Setup:
Physical Machine w/ two nics.
One of the nics is passed through to bhyve pfsense instance.
Bhyve pfsense instance has four interfaces. 1 WAN and 1 LAN and 2 vlans.
In addition to the bhyve pfsense instance, there is a vnet jail with epair70a and epair70b accordingly.
A fully running FreeBSD host, jail, and bhyve pfsense looks as follows:
Host:
Bhyve PFsense:
-------------------------
Jail:
-----------
What I'm trying to do is get the jail on vlan 70 but all attempts to do so failed. I can create a vlan interface from tap0 (tap0.70) add that the bridge1 (for instance) with epair70a on the host .... and when doing so the pfsense bhyve instance receives the request from the jail ... sends the response, but the response is never seen on tap0.70 nor the jail interface.
The only thing out of place given the above is the epair70a device in bridge0 as that was the only way for DHCP to work properly albeit on the wrong VLAN and my lack of inclusion for the WAN and loopback interfaces as no one would care.
Does anyone have a working example of a vlan (call it 70) between a jail and bhyve instance working?
Physical Machine w/ two nics.
One of the nics is passed through to bhyve pfsense instance.
Bhyve pfsense instance has four interfaces. 1 WAN and 1 LAN and 2 vlans.
In addition to the bhyve pfsense instance, there is a vnet jail with epair70a and epair70b accordingly.
A fully running FreeBSD host, jail, and bhyve pfsense looks as follows:
Host:
Code:
igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=a520b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6>
ether d0:50:99:d4:b9:fe
inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: vm-customswitch
ether 02:b4:bd:ea:4e:00
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: epair70a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 6 priority 128 path cost 2000
member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 7 priority 128 path cost 2000000
member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 1 priority 128 path cost 2000000
groups: bridge vm-switch viid-cc582@
nd6 options=9<PERFORMNUD,IFDISABLED>
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: vmnet-pfsense-0-customswitch
options=80000<LINKSTATE>
ether 58:9c:fc:10:ff:91
groups: tap vm-port
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Opened by PID 1446
epair70a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:67:41:86:99:0a
inet6 fe80::67:41ff:fe86:990a%epair70a prefixlen 64 scopeid 0x6
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
Bhyve PFsense:
-------------------------
Code:
vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
ether 58:9c:fc:06:47:08
hwaddr 58:9c:fc:06:47:08
inet6 fe80::5a9c:fcff:fe06:4708%vtnet0 prefixlen 64 scopeid 0x1
inet 192.168.0.1 netmask 0xffffff00 broadcast 192.168.0.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet 10Gbase-T <full-duplex>
status: active
vtnet0.70: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
ether 58:9c:fc:06:47:08
inet6 fe80::5a9c:fcff:fe06:4708%vtnet0.70 prefixlen 64 scopeid 0x7
inet 192.168.70.1 netmask 0xffffff00 broadcast 192.168.70.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet 10Gbase-T <full-duplex>
status: active
vlan: 70 vlanpcp: 0 parent interface: vtnet0
groups: vlan
vtnet0.71: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
ether 58:9c:fc:06:47:08
inet6 fe80::5a9c:fcff:fe06:4708%vtnet0.71 prefixlen 64 scopeid 0x8
inet 192.168.71.1 netmask 0xffffff00 broadcast 192.168.71.255
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet 10Gbase-T <full-duplex>
status: active
vlan: 71 vlanpcp: 0 parent interface: vtnet0
groups: vlan
Jail:
-----------
Code:
Simply failes to DHCP
What I'm trying to do is get the jail on vlan 70 but all attempts to do so failed. I can create a vlan interface from tap0 (tap0.70) add that the bridge1 (for instance) with epair70a on the host .... and when doing so the pfsense bhyve instance receives the request from the jail ... sends the response, but the response is never seen on tap0.70 nor the jail interface.
The only thing out of place given the above is the epair70a device in bridge0 as that was the only way for DHCP to work properly albeit on the wrong VLAN and my lack of inclusion for the WAN and loopback interfaces as no one would care.
Does anyone have a working example of a vlan (call it 70) between a jail and bhyve instance working?