Date: Mon, 17 Mar 2014 01:02:29 -0700 From: Kevin Bowling <kevin.bowling@kev009.com> To: freebsd-net@freebsd.org Cc: freebsd-virtualization@freebsd.org Subject: Re: VNET, if_bridge, if_epair, vlans and bridged phy? Message-ID: <lg6a68$215$1@ger.gmane.org> In-Reply-To: <lg5omk$qfi$1@ger.gmane.org> References: <lg5omk$qfi$1@ger.gmane.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 3/16/2014 8:04 PM, Kevin Bowling wrote: > I'm trying a somewhat elaborate VNET jails setup and for the most part > it's working. I'm using if_epairs, one side that gets passed into the > jail, and the other side that attaches to an if_bridge. The if_bridge > has a member on a vlan interface. So far so good. > > cloned_interfaces="bridge0 bridge1 bridge2 vlan0 vlan1" > ifconfig_ix0="inet <pub ip> netmask 255.255.255.240 up" > ifconfig_vlan0="vlan 1010 vlandev ix0" > ifconfig_vlan1="vlan 1011 vlandev ix0" > ifconfig_bridge1="inet 10.10.10.55/24 addm vlan0 description vlan0" > ifconfig_bridge2="inet 10.10.11.55/24 addm vlan1 description vlan1" > > The above works fine, the VNET jails are able to access the outside > world and vis versa (NAT happens on a dedicated router, not this host). > > Now, if I instead do something like this to add the public IP to a bridge: > > ifconfig_ix0="up" > ifconfig_vlan0="vlan 1010 vlandev ix0" > ifconfig_vlan1="vlan 1011 vlandev ix0" > ifconfig_bridge0="inet <pub ip> netmask 255.255.255.240 addm ix0 > description ix0" > ifconfig_bridge1="inet 10.10.10.55/24 addm vlan0 description vlan0" > ifconfig_bridge2="inet 10.10.11.55/24 addm vlan1 description vlan1" > > A VNET jail on bridge0 in the public IP space works fine, but bridge1 > and bridge2 are no longer accessible from the outside, including the > host interface like 10.10.10.55. > > Any ideas on what could be going wrong? Is there a way to use an > untagged interface like this in addition to the tagged ones? > > Regards, > Kevin I'm able to work around this by setting the native VLAN on the switch to a bogus value and using another tagged interface for the public IP (now nothing uses untagged interface). I'm guessing it might be rstp/mstp related since STP does not happen on the VLAN interfaces, but it does on the native port when added to a bridge. When they're all VLANs, I don't think if_bridge will send any BPDUs to the switch. Regards, Kevin
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?lg6a68$215$1>