Help or guidance with Subnetting and Routing on FreeBSD/BSDRP for home network.

Joined
Jan 25, 2006
Messages
57
Hi all! Been some time.

I've been struggling a lot recently trying to segment out my expanding flat network structure. The more I look at my home network the more I realise it needs some very well deserved best networking practice applied to it.
So, I've started to vlan off segments for security and order. I'd like to vlan off as per an attached doco, mostly it's a academic exercise at this point which i will look to put in to practice once reviewed and tweaked.

A little bit of history:
I've virtualised my home network, firewall and routing. On that host also lives some servers and management boxes, very bad in this day and age and this why I'd like to separate out things like firewall and routing on a dedicated hardware.

Originally I started out as a Mikrotik shop. MT routing and Switching. Boy-howdy is that a god damn cluster. It's impossible (I found) to try and get all but the simplest tasks done. Understanding their interpretations of protocols and implementations I think is, worse than Cisco.
I tried ad-nauseaum to get vlans to pass dhcp to clients. The main headache I think was trying to get esxi and hypervised routing to play nice which as well as being a performance hit, was way over my head. I tried changing ether headers in MT, promiscuous mode on esx. Eventually I gave up and tried physical MT routers and switches even tried a HP Procurve.
Same result. No success.The lack of LACP 802.3ad functionality in my kit I could over look however, after their abysmal reaction to the IPv6 memory exhaustion bug, basically saying turn it off was not the correct response, precluding me asking for help over to MT.

Surely Cisco's where it's at, wrong.
Tried to run LACP on a K9 1921 - not supported on this device, long story short.
That being said I appreciate writing up the configs.

On to my third software combination; and dropping Esx 6.7 since LACP isn't really supported unless it's a distributed switch and hosted routing is nightmare, BSDRP. It was going well until the BSDRP failed to correctly present my quad port ethernet HBA, which l really couldn't solve, disabling the onboard ethernet port "fixed" the issue but I was unable to determine why. On to the fourth iteration! It's a Bhyve'd BSDRP, which seems to work well. LACP is working with the Procurve on the first attempt, wow.

I am pretty determined to try and stick with this combination as i think i have nearly got it sorted out. As you boffins probably know the 2910al is a layer three i could bring the routing onto switch level however I still don't have a DHCP solution in place yet. Nor do i really understand HP's take on ACLS.

As it stands the plan is to do something like the following:

Internet > White box Firewall (TBA) Untangle or OPNSense or something > Whitebox FreeBSD Bhyve router (BSDRP) maybe a hosted FreeBSD graphics box like Nomad or Fury > VM Server cluster Probably FreeBSD as well Servers\NAS etc...

What I am not 100 percent on is FreeBSD networking and vlaning, I've attached a loose config (untested yet) and a bit of a network summary which I hope is relatively correct, first go on FreeBSD vlan configs from the handbook.
I still have some additional questions I need to ask/not sure on. However, for now please take a look at the config and I will try my best to justify my reasons. If anyone thinks there's any worth in me documenting this whole saga from start to finish - I'd consider it.
Part of it is trying to keep the network orderly, the other part it to prove to myself that it can be done/it is possible to create a well maintained network at home.
Not sure how NATing and DHCP works on BSDRP, I'd consider virtualing DHCP services to another box if it's easier, still need sort out network address translation in BSD town too.

tl:dr non-network orientated home sys admin tries to get vlans and LACP running on a Procurve 2910al routed by Mikrotik phyiscal, virtual and a Cisco 1921. Is now trying on hypervised BSDRP Bhyve host asks [H]ardForum for help.
 

Attachments

  • FreeBSDnetwork.txt
    2.2 KB · Views: 0

B00nie

[H]F Junkie
Joined
Nov 1, 2012
Messages
8,482
BSD is a world I have never ventured to. Well, unless you count OSX as a derivative lol. I have a friend who has run BSD servers for over a decade but unfortunately he's not the kind that would join this forum for advice.
 
Joined
Jan 25, 2006
Messages
57
this used to be that kind of place... fuck. i guess.
anyway, that config is fucked from the out set, putting vlans and a bridges on the same network segment is the literal definition of madness, providing they mean the same thing to the same vendors. which is why the MT stuff is bizarre in the first place.
That being said you'd do it running jails on FreeBSD box.
Anyway i'll figure it out, just not here.
 

jardows

[H]ard|Gawd
Joined
Jun 10, 2015
Messages
1,898
this used to be that kind of place... fuck. i guess.
anyway, that config is fucked from the out set, putting vlans and a bridges on the same network segment is the literal definition of madness, providing they mean the same thing to the same vendors. which is why the MT stuff is bizarre in the first place.
That being said you'd do it running jails on FreeBSD box.
Anyway i'll figure it out, just not here.
You might get a little more response in the Networking sub. I pretty much just use FreeBSD as desktop/server, but have used pfSense for a router. Never got into configuring vLans, just aLans. I've thought about working to setup a base FreeBSD box for routing, but haven't had time yet.
 
  • Like
Reactions: Nobu
like this
Top