Date: Wed, 09 Oct 2019 11:43:04 +0000 From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 240106] VNET issue with ARP and routing sockets in jails Message-ID: <bug-240106-29815-J9dDNsbnwW@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-240106-29815@https.bugs.freebsd.org/bugzilla/> References: <bug-240106-29815@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D240106 Alexander Lunev <lan@zato.ru> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |lan@zato.ru --- Comment #3 from Alexander Lunev <lan@zato.ru> --- I think that bug that I wanted to report is somewhat similar, all main acto= rs - VNET, jails and ARP - are the same. So I have a problem with network connectivity between jails and host when u= sing jails with VNET and VLANs.=20 I've written about it to freebsd-net@ mailing list:=20 threads:=20 https://lists.freebsd.org/pipermail/freebsd-net/2019-September/054391.html https://lists.freebsd.org/pipermail/freebsd-net/2019-October/054437.html There's a topic on FreeBSD forums, which confirms this and once again expla= in the configuration with which this problem occuring, and in in great detail,= but author has "solved" his problem by simply not using configuration when you bridge physical interface with jail's VNET interface and not using jail's V= NET interface with VLANs.=20 https://forums.freebsd.org/threads/bridge-epair-not-passing-through-tagged-= vlan-traffic-between-host-and-vnet-jail.71646/ I'll add some more observation here. I recreated configuration in a virtual machine, as i wrote in my last message to freebsd-net@ here: https://lists.freebsd.org/pipermail/freebsd-net/2019-October/054475.html. Jail's vlan interface IP is 10.15.15.2 and host's vlan interface IP is 10.15.15.1. Both jail and host have no ARP entries about each other address= es.=20 So I ping from 10.15.15.2 to 10.15.15.1.=20 1. in initial configuration, I see this on em0:=20 HOST# tcpdump -i em0 -e | grep 10.15.15 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes 08:57:52.051429 02:95:ce:33:dc:0b (oui Unknown) > Broadcast, ethertype 802.= 1Q (0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.1 tell 10.15.15.2, length 28 08:57:53.071451 02:95:ce:33:dc:0b (oui Unknown) > Broadcast, ethertype 802.= 1Q (0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.1 tell 10.15.15.2, length 28 08:57:54.101515 02:95:ce:33:dc:0b (oui Unknown) > Broadcast, ethertype 802.= 1Q (0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.1 tell 10.15.15.2, length 28 2. then I added ARP entry in jail:=20 JAIL# arp -s 10.15.15.1 00:0c:29:2f:6c:08 HOST# tcpdump -i em0 -e | grep 10.15.15 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes 09:07:10.321257 00:0c:29:2f:6c:08 (oui Unknown) > Broadcast, ethertype 802.= 1Q (0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.2 tell 10.15.15.1, length 28 09:07:11.391300 00:0c:29:2f:6c:08 (oui Unknown) > Broadcast, ethertype 802.= 1Q (0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.2 tell 10.15.15.1, length 28 09:07:12.415232 00:0c:29:2f:6c:08 (oui Unknown) > Broadcast, ethertype 802.= 1Q (0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.2 tell 10.15.15.1, length 28 3. then I added jail ARP entry to host:=20 HOST# arp -s 10.15.15.2 02:95:ce:33:dc:0b and ICMP requests started to pass from jail to host, and vlan22 interface on host receiving packets and sending replies:=20 HOST# tcpdump -i vlan22 -e | grep 10.15.15 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vlan22, link-type EN10MB (Ethernet), capture size 262144 bytes 09:37:11.517054 02:95:ce:33:dc:0b (oui Unknown) > 00:0c:29:2f:6c:08 (oui Unknown), ethertype IPv4 (0x0800), length 98: 10.15.15.2 > 10.15.15.1: ICMP echo request, id 25864, seq 0, length 64 09:37:11.517063 00:0c:29:2f:6c:08 (oui Unknown) > 02:95:ce:33:dc:0b (oui Unknown), ethertype IPv4 (0x0800), length 98: 10.15.15.1 > 10.15.15.2: ICMP echo reply, id 25864, seq 0, length 64 but i don't see them on host's epair0a interface, bridged with em0 in bridg= e0, there are only requests on epair0a:=20 HOST# tcpdump -i epair0a -e | grep 10.15.15 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on epair0a, link-type EN10MB (Ethernet), capture size 262144 bytes 09:40:44.178363 02:95:ce:33:dc:0b (oui Unknown) > 00:0c:29:2f:6c:08 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IP= v4, 10.15.15.2 > 10.15.15.1: ICMP echo request, id 32264, seq 0, length 64 09:40:45.221713 02:95:ce:33:dc:0b (oui Unknown) > 00:0c:29:2f:6c:08 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IP= v4, 10.15.15.2 > 10.15.15.1: ICMP echo request, id 32264, seq 1, length 64 09:40:46.253079 02:95:ce:33:dc:0b (oui Unknown) > 00:0c:29:2f:6c:08 (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IP= v4, 10.15.15.2 > 10.15.15.1: ICMP echo request, id 32264, seq 2, length 64 and on em0 i see only replies: HOST# tcpdump -i em0 -e | grep 10.15.15 tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes 09:41:11.092092 00:0c:29:2f:6c:08 (oui Unknown) > 02:95:ce:33:dc:0b (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IP= v4, 10.15.15.1 > 10.15.15.2: ICMP echo reply, id 34568, seq 0, length 64 09:41:12.096310 00:0c:29:2f:6c:08 (oui Unknown) > 02:95:ce:33:dc:0b (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IP= v4, 10.15.15.1 > 10.15.15.2: ICMP echo reply, id 34568, seq 1, length 64 09:41:13.121890 00:0c:29:2f:6c:08 (oui Unknown) > 02:95:ce:33:dc:0b (oui Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IP= v4, 10.15.15.1 > 10.15.15.2: ICMP echo reply, id 34568, seq 2, length 64 and on bridge interface nor requests nor replies are shown.=20 HOST# tcpdump -i bridge0 -e | grep 10.15.15 ... silince ... Is it normal and I'm doing something wrong?=20 I wanted to make jails act as the normal freebsd host with one dedicated VN= ET interface with VLANs. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-240106-29815-J9dDNsbnwW>