the bridge code? RSTP,
span port , filtering based on mac address ….
2011/2/24 Matthew Dillon <email@example.com>:
> I'm in the home stretch of finishing up the new DragonFly network!
> It's been pretty unstable the last week or so as I struggled first
> with the (now failed) attempt at using an at&t static block with
> U-Verse and then gave up on that and started working on running
> a VPN over a dynamic-IP based at&t U-Verse + comcast internet.
> I wanted bonding with failover.
> Most of my struggles with U-Verse were in dealing with the stateful
> firewall at&t has that cannot be turned off, even for the static
> IP block. It had serious issues dealing with many concurrent
> connections and would drop connections randomly (it would send a
> RST!). The VPN bypasses the whole mess.
> The last few days have been spent essentially rewriting half of
> if_bridge so it would work properly, and testing it while I am
> still tripple-homed (DSL, U-Verse, and ComCast). Well, it caused
> a lot of havoc on my network while I was beating it into shape
> and that's putting it mildly!
> But I think I now have if_bridge and openvpn and my ipfw and PF
> rules smacked into shape. I am going to implement line bonding
> in if_bridge today (on top of the spanning tree and failover
> which now works) and track down one or two remaining ARP issues
> and then I'll call it done. The basic setup is as shown below:
> + There are PF rules and ALTQs on each TAP interface to manage
> its outgoing bandwidth and keep network latencies down (on
> both sides of the VC).
> + IPFW forwarding (fwd) rules to manage multiple default routes
> based on the source IP.
> The spanning tree appears to be working properly with the 2x2 and
> the 3x3 'real' configuration I'm testing it with. Once I get
> line bonding working I expect my downlink to achieve ~30MBits+
> and my uplink will be 4.8MBits. I'm seriously considering keeping
> both U-Verse and ComCast and just paring the service levels down
> a little (top tier isn't needed). The poor old DSL with its 600KBit
> uplink is going to hit the trash heap. It might have been slow, but
> that ISP served my old /26 static block fairly well for many years.
> Matthew Dillon