Date: Mon, 24 Apr 2023 18:54:41 +0300 From: George Kontostanos <gkontos.mail@gmail.com> To: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: Host address zero vs bridge, carp and nat Message-ID: <CA%2BdUSyoH7AFfDMbkcE2NUYF0bcMwGwCtfjCET0K3Y83FMVfWPg@mail.gmail.com> In-Reply-To: <BFC2AEDB-4245-4B01-BBC0-9582D5CAC63E@gid.co.uk> References: <BFC2AEDB-4245-4B01-BBC0-9582D5CAC63E@gid.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
unsubscribe On Mon, Apr 24, 2023 at 1:00=E2=80=AFAM Bob Bishop <rb@gid.co.uk> wrote: > > Hi, > > We=E2=80=99re commissioning a new router build here based on 13.2-RC5 (ba= d timing) and it seems that something is amiss when using host address zero= with this combination. More precisely, this setup: > > igb1: flags=3D8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric= 0 mtu 1500 > options=3D4e523bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU= ,VLAN_HWCSUM,TSO4,TSO6,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSU= M_IPV6,NOMAP> > ether 00:0d:b9:5f:0f:31 > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active > nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> > igb2: flags=3D8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric= 0 mtu 1500 > options=3D4e523bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU= ,VLAN_HWCSUM,TSO4,TSO6,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSU= M_IPV6,NOMAP> > ether 00:0d:b9:5f:0f:32 > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active > nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> > > bridge0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> met= ric 0 mtu 1500 > ether 00:0d:b9:5f:0f:31 > inet x.y.z.0 netmask 0xffffffe0 broadcast x.y.z.31 > inet x.y.z.10 netmask 0xffffffe0 broadcast x.y.z.31 vhid 11 > inet x.y.z.11 netmask 0xffffffe0 broadcast x.y.z.31 vhid 11 > id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 > maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > member: igb2 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> > ifmaxaddr 0 port 3 priority 128 path cost 2000000 > member: igb1 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> > ifmaxaddr 0 port 2 priority 128 path cost 2000000 > groups: bridge > carp: MASTER vhid 11 advbase 1 advskew 100 > nd6 options=3D9<PERFORMNUD,IFDISABLED> > > > doesn=E2=80=99t pass traffic through the bridge. The NAT is in-kernel via= ipfw and there are firewall rules in play but they do not seem to be a fac= tor. > > Change the primary address on the bridge to eg x.y.z.13 and everything wo= rks. carp failover seem to work OK with the zero host in spite of not passi= ng traffic. > > We only found this because in live we=E2=80=99ll have a /29 and we are go= ing to run out of addresses if we can=E2=80=99t use zero. The bridge is req= uired to avoid using a switch upstream where we have two routers on redunda= nt fibres using VRRP. > > We will solve this by getting a bigger allocation upstream unless anyone = has any bright ideas, in default of which I=E2=80=99ll raise a bug report. > > -- > Bob Bishop > rb@gid.co.uk > > > > > --=20 George Kontostanos ---
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BdUSyoH7AFfDMbkcE2NUYF0bcMwGwCtfjCET0K3Y83FMVfWPg>