Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 28 Oct 2020 07:31:39 -0400
From:      D'Arcy Cain <darcy@druid.net>
To:        FreeBSD Net <freebsd-net@freebsd.org>
Subject:   Re: Bridge woes
Message-ID:  <6ca8956a-76d0-8d83-e1ce-015de1fcf2bd@druid.net>
In-Reply-To: <20201027195849.24a9a068@bsd64.grem.de>
References:  <c955de31-6ea9-318b-d5c7-fcfcb4463b03@druid.net> <20201025204937.695be500@bsd64.grem.de> <21be1778-0567-d5b6-741a-ad620fc4fb27@druid.net> <20201026160919.2ed76939@bsd64.grem.de> <0a31052f-ce44-0a77-8424-6aba24658ab7@druid.net> <20201027195849.24a9a068@bsd64.grem.de>

next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--MJlay0mUmwnRupFwTS4RHwyQPzxU1qewr
Content-Type: multipart/mixed; boundary="X2NYO6ao6VwP3S38HeU0JWult9x6HjAgy";
 protected-headers="v1"
From: D'Arcy Cain <darcy@druid.net>
To: FreeBSD Net <freebsd-net@freebsd.org>
Message-ID: <6ca8956a-76d0-8d83-e1ce-015de1fcf2bd@druid.net>
Subject: Re: Bridge woes
References: <c955de31-6ea9-318b-d5c7-fcfcb4463b03@druid.net>
 <20201025204937.695be500@bsd64.grem.de>
 <21be1778-0567-d5b6-741a-ad620fc4fb27@druid.net>
 <20201026160919.2ed76939@bsd64.grem.de>
 <0a31052f-ce44-0a77-8424-6aba24658ab7@druid.net>
 <20201027195849.24a9a068@bsd64.grem.de>
In-Reply-To: <20201027195849.24a9a068@bsd64.grem.de>

--X2NYO6ao6VwP3S38HeU0JWult9x6HjAgy
Content-Type: multipart/mixed;
 boundary="------------447DEE3E4C8ECFE948C40F54"
Content-Language: en-US

This is a multi-part message in MIME format.
--------------447DEE3E4C8ECFE948C40F54
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

On 10/27/20 2:58 PM, Michael Gmelin wrote:

I hope you don't mind but I reverted this conversation back to the list i=
n=20
case it gives someone else any ideas.

> Hi,
>=20
> I tried to reproduce the problem on my home network, but things just
> work as expected.
>=20
> I could run VMs with IPs off the local network, fixed ones as well as
> DHCP.
>=20
> The topology looks a bit different:
> vm->server->router ->(nat)-> internet
>       |
>       + dhcp/dns

I suppose that that is essentially the same but let me see if I get it.  =
You=20
have a network, say 192.168.1.0/24, behind your NAT router.  You have=20
physical servers like 192.168.1.1 and 192.168.1.2 on this network.  You t=
hen=20
put a VM on the  .1 host numbered 192.168.1.3 and it can connect to=20
192.168.1.2.  Is that correct?

> I would speculate that there's either something going on with
> the switch (you might want to take a look at it), or you're experiencin=
g
> some sort of asymmetric routing issue (ping/icmp is usually just fine

Not sure what that could be.  It's not just a problem with external hosts=
=2E=20
Hosts on the same network are also showing the symptoms.  Another point i=
s=20
that I can access it inbound.  It's only outbound connections that don't =
work.

> with that). Or it might be something with the bge driver (I'm using em

The only server that it can connect to is running bce.  I have some em=20
servers but it doesn't connect to those.

> here). I assume you already tried disabling all sorts of offloading to
> see if it makes a difference?

Yep.  I tried -tso -lro -rxcsum -rxcsum6 -txcsum -txcsum6 -vlanhwtag=20
-vlanhwtso and subsets of that.

> Other than that I would suggest to play with tcpdump to see if packets
> are returned on the same interface they've been sent out on or not.

Here is an example packet seen on the host:

11:20:40.397067 IP 98.158.139.71.44448 > 98.158.139.66.22: Flags [S], seq=
=20
3285763868, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val=20
3003762262 ecr 0], length 0

The .66 never sees the packet and the host never sees a return packet.  O=
n=20
the other hand, a connection attempt from .66 to the VM shows up properly=
=2E


> Proxy arp might play a role on a local network, that's something I've
> seen in the past when I has hosts with multiple interfaces on the same
> (multiple) networks. If you can afford to try it, I would see if
> shutting down eth1 (and then flushing all arp tables on all
> hosts/devices involved in your test) makes a difference[0].

I want to be careful about dropping eth1 as it is the only way in if I me=
ss=20
up eth0.

--=20
D'Arcy J.M. Cain <darcy@druid.net>         |  Democracy is three wolves
http://www.druid.net/darcy/                |  and a sheep voting on
+1 416 788 2246     (DoD#0082)    (eNTP)   |  what's for dinner.
IM: darcy@VybeNetworks.com, VoIP: sip:darcy@druid.net

Disclaimer: By sending an email to ANY of my addresses you
are agreeing that:

1.  I am by definition, "the intended recipient".
2.  All information in the email is mine to do with as I see
     fit and make such financial profit, political mileage, or
     good joke as it lends itself to. In particular, I may quote
     it where I please.
3.  I may take the contents as representing the views of
     your company if I so wish.
4.  This overrides any disclaimer or statement of
     confidentiality that may be included or implied in
     your message.

--------------447DEE3E4C8ECFE948C40F54--

--X2NYO6ao6VwP3S38HeU0JWult9x6HjAgy--

--MJlay0mUmwnRupFwTS4RHwyQPzxU1qewr
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wnsEABYIACMWIQSQJTNYM0vv3aTmBCs/5DDweYZnXQUCX5lWmwUDAAAAAAAKCRA/5DDweYZnXW5k
AQC8H3Yd5ErNa38FJxC/ZzNVbhOtHBTx0u0lKxQfDm0aBwD+On5y8SyFuo3MxOjWa6X7xYb7OBpe
MREgjYoTb/bVngQ=
=cInV
-----END PGP SIGNATURE-----

--MJlay0mUmwnRupFwTS4RHwyQPzxU1qewr--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6ca8956a-76d0-8d83-e1ce-015de1fcf2bd>