Changeset View
Changeset View
Standalone View
Standalone View
head/en_US.ISO8859-1/books/handbook/advanced-networking/chapter.xml
| Show First 20 Lines • Show All 3,225 Lines • ▼ Show 20 Lines | <varlistentry> | ||||
| <listitem> | <listitem> | ||||
| <para>If a bridge member interface is marked as sticky, | <para>If a bridge member interface is marked as sticky, | ||||
| dynamically learned address entries are treated as | dynamically learned address entries are treated as | ||||
| static entries in the forwarding cache. Sticky entries | static entries in the forwarding cache. Sticky entries | ||||
| are never aged out of the cache or replaced, even if the | are never aged out of the cache or replaced, even if the | ||||
| address is seen on a different interface. This gives | address is seen on a different interface. This gives | ||||
| the benefit of static address entries without the need | the benefit of static address entries without the need | ||||
| to pre-populate the forwarding table. Clients learned | to pre-populate the forwarding table. Clients learned | ||||
| on a particular segment of the bridge can not roam to | on a particular segment of the bridge cannot roam to | ||||
| another segment.</para> | another segment.</para> | ||||
| <para>An example of using sticky addresses is to combine | <para>An example of using sticky addresses is to combine | ||||
| the bridge with <acronym>VLAN</acronym>s in order to | the bridge with <acronym>VLAN</acronym>s in order to | ||||
| isolate customer networks without wasting | isolate customer networks without wasting | ||||
| <acronym>IP</acronym> address space. Consider that | <acronym>IP</acronym> address space. Consider that | ||||
| <systemitem class="fqdomainname">CustomerA</systemitem> | <systemitem class="fqdomainname">CustomerA</systemitem> | ||||
| is on <literal>vlan100</literal>, <systemitem | is on <literal>vlan100</literal>, <systemitem | ||||
| class="fqdomainname">CustomerB</systemitem> is on | class="fqdomainname">CustomerB</systemitem> is on | ||||
| <literal>vlan101</literal>, and the bridge has the | <literal>vlan101</literal>, and the bridge has the | ||||
| address <systemitem | address <systemitem | ||||
| class="ipaddress">192.168.0.1</systemitem>:</para> | class="ipaddress">192.168.0.1</systemitem>:</para> | ||||
| <screen>&prompt.root; <userinput>ifconfig bridge0 addm vlan100 sticky vlan100 addm vlan101 sticky vlan101</userinput> | <screen>&prompt.root; <userinput>ifconfig bridge0 addm vlan100 sticky vlan100 addm vlan101 sticky vlan101</userinput> | ||||
| &prompt.root; <userinput>ifconfig bridge0 inet 192.168.0.1/24</userinput></screen> | &prompt.root; <userinput>ifconfig bridge0 inet 192.168.0.1/24</userinput></screen> | ||||
| <para>In this example, both clients see <systemitem | <para>In this example, both clients see <systemitem | ||||
| class="ipaddress">192.168.0.1</systemitem> as their | class="ipaddress">192.168.0.1</systemitem> as their | ||||
| default gateway. Since the bridge cache is sticky, one | default gateway. Since the bridge cache is sticky, one | ||||
| host can not spoof the <acronym>MAC</acronym> address of | host cannot spoof the <acronym>MAC</acronym> address of | ||||
| the other customer in order to intercept their | the other customer in order to intercept their | ||||
| traffic.</para> | traffic.</para> | ||||
| <para>Any communication between the | <para>Any communication between the | ||||
| <acronym>VLAN</acronym>s can be blocked using a firewall | <acronym>VLAN</acronym>s can be blocked using a firewall | ||||
| or, as seen in this example, private interfaces:</para> | or, as seen in this example, private interfaces:</para> | ||||
| <screen>&prompt.root; <userinput>ifconfig bridge0 private vlan100 private vlan101</userinput></screen> | <screen>&prompt.root; <userinput>ifconfig bridge0 private vlan100 private vlan101</userinput></screen> | ||||
| ▲ Show 20 Lines • Show All 2,002 Lines • Show Last 20 Lines | |||||