Date: Mon, 29 Jan 2024 08:56:45 +0100 From: Daniel <freebsd-net@c0decafe.de> To: Santiago Martinez <sm@codenetworks.net> Cc: freebsd-net@freebsd.org Subject: Re: problem with ixl(4) and vlans Message-ID: <cf19982d-68e4-4997-a496-172c6bb4459e@c0decafe.de> In-Reply-To: <063A269F-B479-4A43-8E3B-B044C2E779F0@codenetworks.net> References: <401ae00d-730c-4ac7-a18c-a2b1b75b3edf@c0decafe.de> <063A269F-B479-4A43-8E3B-B044C2E779F0@codenetworks.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is a multi-part message in MIME format.
--------------h3cIX2ZczcxnZIWUnT9s5GDd
Content-Type: text/plain; charset=UTF-8; format=flowed
X-Clacks-Overhead: GNU Terry Pratchett
Content-Transfer-Encoding: 8bit
Hi Santi,
yes that was one of the first things i tried, disabling all the VLAN_HW*
options on the interface, unfortunately without any change in the behavior.
The pf module is loaded and some filters are active on another interface
but no filtering happens on ixl3, ixl3.15 or bridge0. That was also one
of the reasons why I crosschecked my setup with an USB nic so I can make
sure its not the firewall by accident.
Thanks & Best
Daniel
On 1/25/24 22:10, Santiago Martinez wrote:
> Hi Daniel,
>
> have you try disabling hardware vlan filtering?
>
> Also I guess there is not ipfw or pf modules loaded right?
>
> Best
> Santi
>
>> On 25 Jan 2024, at 10:07, Daniel <freebsd-net@c0decafe.de> wrote:
>>
>>
>>
>> Hi,
>>
>> thanks for your suggestion. Turns out, when i unplug the vlan
>> interface from the bridge and put the ip address on the vlan
>> interface, as you suggested, things start to work, e.g. arp resolves.
>>
>> as soon as i put the ip and the vlan interface back on the bridge,
>> things stop again. so where does this lead me? the problem is not in
>> the vlan handling, but on the bridge?
>>
>> I started playing with the net.link.bridge sysctls and indeed, when i
>> set
>>
>>
>> # sysctl net.link.bridge.inherit_mac=1
>>
>>
>> and then recreate the bridge
>>
>>
>> # ifconfig bridge0 deletem ixl3.15 deletem vnet0.1
>> # ifconfig bridge0 addm ixl3.15 addm vnet0.1
>>
>>
>> with the ip address still on bridge0 and ixl3, ixl3.15 and bridge0
>> all sharing the same mac address, arp starts resolving. but only for
>> requests sent from the bridge0 interface. inside of the jail things
>> still don't work (as the vnet interface again has another mac address).
>>
>>
>> # ifconfig ixl3
>> ixl3: flags=28963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
>> metric 0 mtu 1500
>> options=4a500b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,NOMAP>
>> ether a4:bf:01:76:ef:9d
>> media: Ethernet autoselect (10Gbase-SR <full-duplex>)
>> status: active
>> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>> # ifconfig ixl3.15
>> ixl3.15: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
>> metric 0 mtu 1500
>> options=4200001<RXCSUM,RXCSUM_IPV6,NOMAP>
>> ether a4:bf:01:76:ef:9d
>> groups: vlan
>> vlan: 15 vlanproto: 802.1q vlanpcp: 0 parent interface: ixl3
>> media: Ethernet autoselect (10Gbase-SR <full-duplex>)
>> status: active
>> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>> # ifconfig bridge0
>> bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0
>> mtu 1500
>> ether a4:bf:01:76:ef:9d
>> inet 192.168.55.20 netmask 0xffffff00 broadcast 192.168.55.255
>> id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
>> maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
>> root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
>> member: vnet0.1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>> ifmaxaddr 0 port 9 priority 128 path cost 2000
>> member: ixl3.15 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>> ifmaxaddr 0 port 8 priority 128 path cost 2000
>> groups: bridge
>> nd6 options=9<PERFORMNUD,IFDISABLED>
>> # ping 192.168.55.1
>> PING 192.168.55.1 (192.168.55.1): 56 data bytes
>> ^C
>> --- 192.168.55.1 ping statistics ---
>> 2 packets transmitted, 0 packets received, 100.0% packet loss
>>
>> [! yes, the host does not answer on ICMP, but that is to be expected !]
>>
>> # arp -an
>> ? (192.168.55.20) at a4:bf:01:76:ef:9d on bridge0 permanent [bridge]
>> ? (192.168.55.1) at b8:27:eb:47:8f:43 on bridge0 expires in 1197
>> seconds [bridge]
>> [...]
>>
>> [! into the jail !]
>>
>> JAIL # ifconfig epair0b
>> epair0b: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0
>> mtu 1500
>> options=8<VLAN_MTU>
>> ether ac:16:2d:bd:b7:34
>> hwaddr 02:51:73:d1:33:0b
>> inet 192.168.55.10 netmask 0xffffff00 broadcast 192.168.55.255
>> inet6 fe80::ae16:2dff:febd:b734%epair0b prefixlen 64 scopeid 0x2
>> groups: epair
>> media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
>> status: active
>> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
>> JAIL # ping 192.168.55.1
>> PING 192.168.55.1 (192.168.55.1): 56 data bytes
>> ^C
>> --- 192.168.55.1 ping statistics ---
>> 1 packets transmitted, 0 packets received, 100.0% packet loss
>> JAIL # arp -an
>> ? (192.168.55.10) at ac:16:2d:bd:b7:34 on epair0b permanent [ethernet]
>> ? (192.168.55.1) at (incomplete) on epair0b expired [ethernet]
>>
>>
>> I conclude that there must be some mac address filtering going on in
>> the data path, whether its on ixl or the bridge.
>>
>> In dmesg I also see:
>>
>> >> bridge0: can't disable some capabilities on ixl3.15: 0x400
>>
>> but as of /usr/src/sys/net/if.h:233 this maps to IFCAP_LRO which
>> afaik should not have any influence on L2 filtering.
>>
>>
>> Have to say, I'm out of ideas again. Never had something like this.
>> So far just 'throwing interfaces on a bridge' worked in the past. Any
>> ideas where to look next?
>>
>>
>> Thanks a lot & best
>>
>>
>> Daniel
>>
>>
>> On 1/25/24 08:22, Zhenlei Huang wrote:
>>>
>>>
>>>> On Jan 23, 2024, at 11:03 PM, Daniel <freebsd-net@c0decafe.de> wrote:
>>>>
>>>> Hi List,
>>>>
>>>>
>>>> just recently I discovered a problem with the ixl(4) driver.
>>>> Hopefully someone here can help me. my setup is as follows:
>>>>
>>>>
>>>> Network ----- ixl3 interface ----- ixl3.15 vlan interface -----
>>>> bridge0 ----- vnet0.1 to jail
>>>>
>>>>
>>>> the problem now is that the jail can send data out (arp requests),
>>>> i do see the responses on the ixl3 interface of the host, but they
>>>> never make their way up to the ixl3.15 vlan interface (even though
>>>> they are tagged correctly). To rule out that my config or the
>>>> network is the cruel pit i did test the same setup with a cheap
>>>> usb-ethernet adapter and there everything works as expected. I'm on
>>>> FreeBSD 13.2-RELEASE-p8 and I did test both, the in kernel driver
>>>> and the driver from ports intel-ixl-kmod-1.13.4_1.
>>>>
>>> I would encourage you to do plain VLAN tests, i.e. plug ixl3.15 out
>>> from bridge0
>>>
>>> ```
>>> # ifconfig bridge0 deletem ixl3.15
>>> # ifconfig bridge0 inet 192.168.55.20/24 delete ### to prevent confusion
>>> # ifconfig ixl3.15 inet 192.168.55.x/24
>>> # ping -c1 192.168.55.1
>>> ```
>>>
>>>>
>>>> Here is a bit of information on my environment:
>>>>
>>>> # uname -a
>>>> FreeBSD mimir 13.2-RELEASE-p8 FreeBSD 13.2-RELEASE-p8 GENERIC amd64
>>>>
>>>> # pciconf -lBbcevV pci0:25:0:3
>>>> ixl3@pci0:25:0:3: class=0x020000 rev=0x09 hdr=0x00
>>>> vendor=0x8086 device=0x37d3 subvendor=0x8086 subdevice=0x35d5
>>>> vendor = 'Intel Corporation'
>>>> device = 'Ethernet Connection X722 for 10GbE SFP+'
>>>> class = network
>>>> subclass = ethernet
>>>> bar [10] = type Prefetchable Memory, range 64, base
>>>> 0xb0000000, size 16777216, enabled
>>>> bar [1c] = type Prefetchable Memory, range 64, base
>>>> 0xb5000000, size 32768, enabled
>>>> cap 01[40] = powerspec 3 supports D0 D3 current D0
>>>> cap 05[50] = MSI supports 1 message, 64 bit, vector masks
>>>> cap 11[70] = MSI-X supports 129 messages, enabled
>>>> Table in map 0x1c[0x0], PBA in map 0x1c[0x1000]
>>>> cap 10[a0] = PCI-Express 2 endpoint max data 256(512) FLR RO
>>>> max read 512
>>>> link x1(x1) speed 2.5(2.5) ASPM disabled(L0s/L1)
>>>> cap 03[e0] = VPD
>>>> ecap 0001[100] = AER 2 0 fatal 0 non-fatal 1 corrected
>>>> ecap 0003[140] = Serial 1 9aef76ffff01bfa4
>>>> ecap 000e[150] = ARI 1
>>>> ecap 0010[160] = SR-IOV 1 IOV disabled, Memory Space disabled,
>>>> ARI disabled
>>>> 0 VFs configured out of 32 supported
>>>> First VF RID Offset 0x006d, VF RID Stride 0x0001
>>>> VF Device ID 0x37cd
>>>> Page Sizes: 4096 (enabled), 8192, 65536,
>>>> 262144, 1048576, 4194304
>>>> ecap 0017[1a0] = TPH Requester 1
>>>> ecap 000d[1b0] = ACS 1 Source Validation unavailable,
>>>> Translation Blocking unavailable
>>>> P2P Req Redirect unavailable, P2P Cmpl
>>>> Redirect unavailable
>>>> P2P Upstream Forwarding unavailable, P2P
>>>> Egress Control unavailable
>>>> P2P Direct Translated unavailable, Enhanced
>>>> Capability unavailable
>>>> PCI-e errors = Correctable Error Detected
>>>> Unsupported Request Detected
>>>> Corrected = Advisory Non-Fatal Error
>>>> VPD ident = 'Example VPD'
>>>>
>>>> # ifconfig
>>>> [...]
>>>> ixl3: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
>>>> metric 0 mtu 1500
>>>> options=4a500b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,NOMAP>
>>>> ether a4:bf:01:76:ef:9d
>>>> media: Ethernet autoselect (10Gbase-SR <full-duplex>)
>>>> status: active
>>>> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>>>> ixl3.15: flags=8942<BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
>>>> metric 0 mtu 1500
>>>> options=4200001<RXCSUM,RXCSUM_IPV6,NOMAP>
>>>> ether a4:bf:01:76:ef:9d
>>>> groups: vlan
>>>> vlan: 15 vlanproto: 802.1q vlanpcp: 0 parent interface: ixl3
>>>> media: Ethernet autoselect (10Gbase-SR <full-duplex>)
>>>> status: active
>>>> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>>>> bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric
>>>> 0 mtu 1500
>>>> ether 58:9c:fc:10:dd:05
>>>> inet 192.168.55.20 netmask 0xffffff00 broadcast 192.168.55.255
>>>> id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
>>>> maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
>>>> root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
>>>> member: vnet0.1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>>>> ifmaxaddr 0 port 9 priority 128 path cost 2000
>>>> member: ixl3.15 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>>>> ifmaxaddr 0 port 8 priority 128 path cost 55
>>>> groups: bridge
>>>> nd6 options=9<PERFORMNUD,IFDISABLED>
>>>> [...]
>>>>
>>>>
>>>>
>>>> # cat /etc/rc.conf
>>>> [...]
>>>> ifconfig_ixl3="up"
>>>> vlans_ixl3="15"
>>>> cloned_interfaces="bridge0"
>>>> ifconfig_bridge0="addm ixl3.15 up"
>>>> [...]
>>>>
>>>>
>>>>
>>>> # dmesg | grep ixl
>>>> ixl0: <Intel(R) Ethernet Connection X722 for 10GBASE-T - 2.3.3-k>
>>>> mem 0xb3000000-0xb3ffffff,0xb5018000-0xb501ffff at device 0.0
>>>> numa-domain 0 on pci6
>>>> ixl0: fw 3.1.55727 api 1.5 nvm 3.31 etid 80000d32 oem 1.262.0
>>>> ixl0: PF-ID[0]: VFs 32, MSI-X 129, VF MSI-X 5, QPs 384, MDIO shared
>>>> ixl0: Using 1024 TX descriptors and 1024 RX descriptors
>>>> ixl0: Using 12 RX queues 12 TX queues
>>>> ixl0: Using MSI-X interrupts with 13 vectors
>>>> ixl0: Ethernet address: a4:bf:01:76:ef:9a
>>>> ixl0: Allocating 16 queues for PF LAN VSI; 12 queues active
>>>> ixl0: SR-IOV ready
>>>> ixl0: netmap queues/slots: TX 12/1024, RX 12/1024
>>>> ixl1: <Intel(R) Ethernet Connection X722 for 10GBASE-T - 2.3.3-k>
>>>> mem 0xb2000000-0xb2ffffff,0xb5010000-0xb5017fff at device 0.1
>>>> numa-domain 0 on pci6
>>>> ixl1: fw 3.1.55727 api 1.5 nvm 3.31 etid 80000d32 oem 1.262.0
>>>> ixl1: PF-ID[1]: VFs 32, MSI-X 129, VF MSI-X 5, QPs 384, MDIO shared
>>>> ixl1: Using 1024 TX descriptors and 1024 RX descriptors
>>>> ixl1: Using 12 RX queues 12 TX queues
>>>> ixl1: Using MSI-X interrupts with 13 vectors
>>>> ixl1: Ethernet address: a4:bf:01:76:ef:9b
>>>> ixl1: Allocating 16 queues for PF LAN VSI; 12 queues active
>>>> ixl1: SR-IOV ready
>>>> ixl1: netmap queues/slots: TX 12/1024, RX 12/1024
>>>> ixl2: <Intel(R) Ethernet Connection X722 for 10GbE SFP+ - 2.3.3-k>
>>>> mem 0xb1000000-0xb1ffffff,0xb5008000-0xb500ffff at device 0.2
>>>> numa-domain 0 on pci6
>>>> ixl2: fw 3.1.55727 api 1.5 nvm 3.31 etid 80000d32 oem 1.262.0
>>>> ixl2: PF-ID[2]: VFs 32, MSI-X 129, VF MSI-X 5, QPs 384, I2C
>>>> ixl2: Using 1024 TX descriptors and 1024 RX descriptors
>>>> ixl2: Using 12 RX queues 12 TX queues
>>>> ixl2: Using MSI-X interrupts with 13 vectors
>>>> ixl2: Ethernet address: a4:bf:01:76:ef:9c
>>>> ixl2: Allocating 16 queues for PF LAN VSI; 12 queues active
>>>> ixl2: ixl_set_link: Error getting phy capabilities -7, aq error: 5
>>>> ixl2: SR-IOV ready
>>>> ixl2: netmap queues/slots: TX 12/1024, RX 12/1024
>>>> ixl3: <Intel(R) Ethernet Connection X722 for 10GbE SFP+ - 2.3.3-k>
>>>> mem 0xb0000000-0xb0ffffff,0xb5000000-0xb5007fff at device 0.3
>>>> numa-domain 0 on pci6
>>>> ixl3: fw 3.1.55727 api 1.5 nvm 3.31 etid 80000d32 oem 1.262.0
>>>> ixl3: PF-ID[3]: VFs 32, MSI-X 129, VF MSI-X 5, QPs 384, I2C
>>>> ixl3: Using 1024 TX descriptors and 1024 RX descriptors
>>>> ixl3: Using 12 RX queues 12 TX queues
>>>> ixl3: Using MSI-X interrupts with 13 vectors
>>>> ixl3: Ethernet address: a4:bf:01:76:ef:9d
>>>> ixl3: Allocating 16 queues for PF LAN VSI; 12 queues active
>>>> ixl3: ixl_set_link: Error getting phy capabilities -7, aq error: 5
>>>> ixl3: SR-IOV ready
>>>> ixl3: netmap queues/slots: TX 12/1024, RX 12/1024
>>>> ixl2: Link is up, 10 Gbps Full Duplex, Requested FEC: None,
>>>> Negotiated FEC: None, Autoneg: False, Flow Control: None
>>>> ixl2: link state changed to UP
>>>> ixl3: Link is up, 10 Gbps Full Duplex, Requested FEC: None,
>>>> Negotiated FEC: None, Autoneg: False, Flow Control: None
>>>> ixl3: link state changed to UP
>>>> bridge0: can't disable some capabilities on ixl3.15: 0x400
>>>> ixl3: promiscuous mode enabled
>>>> ixl3.15: promiscuous mode enabled
>>>>
>>>>
>>>> from my packet traces:
>>>>
>>>> # tcpdump -vvv -i ixl3
>>>>
>>> May you please add the option -e to tcpdump, so that the link-level
>>> header can be printed out.
>>>
>>> ```
>>> # tcpdump -nvei ixl3
>>> ```
>>>
>>>> tcpdump: listening on ixl3, link-type EN10MB (Ethernet), capture
>>>> size 262144 bytes
>>>> [...]
>>>> 13:36:20.155843 ARP, Ethernet (len 6), IPv4 (len 4), Request
>>>> who-has 192.168.55.1 tell 192.168.55.10, length 28
>>>> 13:36:20.156285 ARP, Ethernet (len 6), IPv4 (len 4), Reply
>>>> 192.168.55.1 is-at b8:27:eb:47:8f:43 (oui Unknown), length 46
>>>> 13:36:21.169003 ARP, Ethernet (len 6), IPv4 (len 4), Request
>>>> who-has 192.168.55.1 tell 192.168.55.10, length 28
>>>> 13:36:21.169538 ARP, Ethernet (len 6), IPv4 (len 4), Reply
>>>> 192.168.55.1 is-at b8:27:eb:47:8f:43 (oui Unknown), length 46
>>>>
>>>> Here the answer can be see, its tagged with 802.1q tag 15
>>>>
>>>>
>>>> # tcpdump -vvv -i ixl3.15
>>>> tcpdump: listening on ixl3.15, link-type EN10MB (Ethernet), capture
>>>> size 262144 bytes
>>>> 14:14:37.255429 ARP, Ethernet (len 6), IPv4 (len 4), Request
>>>> who-has 192.168.55.1 tell 192.168.55.10, length 28
>>>> 14:14:42.263475 ARP, Ethernet (len 6), IPv4 (len 4), Request
>>>> who-has 192.168.55.1 tell 192.168.55.10, length 28
>>>> 14:15:02.556311 ARP, Ethernet (len 6), IPv4 (len 4), Request
>>>> who-has 192.168.55.1 tell 192.168.55.10, length 28
>>>> 14:15:07.557644 ARP, Ethernet (len 6), IPv4 (len 4), Request
>>>> who-has 192.168.55.1 tell 192.168.55.10, length 28
>>>>
>>>> The answer cannot be seen on the VLAN interface ):
>>>>
>>>>
>>>> I hope the list can help me out here, as I am lost.
>>>>
>>>>
>>>> Thanks & best
>>>>
>>>>
>>>> Daniel
>>>>
>>>
>>> Best regards,
>>> Zhenlei
>>>
--------------h3cIX2ZczcxnZIWUnT9s5GDd
Content-Type: text/html; charset=UTF-8
X-Clacks-Overhead: GNU Terry Pratchett
Content-Transfer-Encoding: 8bit
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hi Santi,</p>
<p><br>
</p>
<p>yes that was one of the first things i tried, disabling all the
VLAN_HW* options on the interface, unfortunately without any
change in the behavior.</p>
<p>The pf module is loaded and some filters are active on another
interface but no filtering happens on ixl3, ixl3.15 or bridge0.
That was also one of the reasons why I crosschecked my setup with
an USB nic so I can make sure its not the firewall by accident.</p>
<br>
<p>Thanks & Best</p>
<p>Daniel<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 1/25/24 22:10, Santiago Martinez
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:063A269F-B479-4A43-8E3B-B044C2E779F0@codenetworks.net">
<div dir="ltr">Hi Daniel, </div>
<div dir="ltr"><br>
</div>
<div dir="ltr">have you try disabling hardware vlan filtering?</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">Also I guess there is not ipfw or pf modules loaded
right?</div>
<div dir="ltr"><br>
</div>
<div dir="ltr">Best </div>
<div dir="ltr">Santi</div>
<div dir="ltr"><br>
<blockquote type="cite">On 25 Jan 2024, at 10:07, Daniel
<a class="moz-txt-link-rfc2396E" href="mailto:freebsd-net@c0decafe.de"><freebsd-net@c0decafe.de></a> wrote:<br>
<br>
</blockquote>
</div>
<blockquote type="cite">
<div dir="ltr">
<p>Hi,</p>
<p>thanks for your suggestion. Turns out, when i unplug the
vlan interface from the bridge and put the ip address on the
vlan interface, as you suggested, things start to work, e.g.
arp resolves.</p>
<p>as soon as i put the ip and the vlan interface back on the
bridge, things stop again. so where does this lead me? the
problem is not in the vlan handling, but on the bridge? <br>
</p>
<p>I started playing with the net.link.bridge sysctls and
indeed, when i set <br>
</p>
<p><br>
</p>
<p># sysctl net.link.bridge.inherit_mac=1</p>
<p><br>
</p>
<p>and then recreate the bridge</p>
<p><br>
</p>
<p># ifconfig bridge0 deletem ixl3.15 deletem vnet0.1<br>
# ifconfig bridge0 addm ixl3.15 addm vnet0.1</p>
<p><br>
</p>
<p>with the ip address still on bridge0 and ixl3, ixl3.15 and
bridge0 all sharing the same mac address, arp starts
resolving. but only for requests sent from the bridge0
interface. inside of the jail things still don't work (as
the vnet interface again has another mac address).</p>
<p><br>
</p>
<p># ifconfig ixl3 <br>
ixl3:
flags=28963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500<br>
options=4a500b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,NOMAP><br>
ether a4:bf:01:76:ef:9d<br>
media: Ethernet autoselect (10Gbase-SR
<full-duplex>)<br>
status: active<br>
nd6
options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL><br>
# ifconfig ixl3.15<br>
ixl3.15:
flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500<br>
options=4200001<RXCSUM,RXCSUM_IPV6,NOMAP><br>
ether a4:bf:01:76:ef:9d<br>
groups: vlan<br>
vlan: 15 vlanproto: 802.1q vlanpcp: 0 parent
interface: ixl3<br>
media: Ethernet autoselect (10Gbase-SR
<full-duplex>)<br>
status: active<br>
nd6
options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL><br>
# ifconfig bridge0<br>
bridge0:
flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>
metric 0 mtu 1500<br>
ether a4:bf:01:76:ef:9d<br>
inet 192.168.55.20 netmask 0xffffff00 broadcast
192.168.55.255<br>
id 00:00:00:00:00:00 priority 32768 hellotime 2
fwddelay 15<br>
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout
1200<br>
root id 00:00:00:00:00:00 priority 32768 ifcost 0
port 0<br>
member: vnet0.1
flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP><br>
ifmaxaddr 0 port 9 priority 128 path cost
2000<br>
member: ixl3.15
flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP><br>
ifmaxaddr 0 port 8 priority 128 path cost
2000<br>
groups: bridge<br>
nd6 options=9<PERFORMNUD,IFDISABLED><br>
# ping 192.168.55.1<br>
PING 192.168.55.1 (192.168.55.1): 56 data bytes<br>
^C<br>
--- 192.168.55.1 ping statistics ---<br>
2 packets transmitted, 0 packets received, 100.0% packet
loss<br>
</p>
<p>[! yes, the host does not answer on ICMP, but that is to be
expected !]<br>
</p>
<p># arp -an<br>
? (192.168.55.20) at a4:bf:01:76:ef:9d on bridge0 permanent
[bridge]<br>
? (192.168.55.1) at b8:27:eb:47:8f:43 on bridge0 expires in
1197 seconds [bridge]<br>
[...]</p>
<p> [! into the jail !]<br>
</p>
<p>JAIL # ifconfig epair0b<br>
epair0b:
flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>
metric 0 mtu 1500<br>
options=8<VLAN_MTU><br>
ether ac:16:2d:bd:b7:34<br>
hwaddr 02:51:73:d1:33:0b<br>
inet 192.168.55.10 netmask 0xffffff00 broadcast
192.168.55.255<br>
inet6 fe80::ae16:2dff:febd:b734%epair0b prefixlen 64
scopeid 0x2<br>
groups: epair<br>
media: Ethernet 10Gbase-T (10Gbase-T
<full-duplex>)<br>
status: active<br>
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL><br>
JAIL # ping 192.168.55.1<br>
PING 192.168.55.1 (192.168.55.1): 56 data bytes<br>
^C<br>
--- 192.168.55.1 ping statistics ---<br>
1 packets transmitted, 0 packets received, 100.0% packet
loss<br>
JAIL # arp -an<br>
? (192.168.55.10) at ac:16:2d:bd:b7:34 on epair0b permanent
[ethernet]<br>
? (192.168.55.1) at (incomplete) on epair0b expired
[ethernet]<br>
<br>
</p>
<p><br>
</p>
<p>I conclude that there must be some mac address filtering
going on in the data path, whether its on ixl or the bridge.</p>
<p>In dmesg I also see:</p>
<p>>> bridge0: can't disable some capabilities on
ixl3.15: 0x400</p>
<p>but as of /usr/src/sys/net/if.h:233 this maps to IFCAP_LRO
which afaik should not have any influence on L2 filtering.<br>
</p>
<p><br>
</p>
<p>Have to say, I'm out of ideas again. Never had something
like this. So far just 'throwing interfaces on a bridge'
worked in the past. Any ideas where to look next?</p>
<p><br>
</p>
<p>Thanks a lot & best</p>
<p><br>
</p>
<p>Daniel<br>
</p>
<p><br>
</p>
<div class="moz-cite-prefix">On 1/25/24 08:22, Zhenlei Huang
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:40DB5F45-6507-4274-BF28-6B9A5F45CAE9@FreeBSD.org"><br
class="">
<div><br class="">
<blockquote type="cite" class="">
<div class="">On Jan 23, 2024, at 11:03 PM, Daniel <<a
href="mailto:freebsd-net@c0decafe.de"
class="moz-txt-link-freetext" moz-do-not-send="true">freebsd-net@c0decafe.de</a>>
wrote:</div>
<br class="Apple-interchange-newline">
<div class="">
<div class="">
<p class="">Hi List, <br class="">
<br class="">
<br class="">
just recently I discovered a problem with the
ixl(4) driver. Hopefully someone here can help me.
my setup is as follows: <br class="">
<br class="">
<br class="">
Network ----- ixl3 interface ----- ixl3.15 vlan
interface ----- bridge0 ----- vnet0.1 to jail <br
class="">
<br class="">
<br class="">
the problem now is that the jail can send data out
(arp requests), i do see the responses on the ixl3
interface of the host, but they never make their
way up to the ixl3.15 vlan interface (even though
they are tagged correctly). To rule out that my
config or the network is the cruel pit i did test
the same setup with a cheap usb-ethernet adapter
and there everything works as expected. I'm on
FreeBSD 13.2-RELEASE-p8 and I did test both, the
in kernel driver and the driver from ports
intel-ixl-kmod-1.13.4_1. <br class="">
</p>
</div>
</div>
</blockquote>
<div>I would encourage you to do plain VLAN tests, i.e.
plug ixl3.15 out from bridge0</div>
<div><br class="">
</div>
<div>```</div>
<div># ifconfig bridge0 deletem ixl3.15</div>
<div># ifconfig bridge0 inet 192.168.55.20/24 delete ###
to prevent confusion</div>
<div># ifconfig ixl3.15 inet 192.168.55.x/24</div>
<div># ping -c1 <span class="">192.168.55.1</span></div>
<div>``` </div>
<br class="">
<blockquote type="cite" class="">
<div class="">
<div class="">
<p class=""> <br class="">
Here is a bit of information on my environment: <br
class="">
<br class="">
# uname -a <br class="">
FreeBSD mimir 13.2-RELEASE-p8 FreeBSD
13.2-RELEASE-p8 GENERIC amd64 <br class="">
<br class="">
# pciconf -lBbcevV pci0:25:0:3 <br class="">
ixl3@pci0:25:0:3: class=0x020000 rev=0x09
hdr=0x00 vendor=0x8086 device=0x37d3
subvendor=0x8086 subdevice=0x35d5 <br class="">
vendor = 'Intel Corporation' <br class="">
device = 'Ethernet Connection X722 for
10GbE SFP+' <br class="">
class = network <br class="">
subclass = ethernet <br class="">
bar [10] = type Prefetchable Memory, range
64, base 0xb0000000, size 16777216, enabled <br
class="">
bar [1c] = type Prefetchable Memory, range
64, base 0xb5000000, size 32768, enabled <br
class="">
cap 01[40] = powerspec 3 supports D0 D3
current D0 <br class="">
cap 05[50] = MSI supports 1 message, 64 bit,
vector masks <br class="">
cap 11[70] = MSI-X supports 129 messages,
enabled <br class="">
Table in map 0x1c[0x0], PBA in
map 0x1c[0x1000] <br class="">
cap 10[a0] = PCI-Express 2 endpoint max data
256(512) FLR RO <br class="">
max read 512 <br class="">
link x1(x1) speed 2.5(2.5) ASPM
disabled(L0s/L1) <br class="">
cap 03[e0] = VPD <br class="">
ecap 0001[100] = AER 2 0 fatal 0 non-fatal 1
corrected <br class="">
ecap 0003[140] = Serial 1 9aef76ffff01bfa4 <br
class="">
ecap 000e[150] = ARI 1 <br class="">
ecap 0010[160] = SR-IOV 1 IOV disabled, Memory
Space disabled, ARI disabled <br class="">
0 VFs configured out of 32
supported <br class="">
First VF RID Offset 0x006d,
VF RID Stride 0x0001 <br class="">
VF Device ID 0x37cd <br
class="">
Page Sizes: 4096 (enabled),
8192, 65536, 262144, 1048576, 4194304 <br
class="">
ecap 0017[1a0] = TPH Requester 1 <br class="">
ecap 000d[1b0] = ACS 1 Source Validation
unavailable, Translation Blocking unavailable <br
class="">
P2P Req Redirect unavailable,
P2P Cmpl Redirect unavailable <br class="">
P2P Upstream Forwarding
unavailable, P2P Egress Control unavailable <br
class="">
P2P Direct Translated
unavailable, Enhanced Capability unavailable <br
class="">
PCI-e errors = Correctable Error Detected <br
class="">
Unsupported Request Detected <br
class="">
Corrected = Advisory Non-Fatal Error <br
class="">
VPD ident = 'Example VPD' <br class="">
</p>
<p class=""># ifconfig<br class="">
[...]<br class="">
ixl3:
flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500<br class="">
options=4a500b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,NOMAP><br
class="">
ether a4:bf:01:76:ef:9d<br class="">
media: Ethernet autoselect (10Gbase-SR
<full-duplex>)<br class="">
status: active<br class="">
nd6
options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL><br
class="">
ixl3.15:
flags=8942<BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500<br class="">
options=4200001<RXCSUM,RXCSUM_IPV6,NOMAP><br
class="">
ether a4:bf:01:76:ef:9d<br class="">
groups: vlan<br class="">
vlan: 15 vlanproto: 802.1q vlanpcp: 0
parent interface: ixl3<br class="">
media: Ethernet autoselect (10Gbase-SR
<full-duplex>)<br class="">
status: active<br class="">
nd6
options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL><br
class="">
bridge0:
flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST>
metric 0 mtu 1500<br class="">
ether 58:9c:fc:10:dd:05<br class="">
inet 192.168.55.20 netmask 0xffffff00
broadcast 192.168.55.255<br class="">
id 00:00:00:00:00:00 priority 32768
hellotime 2 fwddelay 15<br class="">
maxage 20 holdcnt 6 proto rstp maxaddr
2000 timeout 1200<br class="">
root id 00:00:00:00:00:00 priority 32768
ifcost 0 port 0<br class="">
member: vnet0.1
flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP><br
class="">
ifmaxaddr 0 port 9 priority 128
path cost 2000<br class="">
member: ixl3.15
flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP><br
class="">
ifmaxaddr 0 port 8 priority 128
path cost 55<br class="">
groups: bridge<br class="">
nd6 options=9<PERFORMNUD,IFDISABLED><br
class="">
[...] </p>
<p class=""><br class="">
</p>
<p class=""> <br class="">
# cat /etc/rc.conf <br class="">
[...] <br class="">
ifconfig_ixl3="up" <br class="">
vlans_ixl3="15" <br class="">
cloned_interfaces="bridge0" <br class="">
ifconfig_bridge0="addm ixl3.15 up" <br class="">
[...]<br class="">
<br class="">
<br class="">
<br class="">
# dmesg | grep ixl <br class="">
ixl0: <Intel(R) Ethernet Connection X722 for
10GBASE-T - 2.3.3-k> mem
0xb3000000-0xb3ffffff,0xb5018000-0xb501ffff at
device 0.0 numa-domain 0 on pci6 <br class="">
ixl0: fw 3.1.55727 api 1.5 nvm 3.31 etid 80000d32
oem 1.262.0 <br class="">
ixl0: PF-ID[0]: VFs 32, MSI-X 129, VF MSI-X 5, QPs
384, MDIO shared <br class="">
ixl0: Using 1024 TX descriptors and 1024 RX
descriptors <br class="">
ixl0: Using 12 RX queues 12 TX queues <br
class="">
ixl0: Using MSI-X interrupts with 13 vectors <br
class="">
ixl0: Ethernet address: a4:bf:01:76:ef:9a <br
class="">
ixl0: Allocating 16 queues for PF LAN VSI; 12
queues active <br class="">
ixl0: SR-IOV ready <br class="">
ixl0: netmap queues/slots: TX 12/1024, RX 12/1024
<br class="">
ixl1: <Intel(R) Ethernet Connection X722 for
10GBASE-T - 2.3.3-k> mem
0xb2000000-0xb2ffffff,0xb5010000-0xb5017fff at
device 0.1 numa-domain 0 on pci6 <br class="">
ixl1: fw 3.1.55727 api 1.5 nvm 3.31 etid 80000d32
oem 1.262.0 <br class="">
ixl1: PF-ID[1]: VFs 32, MSI-X 129, VF MSI-X 5, QPs
384, MDIO shared <br class="">
ixl1: Using 1024 TX descriptors and 1024 RX
descriptors <br class="">
ixl1: Using 12 RX queues 12 TX queues <br
class="">
ixl1: Using MSI-X interrupts with 13 vectors <br
class="">
ixl1: Ethernet address: a4:bf:01:76:ef:9b <br
class="">
ixl1: Allocating 16 queues for PF LAN VSI; 12
queues active <br class="">
ixl1: SR-IOV ready <br class="">
ixl1: netmap queues/slots: TX 12/1024, RX 12/1024
<br class="">
ixl2: <Intel(R) Ethernet Connection X722 for
10GbE SFP+ - 2.3.3-k> mem
0xb1000000-0xb1ffffff,0xb5008000-0xb500ffff at
device 0.2 numa-domain 0 on pci6 <br class="">
ixl2: fw 3.1.55727 api 1.5 nvm 3.31 etid 80000d32
oem 1.262.0 <br class="">
ixl2: PF-ID[2]: VFs 32, MSI-X 129, VF MSI-X 5, QPs
384, I2C <br class="">
ixl2: Using 1024 TX descriptors and 1024 RX
descriptors <br class="">
ixl2: Using 12 RX queues 12 TX queues <br
class="">
ixl2: Using MSI-X interrupts with 13 vectors <br
class="">
ixl2: Ethernet address: a4:bf:01:76:ef:9c <br
class="">
ixl2: Allocating 16 queues for PF LAN VSI; 12
queues active <br class="">
ixl2: ixl_set_link: Error getting phy capabilities
-7, aq error: 5 <br class="">
ixl2: SR-IOV ready <br class="">
ixl2: netmap queues/slots: TX 12/1024, RX 12/1024
<br class="">
ixl3: <Intel(R) Ethernet Connection X722 for
10GbE SFP+ - 2.3.3-k> mem
0xb0000000-0xb0ffffff,0xb5000000-0xb5007fff at
device 0.3 numa-domain 0 on pci6 <br class="">
ixl3: fw 3.1.55727 api 1.5 nvm 3.31 etid 80000d32
oem 1.262.0 <br class="">
ixl3: PF-ID[3]: VFs 32, MSI-X 129, VF MSI-X 5, QPs
384, I2C <br class="">
ixl3: Using 1024 TX descriptors and 1024 RX
descriptors <br class="">
ixl3: Using 12 RX queues 12 TX queues <br
class="">
ixl3: Using MSI-X interrupts with 13 vectors <br
class="">
ixl3: Ethernet address: a4:bf:01:76:ef:9d <br
class="">
ixl3: Allocating 16 queues for PF LAN VSI; 12
queues active <br class="">
ixl3: ixl_set_link: Error getting phy capabilities
-7, aq error: 5 <br class="">
ixl3: SR-IOV ready <br class="">
ixl3: netmap queues/slots: TX 12/1024, RX 12/1024
<br class="">
ixl2: Link is up, 10 Gbps Full Duplex, Requested
FEC: None, Negotiated FEC: None, Autoneg: False,
Flow Control: None <br class="">
ixl2: link state changed to UP <br class="">
ixl3: Link is up, 10 Gbps Full Duplex, Requested
FEC: None, Negotiated FEC: None, Autoneg: False,
Flow Control: None <br class="">
ixl3: link state changed to UP <br class="">
bridge0: can't disable some capabilities on
ixl3.15: 0x400 <br class="">
ixl3: promiscuous mode enabled <br class="">
ixl3.15: promiscuous mode enabled <br class="">
<br class="">
<br class="">
from my packet traces: <br class="">
<br class="">
# tcpdump -vvv -i ixl3 <br class="">
</p>
</div>
</div>
</blockquote>
<div>May you please add the option -e to tcpdump, so that
the link-level header can be printed out.</div>
<div><br class="">
</div>
<div>```</div>
<div># tcpdump -nvei ixl3</div>
<div>```</div>
<br class="">
<blockquote type="cite" class="">
<div class="">
<div class="">
<p class=""> tcpdump: listening on ixl3, link-type
EN10MB (Ethernet), capture size 262144 bytes <br
class="">
[...] <br class="">
13:36:20.155843 ARP, Ethernet (len 6), IPv4 (len
4), Request who-has 192.168.55.1 tell
192.168.55.10, length 28 <br class="">
13:36:20.156285 ARP, Ethernet (len 6), IPv4 (len
4), Reply 192.168.55.1 is-at b8:27:eb:47:8f:43
(oui Unknown), length 46 <br class="">
13:36:21.169003 ARP, Ethernet (len 6), IPv4 (len
4), Request who-has 192.168.55.1 tell
192.168.55.10, length 28 <br class="">
13:36:21.169538 ARP, Ethernet (len 6), IPv4 (len
4), Reply 192.168.55.1 is-at b8:27:eb:47:8f:43
(oui Unknown), length 46 <br class="">
<br class="">
Here the answer can be see, its tagged with 802.1q
tag 15 <br class="">
<br class="">
<br class="">
# tcpdump -vvv -i ixl3.15 <br class="">
tcpdump: listening on ixl3.15, link-type EN10MB
(Ethernet), capture size 262144 bytes <br
class="">
14:14:37.255429 ARP, Ethernet (len 6), IPv4 (len
4), Request who-has 192.168.55.1 tell
192.168.55.10, length 28 <br class="">
14:14:42.263475 ARP, Ethernet (len 6), IPv4 (len
4), Request who-has 192.168.55.1 tell
192.168.55.10, length 28 <br class="">
14:15:02.556311 ARP, Ethernet (len 6), IPv4 (len
4), Request who-has 192.168.55.1 tell
192.168.55.10, length 28 <br class="">
14:15:07.557644 ARP, Ethernet (len 6), IPv4 (len
4), Request who-has 192.168.55.1 tell
192.168.55.10, length 28 <br class="">
<br class="">
The answer cannot be seen on the VLAN interface ):
<br class="">
<br class="">
<br class="">
I hope the list can help me out here, as I am
lost.<br class="">
<br class="">
<br class="">
Thanks & best</p>
<p class=""><br class="">
</p>
<p class="">Daniel<br class="">
</p>
</div>
</div>
</blockquote>
</div>
<br class="">
<div class="">
<div>Best regards,</div>
<div>Zhenlei</div>
</div>
<br class="">
</blockquote>
</div>
</blockquote>
</blockquote>
</body>
</html>
--------------h3cIX2ZczcxnZIWUnT9s5GDd--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?cf19982d-68e4-4997-a496-172c6bb4459e>