Date: Tue, 4 Jun 2024 17:37:55 +0200 From: FreeBSD User <freebsd@walstatt-de.de> To: Alexander Leidinger <Alexander@Leidinger.net> Cc: FreeBSD CURRENT <freebsd-current@freebsd.org> Subject: Re: bridge: no traffic with vnet (epair) beyond bridge device Message-ID: <20240604173822.4c61c1b9@thor.intern.walstatt.dynvpn.de> In-Reply-To: <2433e25ebf6eae827bcd7912bbe27fbc@Leidinger.net> References: <20240603210231.64889de0@thor.intern.walstatt.dynvpn.de> <2433e25ebf6eae827bcd7912bbe27fbc@Leidinger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
--Sig_/VE/tBw9YatRgLz1elRFZIZB Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable Am Tue, 04 Jun 2024 09:36:38 +0200 Alexander Leidinger <Alexander@Leidinger.net> schrieb: > Am 2024-06-03 21:02, schrieb FreeBSD User: > > Hello, > >=20 > > I'm running a dual socket NUMA CURRENT host (Fujitsu RX host) running=20 > > several jails. Jails are > > attached to a bridge device (bridge1), the physical device on that=20 > > bridge is igb1 (i350 based > > NIC). The bridge is created via host's rc scripts, adding and/or=20 > > deleting epair members of the > > bridge is performed by the jail.conf script. > >=20 > > I do not know how long the setup worked, but out of the blue, last week= =20 > > after a longish > > poudriere run after updating the host to most recent CURRENT (as of=20 > > today, latest update > > kernel and world) and performing "etcupdate" on both the host and all=20 > > jails, traffic beyond > > the bridge is not seen on the network! All jails can communicate with=20 > > each other. Traffic from > > the host itself is routed via igb0 to network and back via igb1 onto=20 > > the bridge. > >=20 > > I check all setups for net.link.bridge: > >=20 > > net.link.bridge.ipfw: 0 > > net.link.bridge.log_mac_flap: 1 > > net.link.bridge.allow_llz_overlap: 0 > > net.link.bridge.inherit_mac: 0 > > net.link.bridge.log_stp: 0 > > net.link.bridge.pfil_local_phys: 0 > > net.link.bridge.pfil_member: 0 > > net.link.bridge.ipfw_arp: 0 > > net.link.bridge.pfil_bridge: 0 > > net.link.bridge.pfil_onlyip: 0 > >=20 > > I did not change anything (knowingly). > >=20 > > I also have an oldish box running single socket processor, also driven= =20 > > by the very same > > CURRENT and similar, but not identical setup. The box is running very=20 > > well and the bridge is > > working as expected. > >=20 > > I was wondering if something in detail has changed in the handling of=20 > > jails, epair and > > bridges. I followed the setup "after the book", nothing suspicious. =20 >=20 > "after the book" =3D the IP of the host itself is not on igb1 but on a=20 > different interface or on the bridge? >=20 > Is there a firewall active on the box itself? Which one? >=20 > What does wireshark / a traffic dump at the physical interface level=20 > tell compared to a traffic dump at the switch interface? Did you replace= =20 > the cable / SFP / move to a different switch port as a test? >=20 > I suggest to provide the output of ifconfig -a and netstat -rn (feel=20 > free to mangle the IPs, as long as the mangling is a consistent=20 > replacement and not a cut-off). >=20 > Bye, > Alexander. >=20 Hello Alexander and everybody brave enough reading my post. Somehow I managed it to let=20 "ifconfig_igb1=3D"up" disappear - I guess by accident when sneaking through the rc.conf file. igb1 is the physical device connecting to the network. The bridge is layer = 2 only, no IP, only the vnet-portions pointing towards the jail do have IPv6 and IPv4. The brid= ge has around 20 members, the last entry is igb1 - I never checked whether it is up ... Sorry! Kind regards, oh --=20 O. Hartmann --Sig_/VE/tBw9YatRgLz1elRFZIZB Content-Type: application/pgp-signature Content-Description: OpenPGP digital signature -----BEGIN PGP SIGNATURE----- iHUEARYKAB0WIQRQheDybVktG5eW/1Kxzvs8OqokrwUCZl807gAKCRCxzvs8Oqok r35SAQCBNJiUsss+3BvOWQVuOsh+QubxwWM3bYKs31WaSUWavAEA1I2EBw55S1J4 K8ThmAx1zZXHp6Dz8W4RA6KTcKD1Dwo= =fuxM -----END PGP SIGNATURE----- --Sig_/VE/tBw9YatRgLz1elRFZIZB--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20240604173822.4c61c1b9>