bhyve with vlans - host and vm can't pass traffic

Scott O'Connell scotto at sds.com
Thu Apr 23 01:34:01 UTC 2015


Thanks for your reply, Matthew.  See results below:

On 4/22/2015 4:17 PM, Matthew Grooms wrote:
> On 4/22/2015 11:02 AM, Scott O'Connell wrote:
>> I'm very new to bhyve and am having an issue. I'm trying to get VM's 
>> and VLAN's working.
>>
>> I'm able to get VLAN's working in a VM, but the VM and the VMHOST, 
>> can't communicate with each other on the same vlan.
>>
>> Using 10.1-RELEASE-p9 for both VMHOST01 and DEV. Upstream from the 
>> VMHOST on lagg0 is a Cisco 3750G.
>>
>> VMHOST01 before starting VM:
>>
>>         bge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> 
>> metric 0 mtu 1500
>> options=c019b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE> 
>>
>>           ether f0:1f:af:dd:2e:c5
>>           nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>>           media: Ethernet autoselect (1000baseT <full-duplex>)
>>           status: active
>>         bge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> 
>> metric 0 mtu 1500
>> options=c019b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE> 
>>
>>           ether f0:1f:af:dd:2e:c5
>>           nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>>           media: Ethernet autoselect (1000baseT <full-duplex>)
>>           status: active
>>         lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 
>> 16384
>> options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
>>           inet6 ::1 prefixlen 128
>>           inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
>>           inet 127.0.0.1 netmask 0xff000000
>>           nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
>>         lagg0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> 
>> metric 0 mtu 1500
>> options=c019b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,VLAN_HWTSO,LINKSTATE> 
>>
>>           ether f0:1f:af:dd:2e:c5
>>           nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>>           media: Ethernet autoselect
>>           status: active
>>           laggproto lacp lagghash l2,l3,l4
>>           laggport: bge1 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
>>           laggport: bge0 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
>>         vlan100: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> 
>> metric 0 mtu 1500
>>           options=103<RXCSUM,TXCSUM,TSO4>
>>           ether f0:1f:af:dd:2e:c5
>>           inet 10.0.1.17 netmask 0xffffff00 broadcast 10.0.1.255
>>           nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>>           media: Ethernet autoselect
>>           status: active
>>           vlan: 100 parent interface: lagg0
>>
>> VMHOST after starting VM (added tap0 & bridge0):
>>
>>         tap0: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 
>> 0 mtu 1500
>>           options=80000<LINKSTATE>
>>           ether 00:bd:70:71:1d:00
>>           nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>>           media: Ethernet autoselect
>>           status: no carrier
>>         bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> 
>> metric 0 mtu 1500
>>           ether 02:d3:e4:02:03:00
>>           nd6 options=1<PERFORMNUD>
>>           id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
>>           maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
>>           root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
>>           member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>>           ifmaxaddr 0 port 6 priority 128 path cost 2000000
>>           member: lagg0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>>           ifmaxaddr 0 port 4 priority 128 path cost 10000
>>
>>
>> Note that the "status: no carrier" is because I hadn't brought up the 
>> VM yet. It properly changes to the following after the VM is started:
>>
>>         tap0: 
>> flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 
>> mtu 1500
>>           options=80000<LINKSTATE>
>>           ether 00:bd:70:71:1d:00
>>           nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>>           media: Ethernet autoselect
>>           status: active
>>           Opened by PID 70827
>>
>> VM:
>>         vtnet0: 
>> flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 
>> mtu 1500
>>           options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
>>           ether 00:a0:98:2b:34:37
>>           nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>>           media: Ethernet 10Gbase-T <full-duplex>
>>           status: active
>>         lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 
>> 16384
>> options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
>>           inet6 ::1 prefixlen 128
>>           inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
>>           inet 127.0.0.1 netmask 0xff000000
>>           nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
>>         vlan100: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> 
>> metric 0 mtu 1500
>>           ether 00:a0:98:2b:34:37
>>           inet 10.0.1.6 netmask 0xffffff00 broadcast 10.0.1.255
>>           nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
>>           media: Ethernet 10Gbase-T <full-duplex>
>>           status: active
>>           vlan: 100 parent interface: vtnet0
>>
>>
>> With this configuration, both VMHOST01 and DEV can communicate 
>> anywhere, EXCEPT to each other using their IP on VLAN100.
>>
>> The ultimate goal is to have more than one VLAN presented to the VM, 
>> whether it exists on the VMHOST or not.
>>
>> Where did I go wrong?
>>
>> Thanks in advance,
>> scotto
>>
>
> Scott,
>
> Have you tried creating the bridge on vlan100 device instead of lagg0 
> and assigning 10.0.1.6/24 directly to vtnet0 in the VM? I understand 
> that you would prefer to do the VLAN tagging inside the VM, but have 
> you tried it the other way just to make sure that untagged packets are 
> being passed properly? If so, it could be that either the vtnet0 or 
> the tap0 interface is choking on the VLAN tag.
>
> Another thing to try would be to run 'tcpdump -i tap0' in vmhost0 
> while the VM is trying to send packets to see if any frames are 
> captured and, consequently, if they contain a VLAN tag at the head of 
> the frame.
>
> -Matthew
> _______________________________________________
> freebsd-net at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-net
> To unsubscribe, send any mail to "freebsd-net-unsubscribe at freebsd.org"

I tried your suggestions.

I was successful  in changing the vmhost01 bridge to include vlan100 and 
tap0, and in the vm (dev) binding the address directly to vtnet0.

On the VMHOST:
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 
0 mtu 1500
         options=80000<LINKSTATE>
         ether 00:bd:4c:d1:02:00
         media: Ethernet autoselect
         status: active
         Opened by PID 888
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 
1500
         ether 02:d3:e4:02:03:00
         id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
         maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
         root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
         member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                 ifmaxaddr 0 port 6 priority 128 path cost 2000000
         member: vlan100 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                 ifmaxaddr 0 port 5 priority 128 path cost 2000000

In the VM:
vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> 
metric 0 mtu 1500
         options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
         ether 00:a0:98:2b:34:37
         inet 10.0.1.6 netmask 0xffffff00 broadcast 10.0.1.255
         nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
         media: Ethernet 10Gbase-T <full-duplex>
         status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
         options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
         inet6 ::1 prefixlen 128
         inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
         inet 127.0.0.1 netmask 0xff000000
         nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

The same results with regard to connectivity.   Both the VMHOST and the 
VM can communicate everywhere, except with each other.

I'm not sure how much detail to post, or what protocol I should be 
testing from the tcpdump, but here are a couple of relevant portions.  
Captured on the VMHOST with "tcpdump -i tap0 -n -vv", and on the VM with 
"tcpdump -i vtnet0 -n -vv"

A ping from the VM (10.0.1.6) to VMHOST (10.0.1.17):

Captured on tap0:
18:18:40.656407 IP (tos 0x0, ttl 64, id 2398, offset 0, flags [none], 
proto ICMP (1), length 84)
     10.0.1.6 > 10.0.1.17: ICMP echo request, id 46082, seq 689, length 64
18:18:40.656429 IP (tos 0x0, ttl 64, id 3824, offset 0, flags [none], 
proto ICMP (1), length 84, bad cksum 0 (->55a3)!)
     10.0.1.17 > 10.0.1.6: ICMP echo reply, id 46082, seq 689, length 64

Captured on vtnet0:
18:18:40.906203 IP (tos 0x0, ttl 64, id 2398, offset 0, flags [none], 
proto ICMP (1), length 84)
     10.0.1.6 > 10.0.1.17: ICMP echo request, id 46082, seq 689, length 64
18:18:40.906366 IP (tos 0x0, ttl 64, id 3824, offset 0, flags [none], 
proto ICMP (1), length 84, bad cksum 0 (->55a3)!)
     10.0.1.17 > 10.0.1.6: ICMP echo reply, id 46082, seq 689, length 64

100% packet loss on the ping.

Here is the same traffic from both systems between the VM (10.0.1.6) and 
the switch (10.0.1.1) through the VMHOST:

Captured on tap0:
18:23:42.712065 IP (tos 0x0, ttl 64, id 2858, offset 0, flags [none], 
proto ICMP (1), length 84)
     10.0.1.6 > 10.0.1.1: ICMP echo request, id 58626, seq 2, length 64
18:23:42.712595 IP (tos 0x0, ttl 255, id 2858, offset 0, flags [none], 
proto ICMP (1), length 84)
     10.0.1.1 > 10.0.1.6: ICMP echo reply, id 58626, seq 2, length 64

Captured on vtnet0:
18:23:43.141890 IP (tos 0x0, ttl 64, id 2858, offset 0, flags [none], 
proto ICMP (1), length 84)
     10.0.1.6 > 10.0.1.1: ICMP echo request, id 58626, seq 2, length 64
18:23:43.142553 IP (tos 0x0, ttl 255, id 2858, offset 0, flags [none], 
proto ICMP (1), length 84)
     10.0.1.1 > 10.0.1.6: ICMP echo reply, id 58626, seq 2, length 64

100% packet success on the ping.

I'm never quite sure when checksum's with TCP Dump or Wireshark are 
expected, and when they aren't, but it appears that is where the problem 
lies here.

With that said, if I'm understanding this correctly, and checksums are 
the problem, I'm not sure what to try next.

Thanks again!

scotto



More information about the freebsd-net mailing list