From owner-freebsd-net@FreeBSD.ORG  Wed Jan 30 15:22:38 2008
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 7090C16A41A
	for <freebsd-net@freebsd.org>; Wed, 30 Jan 2008 15:22:38 +0000 (UTC)
	(envelope-from tom@tomjudge.com)
Received: from smtp803.mail.ird.yahoo.com (smtp803.mail.ird.yahoo.com
	[217.146.188.63])
	by mx1.freebsd.org (Postfix) with SMTP id E701713C442
	for <freebsd-net@freebsd.org>; Wed, 30 Jan 2008 15:22:37 +0000 (UTC)
	(envelope-from tom@tomjudge.com)
Received: (qmail 93243 invoked from network); 30 Jan 2008 15:22:36 -0000
Received: from unknown (HELO ?192.168.1.2?)
	(thomasjudge@btinternet.com@86.139.239.10 with plain)
	by smtp803.mail.ird.yahoo.com with SMTP; 30 Jan 2008 15:22:36 -0000
X-YMail-OSG: H7OBwX0VM1luRtjI.gyEmbRPEAJei5.wH0C4UYBNIjI3cgTqOccjkDDzsSOGGzvKyFWwI6pl1bNevqfw9tqZtUkSkgyL
X-Yahoo-Newman-Property: ymail-3
Message-ID: <47A09652.5070103@tomjudge.com>
Date: Wed, 30 Jan 2008 15:22:58 +0000
From: Tom Judge <tom@tomjudge.com>
User-Agent: Thunderbird 1.5.0.13 (X11/20070824)
MIME-Version: 1.0
To: Alexandre Biancalana <biancalana@gmail.com>
References: <8e10486b0801290439y77568aeby6c6dbfbb5132f61d@mail.gmail.com>	
	<479F4C3C.5070801@tomjudge.com>	
	<8e10486b0801290842l5d65bb3fk8a02d731c3ad1b91@mail.gmail.com>	
	<479F7C7A.5080605@tomjudge.com>	
	<8e10486b0801291438n51ca5bcdue2d7ef531ffefaae@mail.gmail.com>	
	<47A07525.9080201@tomjudge.com>
	<8e10486b0801300610jf0b3f88tc3c06dab76268917@mail.gmail.com>
In-Reply-To: <8e10486b0801300610jf0b3f88tc3c06dab76268917@mail.gmail.com>
Content-Type: multipart/mixed; boundary="------------020500070408080304020907"
Cc: freebsd-net@freebsd.org
Subject: Re: VLAN problems
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Jan 2008 15:22:38 -0000

This is a multi-part message in MIME format.
--------------020500070408080304020907
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Alexandre Biancalana wrote:
> On 1/30/08, Tom Judge <tom@tomjudge.com> wrote:
> 
> ....
> 
>>>> Do you have any error messages on the console in dmesg?  ('cannot pad
>>>> short frame', 'unable to prepend vlan header' for example).
>>> no :(
>> Sorry I'm fresh out of ideas now...  Unless you could be should of ram
>> what does netstat -m look like?  Also you could look at changing
>> if_vlan.c to print the error number of the error if IFQ_HANDOFF fails.
> 
> Me too... This should be much simple... I can't imagine why so much
> trouble in this configuration, I have a similar setup with linux :(
> and have no problem at all...
> 
> # netstat -m
> 938/2347/3285 mbufs in use (current/cache/total)
> 936/1860/2796/32768 mbuf clusters in use (current/cache/total/max)
> 936/1860 mbuf+clusters out of packet secondary zone in use (current/cache)
> 0/0/0/0 4k (page size) jumbo clusters in use (current/cache/total/max)
> 0/0/0/0 9k jumbo clusters in use (current/cache/total/max)
> 0/0/0/0 16k jumbo clusters in use (current/cache/total/max)
> 2109K/4306K/6415K bytes allocated to network (current/cache/total)
> 0/3/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters)
> 0/0/0 requests for jumbo clusters denied (4k/9k/16k)
> 0/7/4544 sfbufs in use (current/peak/max)
> 0 requests for sfbufs denied
> 0 requests for sfbufs delayed
> 0 requests for I/O initiated by sendfile
> 229 calls to protocol drain routines
> 

Cant see any issues here.

> 
> Is the vlan solution designed to work with multiple concurrent 100M
> networks using the same Gbit interface ? or Am I thinking in a wrong ?
> 
> I want to have a central firewall in my network, filtering ALL the
> traffic between ALL internal networks and external links. I already
> done that using physical nics, ( I had one machine with 8 nic) but now
> I have one machine with 2 gigabit nics and want to configure multiple
> vlan on top this for the internal networks and external links.
> 
> Am I wrong to think that this should work ??

The concepts and configuration seems fine to me.

Do you by any change have Q-in-Q enabled anywhere on your network?

Could you try this patch (attached) to see what error you are getting 
from IFQ_HANDOFF?  (you will need to apply if from in sys/net and 
rebuild your kernel or vlan module).

Tom


--------------020500070408080304020907
Content-Type: text/x-patch;
 name="if_vlan.patch"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline;
 filename="if_vlan.patch"

--- if_vlan.c.orig	2008-01-30 15:09:46.000000000 +0000
+++ if_vlan.c	2008-01-30 15:20:29.000000000 +0000
@@ -864,10 +864,12 @@
 		 * We are already running at splimp.
 		 */
 		IFQ_HANDOFF(p, m, error);
-		if (!error)
+		if (!error) {
 			ifp->if_opackets++;
-		else
+        } else {
 			ifp->if_oerrors++;
+            if_printf(ifp, "error during IFQ_HANDOFF: %d\n", error);
+        }
 	}
 }
 

--------------020500070408080304020907--