Hi Mark/Kristof, I have been using ng_bridge for more than a year. It was very stable and it allowed to have members with different MTU. My jails were using jng to setup the bridge and I changed iohyve to use ng_bridge.
But I recently switched to if_bridge. I needed to have pf work on a member interface, which wasn’t easy with ng_bridge. It was not easy to make it work due to two members (VLAN) coming frome the same trunk.The behavior was erratic. I have a trusted VLAN bridged to an untrusted physical and Wifi network. All members are on the same IP segment, but with pf I can make sure that the untrusted IOT devices are only able to go outside towards the internet. The untrusted devices can’t create connections to the trusted devices, but the trusted devices can create connections to the untrusted devices. Another issue I found with pf was with "set skip on bridge”. It doesn’t work on the interface group, unless a bridge exists prior to enabling pf. Makes sense, but I didn’t think of it. Other rules work fine with interface groups. My jails and bhyve now runs fine with if_bridge, which is easier to setup and I don’t need any changes in iohyve. Peter > On 16 Apr 2020, at 09:44, Kristof Provost <k...@freebsd.org> wrote: > > Hi Mark, > > I wouldn’t expect these changes to make a difference in the performance of > this setup. > My work mostly affects setups with multi-core systems that see a lot of > traffic. Even before these changes I’d expect the if_bridge code to saturate > a wifi link easily. > > I also wouldn’t expect ng_bridge vs. if_bridge to make a significant > difference in wifi features. > > Best regards, > Kristof > > On 16 Apr 2020, at 3:56, Mark Saad wrote: > >> Kristof >> Up until a month ago I ran a set of FreeBSD based ap in my house and even >> long ago at work . They were Pc engines apu ‘s or Alix’s with one em/igb nic >> and one ath nic in a bridge . They worked well for a long time however the >> need for more robust wifi setup caused me to swap them out with cots aps >> from tp-link . The major issues were the lack of WiFi features and >> standards that work oob on Linux based aps . >> >> So I always wanted to experiment with ng_bridge vs if_bridge for the same >> task . But I never got around to it . Do you have any insight into using one >> vs the other . Imho if_bridge is easier to setup and get working . >> >> >> --- >> Mark Saad | nones...@longcount.org >> >>> On Apr 15, 2020, at 1:37 PM, Kristof Provost <k...@freebsd.org> wrote: >>> >>> On 15 Apr 2020, at 19:16, Mark Saad wrote: >>>> All >>>> Should this improve wifi to wired bridges in some way ? Has this been >>>> tested ? >>>> >>> What sort of setup do you have to bridge wired and wireless? Is the FreeBSD >>> box also a wifi AP? >>> >>> I’ve not done any tests involving wifi. >>> >>> Best regards, >>> Kristof > _______________________________________________ > freebsd-stable@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org" _______________________________________________ freebsd-stable@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "freebsd-stable-unsubscr...@freebsd.org"
