From owner-freebsd-net@FreeBSD.ORG Wed Jan 28 13:00:37 2015 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 327BB5E4 for ; Wed, 28 Jan 2015 13:00:37 +0000 (UTC) Received: from dragon.rutgers.edu (dragon.rutgers.edu [128.6.4.3]) by mx1.freebsd.org (Postfix) with ESMTP id EB0BAE7B for ; Wed, 28 Jan 2015 13:00:36 +0000 (UTC) X-ExtScanner: Niversoft's Regex Matcher X-Virus-Scanned: by dragon-cgpav-clamav-v1.3b Received: by dragon.rutgers.edu (CommuniGate Pro PIPE 6.0.11) with PIPE id 118667108; Wed, 28 Jan 2015 08:00:30 -0500 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on spamfilter4.cs.rutgers.edu X-Spam-ASN: X-Spam-Status: No, score=-32.4 required=5.0 tests=ALL_TRUSTED, BAYES_00, RUMAILX, RUMAILX2,RUMAILX3 shortcircuit=no autolearn=disabled version=3.3.1 X-Spam-Relay-Country: X-Spam-Language: en X-Spam-Level: Received: from [47.16.180.189] (account wkatsak@dragon.rutgers.edu HELO [172.30.1.5]) by dragon.rutgers.edu (CommuniGate Pro SMTP 6.0.11) with ESMTPSA id 118667104 for freebsd-net@freebsd.org; Wed, 28 Jan 2015 08:00:18 -0500 Message-ID: <54C8DD61.9040307@cs.rutgers.edu> Date: Wed, 28 Jan 2015 08:00:17 -0500 From: William Katsak User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.3.0 MIME-Version: 1.0 To: freebsd-net@freebsd.org Subject: Jails, VIMAGE, and VLANs Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Jan 2015 13:00:37 -0000 Hello, I am having a very frustrating issue with VIMAGE jails using VLANs on 10.1-RELEASE. I posted this earlier to the FreeBSD forum, then realized that this is probably a better place. Let me tell you about my issue: If I set up my jails using a regular ethernet interface (em0), a bridge, and epairs, everything works beautifully. All networking works as expected. However, if I try to do the exact same thing using a VLAN interface, everything ALMOST works, except for one thing: I cannot communicate between the host and the jail. I can ping in both directions, but nothing else. No TCP traffic seems to pass. To make it weirder, the jail can communicate perfectly with other machines on the VLAN, so the bridge itself seems to be (partially) working. I've checked routing tables, firewalls, everything. Nothing seems to make sense, except that something is broken either inside the bridge or the VIMAGE code. Again, if I keep the config exactly the same, but use em0 instead of em0.100, everything works. Does anyone have any ideas? Thanks in advance. -Bill -------------------------------------------------- Here is the offending bridge config: bridge1: flags=8843 metric 0 mtu 1500 ether 02:f1:2d:eb:f9:01 nd6 options=1 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: epair5a flags=143 ifmaxaddr 0 port 13 priority 128 path cost 2000 member: epair4a flags=143 ifmaxaddr 0 port 12 priority 128 path cost 2000 member: em0.100 flags=143 ifmaxaddr 0 port 4 priority 128 path cost 20000 -- **************************************** William Katsak Ph.D. Student Rutgers University Department of Computer Science ****************************************