From owner-freebsd-virtualization@freebsd.org Tue Oct 20 09:37:14 2020 Return-Path: Delivered-To: freebsd-virtualization@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 39EF042BA0B for ; Tue, 20 Oct 2020 09:37:14 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from mail.punkt.de (mail.punkt.de [IPv6:2a00:b580:8000:11:1c6b:7032:35e9:5616]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4CFpS91s78z44fp for ; Tue, 20 Oct 2020 09:37:13 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from [217.29.46.75] (kagate.punkt.de [217.29.33.131]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.punkt.de (Postfix) with ESMTPSA id 7D3DB1024E for ; Tue, 20 Oct 2020 11:37:10 +0200 (CEST) Subject: Re: When is a switch not a switch? Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.17\)) Content-Type: multipart/signed; boundary="Apple-Mail=_D80FB223-AB2E-4B54-8905-F9131EDC930A"; protocol="application/pgp-signature"; micalg=pgp-sha256 From: "Patrick M. Hausen" Resent-From: "Patrick M. Hausen" In-Reply-To: <3ed627e2-d99a-107e-4135-8aef1ad4ec71@druid.net> Date: Tue, 20 Oct 2020 11:36:27 +0200 Resent-Date: Tue, 20 Oct 2020 11:37:10 +0200 Message-Id: <30A67F82-312E-4651-A5E7-2E2AD926FF24@punkt.de> Resent-To: freebsd-virtualization@freebsd.org References: <57c32e6d-5572-3d3b-1a57-f3064bee7dc2@druid.net> <20201020065630.GE8272@funkthat.com> <3ed627e2-d99a-107e-4135-8aef1ad4ec71@druid.net> To: D'Arcy Cain X-Mailer: Apple Mail (2.3445.104.17) X-Rspamd-Queue-Id: 4CFpS91s78z44fp X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of hausen@punkt.de designates 2a00:b580:8000:11:1c6b:7032:35e9:5616 as permitted sender) smtp.mailfrom=hausen@punkt.de X-Spamd-Result: default: False [-0.13 / 15.00]; ARC_NA(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; FORGED_RECIPIENTS(2.00)[darcy@druid.net,freebsd-virtualization@freebsd.org]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:b580::/32:c]; MV_CASE(0.50)[]; MIME_GOOD(-0.20)[multipart/signed,text/plain]; HAS_ATTACHMENT(0.00)[]; DMARC_NA(0.00)[punkt.de]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.01)[-1.013]; NEURAL_HAM_MEDIUM(-0.68)[-0.675]; TO_DN_ALL(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; NEURAL_SPAM_SHORT(0.46)[0.458]; SIGNED_PGP(-2.00)[]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+,1:+,2:~]; ASN(0.00)[asn:16188, ipnet:2a00:b580::/32, country:DE]; SUBJECT_ENDS_QUESTION(1.00)[]; MAILMAN_DEST(0.00)[freebsd-virtualization]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-virtualization@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion of various virtualization techniques FreeBSD supports." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 20 Oct 2020 09:37:14 -0000 --Apple-Mail=_D80FB223-AB2E-4B54-8905-F9131EDC930A Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 Hi all, > Am 20.10.2020 um 11:28 schrieb D'Arcy Cain : >=20 > On 10/20/20 4:36 AM, Patrick M. Hausen wrote: >> It's officially documented here: >> = https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridgin= g.html >=20 > I did see that. Does that mean that I don't even need to create = switches at all? What is a switch in this context? I use bridge interfaces to connect = jails via epair and VMs via tap. >> "If the bridge host needs an IP address, set it on the bridge = interface, not on the member interfaces." >=20 > But I don't necessarily need an IP on the bridge itself, right? Depends ;-) If the host has got e.g. em0 with an IP address and you want to make that physical interface part of e.g. bridge0 as well as all the VMs so = they can communicate on the wire ... you *must* move the IP address config from em0 to bridge0 and configure em0 "up". If em0 does not have an IP address on the host and should be used exclusively for VMs, then the bridge does not need an IP address, = either. Still you need to configure em0 "up". And additionally ... - you should disable all hardware acceleration features on the physical = interface - if you are using pf you should move the rule processing from the = members to the bridge like so: sysctl net.link.bridge.pfil_member=3D0 sysctl net.link.bridge.pfil_bridge=3D1 HTH, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de info@punkt.de AG Mannheim 108285 Gesch=C3=A4ftsf=C3=BChrer: J=C3=BCrgen Egeling, Daniel Lienert, Fabian = Stein --Apple-Mail=_D80FB223-AB2E-4B54-8905-F9131EDC930A Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQEzBAEBCAAdFiEEgzqrjO/mj9CSsTg2kG8u4u3aiVwFAl+Or8YACgkQkG8u4u3a iVyFjAf/T88YLm/BFeinpFnSV6yM2I1dXYG82Ife51J+E49k/oqQL8fo6I3wayQ4 hQLyuhldm3OiCJqWFzY+64hFdvEZ7GkJQDmiyRQZXpK1hUuJAvizC/xnv9AOfjss UevXItXoSfr+gDSJ1zEzyBYvNpI9EVe9dMsmafWorzBAc38+S8DPPIEn1hLbyMv/ A5oz6baX0P5bWY68mYNjiieeL07tQzbzfCMPXtmObxW5u+rpLd7d+qqnsvjCm0Hr XMm0ETCN9ktDbw02CSeSH0qbaNI17n09eMknejFz61xvhGTJbGSk2myKZ6JoBCw+ /Ywg1OZfGC3Kl4h0i0ONWjOca6zDXQ== =7nL1 -----END PGP SIGNATURE----- --Apple-Mail=_D80FB223-AB2E-4B54-8905-F9131EDC930A--