From owner-freebsd-net@freebsd.org Sat Oct 5 05:12:07 2019 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 9E30FFF1CF for ; Sat, 5 Oct 2019 05:12:07 +0000 (UTC) (envelope-from lan@zato.ru) Received: from mail.zato.ru (mail.zato.ru [178.255.248.12]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mail.zato.ru", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 46lZc60jDPz4K4K for ; Sat, 5 Oct 2019 05:12:05 +0000 (UTC) (envelope-from lan@zato.ru) Received: from [82.209.121.13] (helo=[192.168.101.178]) by mail.zato.ru with esmtpsa (TLSv1.2:AES128-SHA:128) (Exim 4.84 (FreeBSD)) (envelope-from ) id 1iGcMN-0000zl-2P for freebsd-net@freebsd.org; Sat, 05 Oct 2019 08:12:04 +0300 To: freebsd-net@freebsd.org References: <213f9284-5ddd-4dbc-6631-f8592efa2995@zato.ru> <4A3381ED-7C78-48E2-BD1F-45B7A4A930CE@lists.zabbadoz.net> <20191004195316.GF96402@funkthat.com> From: Alexander Lunev Message-ID: Date: Sat, 5 Oct 2019 08:11:59 +0300 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 MIME-Version: 1.0 In-Reply-To: <20191004195316.GF96402@funkthat.com> Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: ru Content-Transfer-Encoding: 7bit X-SA-Exim-Connect-IP: 82.209.121.13 X-SA-Exim-Mail-From: lan@zato.ru X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on mail.zato.local X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=ALL_TRUSTED autolearn=unavailable autolearn_force=no version=3.4.2 Subject: Re: VLAN+bridge problem [was: no network between jails and host with VNET on same interface] X-SA-Exim-Version: 4.2 X-SA-Exim-Scanned: Yes (on mail.zato.ru) X-Rspamd-Queue-Id: 46lZc60jDPz4K4K X-Spamd-Bar: ------ X-Spamd-Result: default: False [-6.71 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; R_DKIM_ALLOW(-0.20)[zato.ru:s=mailserverdkimkey]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:178.255.248.12]; TO_MATCH_ENVRCPT_ALL(0.00)[]; MIME_GOOD(-0.10)[text/plain]; TO_DN_NONE(0.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0]; RCPT_COUNT_ONE(0.00)[1]; DKIM_TRACE(0.00)[zato.ru:+]; DMARC_POLICY_ALLOW(-0.50)[zato.ru,reject]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; IP_SCORE(-3.71)[ip: (-9.78), ipnet: 178.255.248.0/24(-4.89), asn: 56868(-3.91), country: RU(0.01)]; ASN(0.00)[asn:56868, ipnet:178.255.248.0/24, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 05 Oct 2019 05:12:07 -0000 > You can create an epair, add it to the bridge, and then vlan the epair > successfully. I've had to do that myself. The problem is when you bridge this epair with physical interface (say, igb1) and try to send from epair's vlan interface to igb1's vlan. It's hard to test it on host without jails, you need to put one of epair interface to jail as VNET interface, and then try to ping from jail's vlan interface host's vlan interface - ping will not pass. But strange thing - one jail can ping another jail in the same vlan, but they're can't ping host and host can't ping jails. -- Best regards Alexander Lunev