From owner-freebsd-net@freebsd.org  Thu Oct  5 08:07:06 2017
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 36077E3032E
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Thu,  5 Oct 2017 08:07:06 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from hz.grosbein.net (hz.grosbein.net [78.47.246.247])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "hz.grosbein.net", Issuer "hz.grosbein.net" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id D4F7164A2E
 for <freebsd-net@freebsd.org>; Thu,  5 Oct 2017 08:07:05 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from eg.sd.rdtc.ru (root@eg.sd.rdtc.ru [62.231.161.221] (may be
 forged))
 by hz.grosbein.net (8.15.2/8.15.2) with ESMTPS id v9586uhg033026
 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NOT);
 Thu, 5 Oct 2017 10:06:57 +0200 (CEST)
 (envelope-from eugen@grosbein.net)
X-Envelope-From: eugen@grosbein.net
X-Envelope-To: rainer@ultra-secure.de
Received: from eg.sd.rdtc.ru (eugen@localhost [127.0.0.1])
 by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTP id v9586olD055987;
 Thu, 5 Oct 2017 15:06:50 +0700 (+07)
 (envelope-from eugen@grosbein.net)
Subject: Re: lagg interface doesn't work
To: Rainer Duffner <rainer@ultra-secure.de>, freebsd-net@freebsd.org
References: <F95A6802-8EC3-4027-8AA0-B38118F9A8D9@ultra-secure.de>
From: Eugene Grosbein <eugen@grosbein.net>
X-Enigmail-Draft-Status: N1110
Message-ID: <59D5E81A.5080700@grosbein.net>
Date: Thu, 5 Oct 2017 15:06:50 +0700
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:38.0) Gecko/20100101
 Thunderbird/38.4.0
MIME-Version: 1.0
In-Reply-To: <F95A6802-8EC3-4027-8AA0-B38118F9A8D9@ultra-secure.de>
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-Spam-Status: Yes, score=5.5 required=5.0 tests=BAYES_00, DATE_IN_FUTURE_96_Q,
 LOCAL_FROM,RDNS_NONE autolearn=no autolearn_force=no version=3.4.1
X-Spam-Report: * 3.3 DATE_IN_FUTURE_96_Q Date: is 4 days to 4 months after
 Received: date
 * -2.3 BAYES_00 BODY: Bayes spam probability is 0 to 1%
 *      [score: 0.0000] *  2.6 LOCAL_FROM From my domains
 *  1.9 RDNS_NONE Delivered to internal network by a host with no rDNS
X-Spam-Checker-Version: SpamAssassin 3.4.1 (2015-04-28) on hz.grosbein.net
X-Spam-Flag: YES
X-Spam-Level: *****
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.23
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Oct 2017 08:07:06 -0000

On 05.10.2017 03:25, Rainer Duffner wrote:
> Hi,
> 
> I’m trying to get a lagg(4) setup going.
> 
> This has previously been a linux host, which had to be replace on short notice.
> 
> I’ve rarely used lagg(4).
> 
> 
> Basically, we have two trunk-ports with a bunch of clans that needs to go over two 10G interface (bxe(4)).
> 
> The switch is a Cisco switch, I don’t know the exact firmware revision - I don’t configure the switches here, this a cut and paste from the admin.
> 
> The previous Linux server used „passive“ mode - it seems FreeBSD does not do that?
> 
> ***
> 
> Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M),
> 
> !
> 
> !
> 
> interface Port-channel121
> description server-prod.front
> switchport
> switchport trunk allowed vlan 2000,2002,2004,2007,2012,2014
> switchport mode trunk
> mtu 9170
> spanning-tree portfast trunk
> end
> 
> !
> 
> !
> 
> interface TenGigabitEthernet1/1/15
> description server-prod.front-1.1
> switchport trunk allowed vlan 2000,2002,2004,2007,2012,2014
> switchport mode trunk
> mtu 9170
> channel-group 121 mode active
> spanning-tree portfast trunk
> end
> 
> !
> 
> interface TenGigabitEthernet2/1/15
> description server-prod.front-2.1
> switchport trunk allowed vlan 2000,2002,2004,2007,2012,2014
> switchport mode trunk
> mtu 9170
> channel-group 121 mode active
> spanning-tree portfast trunk
> end
> 
> 
> On the FreeBSD-side (11.1-AMD64), I have:
> (based on the excellent examples here: https://high5.nl/freebsd-lagg-vlan-ipfw-mini-howto)
> 
> ifconfig_bxe0="up"
> ifconfig_bxe1="up"
> cloned_interfaces="lagg0 vlan2012 vlan2007 vlan2002 vlan2004"
> #cloned_interfaces="lagg0 vlan2004"
> ifconfig_lagg0="up laggproto lacp laggport bxe0 laggport bxe1"
> 
> ifconfig_vlan2004="inet ip1 netmask 255.255.255.192 vlan 2004 vlandev lagg0"
> ifconfig_vlan2012="inet ip2 netmask 255.255.255.192 vlan 2012 vlandev lagg0 "
> ifconfig_vlan2007="inet ip3 netmask 255.255.255.240 vlan 2007 vlandev lagg0"
> ifconfig_vlan2002="inet ip4 netmask 255.255.255.192 vlan 2002 vlandev lagg0"
> 
> 
> in sysctl.conf, I added:
> net.link.lagg.lacp.default_strict_mode=0
> 
> 
> Now, this works as long as I put one of the VLAN-interfaces into promiscuous mode.
> 
> 
> When I stop tcpdump, I get messages like 
> 
> ***
> Interface stopped  DISTRIBUTING, possible flapping
> ***
> 
> and it really stops doing anything.
> 
> 
> 
> Any ideas?

There is no such thing as "vlan promiscuous mode" in FreeBSD really
and when you run tcpdump on a vlan, you enable promiscuous for its parent interface.

Promiscuous mode may disable hardware vlan processing and switch to software processing temporary.
It seems bxe(4) driver may have issues with hardware vlan processing.
Please show output of "ifconfig bxe0" command.

You should try to disable hardware vlan processing with "ifconfig bxe0 -vlanhwtag" and repeat your tests.
If it helps, you could replace ifconfig_bxe0="up" with ifconfig_bxe0="-vlanhwtag"
as temporary workaround and raise a problem report against bxe(4) driver.