From nobody Mon Aug 14 11:50:23 2023 X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RPXm66Ttsz4qNQq for ; Mon, 14 Aug 2023 11:51:02 +0000 (UTC) (envelope-from odhiambo@gmail.com) Received: from mail-lj1-x236.google.com (mail-lj1-x236.google.com [IPv6:2a00:1450:4864:20::236]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RPXm55GmLz4b97 for ; Mon, 14 Aug 2023 11:51:01 +0000 (UTC) (envelope-from odhiambo@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-lj1-x236.google.com with SMTP id 38308e7fff4ca-2b9cd6a554cso61824591fa.3 for ; Mon, 14 Aug 2023 04:51:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1692013860; x=1692618660; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:from:to:cc:subject:date:message-id:reply-to; bh=3EgCxRwu5F4Zh1Vv7MrtNmuaq1ARbQ+Of23VeVJGL0s=; b=RN10dPvvE6TUqNQRLromJ9pEcPqnuB2hWgTV9/rFQXjpI00Tbf5IUV92KZnzOqSJ4N isNt8SneioqpJKplaeVqtJ1QxY0E+pkDbCJuw1wz0THp7Wwz8+5EpjqR5aKqOZYWcE+P Om9Zq9UJSSPZ4YX5J/of6EYfO+dHzjB9/2AqRFBTqjPHmn5FJTT5b0jRhyNwxbYZ6bQl dTa5cxmauXBaHKQ+LDQZt2kYrt18vCv8HQDlSTbT+qYR9tCtdWeeApxC3D1dlO/z/fjL ea3rt9TjHwarZoaepLRTbU+8racBvdNwXZjr5ajWk2ZN4SqGAtnDay0/bT/UAduRVEra 80RA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1692013860; x=1692618660; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=3EgCxRwu5F4Zh1Vv7MrtNmuaq1ARbQ+Of23VeVJGL0s=; b=dlwcXWlHJjk1gmtDNUGuETZyHSIAjIX2TZr4/tu5dPZBygyRtIEzGAAVJvoU6IYpHh Xohu8zQrw6jZ/8cxBnIvH0zZYf4yaipTrtjLFx8qDXol3fE68uIL919dfZYQzZn1e7Rq Dl+HVOsIgyqjrbOdFtpluRkBjByxuX9diTBFaYH4ioOnS6XmReqlvjqo7+S1KuXLNzJ7 mtj5o9hWHI0pEr++nGyfRFJeUoUZI2pedpk8iP/qlwmIUYPMqWQFbu71xvfawM3H2o2f KIN4F8Sg66qJedEuxYBJFbQyJOgk4EGMRhagzN+3RH1h3GhuB0tc+XGHJ6J/sgHJ1/nE NHhw== X-Gm-Message-State: AOJu0YyW1ztpHKU/QlcK2Yj+Dtvaua1DF8SxVUMyuhx8HVjEOJxvEw+d IRQsjm6nL70tI4qPId/tEnSNDRGAcy0GpZlJTpcCyV0wJN0M1jBn X-Google-Smtp-Source: AGHT+IHaUZiseQB3dyDZ+1pGuDp/bMwDaNB2hfCbbOGucxzKSCITqEZekPQAQeQlywB4wG9GJi0ZbA2UgM1QGxALNn4= X-Received: by 2002:a05:651c:1036:b0:2b9:f1b3:ac3b with SMTP id w22-20020a05651c103600b002b9f1b3ac3bmr6373992ljm.39.1692013859558; Mon, 14 Aug 2023 04:50:59 -0700 (PDT) List-Id: Discussion List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-virtualization@freebsd.org X-BeenThere: freebsd-virtualization@freebsd.org MIME-Version: 1.0 References: <096b2d73-b28c-bd6b-a6d3-2a3c3dbaea7e@h4ck.io> <38587cf9-29a7-1246-3b64-a3cf35933717@quip.cz> <96160FBF-4E48-48E3-B26C-026CEB5B03C2@punkt.de> <6012E30F-056B-4E80-9FC8-1A937BBDC29D@punkt.de> In-Reply-To: <6012E30F-056B-4E80-9FC8-1A937BBDC29D@punkt.de> From: Odhiambo Washington Date: Mon, 14 Aug 2023 14:50:23 +0300 Message-ID: Subject: Re: bhyve VM not getting as much upload bandwidth as the host To: "Patrick M. Hausen" Cc: freebsd-virtualization@freebsd.org Content-Type: multipart/alternative; boundary="0000000000000ddcd80602e0ad93" X-Rspamd-Queue-Id: 4RPXm55GmLz4b97 X-Spamd-Bar: ---- X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US] --0000000000000ddcd80602e0ad93 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Mon, Aug 14, 2023 at 2:40=E2=80=AFPM Patrick M. Hausen = wrote: > Hi all, > > this: > > > Am 14.08.2023 um 13:32 schrieb Odhiambo Washington = : > > em1 is NOT a bridge member. It's the host's interface that is connected > to the Internet. > > and this: > > > ifconfig_em1bridge=3D"addm em1 addm tap0 addm tap1 addm tap2 addm tap3 = up" > > [...] > > Of course, because em1 is a bridge member, no? > > > contradict each other. em1 seems indeed to be the physical member > interface of your > bridge. You are right. I got confused there. > In that case you must move the IP address from em1 to em1bridge. > I don't quite agree with that. em1 is the host's interface - the one that connects to the router. > Like so: > > ifconfig_em1=3D"-tso -lro -txcsum -rxcsum up" > cloned_interfaces=3D"bridge0 tap0 tap1 tap2 tap3" > ifconfig_bridge0_name=3D"em1bridge" > ifconfig_em1bridge=3D"addm em1 addm tap0 addm tap1 addm tap2 addm tap3 up= " > ifconfig_em1bridge_alias0=3D"inet w.x.y.z netmask 255.255.255.0" > > Again: a bridge member interface must not have an IP address. Which > directly leads to > your last question: > My host has two NICs, em0 and em1. em0 isn't in use at all. em1 is the main interface to the Internet, with a public IP. Making the change you suggest will simply make the server not connect to the Internet. em1 has the public IP that I use to connect to the host from where I am. The host is in a Data Centre. I hope this clarifies it :) > > One last question for today (although I should just go and RTFM): Do I > really need several tap devices? Can't I just have all my VMs on tap0? Ea= ch > with it's own IP in that range? > > You do need one tap interface per VM but these are just "virtual ethernet > cables" plugged into > a "virtual switch" (em1bridge). So they need not and *must* not have an > IP address configured > on the host side. Just create them and add them to the bridge. > > All IP configuration is done in the VM guest and should match the network > connected to em1, of course. > So my configuration is right actually. I am giving IPs to the tapX devices and using NAT to let the VMs access the Internet. Why? Because my host has a single IP address assigned by my ISP. I don't have any other addresses other than private ones. --=20 Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-) [How to ask smart questions: http://www.catb.org/~esr/faqs/smart-questions.html] --0000000000000ddcd80602e0ad93 Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable


=
On Mon, Aug 14, 2023 at 2:40=E2=80=AF= PM Patrick M. Hausen <hausen@punkt.de= > wrote:
= Hi all,

this:

> Am 14.08.2023 um 13:32 schrieb Odhiambo Washington <odhiambo@gmail.com>:
> em1 is NOT a bridge member. It's the host's interface that is = connected to the Internet.

and this:

> ifconfig_em1bridge=3D"addm em1 addm tap0 addm tap1 addm tap2 addm= tap3 up"
> [...]
> Of course, because em1 is a bridge member, no?


contradict each other. em1 seems indeed to be the physical member interface= of your
bridge.

You are right. I got confused ther= e.
=C2=A0
= In that case you must move the IP address from em1 to em1bridge.

I don't quite agree with that. em1 is the hos= t's interface - the one that connects to the router.

=C2=A0
Like so:

ifconfig_em1=3D"-tso -lro -txcsum -rxcsum up"
cloned_interfaces=3D"bridge0 tap0 tap1 tap2 tap3"
ifconfig_bridge0_name=3D"em1bridge"
ifconfig_em1bridge=3D"addm em1 addm tap0 addm tap1 addm tap2 addm tap3= up"
ifconfig_em1bridge_alias0=3D"inet w.x.y.z netmask 255.255.255.0"<= br>
Again: a bridge member interface must not have an IP address. Which directl= y leads to
your last question:

My host has two NIC= s, em0 and em1.
em0 isn't in use at all.
em1 is the= main interface to the Internet, with a public IP.
Making the cha= nge you suggest will simply make the server not connect to the Internet. em= 1 has the public IP that I use to connect to the host from where I am.
The host is in a Data Centre.
I hope this clarifies it :)
=C2=A0
>=C2=A0 One last question for today (although I should just go and RTFM)= : Do I really need several tap devices? Can't I just have all my VMs on= tap0? Each with it's own IP in that range?

You do need one tap interface per VM but these are just "virtual ether= net cables" plugged into
a "virtual switch" (em1bridge). So they need not and *must* not= =C2=A0 have an IP address configured
on the host side. Just create them and add them to the bridge.

All IP configuration is done in the VM guest and should match the network c= onnected to em1, of course.

So my confi= guration is right actually. I am giving IPs to the tapX devices and using N= AT to let the VMs access the Internet. Why?
Because my host has a= single=C2=A0IP address assigned by my ISP. I don't have any other addr= esses other than private ones.


= --
Best regards,Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223"Oh, the cruft.",=C2=A0= egrep -v '^$|^.*#'=C2=A0=C2=AF\_(=E3=83= =84)_/=C2=AF=C2=A0:-)
<= div>[How to ask smart questions:=C2=A0http://www.catb.org/~esr/faqs/sma= rt-questions.html]
--0000000000000ddcd80602e0ad93--