configuring if_bridge with stp at boot in /etc/rc.conf

Nik Lam freebsdnik at j2d.lam.net.au
Wed Mar 1 21:34:32 PST 2006 

Hi,

I'm trying to set up a pair of redundant (firewall) bridges which will 
allow fail-over using the spanning tree protocol (802.1d).

Both hosts have similar hardware, HP NetServer LPr servers with dual 
pentium IIIs and and 4 interfaces - the onboard card (fxp0), a single 
port intel pro 1000 (em0) and a dual port intel pro 1000 (em1 and em2).

fxp0 will be used used for management of the host (i.e. ssh etc) and has 
an IP address
em0 will be used for pfsync with each host's counterpart via crossover cable
em1 will be the "outside" end of the bridge connected to the switch with 
the gateway on it
em2 will be the "inside" end of the bridge connected to the switch with 
the rest of the hosts on the LAN

I'm running the GENERIC + SMP kernel built from 6.1-PRERELEASE from 
about the 23rd of February on both machines.

I've not introduced anything to do with the firewall yet, I'm just 
trying to get STP working right now, however I'm having trouble in that 
the bridges don't seem to be set up properly if I try to configure them 
using directives in /etc/rc.conf.

Here is my /etc/rc.conf which does not work:

#--------- start rc.conf -------------------

defaultrouter="192.168.0.1"
hostname="hashi-0.example.com"

ifconfig_em1="up"
ifconfig_em2="up"

cloned_interfaces="bridge0"

ifconfig_bridge0="addm em1 stp em1 addm em2 stp em2 hellotime 2 maxage 5 
fwddelay 6  priority 10 up"

ifconfig_fxp0="inet 192.168.0.245  netmask 255.255.255.0"

ifconfig_em0="inet 192.168.100.245  netmask 255.255.255.0"

ntpdate_enable="YES"
ntpdate_flags="au.pool.ntp.org"
sshd_enable="YES"
usbd_enable="NO"
sendmail_enable="NO"

#--------- end rc.conf -------------------



At boot up, everything seems to be configured properly except that one 
of the members of the bridge stays disabled:



hashi-0# ifconfig bridge0
bridge0: flags=8043<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
        ether ac:de:48:47:13:38
        priority 10 hellotime 2 fwddelay 6 maxage 5
        member: em2 flags=7<LEARNING,DISCOVER,STP>
                port 4 priority 128 path cost 55 disabled
        member: em1 flags=7<LEARNING,DISCOVER,STP>
                port 3 priority 128 path cost 55 forwarding

hashi-0# ifconfig em2
em2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
        options=8<VLAN_MTU>
        inet6 fe80::204:23ff:fec9:1dc9%em2 prefixlen 64 scopeid 0x4
        ether 00:04:23:c9:1d:c9
        media: Ethernet autoselect (100baseTX <full-duplex>)
        status: active




On the bright side, I _can_ get it to work if I use a variation on 
suggestion I saw here from Igor Madera Sepúlveda:

http://lists.freebsd.org/mailman/htdig/freebsd-net/2006-January/009460.html

Basically I remove all bridge configuration from /etc/rc.conf and just 
use a shell script from cron as follows:



#-------- start if_bridgeStart.sh -------------

#!/bin/sh

# Starts the bridge

/sbin/ifconfig em1 up
/sbin/ifconfig em2 up
sleep 1
/sbin/ifconfig bridge0 create
sleep 1
/sbin/ifconfig bridge0 addm em1 addm em2
sleep 1
/sbin/ifconfig bridge0 stp em1 stp em2 hellotime 2 maxage 5 fwddelay 6
sleep 1
/sbin/ifconfig bridge0 ifpriority em1 10 ifpathcost em1 10
sleep 1
/sbin/ifconfig bridge0 ifpriority em2 20 ifpathcost em2 20
sleep 1
/sbin/ifconfig bridge0 priority 10
sleep 1
/sbin/ifconfig bridge0 up

#-------- end if_bridgeStart.sh -------------




Interestingly, if i replace all the "sleep 1" statements with "sleep 0" 
I get the same symptoms as with the rc.conf.  So it would seem to be 
some kind of timing issue???


I've also tried switching things around in rc.conf to see if that would 
help such as the following, but it actually made things worse in that no 
member interfaces existed in bridge0:



#--------- start rc.conf -------------------

defaultrouter="192.168.0.1"
hostname="hashi-0.example.com"

ifconfig_em1="up"
ifconfig_em2="up"

cloned_interfaces="bridge0"

ifconfig_bridge0="addm em1 addm em2 up"
ifconfig_bridge0="stp em1 stp em2 hellotime 2 maxage 5 fwddelay 6"
ifconfig_bridge0="ifpriority em1 10  ifpathcost 10"
ifconfig_bridge0="ifpriority em2 20  ifpathcost 20"
ifconfig_bridge0="priority 10"
ifconfig_bridge0="up"

ifconfig_fxp0="inet 192.168.0.245  netmask 255.255.255.0"

ifconfig_em0="inet 192.168.100.245  netmask 255.255.255.0"

ntpdate_enable="YES"
ntpdate_flags="au.pool.ntp.org"
sshd_enable="YES"
usbd_enable="NO"
sendmail_enable="NO"
#--------- end rc.conf -------------------


So, are there some secret rc.conf directives I can use or should I just 
stick with the cron kludge for the moment?

Also, should we be disabling txcsum for em cards at the moment?

Thanks in advance,

Nik

More information about the freebsd-net mailing list