Bridge interfaces also support monitor mode, where the packets are discarded after <citerefentry><refentrytitle>bpf</refentrytitle><manvolnum>4</manvolnum></citerefentry> processing and are not processed or forwarded further. This can be used to multiplex the input of two or more interfaces into a single <citerefentry><refentrytitle>bpf</refentrytitle><manvolnum>4</manvolnum></citerefentry> stream. This is useful for reconstructing the traffic for network taps that transmit the RX/TX signals out through two separate interfaces. For example, to read the input from four network interfaces as one stream:
<prompt>#</prompt> <userinput>ifconfig bridge0 addm fxp0 addm fxp1 addm fxp2 addm fxp3 monitor up</userinput>
<prompt>#</prompt> <userinput>tcpdump -i bridge0</userinput>
<acronym>SNMP</acronym> Monitoring
The bridge interface and <acronym>STP</acronym> parameters can be monitored via <citerefentry><refentrytitle>bsnmpd</refentrytitle><manvolnum>1</manvolnum></citerefentry> which is included in the FreeBSD base system. The exported bridge <acronym>MIB</acronym>s conform to <acronym>IETF</acronym> standards so any <acronym>SNMP</acronym> client or monitoring package can be used to retrieve the data.
To enable monitoring on the bridge, uncomment this line in <filename>/etc/snmpd.config</filename> by removing the beginning <literal>#</literal> symbol:
begemotSnmpdModulePath."bridge" = "/usr/lib/"
Other configuration settings, such as community names and access lists, may need to be modified in this file. See <citerefentry><refentrytitle>bsnmpd</refentrytitle><manvolnum>1</manvolnum></citerefentry> and <citerefentry><refentrytitle>snmp_bridge</refentrytitle><manvolnum>3</manvolnum></citerefentry> for more information. Once these edits are saved, add this line to <filename>/etc/rc.conf</filename>:
Then, start <citerefentry><refentrytitle>bsnmpd</refentrytitle><manvolnum>1</manvolnum></citerefentry>:
<prompt>#</prompt> <userinput>service bsnmpd start</userinput>
The following examples use the <application>Net-SNMP</application> software (<package>net-mgmt/net-snmp</package>) to query a bridge from a client system. The <package>net-mgmt/bsnmptools</package> port can also be used. From the <acronym>SNMP</acronym> client which is running <application>Net-SNMP</application>, add the following lines to <filename>$HOME/.snmp/snmp.conf</filename> in order to import the bridge <acronym>MIB</acronym> definitions:
mibdirs +/usr/share/snmp/mibs
To monitor a single bridge using the IETF BRIDGE-MIB (RFC4188):
<prompt>%</prompt> <userinput>snmpwalk -v 2c -c public mib-2.dot1dBridge</userinput>
BRIDGE-MIB::dot1dBaseBridgeAddress.0 = STRING: 66:fb:9b:6e:5c:44
BRIDGE-MIB::dot1dBaseNumPorts.0 = INTEGER: 1 ports
BRIDGE-MIB::dot1dStpTimeSinceTopologyChange.0 = Timeticks: (189959) 0:31:39.59 centi-seconds
BRIDGE-MIB::dot1dStpTopChanges.0 = Counter32: 2
BRIDGE-MIB::dot1dStpDesignatedRoot.0 = Hex-STRING: 80 00 00 01 02 4B D4 50
BRIDGE-MIB::dot1dStpPortState.3 = INTEGER: forwarding(5)
BRIDGE-MIB::dot1dStpPortEnable.3 = INTEGER: enabled(1)
BRIDGE-MIB::dot1dStpPortPathCost.3 = INTEGER: 200000
BRIDGE-MIB::dot1dStpPortDesignatedRoot.3 = Hex-STRING: 80 00 00 01 02 4B D4 50
BRIDGE-MIB::dot1dStpPortDesignatedCost.3 = INTEGER: 0
BRIDGE-MIB::dot1dStpPortDesignatedBridge.3 = Hex-STRING: 80 00 00 01 02 4B D4 50
BRIDGE-MIB::dot1dStpPortDesignatedPort.3 = Hex-STRING: 03 80
BRIDGE-MIB::dot1dStpPortForwardTransitions.3 = Counter32: 1
RSTP-MIB::dot1dStpVersion.0 = INTEGER: rstp(2)
The <literal>dot1dStpTopChanges.0</literal> value is two, indicating that the <acronym>STP</acronym> bridge topology has changed twice. A topology change means that one or more links in the network have changed or failed and a new tree has been calculated. The <literal>dot1dStpTimeSinceTopologyChange.0</literal> value will show when this happened.
To monitor multiple bridge interfaces, the private BEGEMOT-BRIDGE-MIB can be used:
<prompt>%</prompt> <userinput>snmpwalk -v 2c -c public</userinput>
BEGEMOT-BRIDGE-MIB::begemotBridgeBaseName."bridge0" = STRING: bridge0
BEGEMOT-BRIDGE-MIB::begemotBridgeBaseName."bridge2" = STRING: bridge2
BEGEMOT-BRIDGE-MIB::begemotBridgeBaseAddress."bridge0" = STRING: e:ce:3b:5a:9e:13
BEGEMOT-BRIDGE-MIB::begemotBridgeBaseAddress."bridge2" = STRING: 12:5e:4d:74:d:fc
BEGEMOT-BRIDGE-MIB::begemotBridgeBaseNumPorts."bridge0" = INTEGER: 1
BEGEMOT-BRIDGE-MIB::begemotBridgeBaseNumPorts."bridge2" = INTEGER: 1
BEGEMOT-BRIDGE-MIB::begemotBridgeStpTimeSinceTopologyChange."bridge0" = Timeticks: (116927) 0:19:29.27 centi-seconds
BEGEMOT-BRIDGE-MIB::begemotBridgeStpTimeSinceTopologyChange."bridge2" = Timeticks: (82773) 0:13:47.73 centi-seconds
BEGEMOT-BRIDGE-MIB::begemotBridgeStpTopChanges."bridge0" = Counter32: 1
BEGEMOT-BRIDGE-MIB::begemotBridgeStpTopChanges."bridge2" = Counter32: 1
BEGEMOT-BRIDGE-MIB::begemotBridgeStpDesignatedRoot."bridge0" = Hex-STRING: 80 00 00 40 95 30 5E 31
BEGEMOT-BRIDGE-MIB::begemotBridgeStpDesignatedRoot."bridge2" = Hex-STRING: 80 00 00 50 8B B8 C6 A9
To change the bridge interface being monitored via the <literal>mib-2.dot1dBridge</literal> subtree:
<prompt>%</prompt> <userinput>snmpset -v 2c -c private</userinput>
BEGEMOT-BRIDGE-MIB::begemotBridgeDefaultBridgeIf.0 s bridge2
Link Aggregation and Failover
FreeBSD provides the <citerefentry><refentrytitle>lagg</refentrytitle><manvolnum>4</manvolnum></citerefentry> interface which can be used to aggregate multiple network interfaces into one virtual interface in order to provide failover and link aggregation. Failover allows traffic to continue to flow as long as at least one aggregated network interface has an established link. Link aggregation works best on switches which support <acronym>LACP</acronym>, as this protocol distributes traffic bi-directionally while responding to the failure of individual links.
The aggregation protocols supported by the lagg interface determine which ports are used for outgoing traffic and whether or not a specific port accepts incoming traffic. The following protocols are supported by <citerefentry><refentrytitle>lagg</refentrytitle><manvolnum>4</manvolnum></citerefentry>:
This mode sends and receives traffic only through the master port. If the master port becomes unavailable, the next active port is used. The first interface added to the virtual interface is the master port and all subsequently added interfaces are used as failover devices. If failover to a non-master port occurs, the original port becomes master once it becomes available again.
fec / loadbalance


