I am using CentOS as a firewall/router. I am using bonded interfaces, vlan interfaces, and bridge interfaces. My problem currently is that on boot the system is attempting to activate the bridge interface before it's bonded-vlan members have been created. What this means is that the bridge is created but not activated.
Is there anyway for me to influence the activation order and have bridge interfaces dealt with last?
Graham Johnston Manager, Network Services Westman Communications Group 204.571.7225 johnstong@westmancom.com
Graham Johnston wrote:
I am using CentOS as a firewall/router. I am using bonded interfaces, vlan interfaces, and bridge interfaces. My problem currently is that on boot the system is attempting to activate the bridge interface before it's bonded-vlan members have been created. What this means is that the bridge is created but not activated.
Is there anyway for me to influence the activation order and have bridge interfaces dealt with last?
there's probably a better way to do this, but what I've done in the past is to create special firewall related kinda stuff like your'e describing in my own script thats run quite late in the init sequence, usually from rc2.d/S99myfirewall or even from /etc/rc.d/rc.local
On Fri, Nov 30, 2007 at 08:51:50AM -0800, John R Pierce enlightened us:
Graham Johnston wrote:
I am using CentOS as a firewall/router. I am using bonded interfaces, vlan interfaces, and bridge interfaces. My problem currently is that on boot the system is attempting to activate the bridge interface before it's bonded-vlan members have been created. What this means is that the bridge is created but not activated.
Is there anyway for me to influence the activation order and have bridge interfaces dealt with last?
there's probably a better way to do this, but what I've done in the past is to create special firewall related kinda stuff like your'e describing in my own script thats run quite late in the init sequence, usually from rc2.d/S99myfirewall or even from /etc/rc.d/rc.local
Yes, there is probably a better way. My initial thought was to set ONBOOT=no for the bridge interfaces and then bring them up in an initscript or rc.local later.
Looking at the network startup script (/etc/init.d/network), though, it looks like you can probably achieve the same effect simply by renaming the ifcfg-brX files to something like ifcfg-zbrX.
There is a loop to bring up interfaces that looks like:
# bring up all other interfaces configured to come up at boot time for i in $interfaces; do
and $interfaces is set just above by listing all files starting with ifcfg and snagging the end part (e.g. eth0 or br0).
The loop figures out what kind of configuration it needs by reading the file, so I don't think it cares what it is named, as long as it is ifcfg-something. By renaming bridges to ifcfg-zbrX, it will come after ifcfg-vlanX and I think solve your problem.
That was work, time for lunch :-)
Matt
On Fri, 2007-11-30 at 12:03 -0500, Matt Hyclak wrote:
On Fri, Nov 30, 2007 at 08:51:50AM -0800, John R Pierce enlightened us:
Graham Johnston wrote:
I am using CentOS as a firewall/router. I am using bonded interfaces, vlan interfaces, and bridge interfaces. My problem currently is that on boot the system is attempting to activate the bridge interface before it's bonded-vlan members have been created. What this means is that the bridge is created but not activated.
Is there anyway for me to influence the activation order and have bridge interfaces dealt with last?
there's probably a better way to do this, but what I've done in the past is to create special firewall related kinda stuff like your'e describing in my own script thats run quite late in the init sequence, usually from rc2.d/S99myfirewall or even from /etc/rc.d/rc.local
Yes, there is probably a better way. My initial thought was to set ONBOOT=no for the bridge interfaces and then bring them up in an initscript or rc.local later.
Looking at the network startup script (/etc/init.d/network), though, it looks like you can probably achieve the same effect simply by renaming the ifcfg-brX files to something like ifcfg-zbrX.
There is a loop to bring up interfaces that looks like:
# bring up all other interfaces configured to come up at boot time for i in $interfaces; do
and $interfaces is set just above by listing all files starting with ifcfg and snagging the end part (e.g. eth0 or br0).
The loop figures out what kind of configuration it needs by reading the file, so I don't think it cares what it is named, as long as it is ifcfg-something. By renaming bridges to ifcfg-zbrX, it will come after ifcfg-vlanX and I think solve your problem.
That was work, time for lunch :-)
Matt
I have already attempted naming it ifcfg-xBrVoice with no success. For me the interfaces load in the following order, where the bridge members are bond0.198 and bond0.199.
bond0 bond1 xBrVoice bond0.198 bond0.199 bond0.205
Graham Johnston Manager, Network Services Westman Communications Group 204.571.7225 johnstong@westmancom.com
Matt Hyclak wrote:
On Fri, Nov 30, 2007 at 08:51:50AM -0800, John R Pierce enlightened us:
Graham Johnston wrote:
I am using CentOS as a firewall/router. I am using bonded interfaces, vlan interfaces, and bridge interfaces. My problem currently is that on boot the system is attempting to activate the bridge interface before it's bonded-vlan members have been created. What this means is that the bridge is created but not activated.
Is there anyway for me to influence the activation order and have bridge interfaces dealt with last?
there's probably a better way to do this, but what I've done in the past is to create special firewall related kinda stuff like your'e describing in my own script thats run quite late in the init sequence, usually from rc2.d/S99myfirewall or even from /etc/rc.d/rc.local
Yes, there is probably a better way. My initial thought was to set ONBOOT=no for the bridge interfaces and then bring them up in an initscript or rc.local later.
Looking at the network startup script (/etc/init.d/network), though, it looks like you can probably achieve the same effect simply by renaming the ifcfg-brX files to something like ifcfg-zbrX.
There is a loop to bring up interfaces that looks like:
# bring up all other interfaces configured to come up at boot time for i in $interfaces; do
and $interfaces is set just above by listing all files starting with ifcfg and snagging the end part (e.g. eth0 or br0).
The loop figures out what kind of configuration it needs by reading the file, so I don't think it cares what it is named, as long as it is ifcfg-something. By renaming bridges to ifcfg-zbrX, it will come after ifcfg-vlanX and I think solve your problem.
That was work, time for lunch :-)
Matt
I don't think so
the initial loop is not activating bridge and vlan:
if [ "$TYPE" = "Bridge" ]; then bridgeinterfaces="$bridgeinterfaces $i" continue fi
if [ "${DEVICE%%.*}" != "$DEVICE" ] ; then vlaninterfaces="$vlaninterfaces $i" continue fi
Then later: for i in $vlaninterfaces $bridgeinterfaces ... <snip a few lines> action $"Bringing up interface $i: " ./ifup $i boot
So, it should be bringing up your vlan interfaces before the bridges
do you have TYPE=Bridge in your bridge ifcfg file?
On Fri, 2007-11-30 at 18:20 +0100, Nicolas Thierry-Mieg wrote:
Matt Hyclak wrote:
On Fri, Nov 30, 2007 at 08:51:50AM -0800, John R Pierce enlightened us:
Graham Johnston wrote:
I am using CentOS as a firewall/router. I am using bonded interfaces, vlan interfaces, and bridge interfaces. My problem currently is that on boot the system is attempting to activate the bridge interface before it's bonded-vlan members have been created. What this means is that the bridge is created but not activated.
Is there anyway for me to influence the activation order and have bridge interfaces dealt with last?
there's probably a better way to do this, but what I've done in the past is to create special firewall related kinda stuff like your'e describing in my own script thats run quite late in the init sequence, usually from rc2.d/S99myfirewall or even from /etc/rc.d/rc.local
Yes, there is probably a better way. My initial thought was to set ONBOOT=no for the bridge interfaces and then bring them up in an initscript or rc.local later.
Looking at the network startup script (/etc/init.d/network), though, it looks like you can probably achieve the same effect simply by renaming the ifcfg-brX files to something like ifcfg-zbrX.
There is a loop to bring up interfaces that looks like:
# bring up all other interfaces configured to come up at boot time for i in $interfaces; do
and $interfaces is set just above by listing all files starting with ifcfg and snagging the end part (e.g. eth0 or br0).
The loop figures out what kind of configuration it needs by reading the file, so I don't think it cares what it is named, as long as it is ifcfg-something. By renaming bridges to ifcfg-zbrX, it will come after ifcfg-vlanX and I think solve your problem.
That was work, time for lunch :-)
Matt
I don't think so
the initial loop is not activating bridge and vlan:
if [ "$TYPE" = "Bridge" ]; then bridgeinterfaces="$bridgeinterfaces $i" continue fi if [ "${DEVICE%%.*}" != "$DEVICE" ] ; then vlaninterfaces="$vlaninterfaces $i" continue fiThen later: for i in $vlaninterfaces $bridgeinterfaces ...
<snip a few lines> action $"Bringing up interface $i: " ./ifup $i boot
So, it should be bringing up your vlan interfaces before the bridges
do you have TYPE=Bridge in your bridge ifcfg file?
I had TYPE=bridge, and it very much so wants TYPE=Bridge.
thanks everyone for your help, it's working now.
Graham Johnston Manager, Network Services Westman Communications Group 204.571.7225 johnstong@westmancom.com
-
Graham Johnston -
John R Pierce -
Matt Hyclak -
Nicolas Thierry-Mieg