Re: Home stretch on new network - if_bridge looking better

[csszep <csszep@xxxxxxxxx>]

Great news!

Is there any chance to support more features in the bridge code? RSTP,
span port , filtering based on mac address ….

Godot

2011/2/24 Matthew Dillon <dillon@apollo.backplane.com>:
>    I'm in the home stretch of finishing up the new DragonFly network!
>    It's been pretty unstable the last week or so as I struggled first
>    with the (now failed) attempt at using an at&t static block with
>    U-Verse and then gave up on that and started working on running
>    a VPN over a dynamic-IP based at&t U-Verse + comcast internet.
>    I wanted bonding with failover.
>
>    Most of my struggles with U-Verse were in dealing with the stateful
>    firewall at&t has that cannot be turned off, even for the static
>    IP block.  It had serious issues dealing with many concurrent
>    connections and would drop connections randomly (it would send a
>    RST!).  The VPN bypasses the whole mess.
>
>    The last few days have been spent essentially rewriting half of
>    if_bridge so it would work properly, and testing it while I am
>    still tripple-homed (DSL, U-Verse, and ComCast).  Well, it caused
>    a lot of havoc on my network while I was beating it into shape
>    and that's putting it mildly!
>
>    But I think I now have if_bridge and openvpn and my ipfw and PF
>    rules smacked into shape.  I am going to implement line bonding
>    in if_bridge today (on top of the spanning tree and failover
>    which now works) and track down one or two remaining ARP issues
>    and then I'll call it done.  The basic setup is as shown below:
>
>        http://apollo-vc.backplane.com/DFlyMisc/bridge1.txt
>        http://apollo-vc.backplane.com/DFlyMisc/bridge2.txt
>
>        + There are PF rules and ALTQs on each TAP interface to manage
>          its outgoing bandwidth and keep network latencies down (on
>          both sides of the VC).
>
>        + IPFW forwarding (fwd) rules to manage multiple default routes
>          based on the source IP.
>
>    The spanning tree appears to be working properly with the 2x2 and
>    the 3x3 'real' configuration I'm testing it with.  Once I get
>    line bonding working I expect my downlink to achieve ~30MBits+
>    and my uplink will be 4.8MBits.  I'm seriously considering keeping
>    both U-Verse and ComCast and just paring the service levels down
>    a little (top tier isn't needed).  The poor old DSL with its 600KBit
>    uplink is going to hit the trash heap.  It might have been slow, but
>    that ISP served my old /26 static block fairly well for many years.
>
>                                        -Matt
>                                        Matthew Dillon
>                                        <dillon@backplane.com>
>