Trunking

From securityrouter.org, an OpenBSD-based firewall
Jump to: navigation, search

Introduction

A trunk can be used to aggregate several different network interfaces into one virtual trunk interface for increased throughput or used for failover.

Example

Below is a complete example in plain-text for trunking both the WAN and LAN interfaces using roundrobin. This can of course be configured using the graphical web administration, as well. Pay particular attention to the fact that all the configuration that would normally be added directly to the network interfaces, such as IP address assignment and the DHCP Server/Client, are added on the trunk interface instead.

firewall {
	pass quick on lan label LAN
	pass in log quick on mgmt proto tcp to (mgmt) port {$mgmt_ports} label management
	match out on wan inet nat-to (wan:0) label NAT
	pass out quick on wan label outbound
}
interface trunk0 {
	description "Internet"
	group "wan"
	member vr0
	member vr1
	dhcp-client
}
interface trunk1 {
	description "LAN"
	group "lan"
	group "mgmt"
	address 192.168.1.1/24
	member vr2
	member vr3
	dhcp-server
}
interface vr0 {
}
interface vr1 {
}
interface vr2 {
}
interface vr3 {
}
system {
	authentication {
		user "admin" {
			password "admin"
		}
	}
	dns {
		name-server 8.8.8.8
	}
	http-server
	ssh-server
}