From owner-freebsd-net@freebsd.org Sun Jul 5 09:03:35 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id C0B2E36660F for ; Sun, 5 Jul 2020 09:03:35 +0000 (UTC) (envelope-from stb@lassitu.de) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 4B02ml3Ttjz3Ry7 for ; Sun, 5 Jul 2020 09:03:35 +0000 (UTC) (envelope-from stb@lassitu.de) Received: by mailman.nyi.freebsd.org (Postfix) id 779F23665D8; Sun, 5 Jul 2020 09:03:35 +0000 (UTC) Delivered-To: net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 776273660EA for ; Sun, 5 Jul 2020 09:03:35 +0000 (UTC) (envelope-from stb@lassitu.de) Received: from gilb.zs64.net (gilb.zs64.net [212.12.50.234]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "gilb.zs64.net", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4B02mk3Mh5z3S5y for ; Sun, 5 Jul 2020 09:03:34 +0000 (UTC) (envelope-from stb@lassitu.de) Received: by gilb.zs64.net (Postfix, from stb@lassitu.de) id DF0D33161A7; Sun, 5 Jul 2020 09:03:25 +0000 (UTC) From: Stefan Bethke Message-Id: <67049C6D-5821-4C9A-921A-79745B90D8B0@lassitu.de> Content-Type: multipart/signed; boundary="Apple-Mail=_0B85E66A-2111-4A60-97FE-646B7D1890A6"; protocol="application/pgp-signature"; micalg=pgp-sha512 Mime-Version: 1.0 (Mac OS X Mail 13.4 \(3608.80.23.2.2\)) Subject: Re: Bridge interface on VLAN not working Date: Sun, 5 Jul 2020 11:03:22 +0200 In-Reply-To: <0C059F66-B37D-4F9C-9B04-E7D8E2F5EDE3@develooper.com> Cc: "net@freebsd.org" To: =?utf-8?Q?Ask_Bj=C3=B8rn_Hansen?= References: <0C059F66-B37D-4F9C-9B04-E7D8E2F5EDE3@develooper.com> X-Mailer: Apple Mail (2.3608.80.23.2.2) X-Rspamd-Queue-Id: 4B02mk3Mh5z3S5y X-Spamd-Bar: ---- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of stb@lassitu.de designates 212.12.50.234 as permitted sender) smtp.mailfrom=stb@lassitu.de X-Spamd-Result: default: False [-4.73 / 15.00]; TO_DN_EQ_ADDR_SOME(0.00)[]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.98)[-0.980]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+mx]; MIME_GOOD(-0.20)[multipart/signed,multipart/alternative,text/plain]; HAS_ATTACHMENT(0.00)[]; DMARC_NA(0.00)[lassitu.de]; NEURAL_HAM_LONG(-1.02)[-1.022]; TO_MATCH_ENVRCPT_SOME(0.00)[]; NEURAL_HAM_SHORT(-0.83)[-0.829]; RCPT_COUNT_TWO(0.00)[2]; SIGNED_PGP(-2.00)[]; RCVD_COUNT_ZERO(0.00)[0]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:+,3:~,4:~]; ASN(0.00)[asn:13135, ipnet:212.12.48.0/21, country:DE]; MID_RHS_MATCH_FROM(0.00)[] X-Content-Filtered-By: Mailman/MimeDel 2.1.33 X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 05 Jul 2020 09:03:35 -0000 --Apple-Mail=_0B85E66A-2111-4A60-97FE-646B7D1890A6 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Am 04.07.2020 um 20:59 schrieb Ask Bj=C3=B8rn Hansen = : >=20 > Hi everyone, >=20 > I had this working for months until a reboot either got things started = up in a different order or cleared what I setup by hand (it=E2=80=99s a = snowflake test/development system at home) and did whatever I=E2=80=99d = actually configured. >=20 > I have a single trunk=E2=80=99ed (em) interface to the switch. The = main network is untagged, and I have various tagged networks as well. I = was using the tagged networks in bhyve virtual machines. >=20 > (Some?) traffic doesn=E2=80=99t pass from the bridged tap interfaces = (or from the bridge itself) to the vlan interface (em0.8 for example). = tcpdump shows lots of packets coming from the =E2=80=9Coutside=E2=80=9D = and in, but for example if I do a ping from one of the tap interfaces = then nothing shows up on the bridge interface (looking with tcpdump). >=20 > Another symptom is that if I move the =E2=80=9Chost IP=E2=80=9D from = the em0.8 interface to the bridge interface that=E2=80=99s including = em0.8 then I can no longer communicate with that IP from the rest of the = network. >=20 > In the output below I can ping 192.168.53.42 from another system on = VLAN 53 (outside this box) and I can ping 192.168.53.42 from another = system on the bridge, but I can=E2=80=99t ping between the system = outside this box and the VM on the bridge. >=20 > I=E2=80=99ve disabled pf everywhere. >=20 > As I mentioned, some traffic crosses but it seems like arp requests = gets blocked somewhere? >=20 > I don=E2=80=99t think it=E2=80=99s the switch, because as long as I = don=E2=80=99t use the bridge everything works fine. :-/ >=20 > Any suggestions? (or other debug output that=E2=80=99d be useful). Which kernel version are you running? I have a similar setup, but all my VLANs are tagged. I have an OpenVPN = connection with a bridge, and originally was bridging the untagged = interface over that. Since the untagged interface includes all the .1q = frames as well, and I didn't want that traffic on the VPN connection, I = changed my config to tagged only, and moved to bridging only the VLAN = interfaces, but not the physical one. I've followed the advice in the = man page and have configured IPv4 and IPv6 only on the bridge interface, = not the member interfaces. I have two more systems that also use a VLAN/bridge setup. I'm using PF, but I have restricted it (from the defaults) to only work = on the IP layer and on the configured interface, not the bridge members = and not on bridged packets. In my setup, the bridge conceptually should = behave like an external switch. I'm running 12.1-STABLE amd64 GENERIC 1201518, and I have these = interfaces (one example VLAN, I have 4 in total): ix0: flags=3D8943 metric = 0 mtu 1500 = options=3De53fbb ether d0:50:99:d8:da:83 media: Ethernet autoselect (1000baseT ) status: active nd6 options=3D29 vlan100: flags=3D8943 = metric 0 mtu 1500 options=3D200401 ether d0:50:99:d8:da:83 groups: vlan vlan: 100 vlanpcp: 0 parent interface: ix0 media: Ethernet autoselect (1000baseT ) status: active nd6 options=3D49 br100: flags=3D8843 metric 0 mtu = 1500 description: vm-br100 ether 02:00:00:00:00:64 inet 44.128.XXXX netmask 0xffffff00 broadcast 44.128.XXXX inet 44.128.XXXX netmask 0xffffffff broadcast 44.128.XXXX inet 44.128.XXXX netmask 0xffffffff broadcast 44.128.XXXX inet6 fe80::ff:fe00:64%br100 prefixlen 64 scopeid 0x10 inet6 2a02:8108:XXXX:0:ff:fe00:64 prefixlen 64 inet6 2a02:8108:XXXX::2 prefixlen 128 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: jous flags=3D143 ifmaxaddr 0 port 30 priority 128 path cost 2000 member: jouk flags=3D143 ifmaxaddr 0 port 29 priority 128 path cost 2000 member: tap2 flags=3D143 ifmaxaddr 0 port 9 priority 128 path cost 2000000 member: vlan100 flags=3D143 ifmaxaddr 0 port 12 priority 128 path cost 2000 groups: bridge vm-switch viid-b8446@ nd6 options=3D61 -- Stefan Bethke Fon +49 151 14070811 --Apple-Mail=_0B85E66A-2111-4A60-97FE-646B7D1890A6 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEJ+hF98o4r3eU/HiPD885WK4W4sEFAl8Bl1oACgkQD885WK4W 4sFGFAgAqiOKctcnLx9b/zz3TRFfNY/Q3yvCg9NJg7ZB6JNoKxiajrhc1uv+s0ut l8eUdZFZ64JVM95a/R+guMesa0ZIPQ5SlpTo9xuT/CG8eBmgQiu6r4SBiQP8qI0c SBVoLsFjKJ96srMe2Dt4zJgWgXpiB85s3w0vK4U18mmr62HJpx3tS+HeBzDiHkdO vaqbeEV38AC6siZTisTC69CKo1IHOvuDmR58EDdb5vIuZ2A2JkrpqsuncdS1Fjao JbUVR1wcLOnDUb5H9V/HSYbVNhokHKlWfTO0bKDEWRY+uFy4FXi2FoQZPmkix1G+ +Sa9eMNTqaEnlm4F6TKLVCmJPjPhLw== =3/OZ -----END PGP SIGNATURE----- --Apple-Mail=_0B85E66A-2111-4A60-97FE-646B7D1890A6--