bridging two ethernets (stp, not link aggregation)

[Jason Brooks]

Hello,

I am running freenas-9.3-stable, on a supermicro system.

I am trying to setup a redundant network where I work. I have done this with vmware, and even plain linux. I would like to take two ethernet connections, and connect each to a different switch. I would prefer to have a single ip address between the two ethernet ports. Hopefully this means in case of a cable or switch failure, I will still have connectivity.

The switches are at best commercial grade, not enterprise grade, thus lacp across the switches doesn't exist: all I have is stp, rstp, and mstp.

I discovered via the freebsd forums that I could do the following to implement the idea:

ifconfig bridge create
--> bridge0
ifconfig bridge0 addm em0 addm em1
ifconfig bridge0 stp em0 stp em1
ifconfig bridge0 inet 192.168.1.39/24​

But, I am unable to find this in the gui. I would be ok modifying the underlying filesystem but not sure where to do so: for instance, freebsd says to modify /etc/rc.conf (probably rc.conf.local...). But I know from previous editions that won't persist.

I w0uld prefer to do this via the gui as I would feel happy knowing a backup would get the configuration.

What am I missing?

Enclosed is a diagram.

 

[pirateghost]

Why aren't you using LAGG/Lacp?

 

[Jason Brooks]

Why aren't you using LAGG/Lacp?

Hello, thank you for your reply.

I can't use lagg/lacp because the switches are discrete devices: they can't split up a link aggregation.

Jason

 

[dlavigne]

Does adding those ifconfig options to Network -> Interfaces -> Options do what you want?

 

[Jason Brooks]

I don't know. Yet. I will give that a try. Thanks!

 

[depasseg]

Have you tried configuring the "Failover" option under Link Aggregation?
http://doc.freenas.org/9.3/freenas_network.html#link-aggregations

 

[cyberjock]

I am trying to setup a redundant network where I work. I have done this with vmware, and even plain linux. I would like to take two ethernet connections, and connect each to a different switch. I would prefer to have a single ip address between the two ethernet ports. Hopefully this means in case of a cable or switch failure, I will still have connectivity.

No, you are breaking basic networking 101 if you think you can connect a single machine to two different switches and have the same IP on both NICs and get traffic simultaneously on both.. There's a name for that technology- MLAGG. MLAGG lets you connect the same system to two different switches and have both NICs share the same IP via a LAGG.

If MLAGG isn't an option because of the cost of replacement network switches your only other option is to do LAGG in failover mode.

Someone tried to do this 2 weeks ago demanding no failover mode and no MLAGG. It didn't end well for him. You're totally breaking quite a few things trying to do what you are doing as it is totally inappropriate to configure a network in this fashion. You are literally conflicting your network with a configuration that only works by chance and not by design. It's unsupported, not even closely recommended, and can (and will) suddenly perform very poorly or not at all. MLAGG is required to ensure the packets are making it to their destination properly and in order.

So either give up this idea, go with LAGG in failover, or buy hardware that is compatible with MLAGG. ;)

Even with all of this aside, I'd strongly recommend against trying to create the bridges like you are. FreeNAS is not supposed to work in this configuration, and you could be creating major problems for yourself later.

 

[Pheran]

Have you tried configuring the "Failover" option under Link Aggregation?
http://doc.freenas.org/9.3/freenas_network.html#link-aggregations

I will second this if the two switches are already connected at layer 2 - this is not clear from the diagram, which only shows them being uplinked to firewalls. You just set up the lagg in failover mode and put the IP on the lagg interface. Only one of the two ports will be active at any given time, but it should work and give you redundancy. You do not need bridging in this scenario, and in fact configuring bridging across a couple of switches is extremely dangerous - you could potentially bring down the whole network with a loop/broadcast storm if you don't understand what you are doing.

 

[Jason Brooks]

Hello,

The two switches are indeed connected and all ports are configured identically.

I have to respectfully disagree cyberjock...but with the following caveat. You are right about the potential loops, except in that stp is in use and I would alter the stp values weighting one switch over the other in terms of spanning tree. By doing so, the "secondary" switch would remain quiescent. Should a switch, or cable or network adapter fail, the remaining switch would kick in. Of course, there's an assumption: does freebsd bridging include spanning tree protocol?

The idea here is to use a kind of redundancy at a low a level as possible: if (m|r)stp is in use and (for lack of a better word: rerouting) packets based on their tree heirarchy, then tcp/ip doesn't need to know anything of the physical path it's taking.

----------------------------

Having said all of that: I am playing with lagg with failover as suggested by depasseg... I have a different issue there and I will open a new thread.

--jason