Discussion:
Network redundancy (Linux bonding/Solaris IPMP)
Jose Luis Rodriguez Garcia
2014-10-10 16:44:09 UTC
Permalink
Is there some way to have redundancy in the network connection of a NetBSD
server, similar to Linux bonding,Solaris IPMP or Windows Teaming?

Best regards
Andy Ruhl
2014-10-11 02:32:44 UTC
Permalink
On Fri, Oct 10, 2014 at 9:44 AM, Jose Luis Rodriguez Garcia
Post by Jose Luis Rodriguez Garcia
Is there some way to have redundancy in the network connection of a NetBSD
server, similar to Linux bonding,Solaris IPMP or Windows Teaming?
Best regards
See the man page for agr(4).

I haven't actually tried it but it looks fairly straightforward.

Andy
Jose Luis Rodriguez Garcia
2014-10-11 08:12:24 UTC
Permalink
I have looked the agr page, and I have googled for agr for a while,
without finding how link1 mode works.

Because I will connect the server to two switches, I can't use LACP
mode. I will have to use link1 mode.

How does link1 mode work?. Is it active/passive? Does it work using
the link status of the ehternet connections? If this is the way it
works, it is ok for my setup.
Post by Andy Ruhl
See the man page for agr(4).
I haven't actually tried it but it looks fairly straightforward.
Andy
Manuel Bouyer
2014-10-11 15:10:49 UTC
Permalink
Post by Jose Luis Rodriguez Garcia
I have looked the agr page, and I have googled for agr for a while,
without finding how link1 mode works.
Because I will connect the server to two switches, I can't use LACP
mode. I will have to use link1 mode.
How does link1 mode work?. Is it active/passive? Does it work using
the link status of the ehternet connections? If this is the way it
works, it is ok for my setup.
Ho does other OSes decide which link to use in such a setup ?
At first glance I'd say that if you want to have the same behavior as
linux bond, you'd need both link0 and link1.
--
Manuel Bouyer <***@antioche.eu.org>
NetBSD: 26 ans d'experience feront toujours la difference
--
Michael van Elst
2014-10-11 15:55:23 UTC
Permalink
Post by Manuel Bouyer
Post by Jose Luis Rodriguez Garcia
How does link1 mode work?. Is it active/passive? Does it work using
the link status of the ehternet connections? If this is the way it
works, it is ok for my setup.
Ho does other OSes decide which link to use in such a setup ?
At first glance I'd say that if you want to have the same behavior as
linux bond, you'd need both link0 and link1.
The most simple mode is an active/passive failover. The active link is
used for sending and only when it fails(*) the other link is used.

(*) Failure is detected either by looking at the carrier status or by
sending arp probes to a configured peer.

agr(4) doesn't seem to support this. Packets are distributed over all
links, either round-robin or by selecting a link based on a hash of
the packet.
Manuel Bouyer
2014-10-11 18:13:34 UTC
Permalink
Post by Michael van Elst
Post by Manuel Bouyer
Post by Jose Luis Rodriguez Garcia
How does link1 mode work?. Is it active/passive? Does it work using
the link status of the ehternet connections? If this is the way it
works, it is ok for my setup.
Ho does other OSes decide which link to use in such a setup ?
At first glance I'd say that if you want to have the same behavior as
linux bond, you'd need both link0 and link1.
The most simple mode is an active/passive failover. The active link is
used for sending and only when it fails(*) the other link is used.
(*) Failure is detected either by looking at the carrier status or by
sending arp probes to a configured peer.
agr(4) doesn't seem to support this.
It does with LACP, I don't know if the link status is considered when
in round-robin mode.

Anyway if I had to setup something like that I'd use bridge with
spanning-tree to select the best path. This way you get failover for
more cases than just the local link failure.
--
Manuel Bouyer <***@antioche.eu.org>
NetBSD: 26 ans d'experience feront toujours la difference
--
Andy Ruhl
2014-10-12 03:22:19 UTC
Permalink
Post by Manuel Bouyer
It does with LACP, I don't know if the link status is considered when
in round-robin mode.
Anyway if I had to setup something like that I'd use bridge with
spanning-tree to select the best path. This way you get failover for
more cases than just the local link failure.
If I understand this correct, you are effectively setting up more than
one interface into something like a switch on the NetBSD host, and
attaching them both to another switch (or switches) and letting
spanning tree figure out the path?

If so, where do you set the IP address(es)? Is there some virtual
layer for a single IP address?

Maybe I missed something simple...

Andy
Niels Dettenbach (Syndicat IT&Internet)
2014-10-12 06:27:06 UTC
Permalink
Post by Andy Ruhl
If so, where do you set the IP address(es)? Is there some virtual
layer for a single IP address?
...in case of a bridge, usually on the bridge interface.


cheerioh,


Niels.
--
Niels Dettenbach
Syndicat IT&Internet
http://www.syndicat.com
Manuel Bouyer
2014-10-12 08:08:43 UTC
Permalink
Post by Niels Dettenbach (Syndicat IT&Internet)
Post by Andy Ruhl
If so, where do you set the IP address(es)? Is there some virtual
layer for a single IP address?
...in case of a bridge, usually on the bridge interface.
No, on NetBSD you can't configure an IP address on a bridge interface.
--
Manuel Bouyer <***@antioche.eu.org>
NetBSD: 26 ans d'experience feront toujours la difference
--
Niels Dettenbach (Syndicat IT&Internet)
2014-10-12 10:55:58 UTC
Permalink
Post by Manuel Bouyer
No, on NetBSD you can't configure an IP address on a bridge interface.
hmm, ok, but this confuses me a bit.

If you define the IP on one of the n ifaces of a bridge how the IP could be reached/managed/used if that iface leaves the bridge or "just" got down/deleted?

Or does NetBSD did not know the concept of a IP of a bridge (as i.e. on linux) or is there any other official comparable concept?

Many thanks for any hint.


best regards,


Niels.
--
Niels Dettenbach
Syndicat IT&Internet
http://www.syndicat.com
Andy Ruhl
2014-10-12 12:28:15 UTC
Permalink
On Sun, Oct 12, 2014 at 3:55 AM, Niels Dettenbach (Syndicat
Post by Niels Dettenbach (Syndicat IT&Internet)
Post by Manuel Bouyer
No, on NetBSD you can't configure an IP address on a bridge interface.
hmm, ok, but this confuses me a bit.
If you define the IP on one of the n ifaces of a bridge how the IP could be reached/managed/used if that iface leaves the bridge or "just" got down/deleted?
Or does NetBSD did not know the concept of a IP of a bridge (as i.e. on linux) or is there any other official comparable concept?
Many thanks for any hint.
I think he's saying that NetBSD is behaving as a layer 2 switch with 2
links. Spanning tree "solves" which interface is active elsewhere (or
can NetBSD run it? I don't know). Since you have a switch, frames are
sent to whatever interface owns the IP via the arp table. So it only
takes 1 of the 2 links to be up, doesn't matter which.

So it's not load balancing, but I think that was the point of the
original post. And I'm confused about "link1" in agr as well now that
I read it again.

Andy
Manuel Bouyer
2014-10-12 18:25:05 UTC
Permalink
Post by Niels Dettenbach (Syndicat IT&Internet)
Post by Manuel Bouyer
No, on NetBSD you can't configure an IP address on a bridge interface.
hmm, ok, but this confuses me a bit.
If you define the IP on one of the n ifaces of a bridge how the IP could be reached/managed/used if that iface leaves the bridge or "just" got down/deleted?
It should not leave the bridge or be deleted.
If it's down, it should'nt matter if the bridge has a better path anyway.
Post by Niels Dettenbach (Syndicat IT&Internet)
Or does NetBSD did not know the concept of a IP of a bridge (as i.e. on linux) or is there any other official comparable concept?
On NetBSD there's no concept of a IP of a bridge.
--
Manuel Bouyer <***@antioche.eu.org>
NetBSD: 26 ans d'experience feront toujours la difference
--
Niels Dettenbach
2014-10-13 08:22:08 UTC
Permalink
Post by Manuel Bouyer
Post by Niels Dettenbach (Syndicat IT&Internet)
Or does NetBSD did not know the concept of a IP of a bridge (as i.e. on
linux) or is there any other official comparable concept?
On NetBSD there's no concept of a IP of a bridge.
ah, OK,
now i got the point.

It seem's netBSD is going another way then Linux or other Free/OpenBSD here - this was new to me.

https://www.freebsd.org/doc/de_DE.ISO8859-1/books/handbook/network-bridging.html
http://www.openbsd.org/faq/faq6.html#Bridge

Is there any reason why NetBSD does not offer such a feature?

I agree that a bridge primarily is a "level 2 tool", but we have several applications/appliances where the ability to configure an IP (level 3) on a bridge interface (level 2) is very handy (as often to find even in other, much more famous applications) as it easily can be done even before / without any interface bound to the bridge.

One of my targets in mind is to migrate some of that "apps" to NetBSD in the future for different reasons. So it would be nice to understand the reason[s] behind this difference.

sorry for the noise so far.


many thanks and cheerioh,


Niels.
--
---
Niels Dettenbach
Syndicat IT & Internet
http://www.syndicat.com
PGP: https://syndicat.com/pub_key.asc
---
Manuel Bouyer
2014-10-12 08:08:08 UTC
Permalink
Post by Andy Ruhl
Post by Manuel Bouyer
It does with LACP, I don't know if the link status is considered when
in round-robin mode.
Anyway if I had to setup something like that I'd use bridge with
spanning-tree to select the best path. This way you get failover for
more cases than just the local link failure.
If I understand this correct, you are effectively setting up more than
one interface into something like a switch on the NetBSD host, and
attaching them both to another switch (or switches) and letting
spanning tree figure out the path?
If so, where do you set the IP address(es)? Is there some virtual
layer for a single IP address?
I set it on one of the physical interfaces. The bridge will be able to take
packets to the other interface if needed.
--
Manuel Bouyer <***@antioche.eu.org>
NetBSD: 26 ans d'experience feront toujours la difference
--
Manuel Bouyer
2014-10-13 06:16:32 UTC
Permalink
On Sat, Oct 11, 2014 at 11:13 AM, Manuel Bouyer
Post by Manuel Bouyer
It does with LACP, I don't know if the link status is considered when
in round-robin mode.
Anyway if I had to setup something like that I'd use bridge with
spanning-tree to select the best path. This way you get failover for
more cases than just the local link failure.
With Spanning-tree method, in my company network people use enhaced
SPT protocols (mainly Cisco SPT protocols that converge more faster,
etc.--), and I think that hey won't be compatible (they have denied in
the past to connect not Cisco switches to switching infraestructure
because of this).
¿Is there some performance degradation using this bridge configuration
over the case of no bridge setup?
Maybe a bit (I've not done precise measurements), but no more than
with agr(4).
--
Manuel Bouyer <***@antioche.eu.org>
NetBSD: 26 ans d'experience feront toujours la difference
--
Jose Luis Rodriguez Garcia
2014-10-13 01:15:21 UTC
Permalink
On Sat, Oct 11, 2014 at 11:13 AM, Manuel Bouyer
Post by Manuel Bouyer
It does with LACP, I don't know if the link status is considered when
in round-robin mode.
Anyway if I had to setup something like that I'd use bridge with
spanning-tree to select the best path. This way you get failover for
more cases than just the local link failure.
With Spanning-tree method, in my company network people use enhaced
SPT protocols (mainly Cisco SPT protocols that converge more faster,
etc.--), and I think that hey won't be compatible (they have denied in
the past to connect not Cisco switches to switching infraestructure
because of this).

¿Is there some performance degradation using this bridge configuration
over the case of no bridge setup?


With IPMP and bonding you can use link failure test, but you can use
more advanced methods:
1- Solaris IPMP can use configure a test address in every interface. I
think that does pings to address that you can configure or , that it
extracts from the network.
http://docs.oracle.com/cd/E26502_01/html/E28993/gfazs.html
2- Linux Bonding can uses basic link monitoring (miimon) or arp
monitoring configuring one(several) target(s).
https://www.kernel.org/doc/Documentation/networking/bonding.txt
Loading...