Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 02 Oct 2019 09:21:56 +0000
From:      "Bjoern A. Zeeb" <bzeeb-lists@lists.zabbadoz.net>
To:        "Alexander N. Lunev" <lan@zato.ru>
Cc:        freebsd-net@freebsd.org
Subject:   Re: VLAN+bridge problem [was: no network between jails and host with VNET on same interface]
Message-ID:  <4A3381ED-7C78-48E2-BD1F-45B7A4A930CE@lists.zabbadoz.net>
In-Reply-To: <213f9284-5ddd-4dbc-6631-f8592efa2995@zato.ru>
References:  <213f9284-5ddd-4dbc-6631-f8592efa2995@zato.ru>

next in thread | previous in thread | raw e-mail | index | archive | help
On 27 Sep 2019, at 13:31, Alexander N. Lunev via freebsd-net wrote:

> Hello everyone!
>
> I have a strange connectivity problem on jails with VNET networking.
>
> I've deployed a jail system with VNET networking on a server with 
> FreeBSD 12.0-RELEASE-p10. Jails are working fine, can reach out outer 
> network and each other, but there's no connectivity between host and 
> jails.
>
> Server is connected to switch trunk port by igb1 interface, which is 
> bridged with epairXa interfaces in bridge0, while jails using epairXb 
> interfaces (they are renamed to jail0 in each jail to simplify 
> things).
>
>
> =======  host =============================
>     [igb1]-----------------------\
>        |                     +---------+
>  [vlan4 (10.1.1.247)]        |         |
>                              | bridge0 |
>  /--[epair1a]----------------|         |
> /                            +---------+
> | /-[epair0a]--------------------/
> | |
> =====  jail1_filter2 ======================
> | \-[jail0(ex-epair0b)]
> |     |
> |     [vlan4 (10.1.1.26)]
> =====  jail2_noc ==========================
> \-[jail0(ex-epair1b)]
>     |
>     [vlan4 (10.1.1.201)]
> ===========================================
>
>
> On the host and in every jail i have a vlan4 interface, and here's 
> addresses for those vlan4 interfaces:
>
> host@vlan4:          10.1.1.247
> jail1_filter2@vlan4: 10.1.1.26
> jail2_noc@vlan4:     10.1.1.201
>
> Host can't ping jails, but can ping outer world. Jails can ping each 
> other and outer world, but not host - "ping: sendto: Host is down", 
> there's no ARP entry for host' vlan4 address.
>
> I've tried to add static arp entry for 10.1.1.247 in jails - with no 
> success (arp is added, network still not working).
>
> Host and both jails have firewall_type=OPEN configured.
>
> What is wrong here?


I believe the problem here is not jail specific at all.  I’d assume, 
the same would happen in other scenarios where you bridge on the host to 
another interface.

I am assuming the VLAN interface output routine calls the igb1 output 
routine and the bridge never sees that packet but I haven’t looked at 
the vlan code in a long time.

My best guess would be to try to create the VLAN interface on the host 
upon the bridge and not upon the physical interface.  Can you try that 
and see if that works?


/bz








Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4A3381ED-7C78-48E2-BD1F-45B7A4A930CE>