From owner-freebsd-net@freebsd.org  Sat Jul  4 18:59:53 2020
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 07AF9355BB4
 for <freebsd-net@mailman.nyi.freebsd.org>;
 Sat,  4 Jul 2020 18:59:53 +0000 (UTC)
 (envelope-from ask@develooper.com)
Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3])
 by mx1.freebsd.org (Postfix) with ESMTP id 49zh3D55Tbz436r
 for <freebsd-net@freebsd.org>; Sat,  4 Jul 2020 18:59:52 +0000 (UTC)
 (envelope-from ask@develooper.com)
Received: by mailman.nyi.freebsd.org (Postfix)
 id AEDC7355ACE; Sat,  4 Jul 2020 18:59:52 +0000 (UTC)
Delivered-To: net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id AEA6C355DA0
 for <net@mailman.nyi.freebsd.org>; Sat,  4 Jul 2020 18:59:52 +0000 (UTC)
 (envelope-from ask@develooper.com)
Received: from mx-out1.ewr1.develooper.com (mx-out1.ewr1.develooper.com
 [139.178.64.59])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 49zh3C4Mycz434g
 for <net@FreeBSD.org>; Sat,  4 Jul 2020 18:59:51 +0000 (UTC)
 (envelope-from ask@develooper.com)
Received: from mail.develooper.com (kw4.ewr1.develooper.com [147.75.199.153])
 (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by mx-out1.ewr1.develooper.com (Postfix) with ESMTPS id B1C266E03EA
 for <net@FreeBSD.org>; Sat,  4 Jul 2020 18:59:50 +0000 (UTC)
X-Virus-Scanned: Yes
From: =?utf-8?Q?Ask_Bj=C3=B8rn_Hansen?= <ask@develooper.com>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=develooper.com;
 s=mail; t=1593889189;
 bh=NIYbiw5b9MjUKpFpuV+v0LitdM7vn4i8MchSC5o2QQY=; h=From:Subject:To;
 b=k3Xqw++IoRP0GKr4QOeFAw2VQfQajXs/fGgMZ6NTDh+EvtdKrfgg46hA2BQYc8EsZ
 MOf5Tsgh4gxOPgQptF1rqsYvHaxmuIUsgAAVdooY6VKJTz+LJ2+TuRqPog/6hl5lKW
 ULOkV5cioibyL0LaVRWZ4JUQBDhEoZBqbsFD4W9eCEahTyxVaW93ZAbNaPgbn2swt1
 xc2vKiRSPZrEphKSTjd9qA3qzPOk0Rxla4pA72GnL0J1hyH8NTSDtxuz+gzjpWE3u3
 8dABOC0sFbnrO4VEd5QbC9HwGmdl35TZEavxIkZf8eLKcrGwUvqQwI/CErB69f2/cj
 GKvYMAXYxFJzA==
Content-Type: text/plain;
	charset=utf-8
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0
Subject: Bridge interface on VLAN not working
Message-Id: <0C059F66-B37D-4F9C-9B04-E7D8E2F5EDE3@develooper.com>
Date: Sat, 4 Jul 2020 11:59:47 -0700
To: "net@freebsd.org" <net@FreeBSD.org>
X-Rspamd-Queue-Id: 49zh3C4Mycz434g
X-Spamd-Bar: ------
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=develooper.com header.s=mail header.b=k3Xqw++I;
 dmarc=none;
 spf=pass (mx1.freebsd.org: domain of ask@develooper.com designates
 139.178.64.59 as permitted sender) smtp.mailfrom=ask@develooper.com
X-Spamd-Result: default: False [-6.87 / 15.00];
 RWL_MAILSPIKE_GOOD(0.00)[139.178.64.59:from]; MV_CASE(0.50)[];
 R_SPF_ALLOW(-0.20)[+ip4:139.178.64.59];
 DKIM_TRACE(0.00)[develooper.com:+];
 NEURAL_HAM_SHORT(-0.42)[-0.422]; FROM_EQ_ENVFROM(0.00)[];
 MIME_TRACE(0.00)[0:+]; R_MIXED_CHARSET(0.56)[subject];
 ASN(0.00)[asn:54825, ipnet:139.178.64.0/22, country:US];
 MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.01)[-1.005];
 R_DKIM_ALLOW(-0.20)[develooper.com:s=mail];
 RCVD_DKIM_ARC_DNSWL_HI(-1.00)[]; FROM_HAS_DN(0.00)[];
 TO_MATCH_ENVRCPT_ALL(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.003];
 MIME_GOOD(-0.10)[text/plain];
 PREVIOUSLY_DELIVERED(0.00)[net@freebsd.org];
 DMARC_NA(0.00)[develooper.com];
 DWL_DNSWL_HI(-3.50)[develooper.com:dkim];
 RCPT_COUNT_ONE(0.00)[1]; TO_DN_EQ_ADDR_ALL(0.00)[];
 RCVD_COUNT_TWO(0.00)[2]; RCVD_TLS_ALL(0.00)[];
 RCVD_IN_DNSWL_HI(-0.50)[139.178.64.59:from]
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Jul 2020 18:59:53 -0000

Hi everyone,

I had this working for months until a reboot either got things started =
up in a different order or cleared what I setup by hand (it=E2=80=99s a =
snowflake test/development system at home) and did whatever I=E2=80=99d =
actually configured.

I have a single trunk=E2=80=99ed (em) interface to the switch. The main =
network is untagged, and I have various tagged networks as well.  I was =
using the tagged networks in bhyve virtual machines.

(Some?) traffic doesn=E2=80=99t pass from the bridged tap interfaces (or =
from the bridge itself) to the vlan interface (em0.8 for example).  =
tcpdump shows lots of packets coming from the =E2=80=9Coutside=E2=80=9D =
and in, but for example if I do a ping from one of the tap interfaces =
then nothing shows up on the bridge interface (looking with tcpdump).

Another symptom is that if I move the =E2=80=9Chost IP=E2=80=9D from the =
em0.8 interface to the bridge interface that=E2=80=99s including em0.8 =
then I can no longer communicate with that IP from the rest of the =
network.

In the output below I can ping 192.168.53.42  from another system on =
VLAN 53 (outside this box) and I can ping 192.168.53.42  from another =
system on the bridge, but I can=E2=80=99t ping between the system =
outside this box and the VM on the bridge.

I=E2=80=99ve disabled pf everywhere.

As I mentioned, some traffic crosses but it seems like arp requests gets =
blocked somewhere?

I don=E2=80=99t think it=E2=80=99s the switch, because as long as I =
don=E2=80=99t use the bridge everything works fine. :-/

Any suggestions?  (or other debug output that=E2=80=99d be useful).


Ask



root@helgi:~ # ifconfig em0
em0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric =
0 mtu 1500
	=
options=3D812099<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN=
_HWFILTER>
	ether c0:3f:d5:6d:77:87
	inet 192.168.4.42 netmask 0xfffffc00 broadcast 192.168.7.255
	inet6 fe80::c23f:d5ff:fe6d:7787%em0 prefixlen 64 scopeid 0x1
	inet6 2601:647:4400:2f50:c23f:d5ff:fe6d:7787 prefixlen 64 =
autoconf
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
	nd6 options=3D23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
root@helgi:~ # ifconfig em0.53
em0.53: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> =
metric 0 mtu 1500
	options=3D1<RXCSUM>
	ether c0:3f:d5:6d:77:87
	inet 192.168.53.42 netmask 0xffffff00 broadcast 192.168.53.255
	inet6 fe80::c23f:d5ff:fe6d:7787%em0.53 prefixlen 64 scopeid 0x4
	groups: vlan
	vlan: 53 vlanpcp: 0 parent interface: em0
	media: Ethernet autoselect (1000baseT <full-duplex>)
	status: active
	nd6 options=3D23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
root@helgi:~ # ifconfig vm-dns
vm-dns: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 =
mtu 1500
	ether 66:28:db:a7:63:1b
	id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
	maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
	root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
	member: tap2 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
	        ifmaxaddr 0 port 10 priority 128 path cost 2000000
	member: em0.53 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
	        ifmaxaddr 0 port 4 priority 128 path cost 55
	groups: bridge vm-switch viid-b3bf6@
	nd6 options=3D1<PERFORMNUD>=