2018-05-23 12:04 GMT+02:00 Stuart Henderson <s...@spacehopper.org>:
> It's not clear from your mail, did you bring the vlan interface up?
> Assigning an IP address (currently) does that automatically.
Thanks for your answer, the vlan interface is up, as well as the vxlan interface
and the corresponding bridge.
However, running ifconfig vlan106 up again also puts sk0 (the parent) in promisc
mode and traffic can flow, putting a second "up" in hostname.vlan106
and rebooting
also works.
sk0 before the second ifconfig vlan106 up:
sk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
after the second ifconfig vlan106 up:
sk0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
mtu 1500
(I compared ifconfig outputs with diff, this is the only difference)
hostname.vlan106:
vnetid 106 parent sk0
description "XXX"
up
In case it matters, apart from IPSec/iked the machine is also running
ospfd, ospf6d,
isc-dhcpd, isc-named and rtadvd, but not on the relevant interfaces.
>
> Full ifconfig output might be useful.
slightly anonymized ifconfig output below, vlan106 is the relevant interface:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
index 7 priority 0 llprio 3
groups: lo
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
inet 127.0.0.1 netmask 0xff000000
sk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5a:9e:4c:9b
description: XXX
index 1 priority 0 llprio 3
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
acx0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:80:c8:2d:67:62
index 2 priority 4 llprio 3
groups: wlan
media: IEEE802.11 autoselect (autoselect mode 11g hostap)
status: active
ieee80211: nwid XXX chan 5 bssid 00:80:c8:2d:67:62
inet 192.168.43.1 netmask 0xffffff00 broadcast 192.168.43.255
nfe0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:21:97:a6:39:a1
index 3 priority 0 llprio 3
media: Ethernet autoselect (none)
status: no carrier
ix0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 9001
lladdr a0:36:9f:1f:78:f0
description: XXX
index 4 priority 0 llprio 3
media: Ethernet autoselect (10GbaseLR full-duplex,rxpause,txpause)
status: active
inet 172.16.31.2 netmask 0xfffffffc broadcast 172.16.31.3
ix1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
lladdr a0:36:9f:1f:78:f2
index 5 priority 0 llprio 3
media: Ethernet autoselect
status: no carrier
enc0: flags=0<>
index 6 priority 0 llprio 3
groups: enc
status: active
bridge0: flags=41<UP,RUNNING>
description: XXX
index 8 llprio 3
groups: bridge
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
vether0 flags=3<LEARNING,DISCOVER>
port 13 ifpriority 0 ifcost 0
etherip0 flags=3<LEARNING,DISCOVER>
port 12 ifpriority 0 ifcost 0
bridge106: flags=41<UP,RUNNING>
description: XXX
index 9 llprio 3
groups: bridge
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
vxlan106 flags=3<LEARNING,DISCOVER>
port 22 ifpriority 0 ifcost 0
vlan106 flags=3<LEARNING,DISCOVER>
port 14 ifpriority 0 ifcost 0
bridge112: flags=41<UP,RUNNING>
description: XXX
index 10 llprio 3
groups: bridge
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
vxlan112 flags=3<LEARNING,DISCOVER>
port 23 ifpriority 0 ifcost 0
vlan112 flags=3<LEARNING,DISCOVER>
port 15 ifpriority 0 ifcost 0
enc1: flags=0<>
description: XXX
index 11 priority 0 llprio 3
groups: enc
etherip0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr fe:e1:ba:d0:18:0f
description: XXX
index 12 priority 0 llprio 3
groups: etherip
media: Ethernet autoselect
status: active
tunnel: inet 172.16.31.2 -> 172.16.31.1 ttl 64 nodf
vether0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 8000
lladdr fe:e1:ba:d1:6c:0a
description: XXX
index 13 priority 0 llprio 3
groups: vether egress
media: Ethernet autoselect
status: active
inet 192.168.0.2 netmask 0xffffff00 broadcast 192.168.0.255
inet6 fe80::dc17:9a93:c18a:db83%vether0 prefixlen 64 scopeid 0xd
inet6 2001:XXX prefixlen 64
vlan106: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5a:9e:4c:9b
description: XXX
index 14 priority 0 llprio 3
encap: vnetid 106 parent sk0
groups: vlan
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
vlan112: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5a:9e:4c:9b
description: XXX
index 15 priority 0 llprio 3
encap: vnetid 112 parent sk0
groups: vlan
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
vlan202: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5a:9e:4c:9b
description: XXX
index 16 priority 0 llprio 3
encap: vnetid 202 parent sk0
groups: vlan
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet 192.168.32.1 netmask 0xffffff00 broadcast 192.168.32.255
inet6 fe80::eda1:ff81:b1b2:9a3f%vlan202 prefixlen 64 scopeid 0x10
inet6 2001:XXX prefixlen 64
vlan203: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5a:9e:4c:9b
description: XXX
index 17 priority 0 llprio 3
encap: vnetid 203 parent sk0
groups: vlan
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet 192.168.33.1 netmask 0xffffff00 broadcast 192.168.33.255
vlan205: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5a:9e:4c:9b
description: XXX
index 18 priority 0 llprio 3
encap: vnetid 205 parent sk0
groups: vlan
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet 192.168.35.1 netmask 0xffffff00 broadcast 192.168.35.255
vlan207: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5a:9e:4c:9b
description: XXX
index 19 priority 0 llprio 3
encap: vnetid 207 parent sk0
groups: vlan
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet 192.168.37.1 netmask 0xffffff00 broadcast 192.168.37.255
vlan210: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5a:9e:4c:9b
description: XXX
index 20 priority 0 llprio 3
encap: vnetid 210 parent sk0
groups: vlan
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet 192.168.40.1 netmask 0xffffff00 broadcast 192.168.40.255
inet6 fe80::eda1:ff81:b1b2:9a3f%vlan210 prefixlen 64 scopeid 0x14
inet6 2001:XXX prefixlen 64
vlan211: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:5a:9e:4c:9b
description: XXX
index 21 priority 0 llprio 3
encap: vnetid 211 parent sk0
groups: vlan
media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
status: active
inet 192.168.41.1 netmask 0xffffff00 broadcast 192.168.41.255
vxlan106: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr fe:e1:ba:d2:82:33
description: XXX
index 22 priority 0 llprio 3
encap: vnetid 106
groups: vxlan
media: Ethernet autoselect
status: active
tunnel: inet 172.16.31.2 -> 172.16.31.1 nodf
vxlan112: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr fe:e1:ba:d3:bb:49
description: XXX
index 23 priority 0 llprio 3
encap: vnetid 112
groups: vxlan
media: Ethernet autoselect
status: active
tunnel: inet 172.16.31.2 -> 172.16.31.1 nodf
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33136
index 24 priority 0 llprio 3
groups: pflog
Regards,
Sigi
>
> On 2018-05-22, Sigi Rudzio <sigirud...@gmail.com> wrote:
>> Hi misc@,
>>
>> I'm trying to bridge a VLAN between two routers with a vxlan(4) interface.
>>
>> Setup:
>> router 1 (6.3):
>> physical interface (em) - vlan (with IP address) - bridge - vxlan
>>
>> The two routers are connected directly, the traffic is encrypted with IPSec
>> and encapsulated in etherip(4), routed traffic is working perfectly.
>>
>> router 2 (6.3-current):
>> vxlan - bridge - vlan (no IP address) - parent interface (sk0) -
>> switch - devices
>>
>> With this configuration, the parent interface on router 2 (sk0) isn't in
>> promiscous mode and no traffic can pass into the vlan interface on router 2
>> (the devices attached to the switch receive echo requests and answer, but the
>> answer is not received on the vlan interface, only on the parent interface
>> (sk0)
>> in encapsulated form).
>> Outgoing traffic can be seen on the vlan interface.
>>
>> If I assign an IP address to the vlan device on router 2, the parent
>> interface (sk0)
>> flags change from:
>> sk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
>> to:
>> sk0: flags=8b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST>
>> mtu 1500
>>
>> and traffic can flow over the vlan interface, it keeps working even
>> after deleting the
>> IP address (sk0 stays in promisc. mode).
>> Even when I delete the vlan interface after deleting the IP address
>> and add the vlan
>> interface again it keeps working until I reboot.
>>
>> running tcpdump on sk0 or adding it to a bridge with no other members also
>> makes
>> traffic flow and puts sk0 in promisc mode, but exiting
>> tcpdump/destroying the bridge
>> removes the PROMISC flag again.
>>
>> Easiest way to reproduce this is creating a vlan interface on top of a
>> ethernet interface
>> with and without an IP address for the vlan interface. (also tried it
>> with an rl interface,
>> got the same behaviour).
>>
>> disabling pf doesn't change anything.
>>
>> Am I doing something wrong/is this behaviour intended or indeed a bug?
>>
>> If you need any more information/want me to reproduce this with a simpler
>> setup,
>> I'll be happy to help.
>>
>> dmesg of router 2 is attached.
>>
>> Thanks for any help!
>>
>> Regards,
>>
>> Sigi Rudzio
>>
>> dmesg router 2:
>> OpenBSD 6.3-current (GENERIC) #41: Sat May 19 22:35:35 MDT 2018
>> dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC
>> real mem = 989462528 (943MB)
>> avail mem = 951570432 (907MB)
>> mpath0 at root
>> scsibus0 at mpath0: 256 targets
>> mainbus0 at root
>> bios0 at mainbus0: SMBIOS rev. 2.5 @ 0x9f400 (51 entries)
>> bios0: vendor American Megatrends Inc. version "080014" date 09/12/2008
>> bios0: ECS GeForce7050M-M
>> acpi0 at bios0: rev 0
>> acpi0: sleep states S0 S3 S4 S5
>> acpi0: tables DSDT FACP APIC MCFG OEMB HPET NVHD SSDT
>> acpi0: wakeup devices NSMB(S4) USB0(S4) USB2(S3) US15(S4) US12(S3)
>> NMAC(S5) P0P1(S4) HDAC(S4) BR10(S4) BR11(S4) BR12(S4) BR13(S4)
>> BR14(S4) BR15(S4) BR16(S4) PWRB(S4)
>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
>> cpu0 at mainbus0: apid 0 (boot processor)
>> cpu0: AMD Sempron(tm) Processor LE-1150, 1995.48 MHz
>> cpu0:
>> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,MMX,FXSR,SSE,SSE2,SSE3,CX16,NXE,MMXX,FFXSR,RDTSCP,LONG,3DNOW2,3DNOW,LAHF,EAPICSP,AMCR8,3DNOWP
>> cpu0: 64KB 64b/line 2-way I-cache, 64KB 64b/line 2-way D-cache, 256KB
>> 64b/line 16-way L2 cache
>> cpu0: ITLB 32 4KB entries fully associative, 8 4MB entries fully associative
>> cpu0: DTLB 32 4KB entries fully associative, 8 4MB entries fully associative
>> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
>> cpu0: apic clock running at 199MHz
>> ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 11, 24 pins
>> acpimcfg0 at acpi0 addr 0xe0000000, bus 0-255
>> acpihpet0 at acpi0: 25000000 Hz
>> acpiprt0 at acpi0: bus 0 (PCI0)
>> acpiprt1 at acpi0: bus 1 (P0P1)
>> acpiprt2 at acpi0: bus 2 (BR10)
>> acpiprt3 at acpi0: bus 3 (BR11)
>> acpiprt4 at acpi0: bus 4 (BR12)
>> acpiprt5 at acpi0: bus 5 (BR13)
>> acpiprt6 at acpi0: bus 6 (BR14)
>> acpiprt7 at acpi0: bus 7 (BR15)
>> acpiprt8 at acpi0: bus 8 (BR16)
>> acpicpu0 at acpi0: C1(@1 halt!), PSS
>> acpitz0 at acpi0: critical temperature is 110 degC
>> acpicmos0 at acpi0
>> "*pnp0c14" at acpi0 not configured
>> acpibtn0 at acpi0: PWRB
>> cpu0: PowerNow! K8 1995 MHz: speeds: 2000 1800 1000 MHz
>> pci0 at mainbus0 bus 0
>> "NVIDIA MCP67 Memory" rev 0xa2 at pci0 dev 0 function 0 not configured
>> pcib0 at pci0 dev 1 function 0 "NVIDIA MCP67 ISA" rev 0xa2
>> nviic0 at pci0 dev 1 function 1 "NVIDIA MCP67 SMBus" rev 0xa2
>> iic0 at nviic0
>> spdmem0 at iic0 addr 0x50: 1GB DDR2 SDRAM non-parity PC2-6400CL6
>> iic1 at nviic0
>> ohci0 at pci0 dev 2 function 0 "NVIDIA MCP67 USB" rev 0xa2: apic 1 int
>> 10, version 1.0, legacy support
>> ehci0 at pci0 dev 2 function 1 "NVIDIA MCP67 USB" rev 0xa2: apic 1 int 11
>> usb0 at ehci0: USB revision 2.0
>> uhub0 at usb0 configuration 1 interface 0 "NVIDIA EHCI root hub" rev
>> 2.00/1.00 addr 1
>> ohci1 at pci0 dev 4 function 0 "NVIDIA MCP67 USB" rev 0xa2: apic 1 int
>> 10, version 1.0, legacy support
>> ehci1 at pci0 dev 4 function 1 "NVIDIA MCP67 USB" rev 0xa2: apic 1 int 10
>> usb1 at ehci1: USB revision 2.0
>> uhub1 at usb1 configuration 1 interface 0 "NVIDIA EHCI root hub" rev
>> 2.00/1.00 addr 1
>> pciide0 at pci0 dev 6 function 0 "NVIDIA MCP67 IDE" rev 0xa1: DMA,
>> channel 0 configured to compatibility, channel 1 configured to
>> compatibility
>> pciide0: channel 0 disabled (no drives)
>> pciide0: channel 1 ignored (disabled)
>> ppb0 at pci0 dev 8 function 0 "NVIDIA MCP67 PCI" rev 0xa2
>> pci1 at ppb0 bus 1
>> skc0 at pci1 dev 5 function 0 "Schneider & Koch SK-98xx v2.0" rev
>> 0x14, Yukon Lite (0x9): apic 1 int 11
>> sk0 at skc0 port A: address 00:00:5a:9e:4c:9b
>> eephy0 at sk0 phy 0: 88E1011 Gigabit PHY, rev. 5
>> acx0 at pci1 dev 6 function 0 "TI ACX111" rev 0x00: apic 1 int 10
>> acx0: ACX111, radio Radia (0x16), EEPROM ver 5, address 00:80:c8:2d:67:62
>> ahci0 at pci0 dev 9 function 0 "NVIDIA MCP67 AHCI" rev 0xa2: apic 1
>> int 5, AHCI 1.1
>> ahci0: port 0: 3.0Gb/s
>> scsibus1 at ahci0: 32 targets
>> sd0 at scsibus1 targ 0 lun 0: <ATA, ST3808110AS, 3.AH> SCSI3 0/direct
>> fixed t10.ATA_ST3808110AS_9LR4F0Z7
>> sd0: 76319MB, 512 bytes/sector, 156301488 sectors
>> nfe0 at pci0 dev 10 function 0 "NVIDIA MCP67 LAN" rev 0xa2: apic 1 int
>> 10, address 00:21:97:a6:39:a1
>> brgphy0 at nfe0 phy 1: BCM54XX 10/100/1000baseT PHY, rev. 1
>> ppb1 at pci0 dev 11 function 0 "NVIDIA MCP67 PCIE" rev 0xa2
>> pci2 at ppb1 bus 2
>> ix0 at pci2 dev 0 function 0 "Intel 82599" rev 0x01: apic 1 int 10,
>> address a0:36:9f:1f:78:f0
>> ix1 at pci2 dev 0 function 1 "Intel 82599" rev 0x01: apic 1 int 10,
>> address a0:36:9f:1f:78:f2
>> ppb2 at pci0 dev 12 function 0 "NVIDIA MCP67 PCIE" rev 0xa2
>> pci3 at ppb2 bus 3
>> ppb3 at pci0 dev 13 function 0 "NVIDIA MCP67 PCIE" rev 0xa2
>> pci4 at ppb3 bus 4
>> ppb4 at pci0 dev 14 function 0 "NVIDIA MCP67 PCIE" rev 0xa2
>> pci5 at ppb4 bus 5
>> ppb5 at pci0 dev 15 function 0 "NVIDIA MCP67 PCIE" rev 0xa2
>> pci6 at ppb5 bus 6
>> ppb6 at pci0 dev 16 function 0 "NVIDIA MCP67 PCIE" rev 0xa2
>> pci7 at ppb6 bus 7
>> ppb7 at pci0 dev 17 function 0 "NVIDIA MCP67 PCIE" rev 0xa2
>> pci8 at ppb7 bus 8
>> vga1 at pci0 dev 18 function 0 "NVIDIA GeForce 7050 PV" rev 0xa2
>> wsdisplay0 at vga1 mux 1: console (80x25, vt100 emulation)
>> wsdisplay0: screen 1-5 added (80x25, vt100 emulation)
>> pchb0 at pci0 dev 24 function 0 "AMD AMD64 0Fh HyperTransport" rev 0x00
>> pchb1 at pci0 dev 24 function 1 "AMD AMD64 0Fh Address Map" rev 0x00
>> pchb2 at pci0 dev 24 function 2 "AMD AMD64 0Fh DRAM Cfg" rev 0x00
>> kate0 at pci0 dev 24 function 3 "AMD AMD64 0Fh Misc Cfg" rev 0x00:
>> core rev DH-G1
>> isa0 at pcib0
>> isadma0 at isa0
>> fdc0 at isa0 port 0x3f0/6 irq 6 drq 2
>> com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
>> com0: console
>> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
>> pckbd0 at pckbc0 (kbd slot)
>> wskbd0 at pckbd0: console keyboard, using wsdisplay0
>> pcppi0 at isa0 port 0x61
>> spkr0 at pcppi0
>> lpt0 at isa0 port 0x378/4 irq 7
>> it0 at isa0 port 0x2e/2: IT8726F rev 1, EC port 0xa10
>> usb2 at ohci0: USB revision 1.0
>> uhub2 at usb2 configuration 1 interface 0 "NVIDIA OHCI root hub" rev
>> 1.00/1.00 addr 1
>> usb3 at ohci1: USB revision 1.0
>> uhub3 at usb3 configuration 1 interface 0 "NVIDIA OHCI root hub" rev
>> 1.00/1.00 addr 1
>> vscsi0 at root
>> scsibus2 at vscsi0: 256 targets
>> softraid0 at root
>> scsibus3 at softraid0: 256 targets
>> root on sd0a (b6f209c94e853bf3.a) swap on sd0b dump on sd0b
>>
>>
>
