(smtp.freebsd.org [96.47.72.83]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "smtp.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4VtXqV6Tqkz4FH9; Tue, 4 Jun 2024 01:21:26 +0000 (UTC) (envelope-from zlei@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1717464086; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CKGD9QNNARKr4V+NfwGtBA8WQeMBUoTsjmuEAsM0TVo=; b=bsVN9jm/SwK8oF2hvBk1DlZkQjyJT5hS222Qe0s/79rxCaVAqootXRlzRDP8UwDvOUVvld bMp215NtDzUDT/kGYd/4FuFyA8V/hcTrtJYQdqLjvB9I+IBTX28Q5KxauVVu5jjBpUjvED KXgE85ARvB95Vl14FmrZZcS7/pMsFiIvob5096vo9xrvOSTNmZxZdCe2fUGct4V1XsE0KG ohG57UU/iomiWSxDa3+8ejg0VcrmOfgn+rk/Zi4F2BGALqf78J0sYz3V73fSbkDIM/i1dE NlIv3oKwTVEsHyZHuk5Aes+Zq4yUIPsh6B1hxpLwXFV3HE6Eg8ze44vY3I+h/g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1717464086; a=rsa-sha256; cv=none; b=jz+ygSr77mQt5tDVqEgHV/6C7wBUN9OegHVpqcJnBAC0Ygy8RwGRuZ3O37bXd5d59lMzJa qf8eAXREkBo7UshdeGQvVjY/R9pjs45ruIQhPSJDoHdCwRUOx3Fz7rpAKsoEkXBkGAKtLm L5ar913Qko4QsdkZ4OC4fGjV5jscFvtKuaNZe5xPOisSxoupb4UK3oRBq6zjg2YMSu8Jva apsl/s7o87Xi/HT5f4M1Ps4AHU1HVxBMuov9Gy1vCroII0EwPxFvH6HkYF+itUJ+tEI1l4 TdXfILIc7aeyr9j0MFwBe+RxVbFDbhyp4dGIGuCuIdpDJIM8qRVaaXBX3dNreg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1717464086; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=CKGD9QNNARKr4V+NfwGtBA8WQeMBUoTsjmuEAsM0TVo=; b=HgxnQz/7djA/yyEKBbdTm6UyxmPbK4Ldbph3PscOXu513RQWLEgZQIT9B3585bt1KMQUld Gs/cXDLSwpOasTxTmBglHxirJOs82hp2i7KMFZ3Ux9f+qdLgMN8GruP8t840vaP5nFUbMc 4AE5b459PpIGIc5tEP34DXIofik2r8rjkqPK+Wzab0KzsKSpaVkLvzCgLRUOhvX6OD6lzq ts9JFsKbTLDhMTH2ms2YYSkh0xAmapC9elP7mQwbZ4+ZTxAyMDIyZHHA7FmxbOXfALWncg RHee/nw1xMiFapciMBQ/LoAUvEKsWQRXtAM99Y8O7iMiKSmrZp3CMO62Wyn1Gg== Received: from smtpclient.apple (ns1.oxydns.net [45.32.91.63]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) (Authenticated sender: zlei/mail) by smtp.freebsd.org (Postfix) with ESMTPSA id 4VtXqT5lHyz19Wd; Tue, 4 Jun 2024 01:21:25 +0000 (UTC) (envelope-from zlei@FreeBSD.org) Content-Type: text/plain; charset=us-ascii List-Id: Discussions about the use of FreeBSD-current List-Archive: https://lists.freebsd.org/archives/freebsd-current List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-current@FreeBSD.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3696.120.41.1.8\)) Subject: Re: bridge: no traffic with vnet (epair) beyond bridge device From: Zhenlei Huang In-Reply-To: <20240603210231.64889de0@thor.intern.walstatt.dynvpn.de> Date: Tue, 4 Jun 2024 09:21:19 +0800 Cc: FreeBSD CURRENT Content-Transfer-Encoding: quoted-printable Message-Id: <081448E7-E158-49BA-8758-39FAC9278EFC@FreeBSD.org> References: <20240603210231.64889de0@thor.intern.walstatt.dynvpn.de> To: FreeBSD User X-Mailer: Apple Mail (2.3696.120.41.1.8) > On Jun 4, 2024, at 3:02 AM, FreeBSD User = wrote: >=20 > Hello, >=20 > I'm running a dual socket NUMA CURRENT host (Fujitsu RX host) running = several jails. Jails are > attached to a bridge device (bridge1), the physical device on that = bridge is igb1 (i350 based > NIC). The bridge is created via host's rc scripts, adding and/or = deleting epair members of the > bridge is performed by the jail.conf script. >=20 > I do not know how long the setup worked, but out of the blue, last = week after a longish > poudriere run after updating the host to most recent CURRENT (as of = today, latest update > kernel and world) and performing "etcupdate" on both the host and all = jails, traffic beyond > the bridge is not seen on the network! All jails can communicate with = each other. Traffic from > the host itself is routed via igb0 to network and back via igb1 onto = the bridge. Can you elaborate your setup of network. I'm getting confused by the = last sentence. Is it ( the network for jails ) a bridged one or routed one ? >=20 > I check all setups for net.link.bridge: >=20 > net.link.bridge.ipfw: 0 > net.link.bridge.log_mac_flap: 1 > net.link.bridge.allow_llz_overlap: 0 > net.link.bridge.inherit_mac: 0 > net.link.bridge.log_stp: 0 > net.link.bridge.pfil_local_phys: 0 > net.link.bridge.pfil_member: 0 > net.link.bridge.ipfw_arp: 0 > net.link.bridge.pfil_bridge: 0 > net.link.bridge.pfil_onlyip: 0 >=20 > I did not change anything (knowingly).=20 >=20 > I also have an oldish box running single socket processor, also driven = by the very same > CURRENT and similar, but not identical setup. The box is running very = well and the bridge is > working as expected. >=20 > I was wondering if something in detail has changed in the handling of = jails, epair and > bridges. I followed the setup "after the book", nothing suspicious. No functional changes to if_bridge / if_epair / jail since the beginning = of this year as far as I known. >=20 > Maybe someone has a clue what might break the bridge. >=20 > By the way: ifconfig bridge1 looks as always, igb1 as member and it = doesn't make any > difference whether I force the bridge to inherit igb1's MAC or not. >=20 > We also checked for the switches whether BPDU Guard may have been = triggered, but everything > looks good from the outside - execept the fact the brdiged interface = seems inactive (but up) > from the outside ... >=20 > Kind regards >=20 > oh >=20 > --=20 > O. Hartmann >=20 Best regards, Zhenlei