Date: Tue, 4 Jun 2024 17:37:55 +0200 From: FreeBSD User <freebsd@walstatt-de.de> To: Alexander Leidinger <Alexander@Leidinger.net> Cc: FreeBSD CURRENT <freebsd-current@freebsd.org> Subject: Re: bridge: no traffic with vnet (epair) beyond bridge device Message-ID: <20240604173822.4c61c1b9@thor.intern.walstatt.dynvpn.de> In-Reply-To: <2433e25ebf6eae827bcd7912bbe27fbc@Leidinger.net> References: <20240603210231.64889de0@thor.intern.walstatt.dynvpn.de> <2433e25ebf6eae827bcd7912bbe27fbc@Leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] Am Tue, 04 Jun 2024 09:36:38 +0200 Alexander Leidinger <Alexander@Leidinger.net> schrieb: > Am 2024-06-03 21:02, schrieb FreeBSD User: > > Hello, > > > > I'm running a dual socket NUMA CURRENT host (Fujitsu RX host) running > > several jails. Jails are > > attached to a bridge device (bridge1), the physical device on that > > bridge is igb1 (i350 based > > NIC). The bridge is created via host's rc scripts, adding and/or > > deleting epair members of the > > bridge is performed by the jail.conf script. > > > > I do not know how long the setup worked, but out of the blue, last week > > after a longish > > poudriere run after updating the host to most recent CURRENT (as of > > today, latest update > > kernel and world) and performing "etcupdate" on both the host and all > > jails, traffic beyond > > the bridge is not seen on the network! All jails can communicate with > > each other. Traffic from > > the host itself is routed via igb0 to network and back via igb1 onto > > the bridge. > > > > I check all setups for net.link.bridge: > > > > net.link.bridge.ipfw: 0 > > net.link.bridge.log_mac_flap: 1 > > net.link.bridge.allow_llz_overlap: 0 > > net.link.bridge.inherit_mac: 0 > > net.link.bridge.log_stp: 0 > > net.link.bridge.pfil_local_phys: 0 > > net.link.bridge.pfil_member: 0 > > net.link.bridge.ipfw_arp: 0 > > net.link.bridge.pfil_bridge: 0 > > net.link.bridge.pfil_onlyip: 0 > > > > I did not change anything (knowingly). > > > > I also have an oldish box running single socket processor, also driven > > by the very same > > CURRENT and similar, but not identical setup. The box is running very > > well and the bridge is > > working as expected. > > > > I was wondering if something in detail has changed in the handling of > > jails, epair and > > bridges. I followed the setup "after the book", nothing suspicious. > > "after the book" = the IP of the host itself is not on igb1 but on a > different interface or on the bridge? > > Is there a firewall active on the box itself? Which one? > > What does wireshark / a traffic dump at the physical interface level > tell compared to a traffic dump at the switch interface? Did you replace > the cable / SFP / move to a different switch port as a test? > > I suggest to provide the output of ifconfig -a and netstat -rn (feel > free to mangle the IPs, as long as the mangling is a consistent > replacement and not a cut-off). > > Bye, > Alexander. > Hello Alexander and everybody brave enough reading my post. Somehow I managed it to let "ifconfig_igb1="up" disappear - I guess by accident when sneaking through the rc.conf file. igb1 is the physical device connecting to the network. The bridge is layer 2 only, no IP, only the vnet-portions pointing towards the jail do have IPv6 and IPv4. The bridge has around 20 members, the last entry is igb1 - I never checked whether it is up ... Sorry! Kind regards, oh -- O. Hartmann [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRQheDybVktG5eW/1Kxzvs8OqokrwUCZl807gAKCRCxzvs8Oqok r35SAQCBNJiUsss+3BvOWQVuOsh+QubxwWM3bYKs31WaSUWavAEA1I2EBw55S1J4 K8ThmAx1zZXHp6Dz8W4RA6KTcKD1Dwo= =fuxM -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20240604173822.4c61c1b9>