Solved VLAN Initialization Questions

D

Deviant0ne

In reading the FreeBSD handbook and various blog posts, it would seem there are at least two ways to initialize a VLAN interface via /etc/rc.conf. I'm assuming the "preferred" method is the FreeBSD handbook method, but are there any performance/security/etc. benefits to one method vs. the other?

FreeBSD handbook method:
Code: 
vlans_igb0="25"
ifconfig_igb0_25="inet 172.16.25.1/24 up"

Alternative method:
Code: 
cloned_interfaces="vlan25"
ifconfig_vlan25="inet 172.16.25.1/24 vlandev igb0 vlan 25 up"

One thing that I have noticed is that I am unable to make use of the jng script if I use the handbook method, whereas the jng script works perfectly with the alternative method.
 
The only difference in the result should be how the interface is named. Using vlans_ is just convenience otherwise. Note you can use it with custom naming as well like this:
Code: 
vlans_igb0="vlan25"
create_args_vlan25="vlan 25"
ifconfig_vlan25="inet 172.16.25.1/24 up"
See also rc.conf(5)
 
Something interesting that I found while testing various configuration settings is that the /usr/share/examples/jails/jib and /usr/share/examples/jails/jng scripts fail if there is a period in the parent interface name, i.e. igb0.25. However, if the interface is renamed to remove the period, i.e. iotvlan, the scripts work as expected.
 
I read somewhere that the dotted notation is preferred but I can't remember where I read that. It was something I came across when setting up VLANs in my home network. So I have em1.10, em1.20 etc. on my router for VLANs 10 and 20 for example. Looking at the configurations on my VM host sysutils/vm-bhyve also uses that dotted notation.

Code: 
root@hosaka:~ # vm switch list
NAME     TYPE      IFACE       ADDRESS  PRIVATE  MTU   VLAN  PORTS
servers  standard  vm-servers  -        no       9000  11    lagg0
public   standard  vm-public   -        no       9000  10    lagg0
root@hosaka:~ # ifconfig lagg0.10
lagg0.10: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 9000
        description: vm-vlan-public-lagg0.10
        options=4000000<NOMAP>
        ether 00:25:90:f1:58:39
        groups: vlan vm-vlan viid-bdfd6@
        vlan: 10 vlanproto: 802.1q vlanpcp: 0 parent interface: lagg0
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
root@hosaka:~ # ifconfig lagg0.11
lagg0.11: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 9000
        description: vm-vlan-servers-lagg0.11
        options=4000000<NOMAP>
        ether 00:25:90:f1:58:39
        groups: vlan vm-vlan viid-8bf4d@
        vlan: 11 vlanproto: 802.1q vlanpcp: 0 parent interface: lagg0
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

I personally like that notation, it's already clear I'm dealing with a VLAN, so there's no need to explicitly call the interface vlan* too. I can tell it's VLAN 11 on the lagg0 interface, saves me from looking at the interface configuration to see what the parent interface is.
 
Thank you for that information, SirDice.

SirDice said:
I read somewhere that the dotted notation is preferred but I can't remember where I read that. It was something I came across when setting up VLANs in my home network. So I have em1.10, em1.20 etc. on my router for VLANs 10 and 20 for example. Looking at the configurations on my VM host sysutils/vm-bhyve also uses that dotted notation.

Code: 
root@hosaka:~ # vm switch list
NAME     TYPE      IFACE       ADDRESS  PRIVATE  MTU   VLAN  PORTS
servers  standard  vm-servers  -        no       9000  11    lagg0
public   standard  vm-public   -        no       9000  10    lagg0
root@hosaka:~ # ifconfig lagg0.10
lagg0.10: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 9000
        description: vm-vlan-public-lagg0.10
        options=4000000<NOMAP>
        ether 00:25:90:f1:58:39
        groups: vlan vm-vlan viid-bdfd6@
        vlan: 10 vlanproto: 802.1q vlanpcp: 0 parent interface: lagg0
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
root@hosaka:~ # ifconfig lagg0.11
lagg0.11: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 9000
        description: vm-vlan-servers-lagg0.11
        options=4000000<NOMAP>
        ether 00:25:90:f1:58:39
        groups: vlan vm-vlan viid-8bf4d@
        vlan: 11 vlanproto: 802.1q vlanpcp: 0 parent interface: lagg0
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

I personally like that notation, it's already clear I'm dealing with a VLAN, so there's no need to explicitly call the interface vlan* too. I can tell it's VLAN 11 on the lagg0 interface, saves me from looking at the interface configuration to see what the parent interface is.
Click to expand...

I like the look of the dotted notation as well but I am actively using the /usr/share/examples/jails/jib and /usr/share/examples/jails/jng scripts to create interfaces for jails and I've only just discovered that those scripts aren't able to attach to interfaces with a dot in the name.

I suppose as long as there aren't any performance differences between the two methods, then I don't mind using the non-dotted method.
 
Deviant0ne said:
I suppose as long as there aren't any performance differences between the two methods
Click to expand...
There shouldn't be any difference in this regard. It's just a notation difference, there's nothing different "underwater" so to speak.
 
Apologies for the necrobump, but re-reading this thread I saw the note about dotted vlans not working in jib. I really wanted to use dots and decided to try to fix the code. Shell hacking isn't my forte, but I did come up with a four line fix that corrects the problem. Essentially, the code uses an eval and the dot in the name won't parse properly. I had to use sed, although I suspect there's probably a way to do this with bourne shell only syntax.

I'm posting the fix here (it's in the derive_mac function). I was wondering if I should file a bug against the code and include it there. Is that a good way to handle it? It looks like the author Teske is still active, he's probably the best person to decide if this is ok. Anyway, here's the code if anyone finds this and wants to use dots in their jib launched vlan interfaces.

Code: 
        if [ ! "$__mac_num" ]; then
# PATCH:  aphilips 2025-02-27
# BUG:    An interface with '.' fails (a common vlan extension)
# CHANGE: replace '.' with '_' for counter
                local ifcounter=$(echo "$iface" | sed "s/\./__ctr__/g")
                eval __mac_num=\${_${ifcounter}_num:--1}
                __mac_num=$(( $__mac_num + 1 ))
                eval _${ifcounter}_num=\$__mac_num
# END OF CHANGE
        fi
 
You must log in or register to reply here.
Back
Top