15.0-RELEASE new bridge/VLAN structure - problem

F

free-and-bsd

Hello everyone!
I'm very enthusiastic about this new bridge concept in 15.0, so I've put it to use of my old configuration where I had a dedicated bridge for every cloned VLAN interface.
But it doesn't seem to work the way I expected.
In particular, this is part of my old config:
Code: 
ifconfig bridge0 addm igb1.10 addm tap1
ifconfig bridge0 inet 192.168.0.1/27
Here, tap1 is used by a VM guest with IP set by the guest OS 192.168.0.3/24 (no VLAN ID set on it!!).
So this is "VLAN 10" then, because of igb0.10.
And to connect to it from LAN I use, say, em0.10 on a remote LAN host, with IP address set to, say, 192.168.0.7/24.
This works fine, the old way.

But when I try to use the NEW bridge approach, I don't seem to be able to connect to VLAN 10!!!
As documented, I go like this:
Code: 
ifconfig bridge0 vlanfilter addm igb1 tagged 10 \
ifconfig bridge0 addm tap1 tagged 10
ifconfig bridge0.10 inet 192.168.0.1/24
This is a recommended way to do it: instead of creating igb1.10 I'm using bridge0.10.
I want thus to connect tap1 with igb1 on VLAN 10 and then be able to connect LAN hosts to that VLAN on igb1.

The problems is, I can't connect to VLAN 10 from a remote host, whatever notation I use on that host, old or new.
Whether I use em0.10 or bridge0.10 + "ifconfig bridge0 vlanfilter addm em0 tagged 10"
The only thing that seems to work this way is, when I use VLAN 10 on tap1 inside my VM, then I can connect to VM using IP 192.168.0.3/24 -- but only on localhost!!

I'll repeat it: if I use VLAN 10 on that "tagged 10" interface tap1 inside the VM guest (it happens to be OpenBSD, I use vlan0 device with "vnetid 10" on it), then I get connectivity to that VM through VLAN 10 -- but only on localhost.

So, my question is: how am I supposed to connect to that from LAN?
Now in the old style the word "tagged/untagged" isn't present at all. In the new one it is.
But how does that effect the concept of VLANs?
 
Now... the word "tagged" seems to be the game changer here. But if I use "untagged 10" in the syntax above,
then VLAN 10 exists only on localhost. And in order to connect to it from remote LAN host I don't need any VLAN 10 interface like igb0.10 or, for that matter, bridge0.10 as per new style.

BTW, on a remote host, even when I create a 'tagged 10" bridge0.10, I can't connect to the "tagged 10" VLAN I'm talking about.
On the other hand, this new bridge0.10 works fine to connect to the "old-style" remote VLAN 10...
So, what am I missing with this whole concept??
 
free-and-bsd said:
Code: 
ifconfig bridge0 vlanfilter addm igb1 tagged 10 \
ifconfig bridge0 addm tap1 tagged 10
ifconfig bridge0.10 inet 192.168.0.1/24
Click to expand...
i don't think your configuration for tap1 is right (the rest looks fine).

based on your description of what you want to do, you should configure tap1 as an untagged interface; that means bridge will strip the VLAN tag before sending packets on that interface, and an incoming packet without a tag will have a tag added before processing. this is how you'd typically configure an interface for a non-vlan-aware VM guest.

if you make tap1 a tagged interface, then the VM has to send and receive tagged packets (e.g., using vlan(4) on FreeBSD), which is also fine, but it doesn't sound like that's what you want.

free-and-bsd said:
I'll repeat it: if I use VLAN 10 on that "tagged 10" interface tap1 inside the VM guest (it happens to be OpenBSD, I use vlan0 device with "vnetid 10" on it), then I get connectivity to that VM through VLAN 10 -- but only on localhost.
Click to expand...
please show the output of the following:
  • 'ifconfig' on the FreeBSD host (the one with the bridge interface)
  • 'ifconfig -a' on the OpenBSD VM
  • the equivalent command on the remote machine (the one with the em0.10 interface)
note, i suggest switching tap1 to an untagged interface first, if that's the configuration you want to end up with.
 
anguisette said:
i don't think your configuration for tap1 is right (the rest looks fine).

based on your description of what you want to do, you should configure tap1 as an untagged interface; that means bridge will strip the VLAN tag before sending packets on that interface, and an incoming packet without a tag will have a tag added before processing. this is how you'd typically configure an interface for a non-vlan-aware VM guest.

if you make tap1 a tagged interface, then the VM has to send and receive tagged packets (e.g., using vlan(4) on FreeBSD), which is also fine, but it doesn't sound like that's what you want.


please show the output of the following:
  • 'ifconfig' on the FreeBSD host (the one with the bridge interface)
  • 'ifconfig -a' on the OpenBSD VM
  • the equivalent command on the remote machine (the one with the em0.10 interface)
note, i suggest switching tap1 to an untagged interface first, if that's the configuration you want to end up with.
Click to expand...
Thanks for you reply!
Here is ifconfig output for the bridge machine:
Code: 
bridge0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
    options=10<VLAN_HWTAGGING>
    ether 58:9c:fc:10:5c:64
    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
    maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
    bridge flags=1<VLANFILTER>
    member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            port 10 priority 128 path cost 2000000 vlan protocol 802.1q untagged 3
    member: tap1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            port 11 priority 128 path cost 2000000 vlan protocol 802.1q untagged 10
    member: igb1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            port 2 priority 128 path cost 55 vlan protocol 802.1q untagged 3 tagged 10
    member: tap2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            port 12 priority 128 path cost 2000000 vlan protocol 802.1q untagged 2
    member: wlan1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            port 4 priority 128 path cost 22222 vlan protocol 802.1q untagged 2
    member: tap3 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            port 13 priority 128 path cost 2000000 vlan protocol 802.1q untagged 1
    groups: bridge
    nd6 options=9<PERFORMNUD,IFDISABLED>
This is for bridge0.10:
Code: 
bridge0.10: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1496
    options=0
    ether 58:9c:fc:10:5c:64
    inet 192.168.8.1 netmask 0xffffffe0 broadcast 192.168.8.31
    groups: vlan
    vlan: 10 vlanproto: 802.1q vlanpcp: 0 parent interface: bridge0
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
By the time you answered I'd already changed tap1 to "untagged" state. This way I got, indeed, the untagged traffic from the VM available on the host itself. Now this VM-related part is not a problem, I'm clear on this.
The problem is WHY I cannot connect to "tagged 10" from the LAN.
Here is my remote machine's ifconfig for igb1.10 (not em0.10 actually):
Code: 
igb1.10: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
    options=4600703<RXCSUM,TXCSUM,TSO4,TSO6,LRO,RXCSUM_IPV6,TXCSUM_IPV6,MEXTPG>
    ether 00:1b:21:96:0b:64
    inet 192.168.8.5 netmask 0xffffffe0 broadcast 192.168.8.31
    groups: vlan
    vlan: 10 vlanproto: 802.1q vlanpcp: 0 parent interface: igb1
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Now whether or not the VM is available, the problem is I cannot ping 192.168.8.1, which is on the bridge0.10 on the remote machine, linked to the LAN igb1 interface.
 
You must log in or register to reply here.
Back
Top