From owner-freebsd-jail@freebsd.org  Mon Feb 12 08:29:11 2018
Return-Path: <owner-freebsd-jail@freebsd.org>
Delivered-To: freebsd-jail@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 15F1BF02004;
 Mon, 12 Feb 2018 08:29:11 +0000 (UTC)
 (envelope-from ohartmann@walstatt.org)
Received: from mout.gmx.net (mout.gmx.net [212.227.17.21])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (Client CN "mout.gmx.net", Issuer "TeleSec ServerPass DE-2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 7B49F8663E;
 Mon, 12 Feb 2018 08:29:09 +0000 (UTC)
 (envelope-from ohartmann@walstatt.org)
Received: from freyja.zeit4.iv.bundesimmobilien.de ([87.138.105.249]) by
 mail.gmx.com (mrgmx103 [212.227.17.168]) with ESMTPSA (Nemesis) id
 0MCcE2-1euXQ602Gw-009RRe; Mon, 12 Feb 2018 09:29:08 +0100
Date: Mon, 12 Feb 2018 09:29:01 +0100
From: "O. Hartmann" <ohartmann@walstatt.org>
To: freebsd-jail@freebsd.org, freebsd-current <freebsd-current@freebsd.org>
Cc: Olivier =?ISO-8859-1?Q?Cochard-Labb=E9?= <olivier@freebsd.org>, "O.
 Hartmann" <ohartmann@walstatt.org>
Subject: Re: VIMAGE: vnet, epair and lots of jails on bridgeX - routing
Message-ID: <20180212092901.671488e6@freyja.zeit4.iv.bundesimmobilien.de>
In-Reply-To: <CA+q+TcqX_BxVpWRUorbnR_o_sBVxmryMND1jrw3UjYW2KQdg_w@mail.gmail.com>
References: <20180208093052.7f5d7a98@freyja.zeit4.iv.bundesimmobilien.de>
 <20180209172259.1ec9b9f4@thor.intern.walstatt.dynvpn.de>
 <2D57FE3A-744A-4A44-B572-5338AB9E187D@lists.zabbadoz.net>
 <20180210085248.7b9af104@thor.intern.walstatt.dynvpn.de>
 <CA+q+TcqX_BxVpWRUorbnR_o_sBVxmryMND1jrw3UjYW2KQdg_w@mail.gmail.com>
Organization: Walstatt
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable
X-Provags-ID: V03:K0:xeiWk3e6P1ysv2nemTrqbfFuU5y+BVkJ7RPywnMfoMo4e7LOTsi
 /UmEZ4PP8MKzY/+Mm+I/v3HM7mMEK6f3KSn1F1goLu2qnEeag/h1LBpwBMu2+BbVFPM4KiE
 6F+eVajLraBMTGaAAgBGkPBmZ6h8ui0sYmcbgbBlFrg8xIAXPS/lmaujQFWQIxxb8EI2Chp
 VXXPvYaN1OZfgOL1WNycw==
X-UI-Out-Filterresults: notjunk:1;V01:K0:ZiupmWK6Xbo=:lVrXy8dwYRblhadOqr4+Dv
 +9p94GKozoxUPshvC0HXz2ZMxcN6gqECvRDbwNaYa4mQ8ohJpGf+cj6SgzZfb2tbZw13/9wZQ
 CBzcGuM633hfX90crPMTTMvkI3DD1cIUXvD+LLpXN+PsimbGgWKveioUDIB4tkhqlRQLRXeto
 wFfVI6Qv57q7IEB6dn1BnAXxQiFazkwrkS0P73K5mHPNppf3+ZbfM402MuSdUv2nr7moHU+BJ
 hUaUAixRmlXnPncg9VC2BsX+lYNwdiAd19XLPlnL8y09eGJDRb/TQKzqAqpCymcNuhEA0/qSI
 HUdpIz/n6c5uDUG3yMBMSirF5rzxUIG36NH3hRq7O3x5YLVTu/pLk8VrC/UEzE7odyxbBaawn
 UFN5V0w6TTxPOnWUyQ0f2xhVz0n/BcwjFsZ7AQTRRjv9RzvMVEGk0C8SmK5uOkjTflimIswfN
 WzJlG+GV/HXNkTOwBssY9R/8mgSeRMfBGTAh21wnldn7dQhiB3dW2DLI2GvXoxvrl1GibsoWd
 M0tAUXbNeDHty+iMaOAKIabBE6KxaFodj+j0Mo8pdAlPCt56ySciK21jGdD5f3drW1ymAwrBr
 40zaX5T4dAB2uLZ2kTRtOmvJSqF7w2uW26eOMTQkygCSsM10KIKmNzuI9YcRGeMnU6NDBvrF7
 LI64nWEehIEqDJ51sPGmLqxdD3cZdMp7OzzGws4sKW+WfcmXAgAYnb3diUr/buA+Hi8zW/372
 D2+FIr79ar1M2rqnIgvvwtQLFtOGoHmjk2KoWTQFcv3EFKA9EcNBmkuUJFFqnn1GS+pb2S6FU
 /IyX9WUXO1VC47yCKxjKiGG3+uHjLrHMyfuaJO+TxssGSDDlpU=
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.25
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 12 Feb 2018 08:29:11 -0000

On Sat, 10 Feb 2018 11:52:18 +0100
Olivier Cochard-Labb=C3=A9 <olivier@freebsd.org> wrote:

> On Sat, Feb 10, 2018 at 8:52 AM, O. Hartmann <ohartmann@walstatt.org> wro=
te:
>=20
> >
> > The moment any of the bridges gets an additional member epair interface
> > (so the bridge
> > has at least three members including the on reaching into the virtual
> > router jail) the
> > vbridge seems to operate unpredictable (to me). Pinging jails memeber of
> > that vbridge
> > are unreachable.
> >
> > =20
> =E2=80=8BFirst idea:
> Did you try with a more simple setup, like with just 3 jails members of o=
ne
> bridge ?
> =3D> I've tried it on a -head, and all 4 members  (3 jails and the host) =
=20
> reach to communicate.

Yes, I did.

I used to setup one bridge (bridge0) and three jails. Each jail owns its
epairXXa device with IP assigned. epairXXb of each jail is member of the
bridge. Bridge is up, epairXXb is up.

>=20
> Second idea:
> Can you check that all epairs have different MAC address each ?=E2=80=8B
> I hit this bug: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D176671

Very good shot! Thanks. No, they do not have all of them unique MAC adrress=
es
and in some occassions members of the very same bridge have the very same M=
AC
addresses, mostly the a-part of the epair:

=46rom console:
[...]
ng_ether_ifnet_arrival_event: can't re-name node epair10250a
=3D=3D>> epair20128a: Ethernet address: 02:ce:d0:00:07:0a
epair20128b: Ethernet address: 02:ce:d0:00:13:0b
epair20128a: link state changed to UP
epair20128b: link state changed to UP
epair20128b: promiscuous mode enabled
ng_ether_ifnet_arrival_event: can't re-name node epair20128a
=3D=3D>> epair20129a: Ethernet address: 02:ce:d0:00:07:0a
epair20129b: Ethernet address: 02:ce:d0:00:14:0b
epair20129a: link state changed to UP
epair20129b: link state changed to UP
epair20129b: promiscuous mode enabled
ng_ether_ifnet_arrival_event: can't re-name node epair20129a

epair20XXX are member of bridge2 and dedicated epairs of jails.

The following is the desastrous picture of bridge1:

[...]
=3D=3D>> epair235a: Ethernet address: 02:ce:d0:00:07:0a
epair235b: Ethernet address: 02:ce:d0:00:0d:0b
epair235a: link state changed to UP
epair235b: link state changed to UP
epair235b: promiscuous mode enabled
ng_ether_ifnet_arrival_event: can't re-name node epair235a
=3D=3D>> epair237a: Ethernet address: 02:ce:d0:00:07:0a
epair237b: Ethernet address: 02:ce:d0:00:0e:0b
epair237a: link state changed to UP
epair237b: link state changed to UP
epair237b: promiscuous mode enabled
ng_ether_ifnet_arrival_event: can't re-name node epair237a
=3D=3D>> epair251a: Ethernet address: 02:ce:d0:00:07:0a
epair251b: Ethernet address: 02:ce:d0:00:0f:0b
epair251a: link state changed to UP
epair251b: link state changed to UP
epair251b: promiscuous mode enabled
ng_ether_ifnet_arrival_event: can't re-name node epair251a
=3D=3D>> epair238a: Ethernet address: 02:ce:d0:00:07:0a
epair238b: Ethernet address: 02:ce:d0:00:10:0b
epair238a: link state changed to UP
epair238b: link state changed to UP
epair238b: promiscuous mode enabled
ng_ether_ifnet_arrival_event: can't re-name node epair238a
[...]


This is on CURRENT (FreeBSD 12.0-CURRENT #36 r329150: Mon Feb 12 06:30:47 C=
ET
2018 amd64).

I did check on Friday in the bureau and didn't catch it since I was checkin=
g on
each jail, but the console log accessed via dmesg revealed the problem very
easily.

I did a check on the 11.1-RELENG-p6 box and I got the same picture there,
different, but very similar setup.=20

So I didn't see it in the masses of epairs our setup requires :-(

I'll go now for setting MAC addresses manually and check functionality agai=
n.

>=20
> Regards,
>=20
> Olivier

Kind regards,

Oliver