Am 2024-06-03 21:02, schrieb FreeBSD User:
Hello,I'm running a dual socket NUMA CURRENT host (Fujitsu RX host) running several jails. Jails are attached to a bridge device (bridge1), the physical device on that bridge is igb1 (i350 based NIC). The bridge is created via host's rc scripts, adding and/or deleting epair members of thebridge is performed by the jail.conf script.I do not know how long the setup worked, but out of the blue, last week after a longish poudriere run after updating the host to most recent CURRENT (as of today, latest update kernel and world) and performing "etcupdate" on both the host and all jails, traffic beyond the bridge is not seen on the network! All jails can communicate with each other. Traffic from the host itself is routed via igb0 to network and back via igb1 onto the bridge.I check all setups for net.link.bridge: net.link.bridge.ipfw: 0 net.link.bridge.log_mac_flap: 1 net.link.bridge.allow_llz_overlap: 0 net.link.bridge.inherit_mac: 0 net.link.bridge.log_stp: 0 net.link.bridge.pfil_local_phys: 0 net.link.bridge.pfil_member: 0 net.link.bridge.ipfw_arp: 0 net.link.bridge.pfil_bridge: 0 net.link.bridge.pfil_onlyip: 0 I did not change anything (knowingly).I also have an oldish box running single socket processor, also driven by the very same CURRENT and similar, but not identical setup. The box is running very well and the bridge isworking as expected.I was wondering if something in detail has changed in the handling of jails, epair andbridges. I followed the setup "after the book", nothing suspicious.
"after the book" = the IP of the host itself is not on igb1 but on a different interface or on the bridge?
Is there a firewall active on the box itself? Which one?What does wireshark / a traffic dump at the physical interface level tell compared to a traffic dump at the switch interface? Did you replace the cable / SFP / move to a different switch port as a test?
I suggest to provide the output of ifconfig -a and netstat -rn (feel free to mangle the IPs, as long as the mangling is a consistent replacement and not a cut-off).
Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netch...@freebsd.org : PGP 0x8F31830F9F2772BF
signature.asc
Description: OpenPGP digital signature
