Bridge interface and IP addressing



  • Hi all,
    I'm trying to set up a bridge interface with two members (of the same TAG) and stuck in the middle understanding what's the document says and what I'm seeing here. This is what my set-up is related to the that part atm:

    83fbc959-56e7-4908-95bc-6a61f853b93c-image.png

    On the pfSense box, NIC 3+4 is bonded as LAGG1 and 4+5 as LAGG0, which is the main LAN connection goes to the switch, carrying all the VLANs, including VLAN20.

    VLAN20 on LAGG0 is assigned to an interface called DEVS and the LAGG1 is assigned to an Interface, called QNAP

    967ab1f0-95bc-4a36-871b-41d5b1a3f4f3-image.png

    DEVS and QNAP are the BRIDGE members:
    20abf102-495e-4605-93fa-48568292ee64-image.png

    DEVS has the Static IPV4 and QNAP sets of type None.

    There are 4 NICs on the QNAP, configured as 1+2 and 3+4 bonded interfaces. With this setup, I get two IPs on two bonded interfaces....

    df263c42-65c9-4e99-9b7f-1ae3fd7cbc2c-image.png

    as long as I set 0 for both net.link.bridge.pfil_member and net.link.bridge.pfil_bridge in the System Tunables. Although it looks like working but I doing that right thing? Doesn't seem to be matching with the document. On related note: If I change bridge.pfil_member to 1 (as per my current configuration) QNAP always get a 169.254.10.xxx IP on the interface (Adapter 1+2) that attached to LAGG0 interface.

    Here it says: Configuring the IP address on the bridge itself is best in nearly all cases. But nothing works if I do that. Then on the next page, it suggests to have: Only one interface of a bridge will have an IP address set, the others will have none.

    Is it the documentation needs reviewing or I misunderstood something? The goal is to have QNAP on-line on one interface or another (or both). Any help would be very much appreciated.

    -San



  • hi, anyone got 5 mins to have quick look at this pls?

    -S



  • Also, if the IP is assigned to one member of the Bridge, then entire bridge is inaccessible if that member is down, right?

    -S


  • Netgate Administrator

    @MacUsers said in Bridge interface and IP addressing:

    if the IP is assigned to one member of the Bridge, then entire bridge is inaccessible if that member is down, right?

    If that interface hoes down the IP address is down for all bridge interfaces which is why you usually put the IP on the bridge interface itself.

    Why are you doing this?
    This looks invalid to me. Is that valid to have the qnap with two interfaces in the same subnet? How does it know which one to use? Is it using DHCP? Which interface is the dhcp server running on?

    Steve



  • @stephenw10 said in Bridge interface and IP addressing:

    @MacUsers said in Bridge interface and IP addressing:

    if the IP is assigned to one member of the Bridge, then entire bridge is inaccessible if that member is down, right?

    If that interface hoes down the IP address is down for all bridge interfaces which is why you usually put the IP on the bridge interface itself.

    That's where the first confusion came from: that two pages I linked from the documentation - first one says assign the IP to bridge and the 2nd one says to one member. And actually, if I assign IP to the BRIDGE, the interface with VLAN attached to it never gets the IP address. Hence this question and asked for the help.

    Why are you doing this?
    This looks invalid to me. Is that valid to have the qnap with two interfaces in the same subnet? How does it know which one to use? Is it using DHCP? Which interface is the dhcp server running on?

    I think it's technically valid - instance/service can run with multiple IPs for the fail-over purpose. If there is a real benefit of having IPs from the same sub-net is a valid point but my idea was even if the switch goes down there is still a way to get to the QNAP, as it's available on the both of the interfaces.

    At the moment, as the IP on the BRIDGE doesn't work for me, DEVS interface is running the DHCP and QNAP is the member of the same BRIDGE. The DHCP Static Mappings is configured based on the MAC address of two bonded QNAP interfaces. Two A records are setup against the same hostname:

    $ dig +noall +answer qts453.xxxxxxx.net
    qts453.xxxxxxx.net. 3600	IN	A	10.1.20.4
    qts453.xxxxxxx.net. 3600	IN	A	10.1.20.5
    

    hoping, as DHCP hands out the addresses of interfaces, if one does not respond, the client will try the other one. e.g. if I intentionally curl on the wrong port, it does try IPs one after another:

    $ curl https://qts453.xxxxxxx.net:44 -v
    * Rebuilt URL to: https://qts453.xxxxxxx.net:44/
    *   Trying 10.1.20.4...
    * TCP_NODELAY set
    * Connection failed
    * connect to 10.1.20.4 port 44 failed: Connection refused
    *   Trying 10.1.20.5...
    * TCP_NODELAY set
    * Connection failed
    * connect to 10.1.20.5 port 44 failed: Connection refused
    

    -San



  • My main question was why I'm not getting IP on the VLAN interface when IP4 Address is directly assigned assigned to the BRIDGE interface and the IPv4 Configuration Type is set to None for both of the members.

    Also, why do I need to set net.link.bridge.pfil_member to 0 to get it working when IP is assigned to a member. It's working completely opposite way of what the documentation says.

    -S


  • Netgate Administrator

    It's probably blocking the dhcp requests on the qnap interface otherwise. dhcp traffic is allowed by default on interfaces where it's enabled but here that's DEVS and not QNAP. So if you have bridge member filtering enabled you will have to pass dhcp traffic manually on QNAP to the server on DEVS.

    If you assign the bridge you would usually want the filtering on the bridge itself and not the members.

    Steve



  • Okay, I re-did everything, the bridging bit, from the beginning and it seems working now. I cannot figure out what different I did this time but glad to see it's working. Thanks for your help @stephenw10

    -S


Log in to reply