Date: Wed, 26 Jul 2023 17:06:57 +0200 (CEST) From: Ronald Klop <ronald-lists@klop.ws> To: Rudy <crapsh@monkeybrains.net> Cc: freebsd-net@freebsd.org Subject: Re: VLAN not working - jails, bridges, and VLANs Message-ID: <1098775861.8350.1690384017229@localhost> In-Reply-To: <156f55a9-9a0b-f2e8-f542-1933f6dc229a@monkeybrains.net> References: <156f55a9-9a0b-f2e8-f542-1933f6dc229a@monkeybrains.net>
next in thread | previous in thread | raw e-mail | index | archive | help
------=_Part_8349_738894886.1690384016801
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Van: Rudy <crapsh@monkeybrains.net>
Datum: zondag, 16 juli 2023 05:54
Aan: freebsd-net@freebsd.org
Onderwerp: VLAN not working - jails, bridges, and VLANs
>
>
> Kernel: FreeBSD 13.1-RELEASE-p8 GENERIC amd64
> Issue: vlan traffic not in the jail
>
> Weird issue today...
>
> I have a bridge with on the host, two jails, and a vlan in the jail.
> The jails were networking just fine with their native vlan (1), but the host would not pass 802.1q traffic to the jail.
>
> If I created the vlan91 on the host, that would 'wake up vlan awareness on the bridge'. I could then destroy the vlan91 on the host, and the jail still passes traffic.
>
> The Workaround:
> host#ifconfig vlan91 create vlan 91 vlandev igb1 10.1.1.1/28; ifconfig vlan91 destroy
>
>
>
> Maybe something wrong with the bridge spanning tree implementation? It's like that bridge was created before the vlans, and the non-native vlans are pruned.
>
>
> Rudy
>
>
>
>
>
>
>
>
> host# ifconfig bridge0
> bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> ether 58:9c:fc:00:69:7f
> id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
> maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
> root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
> member: epair1a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> ifmaxaddr 0 port 12 priority 128 path cost 2000
> member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> ifmaxaddr 0 port 11 priority 128 path cost 2000
> member: igb1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> ifmaxaddr 0 port 4 priority 128 path cost 20000
> groups: bridge
>
>
> jail0# ifconfig
> epair1b: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> options=8<VLAN_MTU>
> ether 02:eb:91:68:32:0b
> inet 10.10.40.112 netmask 0xffffff00 broadcast 10.10.40.255
> groups: epair
> media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
> status: active
> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
> vlan91: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> ether 02:eb:91:68:32:0b
> inet 10.8.254.68 netmask 0xfffffff0 broadcast 10.8.254.79
> groups: vlan
> vlan: 91 vlanproto: 802.1q vlanpcp: 0 parent interface: epair1b
> media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
> status: active
> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>
>
> host# kldstat
> Id Refs Address Size Name
> 1 50 0xffffffff80200000 1f30470 kernel
> 2 1 0xffffffff82131000 5ec1f8 zfs.ko
> 3 1 0xffffffff8271e000 b7d0 opensolaris.ko
> 4 1 0xffffffff82ae5000 3378 acpi_wmi.ko
> 5 1 0xffffffff82ae9000 3250 ichsmb.ko
> 6 1 0xffffffff82aed000 2180 smbus.ko
> 7 1 0xffffffff82af0000 8d38 ioat.ko
> 8 1 0xffffffff82af9000 2110 pchtherm.ko
> 9 1 0xffffffff82afc000 2340 uhid.ko
> 10 1 0xffffffff82aff000 4350 ums.ko
> 11 1 0xffffffff82b04000 3380 usbhid.ko
> 12 1 0xffffffff82b08000 31f8 hidbus.ko
> 13 1 0xffffffff82b0c000 2a08 mac_ntpd.ko
> 14 1 0xffffffff82b0f000 7638 if_bridge.ko
> 15 1 0xffffffff82b17000 50d8 bridgestp.ko
> 16 1 0xffffffff82b1d000 3a64 if_epair.ko
>
>
>
>
>
>
>
>
>
Hi,
What are you trying to accomplish?
/--- epair1a --- epair1b --- vlan91 -> Jail1
ibg1 ---- bridge0 ---+
\--- epair0a --- epair0b --- ???
Is ibg1 running in PROMISC mode if you do not do the workaround of setting vlan91 on ibg1?
Can you post complete output of ifconfig and the relevant part of your /etc/rc.conf?
Regards,
Ronald.
------=_Part_8349_738894886.1690384016801
Content-Type: text/html; charset=us-ascii
Content-Transfer-Encoding: 7bit
<html><head></head><body><br>
<p><strong>Van:</strong> Rudy <crapsh@monkeybrains.net><br>
<strong>Datum:</strong> zondag, 16 juli 2023 05:54<br>
<strong>Aan:</strong> freebsd-net@freebsd.org<br>
<strong>Onderwerp:</strong> VLAN not working - jails, bridges, and VLANs</p>
<blockquote style="padding-right: 0px; padding-left: 5px; margin-left: 5px; border-left: #000000 2px solid; margin-right: 0px">
<div class="MessageRFC822Viewer" id="P">
<div class="TextPlainViewer" id="P.P"><br>
<br>
Kernel: FreeBSD 13.1-RELEASE-p8 GENERIC amd64<br>
Issue: vlan traffic not in the jail<br>
<br>
Weird issue today...<br>
<br>
I have a bridge with on the host, two jails, and a vlan in the jail.<br>
The jails were networking just fine with their native vlan (1), but the host would not pass 802.1q traffic to the jail.<br>
<br>
If I created the vlan91 on the host, that would 'wake up vlan awareness on the bridge'. I could then destroy the vlan91 on the host, and the jail still passes traffic.<br>
<br>
The Workaround:<br>
host#ifconfig vlan91 create vlan 91 vlandev igb1 10.1.1.1/28; ifconfig vlan91 destroy<br>
<br>
<br>
<br>
Maybe something wrong with the bridge spanning tree implementation? It's like that bridge was created before the vlans, and the non-native vlans are pruned.<br>
<br>
<br>
Rudy<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
host# ifconfig bridge0<br>
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500<br>
ether 58:9c:fc:00:69:7f<br>
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15<br>
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200<br>
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0<br>
member: epair1a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP><br>
ifmaxaddr 0 port 12 priority 128 path cost 2000<br>
member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP><br>
ifmaxaddr 0 port 11 priority 128 path cost 2000<br>
member: igb1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP><br>
ifmaxaddr 0 port 4 priority 128 path cost 20000<br>
groups: bridge<br>
<br>
<br>
jail0# ifconfig<br>
epair1b: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500<br>
options=8<VLAN_MTU><br>
ether 02:eb:91:68:32:0b<br>
inet 10.10.40.112 netmask 0xffffff00 broadcast 10.10.40.255<br>
groups: epair<br>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)<br>
status: active<br>
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL><br>
vlan91: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500<br>
ether 02:eb:91:68:32:0b<br>
inet 10.8.254.68 netmask 0xfffffff0 broadcast 10.8.254.79<br>
groups: vlan<br>
vlan: 91 vlanproto: 802.1q vlanpcp: 0 parent interface: epair1b<br>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)<br>
status: active<br>
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL><br>
<br>
<br>
host# kldstat<br>
Id Refs Address Size Name<br>
1 50 0xffffffff80200000 1f30470 kernel<br>
2 1 0xffffffff82131000 5ec1f8 zfs.ko<br>
3 1 0xffffffff8271e000 b7d0 opensolaris.ko<br>
4 1 0xffffffff82ae5000 3378 acpi_wmi.ko<br>
5 1 0xffffffff82ae9000 3250 ichsmb.ko<br>
6 1 0xffffffff82aed000 2180 smbus.ko<br>
7 1 0xffffffff82af0000 8d38 ioat.ko<br>
8 1 0xffffffff82af9000 2110 pchtherm.ko<br>
9 1 0xffffffff82afc000 2340 uhid.ko<br>
10 1 0xffffffff82aff000 4350 ums.ko<br>
11 1 0xffffffff82b04000 3380 usbhid.ko<br>
12 1 0xffffffff82b08000 31f8 hidbus.ko<br>
13 1 0xffffffff82b0c000 2a08 mac_ntpd.ko<br>
14 1 0xffffffff82b0f000 7638 if_bridge.ko<br>
15 1 0xffffffff82b17000 50d8 bridgestp.ko<br>
16 1 0xffffffff82b1d000 3a64 if_epair.ko<br>
<br>
<br>
<br>
<br>
<br>
</div>
<hr></div>
</blockquote>
<br>
<br>
Hi,<br>
<br>
What are you trying to accomplish?
<pre> /--- epair1a --- epair1b --- vlan91 -> Jail1
ibg1 ---- bridge0 ---+
\--- epair0a --- epair0b --- ???
</pre>
Is ibg1 running in PROMISC mode if you do not do the workaround of setting vlan91 on ibg1?<br>
<br>
Can you post complete output of ifconfig and the relevant part of your /etc/rc.conf?<br>
<br>
Regards,<br>
<br>
Ronald.<br>
</body></html>
------=_Part_8349_738894886.1690384016801--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1098775861.8350.1690384017229>