Bridges on VLAN-tagged interfaces.

classic Classic list List threaded Threaded
10 messages Options
Reply | Threaded
Open this post in threaded view
|

Bridges on VLAN-tagged interfaces.

Eric Bautsch
Hi All.


I'm trying to create a bridge over a VLAN-tagged interface (to eventually use
for a Xen VM, but we're a long way off that).

I've already tried to find a solution to this problem on the forum to no avail here:

https://forums.freebsd.org/threads/vlan-tagged-interfaces-in-bridges.69612/


The long and short of it is: I can get a vlan tagged interface to work, but I
can't get a bridge that has a vlan tagged interface on it to work.

Clearly, I'm doing something wrong (being new to FreeBSD) but what?

Any help would be greatly apprecaited.


Here's more detail:


I'm trying to add a vlan tagged interface to a bridge.
I've got an interface called re0 on the server, this is part of bridge0 and
bridge0 has an IP address that pings just fine.

I now create a vlan tagged interface thus:
ifconfig re0.33 create vlan 33 vlandev re0 up

If I put an IP address on that, it pings just fine.

OK, without that IP address, I now create bridge1:

Code:

|ifconfig bridge create ifconfig bridge1 addm re0.33|

If I now put an IP on that bridge instead of re0.33, it does not ping.

If I do a broadcast ping from another host on that network thus (Solaris system
issuing the ping):
ping -sn 192.168.33.255

I can see packets arriving if I |tcpdump -i re0.33| and if I |tcpdump -i bridge1|
However, on neither interface do I see any pings coming in when I ping it's own
address (in this case 192.168.33.20).
The Solaris system issuing the pings has learned the arp address of the bridge
though:
Code:

|root@gaspra # arp -an | grep 192.168.33.20 net1 192.168.33.20 255.255.255.255
02:a7:91:b6:3a:01|

If I |tcpdump -i bridge1|, I do get some packets, but not any echo requests:
Code:

|root@bianca # tcpdump -i bridge1 tcpdump: verbose output suppressed, use -v or
-vv for full protocol decode listening on bridge1, link-type EN10MB (Ethernet),
capture size 262144 bytes 11:05:26.081185 ARP, Request who-has 192.168.33.20
(Broadcast) tell juliet-punchin.swangage.co.uk, length 46 11:05:26.081197 ARP,
Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui Unknown), length 28
11:05:38.201079 IP6 fe80::7285:c2ff:fea6:583c > ff02::2: ICMP6, router
solicitation, length 16 11:06:04.079441 ARP, Request who-has 192.168.33.20
(Broadcast) tell juliet-punchin.swangage.co.uk, length 46 11:06:04.079464 ARP,
Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui Unknown), length 28
11:06:17.588644 ARP, Request who-has 192.168.33.20 (Broadcast) tell
gaspra-punchin.swangage.co.uk, length 46 11:06:17.588665 ARP, Reply
192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui Unknown), length 28|

So as you can see, the FreeBSD system does get ARP requests and does respond to
them, but the pings never get there....


And here's the ifconfig output on the FreeBSD system being pinged:
Code:

|root@bianca # ifconfig -a re0:
flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether 80🇪🇪73:63:5c:48 media: Ethernet autoselect (1000baseT
<full-duplex,master>) status: active nd6
options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> lo0:
flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1
prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 127.0.0.1 netmask
0xff000000 groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> bridge0:
flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether
02:a7:91:b6:3a:00 inet 192.168.140.85 netmask 0xffffff00 broadcast
192.168.140.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id
00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: re0
flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 1 priority 128
path cost 55 groups: bridge nd6 options=9<PERFORMNUD,IFDISABLED> re0.33:
flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80003<RXCSUM,TXCSUM,LINKSTATE> ether 80🇪🇪73:63:5c:48 inet6
fe80::82ee:73ff:fe63:5c48%re0.33 prefixlen 64 scopeid 0x4 groups: vlan vlan: 33
vlanpcp: 0 parent interface: re0 media: Ethernet autoselect (1000baseT
<full-duplex,master>) status: active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
bridge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:a7:91:b6:3a:01 inet 192.168.33.20 netmask 0xffffff00 broadcast
192.168.33.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id
00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: re0.33
flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 4 priority 128
path cost 20000 groups: bridge nd6 options=9<PERFORMNUD,IFDISABLED> root@bianca #|

There are no firewalls involved at all here.


The system is currently not installed with Xen, just to remove something that
might interfere for the time being.

I have also tried the software that comes with bhyve that creates the vlans and
bridges: vm-bhyve and that didn't create working bridges either.

Someone suggested that the issue is that I'm also using the base interface re0,
so I got rid of that and tried with just a vlan tagged interface in a bridge and
that didn't help either.

I guess I'm arriving at: either I have a fundamental issue in my understanding
of how to configure networking on FreeBSD, or I've come across some kind of bug?


Any pointers very gratefully received.

Thanks.

Eric



--
 
       ____
      /          .                           Eric A. Bautsch
     /--   __       ___                ______________________________________
    /     /    /   /                  /
   (_____/____(___(__________________/       email: [hidden email]


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Bridges on VLAN-tagged interfaces.

Patrick M. Hausen
Hi!

have you done an „ifconfig up“ for the physical interface?

This works in our environment:

ifconfig_ixl0="up"

cloned_interfaces="vlan11 bridge0"
ifconfig_vlan11="up vlan 11 vlandev ixl0"

ifconfig_bridge0_name="inet0"
ifconfig_inet0="addm vlan11 up"
ifconfig_inet0_alias0="inet ********"
ifconfig_inet0_ipv6="inet6 *********/64 auto_linklocal“

HTH,
Patrick
--
punkt.de GmbH Internet - Dienstleistungen - Beratung
Kaiserallee 13a Tel.: 0721 9109-0 Fax: -100
76133 Karlsruhe [hidden email] http://punkt.de
AG Mannheim 108285 Gf: Juergen Egeling


signature.asc (541 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Bridges on VLAN-tagged interfaces.

Eric Bautsch
Yes, I have:


|root@bianca # ifconfig -a re0:
flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether 80:ee:73:63:5c:48 inet 0.0.0.0 netmask 0xff000000 broadcast 0.255.255.255
media: Ethernet autoselect (1000baseT <full-duplex>) status: active nd6
options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> lo0:
flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1
prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 127.0.0.1 netmask
0xff000000 groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> re0.40:
flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80003<RXCSUM,TXCSUM,LINKSTATE> ether 80:ee:73:63:5c:48 inet
192.168.40.33 netmask 0xffffff00 broadcast 192.168.40.255 groups: vlan vlan: 40
vlanpcp: 0 parent interface: re0 media: Ethernet autoselect (1000baseT
<full-duplex>) status: active nd6
options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> re0.33:
flags=8942<BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80003<RXCSUM,TXCSUM,LINKSTATE> ether 80:ee:73:63:5c:48 inet 0.0.0.0
netmask 0xff000000 broadcast 0.255.255.255 groups: vlan vlan: 33 vlanpcp: 0
parent interface: re0 media: Ethernet autoselect (1000baseT <full-duplex>)
status: active nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> bridge0:
flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether
02:75:69:8e:39:00 inet 192.168.33.20 netmask 0xffffff00 broadcast 192.168.33.255
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6
proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768
ifcost 0 port 0 member: re0.33 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 4 priority 128 path cost 20000 groups: bridge nd6
options=9<PERFORMNUD,IFDISABLED> root@bianca # ping -n 192.168.40.1 PING
192.168.40.1 (192.168.40.1): 56 data bytes 64 bytes from 192.168.40.1:
icmp_seq=0 ttl=255 time=2.145 ms 64 bytes from 192.168.40.1: icmp_seq=1 ttl=255
time=18.048 ms 64 bytes from 192.168.40.1: icmp_seq=2 ttl=255 time=2.114 ms ^C
--- 192.168.40.1 ping statistics --- 3 packets transmitted, 3 packets received,
0.0% packet loss round-trip min/avg/max/stddev = 2.114/7.436/18.048/7.504 ms
root@bianca # ping -n 192.168.33.1 PING 192.168.33.1 (192.168.33.1): 56 data
bytes ping: sendto: Host is down ping: sendto: Host is down ping: sendto: Host
is down ^C --- 192.168.33.1 ping statistics --- 8 packets transmitted, 0 packets
received, 100.0% packet loss root@bianca #|


Eric



On 11/03/2019 11:14, Patrick M. Hausen wrote:

> Hi!
>
> have you done an „ifconfig up“ for the physical interface?
>
> This works in our environment:
>
> ifconfig_ixl0="up"
>
> cloned_interfaces="vlan11 bridge0"
> ifconfig_vlan11="up vlan 11 vlandev ixl0"
>
> ifconfig_bridge0_name="inet0"
> ifconfig_inet0="addm vlan11 up"
> ifconfig_inet0_alias0="inet ********"
> ifconfig_inet0_ipv6="inet6 *********/64 auto_linklocal“
>
> HTH,
> Patrick
> --
> punkt.de GmbH Internet - Dienstleistungen - Beratung
> Kaiserallee 13a Tel.: 0721 9109-0 Fax: -100
> 76133 Karlsruhe [hidden email] http://punkt.de
> AG Mannheim 108285 Gf: Juergen Egeling
>
--
 
       ____
      /          .                           Eric A. Bautsch
     /--   __       ___                ______________________________________
    /     /    /   /                  /
   (_____/____(___(__________________/       email: [hidden email]


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Bridges on VLAN-tagged interfaces.

Harry Schmalzbauer
In reply to this post by Eric Bautsch
Am 11.03.2019 um 11:48 schrieb Eric Bautsch:

> |ifconfig bridge create ifconfig bridge1 addm re0.33|
>
> If I now put an IP on that bridge instead of re0.33, it does not ping.
>
> If I do a broadcast ping from another host on that network thus
> (Solaris system issuing the ping):
> ping -sn 192.168.33.255
>
> I can see packets arriving if I |tcpdump -i re0.33| and if I |tcpdump
> -i bridge1|
> However, on neither interface do I see any pings coming in when I ping
> it's own address (in this case 192.168.33.20).

IP stack processes them without passing it to the interface(s), so
that's not unusual.


> The Solaris system issuing the pings has learned the arp address of
> the bridge though:
> Code:
>
> |root@gaspra # arp -an | grep 192.168.33.20 net1 192.168.33.20
> 255.255.255.255 02:a7:91:b6:3a:01|
>
> If I |tcpdump -i bridge1|, I do get some packets, but not any echo
> requests:
> Code:
>
> |root@bianca # tcpdump -i bridge1 tcpdump: verbose output suppressed,
> use -v or -vv for full protocol decode listening on bridge1, link-type
> EN10MB (Ethernet), capture size 262144 bytes 11:05:26.081185 ARP,
> Request who-has 192.168.33.20 (Broadcast) tell
> juliet-punchin.swangage.co.uk, length 46 11:05:26.081197 ARP, Reply
> 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui Unknown), length 28
> 11:05:38.201079 IP6 fe80::7285:c2ff:fea6:583c > ff02::2: ICMP6, router
> solicitation, length 16 11:06:04.079441 ARP, Request who-has
> 192.168.33.20 (Broadcast) tell juliet-punchin.swangage.co.uk, length
> 46 11:06:04.079464 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01
> (oui Unknown), length 28 11:06:17.588644 ARP, Request who-has
> 192.168.33.20 (Broadcast) tell gaspra-punchin.swangage.co.uk, length
> 46 11:06:17.588665 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01
> (oui Unknown), length 28|

If I read it corretcly, all you get are ethernet broadcast frames.
(Hard) Reading next:

> |root@bianca # ifconfig -a re0:
> flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
> mtu 1500
> options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
> ether 80🇪🇪73:63:5c:48 media: Ethernet autoselect (1000baseT
> <full-duplex,master>) status: active nd6
> options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> lo0:
> flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6
> ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet
> 127.0.0.1 netmask 0xff000000 groups: lo nd6
> options=21<PERFORMNUD,AUTO_LINKLOCAL> bridge0:
> flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> ether 02:a7:91:b6:3a:00 inet 192.168.140.85 netmask 0xffffff00
> broadcast 192.168.140.255 id 00:00:00:00:00:00 priority 32768
> hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000
> timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
> member: re0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0
> port 1 priority 128 path cost 55 groups: bridge nd6
> options=9<PERFORMNUD,IFDISABLED> re0.33:
> flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
> mtu 1500 options=80003<RXCSUM,TXCSUM,LINKSTATE> ether
> 80🇪🇪73:63:5c:48 inet6 fe80::82ee:73ff:fe63:5c48%re0.33 prefixlen 64
> scopeid 0x4 groups: vlan vlan: 33 vlanpcp: 0 parent interface: re0
> media: Ethernet autoselect (1000baseT <full-duplex,master>) status:
> active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> bridge1:
> flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> ether 02:a7:91:b6:3a:01 inet 192.168.33.20 netmask 0xffffff00
> broadcast 192.168.33.255 id 00:00:00:00:00:00 priority 32768 hellotime
> 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
> root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member:
> re0.33 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port
> 4 priority 128 path cost 20000 groups: bridge nd6
> options=9<PERFORMNUD,IFDISABLED> root@bianca #|

Here you have a universally administered addresses (UAA) on the parent
interface re0, which is the same for the vlan clone re0.33, and a
locally administered addresses (LAA) on if_bridge(4), which was verified
to be announced.
In order to get through the MAC filter of the ethernet interface, re0.33
must be in PROMISC mode.
I remember having seen two different PROMISC interface status – never
tracked it down.  But issuing 'ifconfig re0.33 promisc' might result in
a second PROMISC status report on re0.33 and a working setup...
If so, one has to discover the mystery of the 1st PROMISC status report,
and file a bug reports probably.

Best,

-harry



_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Bridges on VLAN-tagged interfaces.

Harry Schmalzbauer
Am 15.03.2019 um 11:21 schrieb Harry Schmalzbauer:

> Am 11.03.2019 um 11:48 schrieb Eric Bautsch:
> …
>> |ifconfig bridge create ifconfig bridge1 addm re0.33|
>>
>> If I now put an IP on that bridge instead of re0.33, it does not ping.
>>
>> If I do a broadcast ping from another host on that network thus
>> (Solaris system issuing the ping):
>> ping -sn 192.168.33.255
>>
>> I can see packets arriving if I |tcpdump -i re0.33| and if I |tcpdump
>> -i bridge1|
>> However, on neither interface do I see any pings coming in when I
>> ping it's own address (in this case 192.168.33.20).
>
> IP stack processes them without passing it to the interface(s), so
> that's not unusual.
>
>
>> The Solaris system issuing the pings has learned the arp address of
>> the bridge though:
>> Code:
>>
>> |root@gaspra # arp -an | grep 192.168.33.20 net1 192.168.33.20
>> 255.255.255.255 02:a7:91:b6:3a:01|
>>
>> If I |tcpdump -i bridge1|, I do get some packets, but not any echo
>> requests:
>> Code:
>>
>> |root@bianca # tcpdump -i bridge1 tcpdump: verbose output suppressed,
>> use -v or -vv for full protocol decode listening on bridge1,
>> link-type EN10MB (Ethernet), capture size 262144 bytes
>> 11:05:26.081185 ARP, Request who-has 192.168.33.20 (Broadcast) tell
>> juliet-punchin.swangage.co.uk, length 46 11:05:26.081197 ARP, Reply
>> 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui Unknown), length 28
>> 11:05:38.201079 IP6 fe80::7285:c2ff:fea6:583c > ff02::2: ICMP6,
>> router solicitation, length 16 11:06:04.079441 ARP, Request who-has
>> 192.168.33.20 (Broadcast) tell juliet-punchin.swangage.co.uk, length
>> 46 11:06:04.079464 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01
>> (oui Unknown), length 28 11:06:17.588644 ARP, Request who-has
>> 192.168.33.20 (Broadcast) tell gaspra-punchin.swangage.co.uk, length
>> 46 11:06:17.588665 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01
>> (oui Unknown), length 28|
>
> If I read it corretcly, all you get are ethernet broadcast frames.
> (Hard) Reading next:
> …
>> |root@bianca # ifconfig -a re0:
>> flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
>> mtu 1500
>> options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
>> ether 80🇪🇪73:63:5c:48 media: Ethernet autoselect (1000baseT
>> <full-duplex,master>) status: active nd6
>> options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> lo0:
>> flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
>> options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6
>> ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet
>> 127.0.0.1 netmask 0xff000000 groups: lo nd6
>> options=21<PERFORMNUD,AUTO_LINKLOCAL> bridge0:
>> flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>> ether 02:a7:91:b6:3a:00 inet 192.168.140.85 netmask 0xffffff00
>> broadcast 192.168.140.255 id 00:00:00:00:00:00 priority 32768
>> hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000
>> timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
>> member: re0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0
>> port 1 priority 128 path cost 55 groups: bridge nd6
>> options=9<PERFORMNUD,IFDISABLED> re0.33:
>> flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
>> mtu 1500 options=80003<RXCSUM,TXCSUM,LINKSTATE> ether
>> 80🇪🇪73:63:5c:48 inet6 fe80::82ee:73ff:fe63:5c48%re0.33 prefixlen 64
>> scopeid 0x4 groups: vlan vlan: 33 vlanpcp: 0 parent interface: re0
>> media: Ethernet autoselect (1000baseT <full-duplex,master>) status:
>> active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> bridge1:
>> flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>> ether 02:a7:91:b6:3a:01 inet 192.168.33.20 netmask 0xffffff00
>> broadcast 192.168.33.255 id 00:00:00:00:00:00 priority 32768
>> hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000
>> timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
>> member: re0.33 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>> ifmaxaddr 0 port 4 priority 128 path cost 20000 groups: bridge nd6
>> options=9<PERFORMNUD,IFDISABLED> root@bianca #|
>
> Here you have a universally administered addresses (UAA) on the parent
> interface re0, which is the same for the vlan clone re0.33, and a
> locally administered addresses (LAA) on if_bridge(4), which was
> verified to be announced.
> In order to get through the MAC filter of the ethernet interface,
> re0.33 must be in PROMISC mode.
> I remember having seen two different PROMISC interface status – never
> tracked it down.  But issuing 'ifconfig re0.33 promisc' might result
> in a second PROMISC status report on re0.33 and a working setup...

Should have read man page before posting, sorry.  This is supposed to be
done by ifconfig(8)'s "addm" command.
But like mentioned, I can see PROMISC _two_ times in the interface
status line of ifconfig(8), after putting the interface manually in
permanent promisc mode (stable/12).

Don't know how the filter of the parent interface is involved in the
vlan clone and I have no idea if "addm" respects it, in case it is involved.
Before code inspection, I'd try and put the parent re0 manually into
permanent promisc mode and see if you can see unicast frames afterwards.

-Harry


_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Bridges on VLAN-tagged interfaces.

Rodney W. Grimes-6
In reply to this post by Harry Schmalzbauer
> Am 11.03.2019 um 11:48 schrieb Eric Bautsch:
> ?
> > |ifconfig bridge create ifconfig bridge1 addm re0.33|
> >
> > If I now put an IP on that bridge instead of re0.33, it does not ping.
> >
> > If I do a broadcast ping from another host on that network thus
> > (Solaris system issuing the ping):
> > ping -sn 192.168.33.255
> >
> > I can see packets arriving if I |tcpdump -i re0.33| and if I |tcpdump
> > -i bridge1|
> > However, on neither interface do I see any pings coming in when I ping
> > it's own address (in this case 192.168.33.20).
>
> IP stack processes them without passing it to the interface(s), so
> that's not unusual.
>
>
> > The Solaris system issuing the pings has learned the arp address of
> > the bridge though:
> > Code:
> >
> > |root@gaspra # arp -an | grep 192.168.33.20 net1 192.168.33.20
> > 255.255.255.255 02:a7:91:b6:3a:01|
> >
> > If I |tcpdump -i bridge1|, I do get some packets, but not any echo
> > requests:
> > Code:
> >
> > |root@bianca # tcpdump -i bridge1 tcpdump: verbose output suppressed,
> > use -v or -vv for full protocol decode listening on bridge1, link-type
> > EN10MB (Ethernet), capture size 262144 bytes 11:05:26.081185 ARP,
> > Request who-has 192.168.33.20 (Broadcast) tell
> > juliet-punchin.swangage.co.uk, length 46 11:05:26.081197 ARP, Reply
> > 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui Unknown), length 28
> > 11:05:38.201079 IP6 fe80::7285:c2ff:fea6:583c > ff02::2: ICMP6, router
> > solicitation, length 16 11:06:04.079441 ARP, Request who-has
> > 192.168.33.20 (Broadcast) tell juliet-punchin.swangage.co.uk, length
> > 46 11:06:04.079464 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01
> > (oui Unknown), length 28 11:06:17.588644 ARP, Request who-has
> > 192.168.33.20 (Broadcast) tell gaspra-punchin.swangage.co.uk, length
> > 46 11:06:17.588665 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01
> > (oui Unknown), length 28|
>
> If I read it corretcly, all you get are ethernet broadcast frames.
> (Hard) Reading next:
> ?
> > |root@bianca # ifconfig -a re0:
> > flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
> > mtu 1500
> > options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
> > ether 80> > <full-duplex,master>) status: active nd6
> > options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> lo0:
> > flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> > options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6
> > ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet
> > 127.0.0.1 netmask 0xff000000 groups: lo nd6
> > options=21<PERFORMNUD,AUTO_LINKLOCAL> bridge0:
> > flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> > ether 02:a7:91:b6:3a:00 inet 192.168.140.85 netmask 0xffffff00
> > broadcast 192.168.140.255 id 00:00:00:00:00:00 priority 32768
> > hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000
> > timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
> > member: re0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0
> > port 1 priority 128 path cost 55 groups: bridge nd6
> > options=9<PERFORMNUD,IFDISABLED> re0.33:
> > flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
> > mtu 1500 options=80003<RXCSUM,TXCSUM,LINKSTATE> ether
> > 80> > scopeid 0x4 groups: vlan vlan: 33 vlanpcp: 0 parent interface: re0
> > media: Ethernet autoselect (1000baseT <full-duplex,master>) status:
> > active nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> bridge1:
> > flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> > ether 02:a7:91:b6:3a:01 inet 192.168.33.20 netmask 0xffffff00
> > broadcast 192.168.33.255 id 00:00:00:00:00:00 priority 32768 hellotime
> > 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
> > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member:
> > re0.33 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port
> > 4 priority 128 path cost 20000 groups: bridge nd6
> > options=9<PERFORMNUD,IFDISABLED> root@bianca #|
>
> Here you have a universally administered addresses (UAA) on the parent
> interface re0, which is the same for the vlan clone re0.33, and a
> locally administered addresses (LAA) on if_bridge(4), which was verified
> to be announced.
> In order to get through the MAC filter of the ethernet interface, re0.33
> must be in PROMISC mode.
> I remember having seen two different PROMISC interface status ? never
> tracked it down.? But issuing 'ifconfig re0.33 promisc' might result in
> a second PROMISC status report on re0.33 and a working setup...
> If so, one has to discover the mystery of the 1st PROMISC status report,
> and file a bug reports probably.

Oh, I think you just tickled a brain cell on another problem I was
seeing in another place with bhyve, bridges and taps.  I need to
recreate that configuration and see if infact it is a missing
promisc on an interface.  Thank YOU!

> Best,
> -harry
--
Rod Grimes                                                 [hidden email]
_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Bridges on VLAN-tagged interfaces.

Eric Bautsch
In reply to this post by Harry Schmalzbauer
Thanks, Harry.

I'll hopefully get a chance to try this tomorrow.... I'll let the list know the
outcome.


Eric


P.S. Sorry for the formatting, no idea why that got re-formatted on the list.....



On 15/03/19 11:02, Harry Schmalzbauer wrote:

> Am 15.03.2019 um 11:21 schrieb Harry Schmalzbauer:
>> Am 11.03.2019 um 11:48 schrieb Eric Bautsch:
>> …
>>> |ifconfig bridge create ifconfig bridge1 addm re0.33|
>>>
>>> If I now put an IP on that bridge instead of re0.33, it does not ping.
>>>
>>> If I do a broadcast ping from another host on that network thus (Solaris
>>> system issuing the ping):
>>> ping -sn 192.168.33.255
>>>
>>> I can see packets arriving if I |tcpdump -i re0.33| and if I |tcpdump -i
>>> bridge1|
>>> However, on neither interface do I see any pings coming in when I ping it's
>>> own address (in this case 192.168.33.20).
>>
>> IP stack processes them without passing it to the interface(s), so that's not
>> unusual.
>>
>>
>>> The Solaris system issuing the pings has learned the arp address of the
>>> bridge though:
>>> Code:
>>>
>>> |root@gaspra # arp -an | grep 192.168.33.20 net1 192.168.33.20
>>> 255.255.255.255 02:a7:91:b6:3a:01|
>>>
>>> If I |tcpdump -i bridge1|, I do get some packets, but not any echo requests:
>>> Code:
>>>
>>> |root@bianca # tcpdump -i bridge1 tcpdump: verbose output suppressed, use -v
>>> or -vv for full protocol decode listening on bridge1, link-type EN10MB
>>> (Ethernet), capture size 262144 bytes 11:05:26.081185 ARP, Request who-has
>>> 192.168.33.20 (Broadcast) tell juliet-punchin.swangage.co.uk, length 46
>>> 11:05:26.081197 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui
>>> Unknown), length 28 11:05:38.201079 IP6 fe80::7285:c2ff:fea6:583c > ff02::2:
>>> ICMP6, router solicitation, length 16 11:06:04.079441 ARP, Request who-has
>>> 192.168.33.20 (Broadcast) tell juliet-punchin.swangage.co.uk, length 46
>>> 11:06:04.079464 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui
>>> Unknown), length 28 11:06:17.588644 ARP, Request who-has 192.168.33.20
>>> (Broadcast) tell gaspra-punchin.swangage.co.uk, length 46 11:06:17.588665
>>> ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui Unknown), length 28|
>>
>> If I read it corretcly, all you get are ethernet broadcast frames.
>> (Hard) Reading next:
>> …
>>> |root@bianca # ifconfig -a re0:
>>> flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
>>> options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
>>> ether 80🇪🇪73:63:5c:48 media: Ethernet autoselect (1000baseT
>>> <full-duplex,master>) status: active nd6
>>> options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> lo0:
>>> flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
>>> options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1
>>> prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 127.0.0.1
>>> netmask 0xff000000 groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
>>> bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
>>> 1500 ether 02:a7:91:b6:3a:00 inet 192.168.140.85 netmask 0xffffff00
>>> broadcast 192.168.140.255 id 00:00:00:00:00:00 priority 32768 hellotime 2
>>> fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id
>>> 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: re0
>>> flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 1 priority
>>> 128 path cost 55 groups: bridge nd6 options=9<PERFORMNUD,IFDISABLED> re0.33:
>>> flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
>>> options=80003<RXCSUM,TXCSUM,LINKSTATE> ether 80🇪🇪73:63:5c:48 inet6
>>> fe80::82ee:73ff:fe63:5c48%re0.33 prefixlen 64 scopeid 0x4 groups: vlan vlan:
>>> 33 vlanpcp: 0 parent interface: re0 media: Ethernet autoselect (1000baseT
>>> <full-duplex,master>) status: active nd6
>>> options=21<PERFORMNUD,AUTO_LINKLOCAL> bridge1:
>>> flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether
>>> 02:a7:91:b6:3a:01 inet 192.168.33.20 netmask 0xffffff00 broadcast
>>> 192.168.33.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
>>> maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id
>>> 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: re0.33
>>> flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 4 priority
>>> 128 path cost 20000 groups: bridge nd6 options=9<PERFORMNUD,IFDISABLED>
>>> root@bianca #|
>>
>> Here you have a universally administered addresses (UAA) on the parent
>> interface re0, which is the same for the vlan clone re0.33, and a locally
>> administered addresses (LAA) on if_bridge(4), which was verified to be
>> announced.
>> In order to get through the MAC filter of the ethernet interface, re0.33 must
>> be in PROMISC mode.
>> I remember having seen two different PROMISC interface status – never tracked
>> it down.  But issuing 'ifconfig re0.33 promisc' might result in a second
>> PROMISC status report on re0.33 and a working setup...
>
> Should have read man page before posting, sorry.  This is supposed to be done
> by ifconfig(8)'s "addm" command.
> But like mentioned, I can see PROMISC _two_ times in the interface status line
> of ifconfig(8), after putting the interface manually in permanent promisc mode
> (stable/12).
>
> Don't know how the filter of the parent interface is involved in the vlan
> clone and I have no idea if "addm" respects it, in case it is involved.
> Before code inspection, I'd try and put the parent re0 manually into permanent
> promisc mode and see if you can see unicast frames afterwards.
>
> -Harry
>
>
--
 
       ____
      /          .                           Eric A. Bautsch
     /--   __       ___                ______________________________________
    /     /    /   /                  /
   (_____/____(___(__________________/       email: [hidden email]

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Bridges on VLAN-tagged interfaces.

Eric Bautsch
Hi All.


OK, slight reset: I have no idea what I did wrong last time (I suspect something
to do with my rc.conf settings, more on that later), but what I can now do is this:

I can get my base interface re0 configured with an IP address and at the same
time have an re0.33 interface (on VLAN 33) inside a bridge (bridge0 in this
case), then configure an IP on bridge0 and get both (!) to ping.

I would have sworn I had tried this and it hadn't worked, but alas, it now does.
I think this is because I tested something slightly different last time and had
a bridge created on re0 via settings in rc.conf. If I do that, I can't seem to
get my networking to work after. But that's a problem for a different day...


The problem that still persists and that I need to fix (in order to be able to
use FreeBSD as my host for my VMs, which is where this is all going) is this:

I now have a bridge0 on re0.33 which works, great.

I now configure a bridge1 which contains re0 and put an IP on that bridge, and
hey presto, that IP pings, but the IP on bridge0 on VLAN 33 stops pinging.

It seems that at the point where I put re0 inside a bridge, the other bridge
doesn't get any IP traffic any more.


Funnily enough, if I configure a bridge0 on re0 and then plumb up an re0.33,
both of them ping, too.

But no matter what I do, a bridge on re0 prevents another bridge on any of the
vlan tagged interfaces from working.


Someone at some point told me that the untagged network on FreeBSD cannot really
be used if I also have tagged VLANs on the same hardware, but I hope that's not
true and that I need some magic incantation....

I was considering if I could somehow "clone" my re0 interface and put that clone
into my bridge, but I haven't been able to find a way of doing that. I also
tried to create an re0.0 in the hopes that that would signify untagged, but
FreeBSD doesn't allow this.


Any pointers greatly appreciated.


Thanks.

Eric



P.S. Yes, I appreciate that I can just present that untagged VLAN as a tagged
one and then my problems go away, but then I need to create a new VLAN to use
untagged, so that I can do network installations on that, which would need to
either be routed or have DNS, YP, etc. services on it as well as of course an
installation server, so that'd be a huge amount of work....




On 16/03/2019 20:09, Eric Bautsch wrote:

> Thanks, Harry.
>
> I'll hopefully get a chance to try this tomorrow.... I'll let the list know
> the outcome.
>
>
> Eric
>
>
> P.S. Sorry for the formatting, no idea why that got re-formatted on the list.....
>
>
>
> On 15/03/19 11:02, Harry Schmalzbauer wrote:
>> Am 15.03.2019 um 11:21 schrieb Harry Schmalzbauer:
>>> Am 11.03.2019 um 11:48 schrieb Eric Bautsch:
>>> …
>>>> |ifconfig bridge create ifconfig bridge1 addm re0.33|
>>>>
>>>> If I now put an IP on that bridge instead of re0.33, it does not ping.
>>>>
>>>> If I do a broadcast ping from another host on that network thus (Solaris
>>>> system issuing the ping):
>>>> ping -sn 192.168.33.255
>>>>
>>>> I can see packets arriving if I |tcpdump -i re0.33| and if I |tcpdump -i
>>>> bridge1|
>>>> However, on neither interface do I see any pings coming in when I ping it's
>>>> own address (in this case 192.168.33.20).
>>>
>>> IP stack processes them without passing it to the interface(s), so that's
>>> not unusual.
>>>
>>>
>>>> The Solaris system issuing the pings has learned the arp address of the
>>>> bridge though:
>>>> Code:
>>>>
>>>> |root@gaspra # arp -an | grep 192.168.33.20 net1 192.168.33.20
>>>> 255.255.255.255 02:a7:91:b6:3a:01|
>>>>
>>>> If I |tcpdump -i bridge1|, I do get some packets, but not any echo requests:
>>>> Code:
>>>>
>>>> |root@bianca # tcpdump -i bridge1 tcpdump: verbose output suppressed, use
>>>> -v or -vv for full protocol decode listening on bridge1, link-type EN10MB
>>>> (Ethernet), capture size 262144 bytes 11:05:26.081185 ARP, Request who-has
>>>> 192.168.33.20 (Broadcast) tell juliet-punchin.swangage.co.uk, length 46
>>>> 11:05:26.081197 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui
>>>> Unknown), length 28 11:05:38.201079 IP6 fe80::7285:c2ff:fea6:583c >
>>>> ff02::2: ICMP6, router solicitation, length 16 11:06:04.079441 ARP, Request
>>>> who-has 192.168.33.20 (Broadcast) tell juliet-punchin.swangage.co.uk,
>>>> length 46 11:06:04.079464 ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01
>>>> (oui Unknown), length 28 11:06:17.588644 ARP, Request who-has 192.168.33.20
>>>> (Broadcast) tell gaspra-punchin.swangage.co.uk, length 46 11:06:17.588665
>>>> ARP, Reply 192.168.33.20 is-at 02:a7:91:b6:3a:01 (oui Unknown), length 28|
>>>
>>> If I read it corretcly, all you get are ethernet broadcast frames.
>>> (Hard) Reading next:
>>> …
>>>> |root@bianca # ifconfig -a re0:
>>>> flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu
>>>> 1500
>>>> options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
>>>> ether 80🇪🇪73:63:5c:48 media: Ethernet autoselect (1000baseT
>>>> <full-duplex,master>) status: active nd6
>>>> options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> lo0:
>>>> flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
>>>> options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6> inet6 ::1
>>>> prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 inet 127.0.0.1
>>>> netmask 0xff000000 groups: lo nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
>>>> bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
>>>> 1500 ether 02:a7:91:b6:3a:00 inet 192.168.140.85 netmask 0xffffff00
>>>> broadcast 192.168.140.255 id 00:00:00:00:00:00 priority 32768 hellotime 2
>>>> fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root
>>>> id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: re0
>>>> flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 1 priority
>>>> 128 path cost 55 groups: bridge nd6 options=9<PERFORMNUD,IFDISABLED>
>>>> re0.33: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0
>>>> mtu 1500 options=80003<RXCSUM,TXCSUM,LINKSTATE> ether 80🇪🇪73:63:5c:48
>>>> inet6 fe80::82ee:73ff:fe63:5c48%re0.33 prefixlen 64 scopeid 0x4 groups:
>>>> vlan vlan: 33 vlanpcp: 0 parent interface: re0 media: Ethernet autoselect
>>>> (1000baseT <full-duplex,master>) status: active nd6
>>>> options=21<PERFORMNUD,AUTO_LINKLOCAL> bridge1:
>>>> flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 ether
>>>> 02:a7:91:b6:3a:01 inet 192.168.33.20 netmask 0xffffff00 broadcast
>>>> 192.168.33.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
>>>> maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id
>>>> 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: re0.33
>>>> flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 4 priority
>>>> 128 path cost 20000 groups: bridge nd6 options=9<PERFORMNUD,IFDISABLED>
>>>> root@bianca #|
>>>
>>> Here you have a universally administered addresses (UAA) on the parent
>>> interface re0, which is the same for the vlan clone re0.33, and a locally
>>> administered addresses (LAA) on if_bridge(4), which was verified to be
>>> announced.
>>> In order to get through the MAC filter of the ethernet interface, re0.33
>>> must be in PROMISC mode.
>>> I remember having seen two different PROMISC interface status – never
>>> tracked it down.  But issuing 'ifconfig re0.33 promisc' might result in a
>>> second PROMISC status report on re0.33 and a working setup...
>>
>> Should have read man page before posting, sorry.  This is supposed to be done
>> by ifconfig(8)'s "addm" command.
>> But like mentioned, I can see PROMISC _two_ times in the interface status
>> line of ifconfig(8), after putting the interface manually in permanent
>> promisc mode (stable/12).
>>
>> Don't know how the filter of the parent interface is involved in the vlan
>> clone and I have no idea if "addm" respects it, in case it is involved.
>> Before code inspection, I'd try and put the parent re0 manually into
>> permanent promisc mode and see if you can see unicast frames afterwards.
>>
>> -Harry
>>
>>
--
 
       ____
      /          .                           Eric A. Bautsch
     /--   __       ___                ______________________________________
    /     /    /   /                  /
   (_____/____(___(__________________/       email: [hidden email]


smime.p7s (5K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Bridges on VLAN-tagged interfaces.

Patrick M. Hausen
Hi!

> Am 18.03.2019 um 22:12 schrieb Eric Bautsch <[hidden email]>:
> I now have a bridge0 on re0.33 which works, great.
> I now configure a bridge1 which contains re0 and put an IP on that bridge, and hey presto, that IP pings, but the IP on bridge0 on VLAN 33 stops pinging.

IMHO you should not be mixing VLAN tagged and untagged
traffic on the same interface. A port is a trunk port carrying
tagged traffic or an access port carrying untagged traffic
only.

So you should - again, my opinion - create a VLAN, say 1 on
re0 and put re0.1 into bridge1. I know this works from
experience.

We have some rare performance issues when combining
this with VNET but first things first … still investigating and I’ll keep
the list informed.

Kind regards,
Patrick
--
punkt.de GmbH Internet - Dienstleistungen - Beratung
Kaiserallee 13a Tel.: 0721 9109-0 Fax: -100
76133 Karlsruhe [hidden email] http://punkt.de
AG Mannheim 108285 Gf: Juergen Egeling

_______________________________________________
[hidden email] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-net
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: Bridges on VLAN-tagged interfaces.

Eric Bautsch
Hi Patrick.


I get that point, but then I have two options only: I somehow convince the BIOS
to do a network boot over a VLAN for installation - not a capability this BIOS
appears to have, or I end up creating a whole new VLAN that's either routed or
has YP, DNS, time and installation servers on it. That's a massive headache....

It'd be much neater if FreeBSD could handle the tagged/untagged traffic. It just
works (TM) on Solaris and Linux, so I expected it to do the same on FreeBSD... :-(

Surely, there must be a way....

Eric




On 19/03/2019 07:59, Patrick M. Hausen wrote:

> Hi!
>
>> Am 18.03.2019 um 22:12 schrieb Eric Bautsch <[hidden email]>:
>> I now have a bridge0 on re0.33 which works, great.
>> I now configure a bridge1 which contains re0 and put an IP on that bridge, and hey presto, that IP pings, but the IP on bridge0 on VLAN 33 stops pinging.
> IMHO you should not be mixing VLAN tagged and untagged
> traffic on the same interface. A port is a trunk port carrying
> tagged traffic or an access port carrying untagged traffic
> only.
>
> So you should - again, my opinion - create a VLAN, say 1 on
> re0 and put re0.1 into bridge1. I know this works from
> experience.
>
> We have some rare performance issues when combining
> this with VNET but first things first … still investigating and I’ll keep
> the list informed.
>
> Kind regards,
> Patrick
--
 
       ____
      /          .                           Eric A. Bautsch
     /--   __       ___                ______________________________________
    /     /    /   /                  /
   (_____/____(___(__________________/       email: [hidden email]


smime.p7s (5K) Download Attachment