[Bug 238198] Traffic through a vm -> bridge(4) -> vlan -> ix(4) does not return
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 23 Jan 2025 10:18:01 UTC
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=238198
vlad <vladi.kamburov@gmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |vladi.kamburov@gmail.com
--- Comment #17 from vlad <vladi.kamburov@gmail.com> ---
Hi there. Are there any solutions about the reported issue?
Because I ran into the same tag-vlan bridge related bug on FreeBSD 14.2
release.
A brief netflow topology of my vm-bhyve setup config:
vm-guest -> tap_if -> bridge -> lagg0.101 -> lagg0 -> switch link
aggregation(lacp proto).
My configuration:
The bridge and interface configuration was made trough a vm-bhyve utilities:
I have two bridges:
First for all permitted tagged/untagged traffic
# ifconfig vm-prod-untag
vm-prod-untag: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP>
metric 0 mtu 1500
options=0
ether 76:af:6f:48:e6:44
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 10 priority 128 path cost 2000000
member: lagg0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 6 priority 128 path cost 10000
groups: bridge vm-switch viid-688c3@
nd6 options=9<PERFORMNUD,IFDISABLED>
Second for tagged vlan101
# ifconfig vm-mgmt-v101
vm-mgmt-v101: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP>
metric 0 mtu 1500
options=0
ether 6e:09:e8:bd:9e:bb
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: tap1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 11 priority 128 path cost 2000000
member: lagg0.101 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 9 priority 128 path cost 10000
groups: bridge vm-switch viid-55f45@
nd6 options=9<PERFORMNUD,IFDISABLED>
# ifconfig lagg0.101
lagg0.101:
flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0
mtu 1500
description: vm-vlan/mgmt-v101/lagg0.101
options=0
ether 3c:ec:ef:f5:f0:54
groups: vlan vm-vlan viid-c50e3@
vlan: 101 vlanproto: 802.1q vlanpcp: 0 parent interface: lagg0
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
# ifconfig lagg0
lagg0: flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP>
metric 0 mtu 1500
options=8120b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,HWSTATS>
ether 3c:ec:ef:f5:f0:54
hwaddr 00:00:00:00:00:00
laggproto lacp lagghash l2,l3
laggport: igb2 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
laggport: igb3 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
groups: lagg
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
# vm switch list
NAME TYPE IFACE ADDRESS PRIVATE MTU VLAN PORTS
prod-untag standard vm-prod-untag - no - - lagg0
mgmt-v101 standard vm-mgmt-v101 - no - 101 lagg0
# vm switch info
------------------------
Virtual Switch: prod-untag
------------------------
type: standard
ident: vm-prod-untag
vlan: -
physical-ports: lagg0
bytes-in: 249898 (244.041K)
bytes-out: 0 (0.000B)
virtual-port
device: tap0
vm: devuan5
------------------------
Virtual Switch: mgmt-v101
------------------------
type: standard
ident: vm-mgmt-v101
vlan: 101
physical-ports: lagg0
bytes-in: 78782 (76.935K)
bytes-out: 0 (0.000B)
virtual-port
device: tap1
vm: devuan5
On the guest-vm tap1 interface the broadcast/multicast traffic on given vlan is
monitored:
13:36:54.002150 58:9c:fc:03:ff:48 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800),
length 342: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
58:9c:fc:03:ff:48, length 300
13:36:54.678090 e4:4e:2d:20:73:b0 > 01:00:0c:cc:cc:cd, 802.3, length 50: LLC,
dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Cisco
(0x00000c), pid PVST (0x010b), length 42: STP 802.1w, Rapid STP, Flags [Learn,
Forward], bridge-id 8065.e4:4e:2d:20:73:80.8030, length 42
13:36:55.332705 18:e8:29:e0:8f:af > 01:00:5e:7e:7f:3f, ethertype IPv4 (0x0800),
length 60: 192.168.101.18 > 239.254.127.63: igmp v2 report 239.254.127.63
13:36:55.472674 a8:42:a1:3e:ad:3d > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800),
length 766: 192.168.101.56.32953 > 255.255.255.255.29810: UDP, length 724
13:36:55.503004 a8:42:a1:3e:ae:95 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800),
length 765: 192.168.101.50.45589 > 255.255.255.255.29810: UDP, length 723
At the bridge level MAC addresses are learned also
# ifconfig vm-mgmt-v101 addr
3c:ec:ef:ed:ba:23 Vlan0 lagg0.101 1161 flags=0<>
18:e8:29:e0:8f:af Vlan0 lagg0.101 1179 flags=0<>
80:2a:a8:56:06:d8 Vlan0 lagg0.101 1194 flags=0<>
a8:42:a1:3e:ae:2e Vlan0 lagg0.101 1190 flags=0<>
a8:42:a1:3e:ae:1a Vlan0 lagg0.101 1199 flags=0<>
a8:42:a1:3e:ae:5a Vlan0 lagg0.101 1199 flags=0<>
a8:42:a1:3e:ae:9f Vlan0 lagg0.101 1197 flags=0<>
a8:42:a1:3e:ae:0c Vlan0 lagg0.101 1197 flags=0<>
a8:42:a1:3e:ad:70 Vlan0 lagg0.101 1195 flags=0<>
a8:42:a1:3e:ae:11 Vlan0 lagg0.101 1194 flags=0<>
a8:42:a1:3e:ad:3d Vlan0 lagg0.101 1193 flags=0<>
a8:42:a1:3e:ae:95 Vlan0 lagg0.101 1193 flags=0<>
e4:4e:2d:20:73:b0 Vlan0 lagg0.101 1199 flags=0<>
58:9c:fc:03:ff:48 Vlan0 tap2 1196 flags=0<>
Debugging:
When i start dhclient on guest vm, on the lagg0.101
only DHCP Requests are monitored.
# tcpdump -ni lagg0.101 -e port 67 or port 68 -n
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on lagg0.101, link-type EN10MB (Ethernet), snapshot length 262144
bytes
13:50:20.685895 58:9c:fc:03:ff:48 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800),
length 342: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
58:9c:fc:03:ff:48, length 300
13:50:24.542102 58:9c:fc:03:ff:48 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800),
length 342: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
58:9c:fc:03:ff:48, length 300
13:50:27.733103 58:9c:fc:03:ff:48 > ff:ff:ff:ff:ff:ff, ethertype IPv4 (0x0800),
length 342: 0.0.0.0.68 > 255.255.255.255.67: BOOTP/DHCP, Request from
58:9c:fc:03:ff:48, length 300
On the lagg0 DHCP Request and DHCP Reply are monitored
tcpdump -ni lagg0 -e vlan 101 and port 67 or port 68 -n
tcpdump: verbose output suppressed, use -v[v]... for full protocol decode
listening on lagg0, link-type EN10MB (Ethernet), snapshot length 262144 bytes
13:50:20.685898 58:9c:fc:03:ff:48 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q
(0x8100), length 346: vlan 101, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 >
255.255.255.255.67: BOOTP/DHCP, Request from 58:9c:fc:03:ff:48, length 300
13:50:20.686402 d2:f7:aa:37:2c:73 > 58:9c:fc:03:ff:48, ethertype 802.1Q
(0x8100), length 346: vlan 101, p 0, ethertype IPv4 (0x0800), 192.168.101.1.67
> 192.168.101.165.68: BOOTP/DHCP, Reply, length 300
13:50:24.542106 58:9c:fc:03:ff:48 > ff:ff:ff:ff:ff:ff, ethertype 802.1Q
(0x8100), length 346: vlan 101, p 0, ethertype IPv4 (0x0800), 0.0.0.0.68 >
255.255.255.255.67: BOOTP/DHCP, Request from 58:9c:fc:03:ff:48, length 300
13:50:24.542858 d2:f7:aa:37:2c:73 > 58:9c:fc:03:ff:48, ethertype 802.1Q
(0x8100), length 346: vlan 101, p 0, ethertype IPv4 (0x0800), 192.168.101.1.67
> 192.168.101.165.68: BOOTP/DHCP, Reply, length 300
In inbound direction somewhere between lagg0 -> lagg0.101 unicast packets are
lost. ARP proto, the same situation.
If I remove lagg0 as a member from the bridge vm-prod-untag, on the other
vm-mgmt-v101 bridge the unicast tagged packets appears.
No matters if we use link-aggregation lagg or physical igbX interface.
Solution can be to use only tagged vlans on the same parent interface, or
untagged traffic to be configured on a standalone interface.
Regards,
--
You are receiving this mail because:
You are the assignee for the bug.