Solved VLAN Initialization Questions

D

Deviant0ne

In reading the FreeBSD handbook and various blog posts, it would seem there are at least two ways to initialize a VLAN interface via /etc/rc.conf. I'm assuming the "preferred" method is the FreeBSD handbook method, but are there any performance/security/etc. benefits to one method vs. the other?

FreeBSD handbook method:
Code: 
vlans_igb0="25"
ifconfig_igb0_25="inet 172.16.25.1/24 up"

Alternative method:
Code: 
cloned_interfaces="vlan25"
ifconfig_vlan25="inet 172.16.25.1/24 vlandev igb0 vlan 25 up"

One thing that I have noticed is that I am unable to make use of the jng script if I use the handbook method, whereas the jng script works perfectly with the alternative method.
 
The only difference in the result should be how the interface is named. Using vlans_ is just convenience otherwise. Note you can use it with custom naming as well like this:
Code: 
vlans_igb0="vlan25"
create_args_vlan25="vlan 25"
ifconfig_vlan25="inet 172.16.25.1/24 up"
See also rc.conf(5)
 
Something interesting that I found while testing various configuration settings is that the /usr/share/examples/jails/jib and /usr/share/examples/jails/jng scripts fail if there is a period in the parent interface name, i.e. igb0.25. However, if the interface is renamed to remove the period, i.e. iotvlan, the scripts work as expected.
 
I read somewhere that the dotted notation is preferred but I can't remember where I read that. It was something I came across when setting up VLANs in my home network. So I have em1.10, em1.20 etc. on my router for VLANs 10 and 20 for example. Looking at the configurations on my VM host sysutils/vm-bhyve also uses that dotted notation.

Code: 
root@hosaka:~ # vm switch list
NAME     TYPE      IFACE       ADDRESS  PRIVATE  MTU   VLAN  PORTS
servers  standard  vm-servers  -        no       9000  11    lagg0
public   standard  vm-public   -        no       9000  10    lagg0
root@hosaka:~ # ifconfig lagg0.10
lagg0.10: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 9000
        description: vm-vlan-public-lagg0.10
        options=4000000<NOMAP>
        ether 00:25:90:f1:58:39
        groups: vlan vm-vlan viid-bdfd6@
        vlan: 10 vlanproto: 802.1q vlanpcp: 0 parent interface: lagg0
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
root@hosaka:~ # ifconfig lagg0.11
lagg0.11: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 9000
        description: vm-vlan-servers-lagg0.11
        options=4000000<NOMAP>
        ether 00:25:90:f1:58:39
        groups: vlan vm-vlan viid-8bf4d@
        vlan: 11 vlanproto: 802.1q vlanpcp: 0 parent interface: lagg0
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

I personally like that notation, it's already clear I'm dealing with a VLAN, so there's no need to explicitly call the interface vlan* too. I can tell it's VLAN 11 on the lagg0 interface, saves me from looking at the interface configuration to see what the parent interface is.
 
Thank you for that information, SirDice.

SirDice said:
I read somewhere that the dotted notation is preferred but I can't remember where I read that. It was something I came across when setting up VLANs in my home network. So I have em1.10, em1.20 etc. on my router for VLANs 10 and 20 for example. Looking at the configurations on my VM host sysutils/vm-bhyve also uses that dotted notation.

Code: 
root@hosaka:~ # vm switch list
NAME     TYPE      IFACE       ADDRESS  PRIVATE  MTU   VLAN  PORTS
servers  standard  vm-servers  -        no       9000  11    lagg0
public   standard  vm-public   -        no       9000  10    lagg0
root@hosaka:~ # ifconfig lagg0.10
lagg0.10: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 9000
        description: vm-vlan-public-lagg0.10
        options=4000000<NOMAP>
        ether 00:25:90:f1:58:39
        groups: vlan vm-vlan viid-bdfd6@
        vlan: 10 vlanproto: 802.1q vlanpcp: 0 parent interface: lagg0
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
root@hosaka:~ # ifconfig lagg0.11
lagg0.11: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 9000
        description: vm-vlan-servers-lagg0.11
        options=4000000<NOMAP>
        ether 00:25:90:f1:58:39
        groups: vlan vm-vlan viid-8bf4d@
        vlan: 11 vlanproto: 802.1q vlanpcp: 0 parent interface: lagg0
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

I personally like that notation, it's already clear I'm dealing with a VLAN, so there's no need to explicitly call the interface vlan* too. I can tell it's VLAN 11 on the lagg0 interface, saves me from looking at the interface configuration to see what the parent interface is.
Click to expand...

I like the look of the dotted notation as well but I am actively using the /usr/share/examples/jails/jib and /usr/share/examples/jails/jng scripts to create interfaces for jails and I've only just discovered that those scripts aren't able to attach to interfaces with a dot in the name.

I suppose as long as there aren't any performance differences between the two methods, then I don't mind using the non-dotted method.
 
Deviant0ne said:
I suppose as long as there aren't any performance differences between the two methods
Click to expand...
There shouldn't be any difference in this regard. It's just a notation difference, there's nothing different "underwater" so to speak.
 
You must log in or register to reply here.
Back
Top