Bridging problems

I am trying to share a single 10Gb ethernet outlet in my office between two machines by bridging across a FreeBSD server using the second port on its 10Gb card. The bridge works quite well, and the other machine gets network service. The FreeBSD server, however, does not, even though I added an IP address (10.10.20.29) to the bridge configuration.

Some things I can see:
- I can ping between the other machine and the server, both ways, using their IP addresses.
- As the BSD server starts up, it has connectivity for a while and then loses it, about the time the other host gets it.
- I do not have any firewalls configured yet, but will once I get bridging working.
- I am on 10.3 at the moment.

I'd appreciate any help for things to try. I've been away from FreeBSD for a decade or so, and it is nice being back so far.

Here is my rc.conf (with real network addresses prefixes changed to 10.10 for privacy):

Code:
hostname="name"
defaultrouter="10.10.20.1"
cloned_interfaces="bridge0"
ifconfig_bridge0="addm ix0 addm ix1 up"
ifconfig_bridge0_alias0="inet 10.10.20.29 netmask 0xffffff00"
ifconfig_ix0="up"
ifconfig_ix1="up"

Here is the output of netstat -r, as I suspect this may be a routing problem:
Code:
Routing tables

Internet:
Destination        Gateway            Flags      Netif Expire
default            10.10.20.1       UGS     bridge0
localhost          link#5             UH          lo0
10.10.20.0       link#6             U       bridge0
10.10.20.29      link#6             UHS         lo0

and the output of ifconfig:

Code:
igb0: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO>
    ether 14:18:77:44:15:db
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    media: Ethernet autoselect
    status: no carrier
igb1: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO>
    ether 14:18:77:44:15:dc
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    media: Ethernet autoselect
    status: no carrier
ix0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=e403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
    ether a0:36:9f:0e:ad:60
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    media: Ethernet autoselect (10Gbase-T <full-duplex,rxpause,txpause>)
    status: active
ix1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=e403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
    ether a0:36:9f:0e:ad:62
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    media: Ethernet autoselect (10Gbase-T <full-duplex,rxpause,txpause>)
    status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
    inet 127.0.0.1 netmask 0xff000000
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 02:ed:ac:ff:0d:00
    inet 10.10.20.29 netmask 0xffffff00 broadcast 10.10.20.255
    nd6 options=9<PERFORMNUD,IFDISABLED>
    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
    maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
    member: ix1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
           ifmaxaddr 0 port 4 priority 128 path cost 2000
    member: ix0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
           ifmaxaddr 0 port 3 priority 128 path cost 2000
 
Is there a reason you're aliasing the bridge? I've always assigned the ip directly:
Code:
ifconfig_bridge0="inet 10.10.20.29 netmask 255.255.255.0 addm ix0 addm ix1"
 
I tried the alias because of something I saw online, so mostly out of ignorance.

I tried the bridge configuration you showed above and the behavior didn't change. For a couple of minutes the BSD box had a connection but the host across the tunnel did not, then the host had a connection and the BSD box didn't. I am beginning to suspect that it might be an issue with the switch.
 
On the pfSense forums the prefered way would be a routed network and not bridged. Unless you have a specific need for a bridge I would avoid it. Many internet instructions seem to use a bridged network. I would try a routed approach if you are having troubles.
Here is a good explanation.
https://www.grc.com/vpn/routing.htm
 
I don't see anything out of place but I'm not exactly a guru (I do use bridging a lot though). You may want rstp turned on to eliminate loops, just add stp ix0 to your bridge assignment (see man page). I'd see if you're not having negotiation problems between network ports. Assign the IP to the network port and see if you lose connectivity that way. For this application you may also want TSO disabled.
Code:
ifconfig_ix0="up -tso"
(Someone correct me if I'm wrong on that). There is also net.inet.tcp.tso=0 in sysctl.conf to disable it everywhere.
 
Thanks for the answers. For the record, the problem wasn't with FreeBSD, it was with the switch feeding my office - it was configured to only allow 1 IP address on the port at a time. Once that was turned off, everything worked just like it was supposed to.
 
Back
Top