Date: Fri, 29 Apr 2022 07:17:23 +0000 From: Benoit Chesneau <benoitc@enki-multimedia.eu> To: "freebsd-net@FreeBSD.org" <freebsd-net@FreeBSD.org> Subject: issue with ng_vlan nomatch connected to the bridge Message-ID: <WCMWeElRlitmBpR68L1E5-wTHGnQNMUx6ugOY-UW9qx3arF63kTS7g2P6Rzxyq1BiLZLu9DRbKylaHSvi9hBWjN-fuT35KD_KyXwq7Sx2BI=@enki-multimedia.eu>
next in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] I have an issue with the way the nomatch hook is working. I have linked the nomatch hook from a lan to a bridge but I can only get the native vlan in it. I can't even ping new link added to this bridge. Maybe I am missing some connection? My goal is to be able to catch non filtered vlan in an ng_bridge so I can use them (an dpass newcreated vlan) from a firewall vm in bhyve. Following the advice of a previous thread, I have created a vlan peer over the lagg0 created using ifconfig and 3 bridge, 2 connected to filtered vlan (102 and 200) and 1 to nomatch. This is sumarised in the following diagram: https://imgur.com/a/aDfUQz6 The configuration is the following: ``` mkpeer lagg0: vlan lower downstream name lagg0:lower vlan0 mkpeer vlan0: bridge 102 link0 mkpeer vlan0: bridge 200 link0 mkpeer vlan0: bridge nomatch link0 msg vlan0: addfilter { vid=102 hook="102" } msg vlan0: addfilter { vid=200 hook="200" } name vlan0:102 bgpnet name vlan0:200 services name vlan0:nomatch public msg lagg0: setpromisc 1msg lagg0: setautosrc 0 ``` Should I connect the nomatch bridge to downstream or anything else? Why Can't I ping the VM connected to that bridge while it can get its IP using DHCP? Any help is welcome :) Benoît [-- Attachment #2 --] <div style="font-family: arial; font-size: 14px;">I have an issue with the way the nomatch hook is working. I have linked the nomatch hook from a lan to a bridge but I can only get the native vlan in it. I can't even ping new link added to this bridge. <span style="caret-color:rgb(0, 0, 0);background-color:rgb(255, 255, 255);display:inline !important">Maybe I am missing some connection?<span> </span></span></div><div style="font-family: arial; font-size: 14px;"><br></div><div style="font-family: arial; font-size: 14px;">My goal is to be able to catch non filtered vlan in an ng_bridge so I can use them (an dpass newcreated vlan) from a firewall vm in bhyve. </div><div style="font-family: arial; font-size: 14px;"><br></div><div style="font-family: arial; font-size: 14px;">Following the advice of a previous thread, I have created a vlan peer over the lagg0 created using ifconfig and 3 bridge, 2 connected to filtered vlan (102 and 200) and 1 to nomatch. This is sumarised in the following diagram: <a target="_blank" rel="noreferrer nofollow noopener" href="https://imgur.com/a/aDfUQz6">https://imgur.com/a/aDfUQz6</a></div><div style="font-family: arial; font-size: 14px;"><br></div><div style="font-family: arial; font-size: 14px;">The configuration is the following:</div><div style="font-family: arial; font-size: 14px;"><br></div><div style="font-family: arial; font-size: 14px;">```</div><div style="font-family: arial; font-size: 14px;"><span>mkpeer lagg0: vlan lower downstream</span><div><span>name lagg0:lower vlan0</span></div><div><span>mkpeer vlan0: bridge 102 link0</span></div><div><span>mkpeer vlan0: bridge 200 link0</span></div><div><span>mkpeer vlan0: bridge nomatch link0</span></div><div><span>msg vlan0: addfilter { vid=102 hook="102" }</span></div><div><span>msg vlan0: addfilter { vid=200 hook="200" }</span></div><div><span>name vlan0:102 bgpnet</span></div><div><span>name vlan0:200 services</span></div><div><span>name vlan0:nomatch public</span></div><div><span>msg lagg0: setpromisc 1</span></div><span>msg lagg0: setautosrc 0</span><br></div><div style="font-family: arial; font-size: 14px;"><span><br></span></div><div style="font-family: arial; font-size: 14px;">```</div><div style="font-family: arial; font-size: 14px;"><br></div><div style="font-family: arial; font-size: 14px;">Should I connect the nomatch bridge to downstream or anything else? Why Can't I ping the VM connected to that bridge while it can get its IP using DHCP?</div><div style="font-family: arial; font-size: 14px;"><br></div><div style="font-family: arial; font-size: 14px;">Any help is welcome :)</div><div style="font-family: arial; font-size: 14px;"><br></div> <div class="protonmail_signature_block" style="font-family: arial; font-size: 14px;"> <div class="protonmail_signature_block-user"> <div style="font-style:normal;font-weight:normal;letter-spacing:normal;text-indent:0px;text-transform:none;white-space:normal;word-spacing:0px;text-decoration:none;color:rgb(0,0,0);font-family:Helvetica;font-size:12px;">Benoît</div></div> </div>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?WCMWeElRlitmBpR68L1E5-wTHGnQNMUx6ugOY-UW9qx3arF63kTS7g2P6Rzxyq1BiLZLu9DRbKylaHSvi9hBWjN-fuT35KD_KyXwq7Sx2BI=>