Date: Wed, 30 Jul 2025 21:29:57 +0000 From: "Patrick M. Hausen" <hausen@punkt.de> To: Lexi Winter <ivy@freebsd.org> Cc: "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>, "net@freebsd.org" <net@freebsd.org> Subject: Re: vlan(4) and bridge(4) on same interface Message-ID: <F5B57005-EFFA-4DDA-AB0D-503E04D6A23D@punkt.de> In-Reply-To: <aIqMp6LhOMK1LEj7@freefall.freebsd.org> References: <aIo0kN79B6JymlAh@freefall.freebsd.org> <s124p67o-os20-16s9-n227-599184n43s7o@yvfgf.mnoonqbm.arg> <aIqDoyIbOf9VNo3d@freefall.freebsd.org> <83AAB529-4AA4-4C71-9B9E-9CD568128A67@punkt.de> <aIqMp6LhOMK1LEj7@freefall.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi! > Am 30.07.2025 um 23:20 schrieb Lexi Winter <ivy@freebsd.org>: > the situation i'm talking about is when you have a vlan(4) configured on > an interface, and the underlying interface (not the vlan interface) is > also in a bridge, for example: But that configuration has always been illegal and known to fail in weird ways. Just like putting a layer 3 address on a bridge member interface. So I still wonder what the problem seems to be. Update the documentation. Make these particular constraints big boxes with a red exclamation mark in the handbook. You can still create arbitrary switch-equivalent network topologies with these known constraints. You just need to - not have a layer 3 address on a bridge member - not have a VLAN on a bridge member - use one bridge per VLAN if you want to turn your machine into a "switch" > "ix0" has a vlan(4) configured on it and is also in a bridge: this is > the configuration i want to prohibit. But why of course. It was never supposed to work and getting a decent error message is better than weird and hard to debug failure scenarios. Fail early, fail hard. I do get the diskless client scenario. Fine. That was probably overlooked and we need a solution for that in tooling/rc/whatever. What I do not get is the argument "I insist on creating bridges for VMs or VNET jails on the fly". You cannot do that in VMware, or Proxmox, or any product I know. You plan and create your vSwitches and port groups in advance. So on FreeBSD if you do not know if you ever want to attach a jail to a physical or VLAN interface? Easy. Create a bridge for every interface and use that bridge for layer 3 of the host. At least that is what we do. What is lost with an extra bridge on every interface? Kind regards, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Sophienstr. 187 76185 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de info@punkt.de AG Mannheim 108285 Geschäftsführer: Daniel Lienert, Fabian Stein
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?F5B57005-EFFA-4DDA-AB0D-503E04D6A23D>