Date: Mon, 02 Mar 2015 08:44:47 +0000 From: "=?utf-8?B?TG/Dr2MgQmxvdA==?=" <loic.blot@unix-experience.fr> To: "Julian Elischer" <julian@freebsd.org>, freebsd-net@freebsd.org Subject: Re: fib issue with jails. Message-ID: <c75e82ebe1786b5e8c756abed4088aea@mail.unix-experience.fr> In-Reply-To: <54F4205D.1030405@freebsd.org> References: <54F4205D.1030405@freebsd.org> <bc15cc61e9557bd654cc90ed8d9a2234@mail.unix-experience.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Julian,=0A=0Awith tcpdump i see the packet on vlan136 but i don't see = it on lagg0, whereas it must appear.=0A=0Ait was working without vnet/vim= age before the reboot.=0A=0ARegards,=0A=0ALo=C3=AFc Blot,=0AUNIX Systems,= Network and Security Engineer=0Ahttp://www.unix-experience.fr=0A=0A2 mar= s 2015 09:33 "Julian Elischer" <julian@freebsd.org> a =C3=A9crit:=0A> On = 3/2/15 12:12 AM, Lo=C3=AFc Blot wrote:=0A> =0A>> Hello,=0A>> i'm trying t= o implement jails over multiples networks, using VLANs, with different de= fault=0A> routes.=0A>> The network stack is simple=0A>> =0A>> igb0-3 into= lagg0=0A>> vlan 10-30 over lagg0=0A>> jails over VLANs using a fib for e= ach VLAN (but no fib set on the VLAN iface itself)=0A>> =0A>> Whereas it = works for a week on my server, after a reboot, the outgoing packets aren'= t routed to=0A>> lagg and then outgoing requests doesn't work (like DNS r= equests), i don't find why.=0A>> =0A>> The fib is correctly set=0A>> =0A>= > /etc/rc.local:=0A>> setfib 1 route add -net 192.168.136.0/24 -iface vla= n136=0A>> setfib 1 route add default 192.168.136.254=0A>> =0A>> root@jh1:= ~ # setfib 1 netstat -rnfinet=0A>> Routing tables (fib: 1)=0A>> =0A>> Int= ernet:=0A>> Destination Gateway Flags Netif Expire=0A>> default 192.168.1= 36.254 UGS vlan136=0A>> 192.168.136.0/24 ac:16:2d:96:e5:04 US vlan136=0A>= > =0A>> and the jails are correctly configured:=0A>> =0A>> root@jh1:~ # c= at /var/run/jail.idevmysql.conf=0A>> # Generated by rc.d/jail at 2015-02-= 27 10:38:05=0A>> devmysql {=0A>> host.hostname =3D "devmysql.local.net";= =0A>> path =3D "/jails/dev/devmysql";=0A>> ip4.addr +=3D "vlan136|192.168= .136.50/32";=0A>> exec.fib =3D "1";=0A>> allow.raw_sockets =3D 0;=0A>> ex= ec.clean;=0A>> exec.system_user =3D "root";=0A>> exec.jail_user =3D "root= ";=0A>> exec.start +=3D "/bin/sh /etc/rc";=0A>> exec.stop =3D "";=0A>> ex= ec.consolelog =3D "/var/log/jail_idevmysql_console.log";=0A>> mount.fstab= =3D "/etc/fstab.idevmysql";=0A>> mount.devfs;=0A>> mount.fdescfs;=0A>> m= ount +=3D "procfs /jails/dev/idevmysql/proc procfs rw 0 0";=0A>> allow.mo= unt;=0A>> allow.set_hostname =3D 0;=0A>> allow.sysvipc =3D 0;=0A>> }=0A>>= =0A>> Routing is also enabled:=0A>> =0A>> root@jh1:~ # sysctl net.inet.i= p.forwarding=0A>> net.inet.ip.forwarding: 1=0A>> =0A>> If we are trying t= o contact the jail from an external host, for example with ansible, the S= SH=0A>> connection works very well but it seems outgoing initiated connec= tions are staying on vlan136 but=0A>> not forwarded to lagg0.=0A>> Have y= ou got any idea ?=0A> =0A> Can you explain in more depth, what you mean b= y that last bit?=0A> "staying on vlan136 but not forwarded to lagg0" .=0A= > I am not sure how you come to this idea and what you mean by it.=0A> = =0A> have you considered if you could use VIMAGE/VNET based jails?=0A> = =0A>> Thanks in advance=0A>> Regards,=0A>> =0A>> Lo=C3=AFc Blot,=0A>> UNI= X Systems, Network and Security Engineer=0A>> http://www.unix-experience.= fr (http://www.unix-experience.fr)=0A>>; _________________________________= ______________=0A>> freebsd-net@freebsd.org mailing list=0A>> http://list= s.freebsd.org/mailman/listinfo/freebsd-net=0A>> To unsubscribe, send any = mail to "freebsd-net-unsubscribe@freebsd.org"=0A> =0A> __________________= _____________________________=0A> freebsd-net@freebsd.org mailing list=0A= > http://lists.freebsd.org/mailman/listinfo/freebsd-net=0A>; To unsubscrib= e, send any mail to "freebsd-net-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c75e82ebe1786b5e8c756abed4088aea>