Home
Help
Search
Login
Register
OPNsense Forum
»
English Forums
»
General Discussion
»
LAGGy thoughts
« previous
next »
Print
Pages: [
1
]
Author
Topic: LAGGy thoughts (Read 567 times)
morik_opnsense
Newbie
Posts: 21
Karma: 0
LAGGy thoughts
«
on:
January 05, 2023, 03:32:19 am »
In trying to configure new hardware (capable of 2x25G), I’m running into issues wrt importing configuration from old hardware. Specifically interested in link aggregation (IEEE 802.3ad, 802.1ax). Link aggregation is strictly an OSI Layer-2 concept. I have LACP appropriately configured on the switch side. But, in order to employ LAGG, opnsense seems to require enabling the LAGG interface; doing so requires it be given an IP address. So, this is a bit puzzling to me. Any particular reason for why opnsense designers and/or FreeBSD folks chose such an approach?
I have over 30 VLANs, 300+ devices, and a rather large number of firewall rules currently serving non-LAGG’ed interfaces. Trying to find the right way to design the opnsense rule system. A penny for your thoughts?
vlan3: IP range IPR1 (Main LAN)
Vlan2: IPR2 (opt2)
vlan100: IPR3 (opt3)
etc
IP Ranges are non-overlapping.
FW Rules are based on above lans; not directly on interfaces - to allow future portability.
Switch has default gw set on IP1 in IPR1.
Now to create a lag, opnsense adds the following to config.xml
Code:
[Select]
<lagg>igb0, igb2, igb3 … </lagg>
To enable LAGG, an IP address range seems mandatory.
Code:
[Select]
<lan><if>lagg0</if><enable>1</enable></lagg>
I’d rather not change my existing VLAN setup else my fw rules will be wonky.
Would there be a way to directly achieve this via config.xml? Conceptually, if assign a new IP range to lagg0, will the range have to cover IP ranges of all VLANs? If so, then I won’t be able to have granular per VLAN rules (which are per IP range based off vlan ids. If I select a new IP range then how will it carry traffic belonging to IP addresses not part of its range on trunk interface towards switch?
Logged
Print
Pages: [
1
]
« previous
next »
OPNsense Forum
»
English Forums
»
General Discussion
»
LAGGy thoughts