On Wed, 20 Dec 2023 18:04:36 +0100
"Patrick M. Hausen" <hau...@punkt.de> wrote:
> Hi all,
>
> as some probably know we provide web hosting services and we use
> jails for that.
>
> On some particular host we have 255 vnet jails all of which are
> connected to the external interface of the host - renamed to "inet0"
> in our environment - via if_bridge(4) and all managed with iocage.
>
> root@ph003:~ # grep inet0 /iocage/jails/vpro*/config.json|wc -l
> 255
>
> Of these 251 also have a second epair interface connected to a
> private bridge named "priv1". These are used for connections to the
> central database server which should not be exposed to the Internet.
>
> root@ph003:~ # grep priv1 /iocage/jails/vpro*/config.json | wc -l
> 251
>
> While looking for a different problem to my great suprise I found
> today that ifconfig truncates the list of member interfaces for both
> bridge instances. And both to the same value of 102, although the
> member numbers are (albeit slightly) different:
>
> root@ph003:~ # ifconfig inet0|grep member:|wc -l
> 102
> root@ph003:~ # ifconfig priv1 | grep member: | wc -l
> 102
>
> All 255 jails are connected to the external network and perfectly
> reachable from the Internet. That's why I conclude that the display
> is wrong, not the bridge configuration.
>
> What's happening here? Is this intentional or shall I file a bug
> report?
>
> More importantly: either way is this only cosmetic or will we hit
> another unexpected limit of the number of interfaces that can be
> members of a bridge any time soon?
>
Hi Patrick,
I could reproduce the issue and created a fix:
https://reviews.freebsd.org/D43135
As far as I can tell the issue is cosmetic (unless, of course, you have
automation based on libifconfig or the output of the ifconfig command).
Best
Michael
--
Michael Gmelin
