FIB and jail regression [Was: can't reach jails own ipv4 from inside anymore]
Harald Schmalzbauer
h.schmalzbauer at omnilan.de
Wed Dec 19 15:02:53 UTC 2012
schrieb Göran Löwkrantz am 19.12.2012 14:44 (localtime):
>
>
> --On December 19, 2012 13:48:34 +0100 Harald Schmalzbauer
> <h.schmalzbauer at omnilan.de> wrote:
>
>> schrieb Harald Schmalzbauer am 19.12.2012 12:56 (localtime):
>>> ...
>>>>
>>>> I have more oddities I wanted to check with jails and lagg-interfaces
>>>> together with VLANs, but I have no idea why I can't connect from one
>>>> jail to it's own IP(v4) anymore!
>>> Found out that defining a different FIB causes that behaviour in 9.1.
>>> But using a different FIB doesn't caus the same in 8.2!
>>
>> Easiest way to reproduce:
>>
>> Just do a ping on the host (not jail)
>>
>> setfib 0 ping anyLocalIP -> works
>> setfib 1 ping anyLocalIP -> doesn't work
>>
>> Anybody with 9.1 and ROUTINGTABLES in custom kernel out there who can't
>> confirm that?
>>
>> Turned out that 9.0-stable from Feb. 2012 doesn't show that problem.
>> So this problem seems to be introdued between 9.0 and 9.1.
>> Thanks,
>>
>> -Harry
>>
>>
> Works for me:
> # uname -a
> FreeBSD 9.1-PRERELEASE r243951: Fri Dec 7 02:29:14 CET 2012
> # sysctl -a | grep fib
> net.my_fibnum: 0
> net.add_addr_allfibs: 1
> net.fibs: 2
>
> # ifconfig sis1
> sis1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu
> 1500
> options=83808<VLAN_MTU,WOL_UCAST,WOL_MCAST,WOL_MAGIC,LINKSTATE>
> ...
> inet 176.57.193.193 netmask 0xfffffff0 broadcast 176.57.193.207
> ....
> media: Ethernet autoselect (100baseTX <full-duplex>)
> status: active
>
> # setfib 0 ping 176.57.193.193
> PING 176.57.193.193 (176.57.193.193): 56 data bytes
> 64 bytes from 176.57.193.193: icmp_seq=0 ttl=64 time=0.497 ms
> 64 bytes from 176.57.193.193: icmp_seq=1 ttl=64 time=0.481 ms
> ^C
> --- 176.57.193.193 ping statistics ---
> 2 packets transmitted, 2 packets received, 0.0% packet loss
> round-trip min/avg/max/stddev = 0.481/0.489/0.497/0.008 ms
> # setfib 1 ping 176.57.193.193
> PING 176.57.193.193 (176.57.193.193): 56 data bytes
> 64 bytes from 176.57.193.193: icmp_seq=0 ttl=64 time=0.912 ms
> 64 bytes from 176.57.193.193: icmp_seq=1 ttl=64 time=0.650 ms
> ^C
> --- 176.57.193.193 ping statistics ---
> 2 packets transmitted, 2 packets received, 0.0% packet loss
> round-trip min/avg/max/stddev = 0.650/0.781/0.912/0.131 ms
>
> I have no kernel with both VIMAGE and ROUTINGTABLES so can test that,
> this has ROUTINGTABLES 2
I don't have vimage either.
Thanks a lot for your feedback!
That brought one more perception: The problem only affects alias addresses!
I took a different machine and also couldn't reproduce the problem first.
The I added an additional inet alias -> The problem initially described
occurs.
That's why my jail setu stopped working -> all Addresses ar alias addersses.
Any help highly appreziated!
-Harry
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 196 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20121219/aeef5c55/attachment.sig>
More information about the freebsd-stable
mailing list