VLAN problems

Tom Judge tom at tomjudge.com
Wed Jan 30 07:22:38 PST 2008 

Alexandre Biancalana wrote:
> On 1/30/08, Tom Judge <tom at tomjudge.com> wrote:
> 
> ....
> 
>>>> Do you have any error messages on the console in dmesg?  ('cannot pad
>>>> short frame', 'unable to prepend vlan header' for example).
>>> no :(
>> Sorry I'm fresh out of ideas now...  Unless you could be should of ram
>> what does netstat -m look like?  Also you could look at changing
>> if_vlan.c to print the error number of the error if IFQ_HANDOFF fails.
> 
> Me too... This should be much simple... I can't imagine why so much
> trouble in this configuration, I have a similar setup with linux :(
> and have no problem at all...
> 
> # netstat -m
> 938/2347/3285 mbufs in use (current/cache/total)
> 936/1860/2796/32768 mbuf clusters in use (current/cache/total/max)
> 936/1860 mbuf+clusters out of packet secondary zone in use (current/cache)
> 0/0/0/0 4k (page size) jumbo clusters in use (current/cache/total/max)
> 0/0/0/0 9k jumbo clusters in use (current/cache/total/max)
> 0/0/0/0 16k jumbo clusters in use (current/cache/total/max)
> 2109K/4306K/6415K bytes allocated to network (current/cache/total)
> 0/3/0 requests for mbufs denied (mbufs/clusters/mbuf+clusters)
> 0/0/0 requests for jumbo clusters denied (4k/9k/16k)
> 0/7/4544 sfbufs in use (current/peak/max)
> 0 requests for sfbufs denied
> 0 requests for sfbufs delayed
> 0 requests for I/O initiated by sendfile
> 229 calls to protocol drain routines
> 

Cant see any issues here.

> 
> Is the vlan solution designed to work with multiple concurrent 100M
> networks using the same Gbit interface ? or Am I thinking in a wrong ?
> 
> I want to have a central firewall in my network, filtering ALL the
> traffic between ALL internal networks and external links. I already
> done that using physical nics, ( I had one machine with 8 nic) but now
> I have one machine with 2 gigabit nics and want to configure multiple
> vlan on top this for the internal networks and external links.
> 
> Am I wrong to think that this should work ??

The concepts and configuration seems fine to me.

Do you by any change have Q-in-Q enabled anywhere on your network?

Could you try this patch (attached) to see what error you are getting 
from IFQ_HANDOFF?  (you will need to apply if from in sys/net and 
rebuild your kernel or vlan module).

Tom

-------------- next part --------------
A non-text attachment was scrubbed...
Name: if_vlan.patch
Type: text/x-patch
Size: 398 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-net/attachments/20080130/b3fae7de/if_vlan.bin

More information about the freebsd-net mailing list