FreeBSD as hypervisor networking question

[junialter]

Hi,
I've been using Linux for 10+ years as virtualization platform but since bhyve is there and BSD (FreeBSD 11.2) seems nice to me I like to get used to how things are supposed to be done in this new world

Bridging:
I always read, don't assign the IP address to the interface itself but to the bridge interface. After struggling a lot I found out that doing that via DHCP requires me to do it that way in rc.conf

ifconfig_bridge0="addm alc0 addm SYNCDHCP"

instead of

ifconfig_bridge0="DHCP"

which is somewhat weird since I can't find anything about that in the official documentation.
My question: What do I need to do in order to get autoconfig IPv6 address for the bridge?

Second question:
Is there a good document I can read for this setup?
One NIC is connected to a switchport that is tagged vlan 802.1q with multiple vlan IDs. I want to connect every vlan from this nic to a specific bridge and then also create tap devices for my bhyve / jail guests.

Thank you.

 

[SirDice]

The ifconfig_* values are almost entirely 1 to 1 sent to the ifconfig(8) command by various functions in /etc/network.subr except a few keywords like SYNC/DHCP. Because for DHCP to work the /etc/rc.d/dhclient service needs to be started and it needs the correct interface parameters. Also a bridge(4) without member interfaces is rather useless, so you need to put everything in one ifconfig_bridge statement.

Also note that /etc/rc.conf is actually a shell script, as such things like this don't work:

ifconfig_bridge0="addm em1 addm em2"
ifconfig_bridge0="DHCP"

This would simply mean all the rc(8) scripts will use ifconfig_bridge0="DHCP".

It gets even more interesting when you add lagg(4) and vlan(4):

cloned_interfaces="lagg0 vlan10 bridge10"
ifconfig_igb0="up mtu 9014"
ifconfig_igb1="up mtu 9014"
ifconfig_lagg0="laggproto lacp laggport igb0 laggport igb1"
ifconfig_vlan10="inet 192.168.10.180 netmask 255.255.255.0 vlan 10 vlandev lagg0"
ifconfig_bridge10="addm vlan10 up"
defaultrouter="192.168.10.1"

 

[`Orum]

What do I need to do in order to get autoconfig IPv6 address for the bridge?

I would not even create a bridge in rc.conf at all, and instead use something like sysutils/vm-bhyve to handle all of that configuration for your automatically. For instance, on our bhyve server, hosting a few VMs on different VLANs, this is all I have in my rc.conf related to networking:

ifconfig_em0="up"
ifconfig_em1="up"

cloned_interfaces="lagg0 vlan224 vlan254"
ifconfig_lagg0="laggproto lacp laggport em0 laggport em1"

# No IP configuration on vlan 224 is deliberate
ifconfig_vlan224="vlan 224 vlandev lagg0"
ifconfig_vlan254="inet 192.168.254.220/24 vlan 254 vlandev lagg0"

defaultrouter="192.168.254.254"

If you want to you can always convert that to use DHCP or IPv6 instead (though I'm personally not a big fan of DHCP for servers). VLAN 224 is only used by a guest VM so the hypervisor has no IP for it.

Is there a good document I can read for this setup?
One NIC is connected to a switchport that is tagged vlan 802.1q with multiple vlan IDs. I want to connect every vlan from this nic to a specific bridge and then also create tap devices for my bhyve / jail guests.

Again, I recommend you don't do any of the tap configuration yourself. I strongly recommend you look at the wiki for vm-byhyve and its details on virtual switches. Assuming you only need an access port in the VM you can just attach a switch to a vlan(4) interface in the host, and then "plug" the VM into the switch, and voilà, an access port from within the guest.

If you need a trunk port, I think you can do the same with the lagg(4) interface. I have not tested this myself as I have no need, but assuming it works the guest would have access to all VLANs the host does (i.e. whatever you configure on your switch).

Edit: Looking at the wiki, it looks like there are several ways to do VLANs within vm-bhyve's switch configuration. I have not used that, and instead just attached directly to the interfaces created in rc.conf. For example:

------------------------
Virtual Switch: data
------------------------
  type: standard
  ident: vm-data
  vlan: -
  physical-ports: vlan254
  bytes-in: 7902356312 (7.359G)
  bytes-out: 8242877754 (7.676G)

  virtual-port
    device: tap1
    vm: ps01