Solved Dynamic IP for vm-bhyve bridge

drr · Monday at 6:44 PM

vm-bhyve works very well for me, however, I have noticed recently that its virtual switch/bridge setup gives me the following warning in dmesg output:

Code:

vm-bridge0: WARNING: Adding member interface em0 which has an IP address assigned is deprecated and will be unsupported in a future release.
...
em0: WARNING: Assigning an IP address to an interface which is also a bridge member is deprecated and will be unsupported in a future release.

My ethernet interface em0 gets its IP through DHCP and this warning (and the Handbook) suggests that I should be assigning IP to the bridge rather than to its member em0. So I tried setting up a bridge manually on the host (to add to vm-bhyve with '-t manual -b bridge0') with the below lines in /etc/rc.conf, but it fails to get an IP.

Code:

cloned_interfaces="bridge0"
ifconfig_bridge0="addm em0 up DHCP"
ifconfig_em0="up"

The interfaces show up in ifconfig. Dropping 'DHCP' from rc.conf and running dhclient bridge0 after login gets an IP for the bridge and I am able to connect to internet. I have tried replacing 'DHCP' with 'SYNCDHCP' but that didn't help.
Can anyone please advise how to do this correctly in /etc/rc.conf? I would like to get IPv6 working as well if possible.

hpnothp · Monday at 7:29 PM

Hello!

I published workaround on: Bug 289142 - sysutils/vm-bhyve: public bridge fails on 15-CURRENT unless net.link.bridge.member_ifaddrs=1 is set (comment 4).

Andrey Lanin · Monday at 7:52 PM

I found this - https://lists.freebsd.org/archives/freebsd-current/2025-May/007640.html
but setting 'net.link.bridge.member_ifaddrs' to 1 didn't help me.
my rc.conf:

 

ifconfig_igb0="DHCP"

...

...

cloned_interfaces="bridge0 tap0 tap1 tap2"

ifconfig_bridge0="addm igb0 addm tap0 addm tap1 addm tap2 SYNCDHCP"

ifconfig_igb0="up"

This message no longer appears:
"igb0: WARNING: Assigning an IP address to an interface which is also a bridge member is deprecated and will be unsupported in a future release."

This message remains:
"bridge0: WARNING: Adding member interface igb0 which has an IP address assigned is deprecated and will be unsupported in a future release."

I run three virtual machines simultaneously. Their launch command lines contain the following:

 

...

-s 6,virtio-net,tap0 \

...

 

...

-s 6,virtio-net,tap1 \

...

 

...

-s 6,virtio-net,tap2 \

...

drr · Monday at 9:46 PM

Thanks. I already have 'net.link.bridge.member_ifaddrs' set to 1; not sure if this was default (this is a fresh install of 15-RELEASE) or vm-bhyve set this while setting up the switch. I changed my /etc/rc.conf as below following the example in https://lists.freebsd.org/archives/freebsd-current/2025-May/007640.html, but that did not help.

Code:

cloned_interfaces="bridge0"
ifconfig_em0="up"
ifconfig_bridge0="DHCP addm em0"

As I noted before, a subsequent dhclient bridge0 seems to work for me without any warning.

drr · 2025-12-09T12:16:17+0000

Based on the man pages of bridge, I have modified my /etc/rc.conf as below,

Code:

cloned_interfaces="bridge0"
ifconfig_bridge0="addm em0 DHCP"
ifconfig_bridge0_ipv6="inet6 auto_linklocal"
ifconfig_em0="up"

This brings up the interfaces, however does not get an IP at boot time (I get the 'Waiting 30 seconds on default route device...' message at boot time). After login, when I run dhclient bridge0, bridge0 gets both IPv4 and IPv6 addresses and everything seems to work fine. What could be stopping this from working at boot time?

dmesg shows the following, which suggests that em0 is probably DOWN when bridge0 tries to get DHCP at boot time and when I run dhclient manually after login, em0 is already UP. Could this be the reason?; em0 is the physical NIC connected to my router.

Code:

em0: link state changed to UP
lo0: link state changed to UP
em0: link state changed to DOWN
bridge0: link state changed to UP
em0: promiscuous mode enabled
em0: link state changed to UP

Also the man page of bridge explains 'The if_bridge driver creates a logical link between two or more IEEE 802 networks...'. I am trying to create a bridge with a single member em0. Would this be a problem? I do this because I plan to add this bridge later on to vm-bhyve, and vm-bhyve will create a tap device when a VM is run.

drr · 2025-12-09T12:39:42+0000

I may have solved my problem. I have changed

Code:

ifconfig_bridge0="addm em0 DHCP"

to

Code:

ifconfig_bridge0="addm em0 SYNCDHCP"

This makes bridge0 to keep retrying DHCP while em0 comes UP. After em0 is UP, DHCP succeeds. I could add bridge0 to vm-bhyve with vm switch create -t manual -b bridge0 customswitch and the VMs are able to connect to the network.

I am not sure SYNCDHCP is the proper solution. Is there another way to tell bridge0 to wait till em0 is UP?

Andrey Lanin · 2025-12-09T13:26:46+0000

I do (almost) the same (I do not need inet6 on bridge0).

 

cloned_interfaces="bridge0 tap0 tap1 tap2"

ifconfig_bridge0="addm igb0 addm tap0 addm tap1 addm tap2 SYNCDHCP"

ifconfig_igb0="up DHCP"

ifconfig_igb0_ipv6="inet6 accept_rtadv"

Both messages reappear:

 

[lanin@freebsd7 ~]$ dmesg | grep WARNING

bridge0: WARNING: Adding member interface igb0 which has an IP address assigned is deprecated and will be unsupported in a future release.

igb0: WARNING: Assigning an IP address to an interface which is also a bridge member is deprecated and will be unsupported in a future release.

But it doesn't bother me yet...

drr · 2025-12-09T15:50:20+0000

Andrey Lanin said:
I do (almost) the same (I do not need inet6 on bridge0).
cloned_interfaces="bridge0 tap0 tap1 tap2" ifconfig_bridge0="addm igb0 addm tap0 addm tap1 addm tap2 SYNCDHCP" ifconfig_igb0="up DHCP" ifconfig_igb0_ipv6="inet6 accept_rtadv"

The second line must be getting IP address on bridge0, however the third and fourth lines again request IP (ipv4 and ipv6) on igb0, which is already a member of bridge0. That's probably why you get the warning messages. Can you try dropping lines 3 and 4?

Andrey Lanin · 2025-12-09T16:29:20+0000

If I don't remove lines 3 and 4, I get:

 

igb0: flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500

 options=4a520b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,HWSTATS,MEXTPG>

    ether fc:34:97:67:d8:07

    inet 192.168.1.129 netmask 0xffffff00 broadcast 192.168.1.255

    inet6 fe80::fe34:97ff:fe67:d807%igb0 prefixlen 64 scopeid 0x1

    inet6 fd82:c615:cdf8:0:fe34:97ff:fe67:d807 prefixlen 64 autoconf pltime 4294416691 vltime 4294416691

    media: Ethernet autoselect (1000baseT <full-duplex>)

    status: active

    nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>



igb1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500

 options=4e527bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>

    ether fc:34:97:67:d8:08

    media: Ethernet autoselect

    status: no carrier

    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>



lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384

    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>

    inet 127.0.0.1 netmask 0xff000000

    inet6 ::1 prefixlen 128

    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3

    groups: lo

    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>



bridge0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500

    options=10<VLAN_HWTAGGING>

    ether 58:9c:fc:10:e8:f0

    inet 192.168.1.105 netmask 0xffffff00 broadcast 192.168.1.255

    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15

    maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200

    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0

    bridge flags=0<>

    member: tap2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>

            port 7 priority 128 path cost 2000000 vlan protocol 802.1q

    member: tap1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>

            port 6 priority 128 path cost 2000000 vlan protocol 802.1q

    member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>

            port 5 priority 128 path cost 2000000 vlan protocol 802.1q

    member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>

            port 1 priority 128 path cost 20000 vlan protocol 802.1q

    groups: bridge

    nd6 options=9<PERFORMNUD,IFDISABLED>



tap0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500

    options=4080000<LINKSTATE,MEXTPG>

    ether 58:9c:fc:10:7c:c9

    groups: tap

    media: Ethernet 1000baseT <full-duplex>

    status: no carrier

    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>



tap1: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500

    options=4080000<LINKSTATE,MEXTPG>

    ether 58:9c:fc:10:98:be

    groups: tap

    media: Ethernet 1000baseT <full-duplex>

    status: no carrier

    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>



tap2: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500

    options=4080000<LINKSTATE,MEXTPG>

    ether 58:9c:fc:10:af:68

    groups: tap

    media: Ethernet 1000baseT <full-duplex>

    status: no carrier

    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>



tun0: flags=1008051<UP,POINTOPOINT,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 1500

    options=4080000<LINKSTATE,MEXTPG>

    inet ....... --> ....... netmask 0xffffffff

    groups: tun

    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

    Opened by PID 3082

If I remove lines 3 and 4, I get :

 

igb0: flags=1008902<BROADCAST,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500   options=4a520b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,HWSTATS,MEXTPG>

    ether fc:34:97:67:d8:07

    media: Ethernet autoselect (1000baseT <full-duplex>)

    status: active

    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>



igb1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500

 options=4e527bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>

    ether fc:34:97:67:d8:08

    media: Ethernet autoselect

    status: no carrier

    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>



lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384

    options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>

    inet 127.0.0.1 netmask 0xff000000

    inet6 ::1 prefixlen 128

    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3

    groups: lo

    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>



bridge0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500

    options=10<VLAN_HWTAGGING>

    ether 58:9c:fc:10:e8:f0

    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15

    maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200

    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0

    bridge flags=0<>

    member: tap2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>

            port 7 priority 128 path cost 2000000 vlan protocol 802.1q

    member: tap1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>

            port 6 priority 128 path cost 2000000 vlan protocol 802.1q

    member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>

            port 5 priority 128 path cost 2000000 vlan protocol 802.1q

    member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>

            port 1 priority 128 path cost 20000 vlan protocol 802.1q

    groups: bridge

    nd6 options=9<PERFORMNUD,IFDISABLED>



tap0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500

    options=4080000<LINKSTATE,MEXTPG>

    ether 58:9c:fc:10:7c:c9

    groups: tap

    media: Ethernet 1000baseT <full-duplex>

    status: no carrier

    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>



tap1: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500

    options=4080000<LINKSTATE,MEXTPG>

    ether 58:9c:fc:10:98:be

    groups: tap

    media: Ethernet 1000baseT <full-duplex>

    status: no carrier

    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>



tap2: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500

    options=4080000<LINKSTATE,MEXTPG>

    ether 58:9c:fc:10:af:68

    groups: tap

    media: Ethernet 1000baseT <full-duplex>

    status: no carrier

    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

And, yes, if I remove lines 3 and 4, the messages disappear. However, after logging in, I have to run 'dhclient igb0' (otherwise there's no network on the physical interface...and no network at all ... and no tun interface, which i use in openvpn), and have to run 'service openvpn restart'. It's the little things. Overall, it's fine. Thanks!!

drr · 2025-12-09T21:11:10+0000

Andrey Lanin said:
And, yes, if I remove lines 3 and 4, the messages disappear. However, after logging in, I have to run 'dhclient igb0' (otherwise there's no network on the physical interface...and no network at all

This looks similar to the issue I previously had; probably the bridge not getting IP due to some of the member interfaces not being UP at the time of the DHCP request at boot time. I am wondering if there is a way to specify the order in which network interfaces should come up.

Andrey Lanin · 2025-12-10T08:37:26+0000

drr said:
I am wondering if there is a way to specify the order in which network interfaces should come up.

I'd also like to know this.

Andrey Lanin said:
And, yes, if I remove lines 3 and 4, the messages disappear. However, after logging in, I have to run 'dhclient igb0' (otherwise there's no network on the physical interface...and no network at all ... and no tun interface, which i use in openvpn)...

After that, the message

 

igb0: WARNING: Assigning an IP address to an interface which is also a bridge member is deprecated and will be unsupported in a future release.

keeps appearing. So, if they completely prohibit this in the next version of FreeBSD, I won't upgrade until I find a solution that is acceptable to me.

hpnothp · 2025-12-10T17:57:07+0000

drr said:
Thanks. I already have 'net.link.bridge.member_ifaddrs' set to 1; not sure if this was default (this is a fresh install of 15-RELEASE) or vm-bhyve set this while setting up the switch. I changed my /etc/rc.conf as below following the example in https://lists.freebsd.org/archives/freebsd-current/2025-May/007640.html, but that did not help.

Code:

cloned_interfaces="bridge0" ifconfig_em0="up" ifconfig_bridge0="DHCP addm em0"

As I noted before, a subsequent dhclient bridge0 seems to work for me without any warning.

Unfortunately You are mixing 2 different things. You need to choice exactly one of:

Keep DHCP assigned IP address for network interface (and bridge without IP address) - in such case you have to set net.link.bridge.member_ifaddrs=1 to make this "legacy" configuration work on FreeBSD 15 (but no way to make it work on 16)
Or new way: leave network interface without IP address and assign DHCP IP address to Bridge - however in such case you have to define new devd configuration to trigger DHCP client on bridge activation - as described on https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289142#c4