svn commit: r41669 - projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/advanced-networking
Dru Lavigne
dru at FreeBSD.org
Sun May 19 00:23:57 UTC 2013
Author: dru
Date: Sun May 19 00:23:56 2013
New Revision: 41669
URL: http://svnweb.freebsd.org/changeset/doc/41669
Log:
This patch addresses the following:
- fix "file system"
- fix acronyms
- change command/app tags to entities as needed
- grammar tightening
- Etherboot section removed as the port is on ignore (i386 only)
- ISDN section removed as no longer in base or ports
This will be followed by a subsequent white space fix.
Approved by: bcr (mentor)
Modified:
projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml
Modified: projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml
==============================================================================
--- projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml Sun May 19 00:06:03 2013 (r41668)
+++ projects/ISBN_1-57176-407-0/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml Sun May 19 00:23:56 2013 (r41669)
@@ -38,7 +38,7 @@
<listitem>
<para>How to set up network <acronym>PXE</acronym> booting
with an
- <acronym>NFS</acronym> root filesystem.</para>
+ <acronym>NFS</acronym> root file system.</para>
</listitem>
<listitem>
@@ -46,7 +46,7 @@
</listitem>
<listitem>
- <para>How to set up IPv6 on a &os; machine.</para>
+ <para>How to set up <acronym>IPv6</acronym> on a &os; machine.</para>
</listitem>
<listitem>
@@ -3117,20 +3117,21 @@ rfcomm_sppd[94692]: Starting on /dev/tty
<sect2>
<title>Introduction</title>
- <indexterm><primary>IP subnet</primary></indexterm>
+ <indexterm><primary><acronym>IP</acronym> subnet</primary></indexterm>
<indexterm><primary>bridge</primary></indexterm>
- <para>It is sometimes useful to divide one physical network
- (such as an Ethernet segment) into two separate network
- segments without having to create IP subnets and use a router
+ <para>It is sometimes useful to divide one physical network,
+ such as an Ethernet segment, into two separate network
+ segments without having to create <acronym>IP</acronym>
+ subnets and use a router
to connect the segments together. A device that connects two
networks together in this fashion is called a
<quote>bridge</quote>. A &os; system with two network
interface cards can act as a bridge.</para>
- <para>The bridge works by learning the MAC layer addresses
- (Ethernet addresses) of the devices on each of its network
+ <para>The bridge works by learning the <acronym>MAC</acronym>
+ layer (Ethernet) addresses of the devices on each of its network
interfaces. It forwards traffic between two networks only
- when its source and destination are on different
+ when the source and destination are on different
networks.</para>
<para>In many respects, a bridge is like an Ethernet switch with
@@ -3149,8 +3150,8 @@ rfcomm_sppd[94692]: Starting on /dev/tty
<para>The basic operation of a bridge is to join two or more
network segments together. There are many reasons to use a
host based bridge over plain networking equipment such as
- cabling constraints, firewalling or connecting pseudo
- networks such as a Virtual Machine interface. A bridge can
+ cabling constraints, firewalling, or connecting pseudo
+ networks such as a virtual machine interface. A bridge can
also connect a wireless interface running in hostap mode to
a wired network and act as an access point.</para>
</sect3>
@@ -3162,51 +3163,60 @@ rfcomm_sppd[94692]: Starting on /dev/tty
<indexterm><primary>NAT</primary></indexterm>
<para>A common situation is where firewall functionality is
- needed without routing or network address translation
- (NAT).</para>
+ needed without routing or Network Address Translation
+ (<acronym>NAT</acronym>).</para>
- <para>An example is a small company that is connected via DSL
- or ISDN to their ISP. They have a 13 globally-accessible IP
- addresses from their ISP and have 10 PCs on their network.
+ <para>An example is a small company that is connected via
+ <acronym>DSL</acronym>
+ or <acronym>ISDN</acronym> to an <acronym>ISP</acronym>.
+ There are thirteen globally-accessible <acronym>IP</acronym>
+ addresses from the <acronym>ISP</acronym> and ten computers
+ on the network.
In this situation, using a router-based firewall is
difficult because of subnetting issues.</para>
<indexterm><primary>router</primary></indexterm>
- <indexterm><primary>DSL</primary></indexterm>
- <indexterm><primary>ISDN</primary></indexterm>
+ <indexterm><primary><acronym>DSL</acronym></primary></indexterm>
+ <indexterm><primary><acronym>ISDN</acronym></primary></indexterm>
<para>A bridge-based firewall can be configured and dropped
- into the path just downstream of their DSL/ISDN router
- without any IP numbering issues.</para>
+ into the path just downstream of the <acronym>DSL</acronym>
+ or <acronym>ISDN</acronym> router
+ without any <acronym>IP</acronym> numbering issues.</para>
</sect3>
<sect3>
<title>Network Tap</title>
<para>A bridge can join two network segments and be used to
- inspect all Ethernet frames that pass between them. This
- can either be from using &man.bpf.4;/&man.tcpdump.1; on the
+ inspect all Ethernet frames that pass between them using
+ &man.bpf.4; and &man.tcpdump.1; on the
bridge interface or by sending a copy of all frames out an
- additional interface (span port).</para>
+ additional interface known as a span port.</para>
</sect3>
<sect3>
- <title>Layer 2 VPN</title>
+ <title>Layer 2 <acronym>VPN</acronym></title>
- <para>Two Ethernet networks can be joined across an IP link by
+ <para>Two Ethernet networks can be joined across an
+ <acronym>IP</acronym> link by
bridging the networks to an EtherIP tunnel or a &man.tap.4;
- based solution such as OpenVPN.</para>
+ based solution such as
+ <application>OpenVPN</application>.</para>
</sect3>
<sect3>
<title>Layer 2 Redundancy</title>
<para>A network can be connected together with multiple links
- and use the Spanning Tree Protocol to block redundant paths.
- For an Ethernet network to function properly only one active
- path can exist between two devices, Spanning Tree will
+ and use the Spanning Tree Protocol <acronym>STP</acronym>
+ to block redundant paths.
+ For an Ethernet network to function properly, only one active
+ path can exist between two devices. <acronym>STP</acronym>
+ will
detect loops and put the redundant links into a blocked
- state. Should one of the active links fail then the
- protocol will calculate a different tree and reenable one of
+ state. Should one of the active links fail,
+ <acronym>STP</acronym> will calculate a different tree and
+ enable one of
the blocked paths to restore connectivity to all points in
the network.</para>
</sect3>
@@ -3215,15 +3225,16 @@ rfcomm_sppd[94692]: Starting on /dev/tty
<sect2>
<title>Kernel Configuration</title>
- <para>This section covers &man.if.bridge.4; bridge
- implementation, a netgraph bridging driver is also available,
- for more information see &man.ng.bridge.4; manual page.</para>
+ <para>This section covers the &man.if.bridge.4;
+ implementation. A netgraph bridging driver is also available,
+ and is described in &man.ng.bridge.4;.</para>
- <para>The bridge driver is a kernel module and will be
+ <para>In &os;, &man.if.bridge.4; is a kernel module which is
automatically loaded by &man.ifconfig.8; when creating a
- bridge interface. It is possible to compile the bridge in to
+ bridge interface. It is also possible to compile the bridge
+ in to
the kernel by adding <literal>device if_bridge</literal> to
- your kernel configuration file.</para>
+ a custom kernel configuration file.</para>
<para>Packet filtering can be used with any firewall package
that hooks in via the &man.pfil.9; framework. The firewall
@@ -3237,9 +3248,7 @@ rfcomm_sppd[94692]: Starting on /dev/tty
<title>Enabling the Bridge</title>
<para>The bridge is created using interface cloning. To create
- a bridge use &man.ifconfig.8;, if the bridge driver is not
- present in the kernel then it will be loaded
- automatically.</para>
+ a bridge use &man.ifconfig.8;:</para>
<screen>&prompt.root; <userinput>ifconfig bridge create</userinput>
bridge0
@@ -3250,16 +3259,18 @@ bridge0: flags=8802<BROADCAST,SIMPLEX
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 0 ifcost 0 port 0</screen>
- <para>A bridge interface is created and is automatically
+ <para>When a bridge interface is created, it is automatically
assigned a randomly generated Ethernet address. The
<literal>maxaddr</literal> and <literal>timeout</literal>
- parameters control how many MAC addresses the bridge will keep
+ parameters control how many <acronym>MAC</acronym> addresses
+ the bridge will keep
in its forwarding table and how many seconds before each entry
is removed after it is last seen. The other parameters
- control how Spanning Tree operates.</para>
+ control how <acronym>STP</acronym> operates.</para>
- <para>Add the member network interfaces to the bridge. For the
- bridge to forward packets all member interfaces and the bridge
+ <para>Next, add the member network interfaces to the bridge.
+ For the
+ bridge to forward packets, all member interfaces and the bridge
need to be up:</para>
<screen>&prompt.root; <userinput>ifconfig bridge0 addm fxp0 addm fxp1 up</userinput>
@@ -3268,23 +3279,25 @@ bridge0: flags=8802<BROADCAST,SIMPLEX
<para>The bridge is now forwarding Ethernet frames between
<devicename>fxp0</devicename> and
- <devicename>fxp1</devicename>. The equivalent configuration
- in <filename>/etc/rc.conf</filename> so the bridge is created
- at startup is:</para>
+ <devicename>fxp1</devicename>. Add the following lines to
+ <filename>/etc/rc.conf</filename> so the bridge is created
+ at startup:</para>
<programlisting>cloned_interfaces="bridge0"
ifconfig_bridge0="addm fxp0 addm fxp1 up"
ifconfig_fxp0="up"
ifconfig_fxp1="up"</programlisting>
- <para>If the bridge host needs an IP address then the correct
+ <para>If the bridge host needs an <acronym>IP</acronym>
+ address, the correct
place to set this is on the bridge interface itself rather
than one of the member interfaces. This can be set statically
- or via DHCP:</para>
+ or via <acronym>DHCP</acronym>:</para>
<screen>&prompt.root; <userinput>ifconfig bridge0 inet 192.168.0.1/24</userinput></screen>
- <para>It is also possible to assign an IPv6 address to a bridge
+ <para>It is also possible to assign an <acronym>IPv6</acronym>
+ address to a bridge
interface.</para>
</sect2>
@@ -3294,14 +3307,15 @@ ifconfig_fxp1="up"</programlisting>
<indexterm><primary>firewall</primary></indexterm>
<para>When packet filtering is enabled, bridged packets will
- pass through the filter inbound on the originating interface,
- on the bridge interface and outbound on the appropriate
+ pass through the filter inbound on the originating interface
+ on the bridge interface, and outbound on the appropriate
interfaces. Either stage can be disabled. When direction of
- the packet flow is important it is best to firewall on the
+ the packet flow is important, it is best to firewall on the
member interfaces rather than the bridge itself.</para>
<para>The bridge has several configurable settings for passing
- non-IP and ARP packets, and layer2 firewalling with IPFW. See
+ non-<acronym>IP</acronym> and <acronym>IP</acronym> packets,
+ and layer2 firewalling with &man.ipfw.8;. See
&man.if.bridge.4; for more information.</para>
</sect2>
@@ -3309,21 +3323,26 @@ ifconfig_fxp1="up"</programlisting>
<title>Spanning Tree</title>
<para>The bridge driver implements the Rapid Spanning Tree
- Protocol (RSTP or 802.1w) with backwards compatibility with
- the legacy Spanning Tree Protocol (STP). Spanning Tree is
- used to detect and remove loops in a network topology. RSTP
- provides faster Spanning Tree convergence than legacy STP, the
+ Protocol (<acronym>RSTP</acronym> or 802.1w) with backwards
+ compatibility with
+ legacy <acronym>STP</acronym>. <acronym>STP</acronym> is
+ used to detect and remove loops in a network topology.
+ <acronym>RSTP</acronym>
+ provides faster convergence than legacy <acronym>STP</acronym>,
+ the
protocol will exchange information with neighbouring switches
to quickly transition to forwarding without creating
loops.
- &os; supports RSTP and STP as operating modes, with RSTP
+ &os; supports <acronym>RSTP</acronym> and <acronym>STP</acronym>
+ as operating modes, with <acronym>RSTP</acronym>
being the default mode.</para>
- <para>Spanning Tree can be enabled on member interfaces using
- the <literal>stp</literal> command. For a bridge with
+ <para><acronym>STP</acronym> can be enabled on member interfaces
+ using
+ &man.ifconfig.8;. For a bridge with
<devicename>fxp0</devicename> and
<devicename>fxp1</devicename> as the current interfaces,
- enable STP with the following:</para>
+ enable <acronym>STP</acronym> with:</para>
<screen>&prompt.root; <userinput>ifconfig bridge0 stp fxp0 stp fxp1</userinput>
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
@@ -3341,10 +3360,10 @@ bridge0: flags=8843<UP,BROADCAST,RUNN
<para>This bridge has a spanning tree ID of
<literal>00:01:02:4b:d4:50</literal> and a priority of
<literal>32768</literal>. As the <literal>root id</literal>
- is the same it indicates that this is the root bridge for the
+ is the same, it indicates that this is the root bridge for the
tree.</para>
- <para>Another bridge on the network also has spanning tree
+ <para>Another bridge on the network also has <acronym>STP</acronym>
enabled:</para>
<screen>bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
@@ -3361,8 +3380,8 @@ bridge0: flags=8843<UP,BROADCAST,RUNN
<para>The line <literal>root id 00:01:02:4b:d4:50 priority 32768
ifcost 400000 port 4</literal> shows that the root bridge is
- <literal>00:01:02:4b:d4:50</literal> as above and has a path
- cost of <literal>400000</literal> from this bridge, the path
+ <literal>00:01:02:4b:d4:50</literal> and has a path
+ cost of <literal>400000</literal> from this bridge. The path
to the root bridge is via <literal>port 4</literal> which is
<devicename>fxp0</devicename>.</para>
</sect2>
@@ -3374,7 +3393,7 @@ bridge0: flags=8843<UP,BROADCAST,RUNN
<title>Reconstruct Traffic Flows</title>
<para>The bridge supports monitor mode, where the packets are
- discarded after &man.bpf.4; processing, and are not
+ discarded after &man.bpf.4; processing and are not
processed or forwarded further. This can be used to
multiplex the input of two or more interfaces into a single
&man.bpf.4; stream. This is useful for reconstructing the
@@ -3393,8 +3412,8 @@ bridge0: flags=8843<UP,BROADCAST,RUNN
<para>A copy of every Ethernet frame received by the bridge
will be transmitted out a designated span port. The number
- of span ports configured on a bridge is unlimited, if an
- interface is designated as a span port then it may not also
+ of span ports configured on a bridge is unlimited, but if an
+ interface is designated as a span port, it cannot also
be used as a regular bridge port. This is most useful for
snooping a bridged network passively on another host
connected to one of the span ports of the bridge.</para>
@@ -3411,49 +3430,54 @@ bridge0: flags=8843<UP,BROADCAST,RUNN
<para>A private interface does not forward any traffic to any
other port that is also a private interface. The traffic is
blocked unconditionally so no Ethernet frames will be
- forwarded, including ARP. If traffic needs to be
- selectively blocked then a firewall should be used
+ forwarded, including <acronym>ARP</acronym>. If traffic
+ needs to be
+ selectively blocked, a firewall should be used
instead.</para>
</sect3>
<sect3>
<title>Sticky Interfaces</title>
- <para>If a bridge member interface is marked as sticky then
+ <para>If a bridge member interface is marked as sticky,
dynamically learned address entries are treated at static
once entered into the forwarding cache. Sticky entries are
never aged out of the cache or replaced, even if the address
is seen on a different interface. This gives the benefit of
static address entries without the need to pre-populate the
- forwarding table, clients learnt on a particular segment of
+ forwarding table. Clients learned on a particular segment of
the bridge can not roam to another segment.</para>
- <para>Another example of using sticky addresses would be to
- combine the bridge with VLANs to create a router where
- customer networks are isolated without wasting IP address
+ <para>Another example of using sticky addresses is to
+ combine the bridge with <acronym>VLAN</acronym>s to create
+ a router where
+ customer networks are isolated without wasting
+ <acronym>IP</acronym> address
space. Consider that
<hostid role="hostname">CustomerA</hostid> is on
<literal>vlan100</literal> and
<hostid role="hostname">CustomerB</hostid> is on
<literal>vlan101</literal>. The bridge has the address
<hostid role="ipaddr">192.168.0.1</hostid> and is also an
- internet router.</para>
+ Internet router.</para>
<screen>&prompt.root; <userinput>ifconfig bridge0 addm vlan100 sticky vlan100 addm vlan101 sticky vlan101</userinput>
&prompt.root; <userinput>ifconfig bridge0 inet 192.168.0.1/24</userinput></screen>
- <para>Both clients see
+ <para>In this example, both clients see
<hostid role="ipaddr">192.168.0.1</hostid> as their default
- gateway and since the bridge cache is sticky they can not
- spoof the MAC address of the other customer to intercept
+ gateway. Since the bridge cache is sticky, one host can not
+ spoof the <acronym>MAC</acronym> address of the other
+ customer in order to intercept
their traffic.</para>
- <para>Any communication between the VLANs can be blocked using
- private interfaces (or a firewall):</para>
+ <para>Any communication between the <acronym>VLAN</acronym>s
+ can be blocked using a firewall or, as seen in this example,
+ private interfaces:</para>
<screen>&prompt.root; <userinput>ifconfig bridge0 private vlan100 private vlan101</userinput></screen>
- <para>The customers are completely isolated from each other,
+ <para>The customers are completely isolated from each other and
the full <hostid role="netmask">/24</hostid> address range
can be allocated without subnetting.</para>
</sect3>
@@ -3461,52 +3485,57 @@ bridge0: flags=8843<UP,BROADCAST,RUNN
<sect3>
<title>Address Limits</title>
- <para>The number of unique source MAC addresses behind an
- interface can be limited. Once the limit is reached packets
+ <para>The number of unique source <acronym>MAC</acronym>
+ addresses behind an
+ interface can be limited. Once the limit is reached, packets
with unknown source addresses are dropped until an
existing host cache entry expires or is removed.</para>
<para>The following example sets the maximum number of
Ethernet devices for
<hostid role="hostname">CustomerA</hostid> on
- <literal>vlan100</literal> to 10.</para>
+ <literal>vlan100</literal> to 10:</para>
<screen>&prompt.root; <userinput>ifconfig bridge0 ifmaxaddr vlan100 10</userinput></screen>
</sect3>
<sect3>
- <title>SNMP Monitoring</title>
+ <title><acronym>SNMP</acronym> Monitoring</title>
- <para>The bridge interface and STP parameters can be monitored
- via the SNMP daemon which is included in the &os; base
- system. The exported bridge MIBs conform to the IETF
- standards so any SNMP client or monitoring package can be
+ <para>The bridge interface and <acronym>STP</acronym>
+ parameters can be monitored
+ via &man.bsnmpd.1; which is included in the &os; base
+ system. The exported bridge <acronym>MIB</acronym>s
+ conform to the <acronym>IETF</acronym>
+ standards so any <acronym>SNMP</acronym> client or monitoring
+ package can be
used to retrieve the data.</para>
- <para>On the bridge machine uncomment the
+ <para>On the bridge, uncomment the
<literal>begemotSnmpdModulePath."bridge" =
"/usr/lib/snmp_bridge.so"</literal> line from
- <filename>/etc/snmp.config</filename> and start the
- <application>bsnmpd</application> daemon. Other
- configuration such as community names and access lists may
+ <filename>/etc/snmp.config</filename> and start
+ &man.bsnmpd.1;. Other
+ configuration, such as community names and access lists, may
need to be modified. See &man.bsnmpd.1; and
&man.snmp.bridge.3; for more information.</para>
<para>The following examples use the
<application>Net-SNMP</application> software
(<filename role="package">net-mgmt/net-snmp</filename>) to
- query a bridge, the
+ query a bridge from a client system. The
<filename role="package">net-mgmt/bsnmptools</filename> port
- can also be used. From the SNMP client host add to
- <filename>$HOME/.snmp/snmp.conf</filename> the following
- lines to import the bridge MIB definitions in to
- <application>Net-SNMP</application>:</para>
+ can also be used. From the <acronym>SNMP</acronym> client
+ which is running <application>Net-SNMP</application>,
+ add the following lines to
+ <filename>$HOME/.snmp/snmp.conf</filename> in order to
+ import the bridge <acronym>MIB</acronym> definitions:</para>
<programlisting>mibdirs +/usr/share/snmp/mibs
mibs +BRIDGE-MIB:RSTP-MIB:BEGEMOT-MIB:BEGEMOT-BRIDGE-MIB</programlisting>
- <para>To monitor a single bridge via the IETF BRIDGE-MIB
- (RFC4188) do</para>
+ <para>To monitor a single bridge using the IETF BRIDGE-MIB
+ (RFC4188):</para>
<screen>&prompt.user; <userinput>snmpwalk -v 2c -c public bridge1.example.com mib-2.dot1dBridge</userinput>
BRIDGE-MIB::dot1dBaseBridgeAddress.0 = STRING: 66:fb:9b:6e:5c:44
@@ -3525,16 +3554,18 @@ BRIDGE-MIB::dot1dStpPortDesignatedPort.3
BRIDGE-MIB::dot1dStpPortForwardTransitions.3 = Counter32: 1
RSTP-MIB::dot1dStpVersion.0 = INTEGER: rstp(2)</screen>
- <para>The <literal>dot1dStpTopChanges.0</literal> value is two
- which means that the STP bridge topology has changed twice,
- a topology change means that one or more links in the
+ <para>The <literal>dot1dStpTopChanges.0</literal> value is
+ two,
+ indicating that the <acronym>STP</acronym> bridge topology
+ has changed twice.
+ A topology change means that one or more links in the
network have changed or failed and a new tree has been
calculated. The
<literal>dot1dStpTimeSinceTopologyChange.0</literal> value
will show when this happened.</para>
- <para>To monitor multiple bridge interfaces one may use the
- private BEGEMOT-BRIDGE-MIB:</para>
+ <para>To monitor multiple bridge interfaces, the
+ private BEGEMOT-BRIDGE-MIB can be used:</para>
<screen>&prompt.user; <userinput>snmpwalk -v 2c -c public bridge1.example.com</userinput>
enterprises.fokus.begemot.begemotBridge
@@ -3553,7 +3584,7 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeStpDesi
BEGEMOT-BRIDGE-MIB::begemotBridgeStpDesignatedRoot."bridge2" = Hex-STRING: 80 00 00 50 8B B8 C6 A9</screen>
<para>To change the bridge interface being monitored via the
- <literal>mib-2.dot1dBridge</literal> subtree do:</para>
+ <literal>mib-2.dot1dBridge</literal> subtree:</para>
<screen>&prompt.user; <userinput>snmpset -v 2c -c private bridge1.example.com</userinput>
BEGEMOT-BRIDGE-MIB::begemotBridgeDefaultBridgeIf.0 s bridge2</screen>
@@ -3575,8 +3606,8 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeDefault
<indexterm><primary>lagg</primary></indexterm>
<indexterm><primary>failover</primary></indexterm>
- <indexterm><primary>fec</primary></indexterm>
- <indexterm><primary>lacp</primary></indexterm>
+ <indexterm><primary><acronym>FEC</acronym></primary></indexterm>
+ <indexterm><primary><acronym>LACP</acronym></primary></indexterm>
<indexterm><primary>loadbalance</primary></indexterm>
<indexterm><primary>roundrobin</primary></indexterm>
@@ -3591,6 +3622,9 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeDefault
<sect2>
<title>Operating Modes</title>
+ <para>The following operating modes are supported by
+ &man.lagg.4;:</para>
+
<variablelist>
<varlistentry>
<term>Failover</term>
@@ -3598,7 +3632,8 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeDefault
<para>Sends and receives traffic only through the master
port. If the master port becomes unavailable, the next
active port is used. The first interface added is the
- master port; any interfaces added after that are used as
+ master port and any interfaces added after that are used
+ as
failover devices. If failover to a non-master port
occurs, the original port will become master when it
becomes available again.</para>
@@ -3608,40 +3643,52 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeDefault
<varlistentry>
<term>&cisco; Fast ðerchannel;</term>
<listitem>
- <para>&cisco; Fast ðerchannel; (FEC), is a static setup
+ <para>&cisco; Fast ðerchannel; (<acronym>FEC</acronym>)
+ is a static setup
and does not negotiate aggregation with the peer or
exchange frames to monitor the link. If the switch
- supports LACP then that should be used instead.</para>
+ supports <acronym>LACP</acronym>, that should be used
+ instead.</para>
<para><acronym>FEC</acronym> balances outgoing traffic
across the active ports based on hashed protocol header
information and accepts incoming traffic from any active
port. The hash includes the Ethernet source and
- destination address, and, if available, the VLAN tag,
- and the IPv4/IPv6 source and destination address.</para>
+ destination address and, if available, the
+ <acronym>VLAN</acronym> tag,
+ and the <acronym>IPv4</acronym> or
+ <acronym>IPv6</acronym> source and
+ destination address.</para>
</listitem>
</varlistentry>
<varlistentry>
- <term>LACP</term>
+ <term><acronym>LACP</acronym></term>
<listitem>
<para>The &ieee; 802.3ad Link Aggregation Control Protocol
- (LACP) and the Marker Protocol. LACP will negotiate a
+ (<acronym>LACP</acronym>) and the Marker Protocol.
+ <acronym>LACP</acronym> will negotiate a
set of aggregable links with the peer in to one or more
- Link Aggregated Groups (LAG). Each LAG is composed of
+ Link Aggregated Groups (<acronym>LAG</acronym>s).
+ Each <acronym>LAG</acronym> is composed of
ports of the same speed, set to full-duplex operation.
- The traffic will be balanced across the ports in the LAG
- with the greatest total speed, in most cases there will
- only be one LAG which contains all ports. In the event
- of changes in physical connectivity, Link Aggregation
+ The traffic will be balanced across the ports in the
+ <acronym>LAG</acronym>
+ with the greatest total speed. In most cases, there will
+ only be one <acronym>LAG</acronym> which contains all ports.
+ In the event
+ of changes in physical connectivity,
+ <acronym>LACP</acronym>
will quickly converge to a new configuration.</para>
<para><acronym>LACP</acronym> balances outgoing traffic
across the active ports based on hashed protocol header
information and accepts incoming traffic from any active
port. The hash includes the Ethernet source and
- destination address, and, if available, the VLAN tag,
- and the IPv4/IPv6 source and destination address.</para>
+ destination address and, if available, the
+ <acronym>VLAN</acronym> tag,
+ and the IPv4 or <acronym>IPv6</acronym> source and
+ destination address.</para>
</listitem>
</varlistentry>
@@ -3659,7 +3706,7 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeDefault
<para>Distributes outgoing traffic using a round-robin
scheduler through all active ports and accepts incoming
traffic from any active port. This mode violates
- Ethernet Frame ordering and should be used with
+ Ethernet frame ordering and should be used with
caution.</para>
</listitem>
</varlistentry>
@@ -3670,23 +3717,23 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeDefault
<title>Examples</title>
<example id="networking-lacp-aggregation-cisco">
- <title>LACP Aggregation with a &cisco; Switch</title>
+ <title><acronym>LACP</acronym> Aggregation with a &cisco; Switch</title>
<para>This example connects two interfaces on a &os; machine
to the switch as a single load balanced and fault tolerant
link. More interfaces can be added to increase throughput
- and fault tolerance. Since frame ordering is mandatory on
- Ethernet links then any traffic between two stations always
- flows over the same physical link limiting the maximum speed
+ and fault tolerance. Frame ordering is mandatory on
+ Ethernet links and any traffic between two stations always
+ flows over the same physical link, limiting the maximum speed
to that of one interface. The transmit algorithm attempts
to use as much information as it can to distinguish
different traffic flows and balance across the available
interfaces.</para>
- <para>On the &cisco; switch add the
+ <para>On the &cisco; switch, add the
<replaceable>FastEthernet0/1</replaceable> and
- <replaceable>FastEthernet0/2</replaceable> interfaces to the
- channel-group <replaceable>1</replaceable>:</para>
+ <replaceable>FastEthernet0/2</replaceable> interfaces to
+ channel group <replaceable>1</replaceable>:</para>
<screen><userinput>interface <replaceable>FastEthernet0/1</replaceable>
channel-group <replaceable>1</replaceable> mode active
@@ -3699,7 +3746,7 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeDefault
<para>Create the &man.lagg.4; interface using
<replaceable>fxp0</replaceable> and
<replaceable>fxp1</replaceable>, and bring the interfaces up
- with the IP Address of
+ with the <acronym>IP</acronym> address of
<replaceable>10.0.0.3/24</replaceable>:</para>
<screen>&prompt.root; <userinput>ifconfig <replaceable>fxp0</replaceable> up</userinput>
@@ -3713,9 +3760,10 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeDefault
<para>Ports marked as <emphasis>ACTIVE</emphasis> are part of
the active aggregation group that has been negotiated with
- the remote switch and traffic will be transmitted and
- received. Use the verbose output of &man.ifconfig.8; to
- view the LAG identifiers.</para>
+ the remote switch. Traffic will be transmitted and
+ received through active ports. Use the verbose output of
+ &man.ifconfig.8; to
+ view the <acronym>LAG</acronym> identifiers.</para>
<screen>lagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
@@ -3726,7 +3774,7 @@ BEGEMOT-BRIDGE-MIB::begemotBridgeDefault
laggport: fxp1 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
laggport: fxp0 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING></screen>
- <para>To see the port status on the switch, use
+ <para>To see the port status on the &cisco; switch, use
<userinput>show lacp neighbor</userinput>:</para>
<screen>switch# show lacp neighbor
@@ -3743,8 +3791,8 @@ Port Flags Priority Dev ID
Fa0/1 SA 32768 0005.5d71.8db8 29s 0x146 0x3 0x3D
Fa0/2 SA 32768 0005.5d71.8db8 29s 0x146 0x4 0x3D</screen>
- <para>For more detail use the <userinput>show lacp neighbor
- detail</userinput> command.</para>
+ <para>For more detail, type <userinput>show lacp neighbor
+ detail</userinput>.</para>
<para>To retain this configuration across reboots, the
following entries can be added to
@@ -3761,11 +3809,12 @@ ifconfig_<literal>lagg<replaceable>0</re
<para>Failover mode can be used to switch over to a secondary
interface if the link is lost on the master interface.
- Bring the underlying physical interfaces up. Create the
+ To configure failover mode, first bring the underlying
+ physical interfaces up. Then, create the
&man.lagg.4; interface, using
<replaceable>fxp0</replaceable> as the master interface and
- <replaceable>fxp1</replaceable> as the secondary interface
- and assign an IP Address of
+ <replaceable>fxp1</replaceable> as the secondary interface,
+ and assign an <acronym>IP</acronym> address of
<replaceable>10.0.0.15/24</replaceable>:</para>
<screen>&prompt.root; <userinput>ifconfig <replaceable>fxp0</replaceable> up</userinput>
@@ -3773,9 +3822,7 @@ ifconfig_<literal>lagg<replaceable>0</re
&prompt.root; <userinput>ifconfig <literal>lagg<replaceable>0</replaceable></literal> create</userinput>
&prompt.root; <userinput>ifconfig <literal>lagg<replaceable>0</replaceable></literal> up laggproto failover laggport <replaceable>fxp0</replaceable> laggport <replaceable>fxp1</replaceable> <replaceable>10.0.0.15/24</replaceable></userinput></screen>
- <para>The interface will look something like this, the major
- differences will be the <acronym>MAC</acronym> address and
- the device names:</para>
+ <para>The interface should now look something like this:</para>
<screen>&prompt.root; <userinput>ifconfig <literal>lagg<replaceable>0</replaceable></literal></userinput>
lagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
@@ -3790,9 +3837,9 @@ lagg0: flags=8843<UP,BROADCAST,RUNNIN
<para>Traffic will be transmitted and received on
<replaceable>fxp0</replaceable>. If the link is lost on
- <replaceable>fxp0</replaceable> then
+ <replaceable>fxp0</replaceable>,
<replaceable>fxp1</replaceable> will become the active link.
- If the link is restored on the master interface then it will
+ If the link is restored on the master interface, it will
once again become the active link.</para>
<para>To retain this configuration across reboots, the
@@ -3809,27 +3856,27 @@ ifconfig_<literal>lagg<replaceable>0</re
<title>Failover Mode Between Wired and Wireless
Interfaces</title>
- <para>For laptop users, it is usually desirable to make
- wireless as a secondary interface, which is to be used when
+ <para>For laptop users, it is usually desirable to configure the
+ wireless device as a secondary interface, which is used when
the wired connection is not available. With &man.lagg.4;,
- it is possible to use one IP address, prefer the wired
+ it is possible to use one <acronym>IP</acronym> address, prefer the wired
connection for both performance and security reasons, while
maintaining the ability to transfer data over the wireless
connection.</para>
- <para>In this setup, we will need to override the underlying
+ <para>In this setup, override the underlying
wireless interface's <acronym>MAC</acronym> address to match
- the &man.lagg.4;'s, which is inherited from the master
- interface being used, the wired interface.</para>
+ that of the &man.lagg.4;, which is inherited from the wired
+ interface.</para>
- <para>In this setup, we will treat the wired interface,
- <replaceable>bge0</replaceable>, as the master, and the
- wireless interface, <replaceable>wlan0</replaceable>, as the
+ <para>In this example, the wired interface,
+ <replaceable>bge0</replaceable>, is the master, and the
+ wireless interface, <replaceable>wlan0</replaceable>, is the
failover interface. The <replaceable>wlan0</replaceable>
- was created from <replaceable>iwn0</replaceable> which we
- will set up with the wired connection's
- <acronym>MAC</acronym> address. The first step would be to
- obtain the <acronym>MAC</acronym> address from the wired
+ device was created from <replaceable>iwn0</replaceable>, which
+ will be configured with the wired connection's
+ <acronym>MAC</acronym> address. The first step is to
+ determine the <acronym>MAC</acronym> address of the wired
interface:</para>
<screen>&prompt.root; <userinput>ifconfig <replaceable>bge0</replaceable></userinput>
@@ -3841,32 +3888,30 @@ bge0: flags=8843<UP,BROADCAST,RUNNING
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active</screen>
- <para>You can replace the <replaceable>bge0</replaceable> to
- match your reality, and will get a different
- <literal>ether</literal> line which is the
- <acronym>MAC</acronym> address of your wired interface.
- Now, we change the underlying wireless interface,
- <replaceable>iwn0</replaceable>:</para>
+ <para>Replace <replaceable>bge0</replaceable> to
+ match the system's interface name. The
+ <literal>ether</literal> line will contain the
+ <acronym>MAC</acronym> address of the wired interface.
+ Now, change the <acronym>MAC</acronym> address of the
+ underlying wireless interface:</para>
<screen>&prompt.root; <userinput>ifconfig <replaceable>iwn0</replaceable> ether <replaceable>00:21:70:da:ae:37</replaceable></userinput></screen>
- <para>Bring the wireless interface up, but do not set an IP
- address on it:</para>
+ <para>Bring the wireless interface up, but do not set an <acronym>IP</acronym>
+ address:</para>
<screen>&prompt.root; <userinput>ifconfig <replaceable>wlan0</replaceable> create wlandev <replaceable>iwn0</replaceable> ssid <replaceable>my_router</replaceable> up</userinput></screen>
<para>Bring the <replaceable>bge0</replaceable> interface up.
Create the &man.lagg.4; interface with
<replaceable>bge0</replaceable> as master, and failover to
- <replaceable>wlan0</replaceable> if necessary:</para>
+ <replaceable>wlan0</replaceable>:</para>
<screen>&prompt.root; <userinput>ifconfig <replaceable>bge0</replaceable> up</userinput>
&prompt.root; <userinput>ifconfig <literal>lagg<replaceable>0</replaceable></literal> create</userinput>
&prompt.root; <userinput>ifconfig <literal>lagg<replaceable>0</replaceable></literal> up laggproto failover laggport <replaceable>bge0</replaceable> laggport <replaceable>wlan0</replaceable></userinput></screen>
- <para>The interface will look something like this, the major
- differences will be the <acronym>MAC</acronym> address and
- the device names:</para>
+ <para>The interface will now look something like this:</para>
<screen>&prompt.root; <userinput>ifconfig <literal>lagg<replaceable>0</replaceable></literal></userinput>
lagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
@@ -3878,7 +3923,8 @@ lagg0: flags=8843<UP,BROADCAST,RUNNIN
laggport: wlan0 flags=0<>
laggport: bge0 flags=5<MASTER,ACTIVE></screen>
- <para>Then start the DHCP client to obtain an IP
+ <para>Then, start the <acronym>DHCP</acronym> client to
+ obtain an <acronym>IP</acronym>
address:</para>
<screen>&prompt.root; <userinput>dhclient <literal>lagg<replaceable>0</replaceable></literal></userinput></screen>
@@ -3920,57 +3966,30 @@ ifconfig_<literal>lagg<replaceable>0</re
<indexterm><primary>diskless operation</primary></indexterm>
<para>A &os; machine can boot over the network and operate
- without a local disk, using filesystems mounted from an
+ without a local disk, using file systems mounted from an
<acronym>NFS</acronym> server. No system modification is
necessary, beyond standard configuration files. Such a system
is relatively easy to set up because all the necessary elements
are readily available:</para>
- <itemizedlist>
- <listitem>
- <para>There are at least two possible methods to load the
- kernel over the network:</para>
-
- <itemizedlist>
- <listitem>
- <para><acronym>PXE</acronym>: The &intel; Preboot
- eXecution Environment system is a form of smart boot ROM
- built into some networking cards or motherboards. See
- &man.pxeboot.8; for more details.</para>
- </listitem>
-
- <listitem>
- <para>The <application>Etherboot</application> port
- (<filename role="package">net/etherboot</filename>)
- produces ROM-able code to boot kernels over the network.
- The code can be either burnt into a boot PROM on a
- network card, or loaded from a local floppy (or hard)
- disk drive, or from a running &ms-dos; system. Many
- network cards are supported.</para>
- </listitem>
- </itemizedlist>
- </listitem>
-
- <listitem>
- <para>A sample script
- (<filename>/usr/share/examples/diskless/clone_root</filename>)
- eases the creation and maintenance of the workstation's root
- filesystem on the server. The script will probably require
- a little customization but it will get you started very
- quickly.</para>
- </listitem>
-
- <listitem>
- <para>Standard system startup files exist
- in <filename class="directory">/etc</filename>
- to detect and support a diskless system startup.</para>
- </listitem>
+ <para>The &intel; Preboot eXecution Environment
+ (<acronym>PXE</acronym>) can be used to load the kernel over
+ the network. It provides a form of smart boot
+ <acronym>ROM</acronym> built into some networking cards or
+ motherboards. See &man.pxeboot.8; for more details.</para>
+
+ <para>A sample script
+ (<filename>/usr/share/examples/diskless/clone_root</filename>)
+ eases the creation and maintenance of the workstation's root
+ file system on the server. The script will probably require
+ a little customization.</para>
+
+ <para>Standard system startup files exist
+ in <filename class="directory">/etc</filename>
+ to detect and support a diskless system startup.</para>
- <listitem>
- <para>Swapping, if needed, can be done either to an
- <acronym>NFS</acronym> file or to a local disk.</para>
- </listitem>
- </itemizedlist>
+ <para>Swapping, if needed, can be done either to an
+ <acronym>NFS</acronym> file or to a local disk.</para>
<para>There are many ways to set up diskless workstations. Many
elements are involved, and most can be customized to suit local
@@ -3981,38 +4000,28 @@ ifconfig_<literal>lagg<replaceable>0</re
<itemizedlist>
<listitem>
- <para>The diskless workstations use a shared read-only
- <filename class="directory">/</filename> filesystem,
- and a shared read-only
+ <para>The diskless workstations use a shared, read-only
+ <filename class="directory">/</filename>
+ and
<filename class="directory">/usr</filename>.</para>
- <para>The root filesystem is a copy of a standard &os;
- root (typically the server's), with some configuration files
+ <para>The root file system is a copy of a standard &os;
+ root, with some configuration files
overridden by ones specific to diskless operation or,
possibly, to the workstation they belong to.</para>
<para>The parts of the root which have to be writable are
- overlaid with &man.md.4; filesystems. Any changes will be
+ overlaid with &man.md.4; file systems. Any changes will be
lost when the system reboots.</para>
</listitem>
-
- <listitem>
- <para>The kernel is transferred and loaded either with
- <application>Etherboot</application> or
- <acronym>PXE</acronym> as some situations may mandate the
- use of either method.</para>
- </listitem>
</itemizedlist>
<caution>
<para>As described, this system is insecure. It should live in
- a protected area of a network, and be untrusted by other
+ a protected area of a network and be untrusted by other
hosts.</para>
</caution>
- <para>All the information in this section has been tested using
- &os; 5.2.1-RELEASE.</para>
-
<sect2>
<title>Background Information</title>
@@ -4034,7 +4043,7 @@ ifconfig_<literal>lagg<replaceable>0</re
</itemizedlist>
<para>In this context, having some knowledge of the background
- mechanisms involved is very useful to solve the problems that
+ mechanisms involved is useful to solve the problems that
may arise.</para>
<para>Several operations need to be performed for a successful
@@ -4043,26 +4052,29 @@ ifconfig_<literal>lagg<replaceable>0</re
<itemizedlist>
<listitem>
<para>The machine needs to obtain initial parameters such as
- its IP address, executable filename, server name, root
+ its <acronym>IP</acronym> address, executable filename,
+ server name, and root
path. This is done using the <acronym>DHCP</acronym> or
- BOOTP protocols. <acronym>DHCP</acronym> is a compatible
- extension of BOOTP, and uses the same port numbers and
- basic packet format.</para>
-
- <para>It is possible to configure a system to use only
- BOOTP. The &man.bootpd.8; server program is included in
+ <acronym>BOOTP</acronym> protocols.
+ <acronym>DHCP</acronym> is a compatible
+ extension of <acronym>BOOTP</acronym>, and uses the same
+ port numbers and
+ basic packet format. It is possible to configure a
+ system to use only
+ <acronym>BOOTP</acronym> and &man.bootpd.8; is included in
the base &os; system.</para>
-
- <para>However, <acronym>DHCP</acronym> has a number of
- advantages over BOOTP (nicer configuration files,
- possibility of using <acronym>PXE</acronym>, plus many
- others not directly related to diskless operation), and we
- will describe mainly a <acronym>DHCP</acronym>
+ </listitem>
+
+ <listitem>
+ <para><acronym>DHCP</acronym> has a number of
+ advantages over <acronym>BOOTP</acronym> such as nicer
+ configuration files and support for
+ <acronym>PXE</acronym>. This section
+ describes mainly a <acronym>DHCP</acronym>
configuration, with equivalent examples using
&man.bootpd.8; when possible. The sample configuration
- will use the <application>ISC DHCP</application> software
- package (release 3.0.1.r12 was installed on the test
- server).</para>
+ uses <application>ISC DHCP</application> which is
+ available in the Ports Collection.</para>
</listitem>
<listitem>
@@ -4071,56 +4083,33 @@ ifconfig_<literal>lagg<replaceable>0</re
*** DIFF OUTPUT TRUNCATED AT 1000 LINES ***
More information about the svn-doc-projects
mailing list