Bridge interface with DHCP


#1

Hi;

I am trying to configure my network with a bridge interface. What I have in my configuration is the following:

cat /etc/conf.d/network 
# Auto-Enabled NICs from pc-sysinstall
cloned_interfaces="bridge0"
ifconfig_bridge0="ALL ether XX:XX:XX:XX:XX:XX addm em0 up"
ifconfig_em0="up"

I have tried DHCP instead of ALL above, but that would not work at all.

On boot; I have this warning: dhcpd.bridge0 has started, but is inactive

So each time I reboot I have to assign the IP manually and add the correct default route.

Is there a way to get this working?

Thank you


#2

Typically a bridge interface has 2 members, you have one em0. Or is ALL supposed to mean “add all interfaces as members to this bridge?” Asking because I can’t find any references to the ALL keyword in the man page for if_bridge.

what is the output of “ifconfig -a”? Do you have more than one physical interface?

If you had em0 and em1, you should be able to do
ifconfig_bridge0="addm em0 addm em1 DHCP"
ifconfig_em0="up"
ifconfig_em1=“up”

to bridge em0 and em1. they don’t need to be physical interfaces, you can use tunnels or other interface types.


#3

Hi mer,

Thanks for answering my question.

First off:

# ifconfig -a
em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=85219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO>
        ether XX:XX:XX:XX:XX:XX
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128 
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 
        inet 127.0.0.1 netmask 0xff000000 
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo 
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether XX:XX:XX:XX:XX:XX
        inet 10.10.23.9 netmask 0xffffff00 broadcast 10.10.23.255 
        nd6 options=9<PERFORMNUD,IFDISABLED>
        groups: bridge 
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 55

But this is after I had issued:

# ifconfig bridge0 inet 10.10.23.9/24
# route add default 10.10.23.1

As for the second part of your reply; I understand that a typical bridge interface has two members, at least, but I do not think that I must add all members upon initialisation. I only have one physical interface. On the same machine I can create a bridge in Linux and then use the bridge interface later on for virtualisation, for instance.

On TrueOS the member is added perfectly, it is just that the bridge interface is not getting an IP address through DHCP. Besides; I think that TrueOS tries to initialise em0 through DHCP as well!

I hope that my problem is clearer now.

Thanks again


#4

Thanks. I was wondering about virtualization, that makes sense. I’m going by documentation, I haven’t had a chance to try this, so am offering “theoretical” help.

em0: check /etc/rc.conf for an ifconfig_em0 line, if that says DHCP, that tells you em0 is getting addressing from DHCP.

I’m assuming you have a DHCP server somewhere that the bridge can get to? Have you tried packet capture on that to see if you are getting requests from the bridge0 interface?

Edit:
Have you tried walking through creating the bridge manually, adding em0 and running dhclient bridge0?

YAE:
Is your intent to have bridge0 with an IP address, but em0 not having an IP?


#5

I only have ifconfig_em0=“up” in my configuration

Right, but have not tried packet capture.

Manually yeah, but assigning the IP address myself without running dhclient bridge0…I’ll try that one :slight_smile:

I think that is the way it should be. Member interfaces do not get an IP address. Only the bridge interface. Have I gotten this wrong?!

Thanks for keeping up with me. :slight_smile:


#6

Thanks for being patient :wink:

The last part about em0 not having an IP; I think that depends on what you are trying to do. Various bits of documentation imply either, I know that folks running a bunch of jails/containers often want the bridge to have an address and then they hook all the containers into the bridge interface.

If manually running dhclient for bridge0 works then I think that points more towards timing/sequencing of the steps during boot. At that point help from one of the developers would be a good thing (because I’ve run out of ideas/tests).


#7

Running dhclient bridge0 works fine. So I guess it is what you mentioned about boot sequence timing . Hopefully someone could help.

Thank you


#8

Thanks for the update. Somehting to try, as a workaround, would be to put something in /etc/local.d that is simply a sh script doing dhclient bridge0. Take a look at /etc/init.d/local that’s the OpenRC equivalent of rc.local. It may let you at least not have to manually do anything with the bridge0 but may not be a complete solution for you.


#9

Thanks. I’ll give it a shot and have a look at it. :slight_smile:


#10

no problem. let us know how you make out with it.


#11
uname -a
FreeBSD tosd.localnet 12.0-CURRENT FreeBSD 12.0-CURRENT #10 d26791952(trueos-stable-17.12): Sat Dec  9 18:10:09 UTC 2017     root@chimera:/usr/obj/usr/src/amd64.amd64/sys/GENERIC  amd64

This is how I set-up bridge in TrueOS:

/etc/rc.conf

ifconfig_em0="DHCP"
cloned_interfaces="bridge0"
ifconfig_bridge0="DHCP"
ifconfig_bridge0_ipv6="inet6 accept_rtadv"
ifconfig_em0_ipv6="inet6 accept_rtadv"

ifconfig -a

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=85259b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO>
        ether d0:67:e5:54:33:f3
        inet6 fe80::d267:e5ff:fe54:33f3%em0 prefixlen 64 scopeid 0x1 
        inet 10.1.10.11 netmask 0xffffff00 broadcast 10.1.10.255 
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128 
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 
        inet 127.0.0.1 netmask 0xff000000 
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo 
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:af:be:db:c4:00
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
        groups: bridge 
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0

All net interfaces come up at boot as intended

Note:
It’s up to your vbox, vm, libvirt, jail, docker or some other virtual container host to deal with the bridge. I usually assign static LAN IP to my vm container(s). Some vm(s) can also act as DHCP server and router. And then you can play with vlans to complicate things bit more. I always try to find the easiest path to make things work for me - lol


#12

Thanks for the info.


#13

So in your scenario em0 is no member of the bridge and bridge members get IP addresses through DHCP, right?


#14

Here is a bit more complicated mix of wired STATIC-LAN/IP + Wireless DHCP/IP with bridge configuration.

In this example, I configured each net interface (wired-10.1.10.5 and wireless-192.168.1.100) to route through different physical router, I use 2 of them. But, both net interfaces use the same gateway of the WAN router - magic done by physical routers.
Basically, I’m showing here two things - how the automagic of routing works with dissimilar C class networks and how a bridge with wireless net interface (in DHCP-LAN/IP set-up) and wired net interface (with STATIC-LAN/IP set-up) work in the same machine (computer).
This may show more details how bridge, routing and TCP/IP networking work in general.

/etc/rc.conf

# Auto-Enabled NICs from pc-sysinstall
ifconfig_em0="10.1.10.5 netmask 255.255.255.0"
wlans_iwn0="wlan0"
hostname="tosd.localnet"
cloned_interfaces="bridge0"
ifconfig_bridge0="DHCP"
ifconfig_wlan0="WPA DHCP"
ifconfig_bridge0_ipv6="inet6 accept_rtadv"

ifconfig

em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=85259b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO>
        ether d0:67:e5:54:33:f3
        inet 10.1.10.5 netmask 0xffffff00 broadcast 10.1.10.255 
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128 
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 
        inet 127.0.0.1 netmask 0xff000000 
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo 
wlan0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 24:77:03:9a:d1:44
        inet 192.168.1.100 netmask 0xffffff00 broadcast 192.168.1.255 
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: IEEE 802.11 Wireless Ethernet MCS mode 11ng
        status: associated
        ssid xxxx channel 2 (2417 MHz 11g ht/40+) bssid 00:1d:aa:a4:9f:68
        regdomain FCC country US authmode WPA2/802.11i privacy ON
        deftxkey UNDEF TKIP 2:128-bit txpower 30 bmiss 10 scanvalid 60
        protmode CTS ampdulimit 64k ampdudensity 4 -amsdutx amsdurx shortgi
        -stbc -ldpc wme roaming MANUAL
        groups: wlan 
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:af:be:db:c4:00
        nd6 options=3<PERFORMNUD,ACCEPT_RTADV>
        groups: bridge 
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: wlan0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 3 priority 128 path cost 33333

ping 192.168.1.1 (ping gw of the 192.168.1.0 net)

PING 192.168.1.1 (192.168.1.1): 56 data bytes
64 bytes from 192.168.1.1: icmp_seq=0 ttl=255 time=0.938 ms
64 bytes from 192.168.1.1: icmp_seq=1 ttl=255 time=0.687 ms

ping 192.168.1.102 (ping a node 192.168.1.102 - another computer on the 192.168.1.0 net)

PING 192.168.1.102 (192.168.1.102): 56 data bytes
64 bytes from 192.168.1.102: icmp_seq=1 ttl=128 time=7.434 ms
64 bytes from 192.168.1.102: icmp_seq=2 ttl=128 time=0.914 ms

ping 10.1.10.1 (ping gw of the 10.1.10.0 net)

PING 10.1.10.1 (10.1.10.1): 56 data bytes
64 bytes from 10.1.10.1: icmp_seq=0 ttl=64 time=3.725 ms
64 bytes from 10.1.10.1: icmp_seq=1 ttl=64 time=1.578 ms

ping 10.1.10.25 (another computer on the 10.1.10.0 net)

PING 10.1.10.25 (10.1.10.25): 56 data bytes
64 bytes from 10.1.10.25: icmp_seq=0 ttl=128 time=0.774 ms
64 bytes from 10.1.10.25: icmp_seq=1 ttl=128 time=0.418 ms

ping trueos.org (ping outside world from this machine with the net interfaces as shown above in ifconfig)

PING trueos.org (64.71.187.14): 56 data bytes
64 bytes from 64.71.187.14: icmp_seq=0 ttl=52 time=31.844 ms
64 bytes from 64.71.187.14: icmp_seq=1 ttl=52 time=38.289 ms

Edit:
So, we have 3 computers plus 2 routers and 8 net interfaces communicating with each other, in this network :wink:


#15

Thank you for the interesting example, but just a naive question;

How was wlan0 added to bridge0?


#16

I just created a simple shell script to execute dhclient bridge0 under /etc/local.d and now my problem is solved :slight_smile:
Thanks


#17

Thanks for the update. So that definitely indicates a timing/sequencing at startup that needs work.


#18

Apparently yes :slight_smile: