From owner-freebsd-net@FreeBSD.ORG Mon Mar 2 08:44:56 2015 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 7A793D12; Mon, 2 Mar 2015 08:44:56 +0000 (UTC) Received: from smtp.unix-experience.fr (195-154-176-227.rev.poneytelecom.eu [195.154.176.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 11EECB5; Mon, 2 Mar 2015 08:44:55 +0000 (UTC) Received: from smtp.unix-experience.fr (unknown [192.168.200.21]) by smtp.unix-experience.fr (Postfix) with ESMTP id 760492B4B4; Mon, 2 Mar 2015 08:44:50 +0000 (UTC) X-Virus-Scanned: scanned by unix-experience.fr Received: from smtp.unix-experience.fr ([192.168.200.21]) by smtp.unix-experience.fr (smtp.unix-experience.fr [192.168.200.21]) (amavisd-new, port 10024) with ESMTP id Bo78quvgygev; Mon, 2 Mar 2015 08:44:48 +0000 (UTC) Received: from mail.unix-experience.fr (repo.unix-experience.fr [192.168.200.30]) by smtp.unix-experience.fr (Postfix) with ESMTPSA id 451732B49E; Mon, 2 Mar 2015 08:44:48 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=unix-experience.fr; s=uxselect; t=1425285888; bh=OJ+63TACYhRS2bEbwN4t5k6qOgaUFptG7JI1MBrIJ8w=; h=Date:From:Subject:To:In-Reply-To:References; b=pLsNt3RVnDqatoS9L3pGQZJc1Toz/jlM+zJVT8rd6TD6kL0chNwx8I7LioTKH2G4e 6aW+j0w2ZMSunM98961Av4p1hB2+XcrzH8ZLticdjI/59GDA3MWyZ0d7RDnSfouAhO vK8ISHLIz7MMfn4p6ohUs5avpg9+4vJSw+YQrBEk= Mime-Version: 1.0 Date: Mon, 02 Mar 2015 08:44:47 +0000 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Message-ID: X-Mailer: RainLoop/1.8.0.250 From: "=?utf-8?B?TG/Dr2MgQmxvdA==?=" Subject: Re: fib issue with jails. To: "Julian Elischer" , freebsd-net@freebsd.org In-Reply-To: <54F4205D.1030405@freebsd.org> References: <54F4205D.1030405@freebsd.org> X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 02 Mar 2015 08:44:56 -0000 Hi Julian,=0A=0Awith tcpdump i see the packet on vlan136 but i don't see = it on lagg0, whereas it must appear.=0A=0Ait was working without vnet/vim= age before the reboot.=0A=0ARegards,=0A=0ALo=C3=AFc Blot,=0AUNIX Systems,= Network and Security Engineer=0Ahttp://www.unix-experience.fr=0A=0A2 mar= s 2015 09:33 "Julian Elischer" a =C3=A9crit:=0A> On = 3/2/15 12:12 AM, Lo=C3=AFc Blot wrote:=0A> =0A>> Hello,=0A>> i'm trying t= o implement jails over multiples networks, using VLANs, with different de= fault=0A> routes.=0A>> The network stack is simple=0A>> =0A>> igb0-3 into= lagg0=0A>> vlan 10-30 over lagg0=0A>> jails over VLANs using a fib for e= ach VLAN (but no fib set on the VLAN iface itself)=0A>> =0A>> Whereas it = works for a week on my server, after a reboot, the outgoing packets aren'= t routed to=0A>> lagg and then outgoing requests doesn't work (like DNS r= equests), i don't find why.=0A>> =0A>> The fib is correctly set=0A>> =0A>= > /etc/rc.local:=0A>> setfib 1 route add -net 192.168.136.0/24 -iface vla= n136=0A>> setfib 1 route add default 192.168.136.254=0A>> =0A>> root@jh1:= ~ # setfib 1 netstat -rnfinet=0A>> Routing tables (fib: 1)=0A>> =0A>> Int= ernet:=0A>> Destination Gateway Flags Netif Expire=0A>> default 192.168.1= 36.254 UGS vlan136=0A>> 192.168.136.0/24 ac:16:2d:96:e5:04 US vlan136=0A>= > =0A>> and the jails are correctly configured:=0A>> =0A>> root@jh1:~ # c= at /var/run/jail.idevmysql.conf=0A>> # Generated by rc.d/jail at 2015-02-= 27 10:38:05=0A>> devmysql {=0A>> host.hostname =3D "devmysql.local.net";= =0A>> path =3D "/jails/dev/devmysql";=0A>> ip4.addr +=3D "vlan136|192.168= .136.50/32";=0A>> exec.fib =3D "1";=0A>> allow.raw_sockets =3D 0;=0A>> ex= ec.clean;=0A>> exec.system_user =3D "root";=0A>> exec.jail_user =3D "root= ";=0A>> exec.start +=3D "/bin/sh /etc/rc";=0A>> exec.stop =3D "";=0A>> ex= ec.consolelog =3D "/var/log/jail_idevmysql_console.log";=0A>> mount.fstab= =3D "/etc/fstab.idevmysql";=0A>> mount.devfs;=0A>> mount.fdescfs;=0A>> m= ount +=3D "procfs /jails/dev/idevmysql/proc procfs rw 0 0";=0A>> allow.mo= unt;=0A>> allow.set_hostname =3D 0;=0A>> allow.sysvipc =3D 0;=0A>> }=0A>>= =0A>> Routing is also enabled:=0A>> =0A>> root@jh1:~ # sysctl net.inet.i= p.forwarding=0A>> net.inet.ip.forwarding: 1=0A>> =0A>> If we are trying t= o contact the jail from an external host, for example with ansible, the S= SH=0A>> connection works very well but it seems outgoing initiated connec= tions are staying on vlan136 but=0A>> not forwarded to lagg0.=0A>> Have y= ou got any idea ?=0A> =0A> Can you explain in more depth, what you mean b= y that last bit?=0A> "staying on vlan136 but not forwarded to lagg0" .=0A= > I am not sure how you come to this idea and what you mean by it.=0A> = =0A> have you considered if you could use VIMAGE/VNET based jails?=0A> = =0A>> Thanks in advance=0A>> Regards,=0A>> =0A>> Lo=C3=AFc Blot,=0A>> UNI= X Systems, Network and Security Engineer=0A>> http://www.unix-experience.= fr (http://www.unix-experience.fr)=0A>> _________________________________= ______________=0A>> freebsd-net@freebsd.org mailing list=0A>> http://list= s.freebsd.org/mailman/listinfo/freebsd-net=0A>> To unsubscribe, send any = mail to "freebsd-net-unsubscribe@freebsd.org"=0A> =0A> __________________= _____________________________=0A> freebsd-net@freebsd.org mailing list=0A= > http://lists.freebsd.org/mailman/listinfo/freebsd-net=0A> To unsubscrib= e, send any mail to "freebsd-net-unsubscribe@freebsd.org"