Date: Wed, 28 Oct 2020 07:31:39 -0400 From: D'Arcy Cain <darcy@druid.net> To: FreeBSD Net <freebsd-net@freebsd.org> Subject: Re: Bridge woes Message-ID: <6ca8956a-76d0-8d83-e1ce-015de1fcf2bd@druid.net> In-Reply-To: <20201027195849.24a9a068@bsd64.grem.de> References: <c955de31-6ea9-318b-d5c7-fcfcb4463b03@druid.net> <20201025204937.695be500@bsd64.grem.de> <21be1778-0567-d5b6-741a-ad620fc4fb27@druid.net> <20201026160919.2ed76939@bsd64.grem.de> <0a31052f-ce44-0a77-8424-6aba24658ab7@druid.net> <20201027195849.24a9a068@bsd64.grem.de>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --MJlay0mUmwnRupFwTS4RHwyQPzxU1qewr Content-Type: multipart/mixed; boundary="X2NYO6ao6VwP3S38HeU0JWult9x6HjAgy"; protected-headers="v1" From: D'Arcy Cain <darcy@druid.net> To: FreeBSD Net <freebsd-net@freebsd.org> Message-ID: <6ca8956a-76d0-8d83-e1ce-015de1fcf2bd@druid.net> Subject: Re: Bridge woes References: <c955de31-6ea9-318b-d5c7-fcfcb4463b03@druid.net> <20201025204937.695be500@bsd64.grem.de> <21be1778-0567-d5b6-741a-ad620fc4fb27@druid.net> <20201026160919.2ed76939@bsd64.grem.de> <0a31052f-ce44-0a77-8424-6aba24658ab7@druid.net> <20201027195849.24a9a068@bsd64.grem.de> In-Reply-To: <20201027195849.24a9a068@bsd64.grem.de> --X2NYO6ao6VwP3S38HeU0JWult9x6HjAgy Content-Type: multipart/mixed; boundary="------------447DEE3E4C8ECFE948C40F54" Content-Language: en-US This is a multi-part message in MIME format. --------------447DEE3E4C8ECFE948C40F54 Content-Type: text/plain; charset=utf-8; format=flowed Content-Transfer-Encoding: quoted-printable On 10/27/20 2:58 PM, Michael Gmelin wrote: I hope you don't mind but I reverted this conversation back to the list i= n=20 case it gives someone else any ideas. > Hi, >=20 > I tried to reproduce the problem on my home network, but things just > work as expected. >=20 > I could run VMs with IPs off the local network, fixed ones as well as > DHCP. >=20 > The topology looks a bit different: > vm->server->router ->(nat)-> internet > | > + dhcp/dns I suppose that that is essentially the same but let me see if I get it. = You=20 have a network, say 192.168.1.0/24, behind your NAT router. You have=20 physical servers like 192.168.1.1 and 192.168.1.2 on this network. You t= hen=20 put a VM on the .1 host numbered 192.168.1.3 and it can connect to=20 192.168.1.2. Is that correct? > I would speculate that there's either something going on with > the switch (you might want to take a look at it), or you're experiencin= g > some sort of asymmetric routing issue (ping/icmp is usually just fine Not sure what that could be. It's not just a problem with external hosts= =2E=20 Hosts on the same network are also showing the symptoms. Another point i= s=20 that I can access it inbound. It's only outbound connections that don't = work. > with that). Or it might be something with the bge driver (I'm using em The only server that it can connect to is running bce. I have some em=20 servers but it doesn't connect to those. > here). I assume you already tried disabling all sorts of offloading to > see if it makes a difference? Yep. I tried -tso -lro -rxcsum -rxcsum6 -txcsum -txcsum6 -vlanhwtag=20 -vlanhwtso and subsets of that. > Other than that I would suggest to play with tcpdump to see if packets > are returned on the same interface they've been sent out on or not. Here is an example packet seen on the host: 11:20:40.397067 IP 98.158.139.71.44448 > 98.158.139.66.22: Flags [S], seq= =20 3285763868, win 65535, options [mss 1460,nop,wscale 6,sackOK,TS val=20 3003762262 ecr 0], length 0 The .66 never sees the packet and the host never sees a return packet. O= n=20 the other hand, a connection attempt from .66 to the VM shows up properly= =2E > Proxy arp might play a role on a local network, that's something I've > seen in the past when I has hosts with multiple interfaces on the same > (multiple) networks. If you can afford to try it, I would see if > shutting down eth1 (and then flushing all arp tables on all > hosts/devices involved in your test) makes a difference[0]. I want to be careful about dropping eth1 as it is the only way in if I me= ss=20 up eth0. --=20 D'Arcy J.M. Cain <darcy@druid.net> | Democracy is three wolves http://www.druid.net/darcy/ | and a sheep voting on +1 416 788 2246 (DoD#0082) (eNTP) | what's for dinner. IM: darcy@VybeNetworks.com, VoIP: sip:darcy@druid.net Disclaimer: By sending an email to ANY of my addresses you are agreeing that: 1. I am by definition, "the intended recipient". 2. All information in the email is mine to do with as I see fit and make such financial profit, political mileage, or good joke as it lends itself to. In particular, I may quote it where I please. 3. I may take the contents as representing the views of your company if I so wish. 4. This overrides any disclaimer or statement of confidentiality that may be included or implied in your message. --------------447DEE3E4C8ECFE948C40F54-- --X2NYO6ao6VwP3S38HeU0JWult9x6HjAgy-- --MJlay0mUmwnRupFwTS4RHwyQPzxU1qewr Content-Type: application/pgp-signature; name="OpenPGP_signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="OpenPGP_signature" -----BEGIN PGP SIGNATURE----- wnsEABYIACMWIQSQJTNYM0vv3aTmBCs/5DDweYZnXQUCX5lWmwUDAAAAAAAKCRA/5DDweYZnXW5k AQC8H3Yd5ErNa38FJxC/ZzNVbhOtHBTx0u0lKxQfDm0aBwD+On5y8SyFuo3MxOjWa6X7xYb7OBpe MREgjYoTb/bVngQ= =cInV -----END PGP SIGNATURE----- --MJlay0mUmwnRupFwTS4RHwyQPzxU1qewr--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6ca8956a-76d0-8d83-e1ce-015de1fcf2bd>