Hi,
Struggling a bit debugging something, and hoping someone can point me in the
right direction.
I’ve got 4 physical intel nics, all configured as part of a veb bridge. The
veb bridge itself has two vports attached, one with an address and one without:
cat /etc/hostname.vport0
inet 172.16.0.250 255.255.255.0
group trusted
up
cat /etc/hostname.vport1
group vlan-interface
link0
up
The hostname.veb0 file contains this:
add em0
add em1
add em2
add em3
add vport0
add vport1
link0
up
This setup is working fine for all hosts on my main LAN, and everything is as
expected. However I’ve tried and (partially) failed in adding some VLAN’s to
the veb.
For example, here’s one of the vlan configurations:
cat /etc/hostname.vlan210
inet 172.16.210.2 255.255.255.0 172.16.210.255
parent vport1
vlan 210
description "VLAN 210 - A/V & Media Devices”
up
Note the following only discusses one VLAN, but the issue is present on all of
the configured VLANs.
>From a host on the VLAN network, it can connect outbound to the internet
>absolutely fine - but it cannot talk back to the main network. Strangely,
>running tcpdump on interfaces shows traffic moving as (possibly) expected -
>but packets never seem to appear on the wire to the downstream host.
In the following example, Volumio is a host on the VLAN 210 as above,
attempting to send an ICMP echo request to a host on the main lan. First up,
here’s a PF log showing the permitted packet:
Dec 25 20:41:13.342006 rule 86/(match) pass out on vport0: 172.16.210.13 >
172.16.0.1: icmp: echo request
(Note, I still get the same issues even with disabling pf)
Next, here’s the packet on the vport1 interface from above:
20:41:22.663129 dc:a6:32:4d:9a:4c fe:e1:ba:d3:54:a5 8100 102: 802.1Q vid 210
pri 1 volumio.av.kaizo.lan > nas.kaizo.lan: icmp: echo request (DF)
Now, here’s the packet on the vport0 interface:
20:41:22.663145 fe:e1:ba:d2:e4:93 68:05:ca:4a:7c:18 ip 98: volumio.av.kaizo.lan
> nas.kaizo.lan: icmp: echo request
However, this is where it stops. I see no matching packet on the veb0
interface, nor do I see a packet egress on the physical em1 interface, to which
the host ’nas’ is connected to. Obviously I don’t see the packet on that host,
either.
I’m a little perplexed as to what’s going on here - it’s almost as if the veb
doesn’t believe it’s responsible for this packet. It seems to be happily
routing packets from the LAN to hosts on a VLAN, it’s just the return traffic
that never arrives.
For completeness, below are output of ifconfig for the interfaces (edited).
Simon.
veb0: flags=9943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,LINK0,MULTICAST>
index 12 llprio 3
groups: veb
em0 flags=3<LEARNING,DISCOVER>
port 1 ifpriority 0 ifcost 0
em1 flags=3<LEARNING,DISCOVER>
port 2 ifpriority 0 ifcost 0
em2 flags=3<LEARNING,DISCOVER>
port 3 ifpriority 0 ifcost 0
em3 flags=3<LEARNING,DISCOVER>
port 4 ifpriority 0 ifcost 0
vport0 flags=3<LEARNING,DISCOVER>
port 19 ifpriority 0 ifcost 0
vport1 flags=3<LEARNING,DISCOVER>
port 20 ifpriority 0 ifcost 0
Addresses (max cache: 100, timeout: 240):
…snip….
68:05:ca:4a:7c:18 em1 0 flags=0<>
….snip….
fe:e1:ba:d2:e4:93 vport0 0 flags=0<>
fe:e1:ba:d3:54:a5 vport1 0 flags=0<>
vport0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr fe:e1:ba:d2:e4:93
index 19 priority 0 llprio 3
groups: vport trusted
inet 172.xx.xx.250 netmask 0xffffff00 broadcast 172.16.0.255
vport1: flags=9943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,LINK0,MULTICAST> mtu
1500
lladdr fe:e1:ba:d3:54:a5
index 20 priority 0 llprio 3
groups: vport vlan-interface
vlan210: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr fe:e1:ba:d3:54:a5
description: VLAN 210 - A/V & Media Devices
index 16 priority 0 llprio 3
encap: vnetid 210 parent vport1 txprio packet rxprio outer
groups: vlan
inet 172.16.210.2 netmask 0xffffff00 broadcast 172.16.210.255
