Date: Sun, 5 Jul 2020 11:03:22 +0200 From: Stefan Bethke <stb@lassitu.de> To: =?utf-8?Q?Ask_Bj=C3=B8rn_Hansen?= <ask@develooper.com> Cc: "net@freebsd.org" <net@FreeBSD.org> Subject: Re: Bridge interface on VLAN not working Message-ID: <67049C6D-5821-4C9A-921A-79745B90D8B0@lassitu.de> In-Reply-To: <0C059F66-B37D-4F9C-9B04-E7D8E2F5EDE3@develooper.com> References: <0C059F66-B37D-4F9C-9B04-E7D8E2F5EDE3@develooper.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_0B85E66A-2111-4A60-97FE-646B7D1890A6 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Am 04.07.2020 um 20:59 schrieb Ask Bj=C3=B8rn Hansen = <ask@develooper.com>: >=20 > Hi everyone, >=20 > I had this working for months until a reboot either got things started = up in a different order or cleared what I setup by hand (it=E2=80=99s a = snowflake test/development system at home) and did whatever I=E2=80=99d = actually configured. >=20 > I have a single trunk=E2=80=99ed (em) interface to the switch. The = main network is untagged, and I have various tagged networks as well. I = was using the tagged networks in bhyve virtual machines. >=20 > (Some?) traffic doesn=E2=80=99t pass from the bridged tap interfaces = (or from the bridge itself) to the vlan interface (em0.8 for example). = tcpdump shows lots of packets coming from the =E2=80=9Coutside=E2=80=9D = and in, but for example if I do a ping from one of the tap interfaces = then nothing shows up on the bridge interface (looking with tcpdump). >=20 > Another symptom is that if I move the =E2=80=9Chost IP=E2=80=9D from = the em0.8 interface to the bridge interface that=E2=80=99s including = em0.8 then I can no longer communicate with that IP from the rest of the = network. >=20 > In the output below I can ping 192.168.53.42 from another system on = VLAN 53 (outside this box) and I can ping 192.168.53.42 from another = system on the bridge, but I can=E2=80=99t ping between the system = outside this box and the VM on the bridge. >=20 > I=E2=80=99ve disabled pf everywhere. >=20 > As I mentioned, some traffic crosses but it seems like arp requests = gets blocked somewhere? >=20 > I don=E2=80=99t think it=E2=80=99s the switch, because as long as I = don=E2=80=99t use the bridge everything works fine. :-/ >=20 > Any suggestions? (or other debug output that=E2=80=99d be useful). Which kernel version are you running? I have a similar setup, but all my VLANs are tagged. I have an OpenVPN = connection with a bridge, and originally was bridging the untagged = interface over that. Since the untagged interface includes all the .1q = frames as well, and I didn't want that traffic on the VPN connection, I = changed my config to tagged only, and moved to bridging only the VLAN = interfaces, but not the physical one. I've followed the advice in the = man page and have configured IPv4 and IPv6 only on the bridge interface, = not the member interfaces. I have two more systems that also use a VLAN/bridge setup. I'm using PF, but I have restricted it (from the defaults) to only work = on the IP layer and on the configured interface, not the bridge members = and not on bridged packets. In my setup, the bridge conceptually should = behave like an external switch. I'm running 12.1-STABLE amd64 GENERIC 1201518, and I have these = interfaces (one example VLAN, I have 4 in total): ix0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric = 0 mtu 1500 = options=3De53fbb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCS= UM,TSO4,TSO6,LRO,WOL_UCAST,WOL_MCAST,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RX= CSUM_IPV6,TXCSUM_IPV6> ether d0:50:99:d8:da:83 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> vlan100: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> = metric 0 mtu 1500 options=3D200401<RXCSUM,LRO,RXCSUM_IPV6> ether d0:50:99:d8:da:83 groups: vlan vlan: 100 vlanpcp: 0 parent interface: ix0 media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6 options=3D49<PERFORMNUD,IFDISABLED,NO_RADR> br100: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu = 1500 description: vm-br100 ether 02:00:00:00:00:64 inet 44.128.XXXX netmask 0xffffff00 broadcast 44.128.XXXX inet 44.128.XXXX netmask 0xffffffff broadcast 44.128.XXXX inet 44.128.XXXX netmask 0xffffffff broadcast 44.128.XXXX inet6 fe80::ff:fe00:64%br100 prefixlen 64 scopeid 0x10 inet6 2a02:8108:XXXX:0:ff:fe00:64 prefixlen 64 inet6 2a02:8108:XXXX::2 prefixlen 128 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: jous flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 30 priority 128 path cost 2000 member: jouk flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 29 priority 128 path cost 2000 member: tap2 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 9 priority 128 path cost 2000000 member: vlan100 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 12 priority 128 path cost 2000 groups: bridge vm-switch viid-b8446@ nd6 options=3D61<PERFORMNUD,AUTO_LINKLOCAL,NO_RADR> -- Stefan Bethke <stb@lassitu.de> Fon +49 151 14070811 --Apple-Mail=_0B85E66A-2111-4A60-97FE-646B7D1890A6 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQEzBAEBCgAdFiEEJ+hF98o4r3eU/HiPD885WK4W4sEFAl8Bl1oACgkQD885WK4W 4sFGFAgAqiOKctcnLx9b/zz3TRFfNY/Q3yvCg9NJg7ZB6JNoKxiajrhc1uv+s0ut l8eUdZFZ64JVM95a/R+guMesa0ZIPQ5SlpTo9xuT/CG8eBmgQiu6r4SBiQP8qI0c SBVoLsFjKJ96srMe2Dt4zJgWgXpiB85s3w0vK4U18mmr62HJpx3tS+HeBzDiHkdO vaqbeEV38AC6siZTisTC69CKo1IHOvuDmR58EDdb5vIuZ2A2JkrpqsuncdS1Fjao JbUVR1wcLOnDUb5H9V/HSYbVNhokHKlWfTO0bKDEWRY+uFy4FXi2FoQZPmkix1G+ +Sa9eMNTqaEnlm4F6TKLVCmJPjPhLw== =3/OZ -----END PGP SIGNATURE----- --Apple-Mail=_0B85E66A-2111-4A60-97FE-646B7D1890A6--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?67049C6D-5821-4C9A-921A-79745B90D8B0>