From nobody Mon Apr 24 15:54:41 2023 X-Original-To: freebsd-hackers@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4Q4qTD5ZvNz471C5 for ; Mon, 24 Apr 2023 15:54:56 +0000 (UTC) (envelope-from gkontos.mail@gmail.com) Received: from mail-lf1-x129.google.com (mail-lf1-x129.google.com [IPv6:2a00:1450:4864:20::129]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4Q4qTD10Yfz43BS for ; Mon, 24 Apr 2023 15:54:56 +0000 (UTC) (envelope-from gkontos.mail@gmail.com) Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20221208 header.b="Bi6N/dCf"; spf=pass (mx1.freebsd.org: domain of gkontos.mail@gmail.com designates 2a00:1450:4864:20::129 as permitted sender) smtp.mailfrom=gkontos.mail@gmail.com; dmarc=pass (policy=none) header.from=gmail.com Received: by mail-lf1-x129.google.com with SMTP id 2adb3069b0e04-4efe8b3f3f7so2386447e87.2 for ; Mon, 24 Apr 2023 08:54:56 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1682351693; x=1684943693; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=0jrg/JpXhVSn53r/bC5f8WczbQj5JzxtpUa1ddmNUsU=; b=Bi6N/dCf/txtJtCtVnkCnROKQFeBSFvnm/nKzayXclu5Lb6A+XotNsI6SwqsXOdkXM FCDGEIG/bbAwKqUiQcMdpFzuFdWt/90FXyeRC0SzAg5Pa7JlwOQicYv3RHW/pQoLwKcl OhX2LL+K9c69v5BgjVnsGbk+Q8NhJbRzLxAgO5uJ1f9Nn9EeBVde+ioSJBk+9BLvFG8O /vP+p8nzgAvxCfRdvcRjfFDvCu9BySezClYmfKfmsSHCBZ1gCyt6125R98kMbLjB1feN t1D+8G0w3AIDf8b/05zprHwfov+VJZgtk/YB7kOJx2KK3bLW2rih95LMTcBm/lquGo+s jtsg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1682351693; x=1684943693; h=content-transfer-encoding:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=0jrg/JpXhVSn53r/bC5f8WczbQj5JzxtpUa1ddmNUsU=; b=MFVvJOz3nGxWrXyxPpijmpKfsexmUKqkhJcu31gRwW/zpSawRTko2pWqPF3Kopoh0g OJNy0tv9Bnpedx6mmZ2busn8vVs76fiU/Y8B23YVjohUoefBHUGaebgNGr3XlobF3mPY UNSQ1E8nyMlrvyASf7vPHAdgZsWlbG0+zNWZWbJ14BeZVt3PoXh6gy5BKhd4it5vHrSq wphxTjJW9EhiSDiajRKspKFicyvJ0fX8e4qLictl3UcYFQyVhA7pxSxmA/zJ6l8zVM/e JCmnenXAF3PybB6Yb2eL/mQmhOSs8xm2yPd0XWF93TTKsfE8QFocu6Xgbze1wPkq8yCx vobQ== X-Gm-Message-State: AAQBX9f1PH6GV7JPQI6uLoGV0ydigFipyNOaL7TbYmKnrB+uThFYXRkL A6r4UBLFD8bzt7pFdA8QKxZwwtcSYcvgtjbuTxid4Relpx4= X-Google-Smtp-Source: AKy350bADNpbccjgwWekNJmbmNh0SWxadlYjvpESWvl2338qreDs1ueoH50U66J5HGU/U3eBjbJ3RMxL9/Et6H37bTg= X-Received: by 2002:ac2:59ce:0:b0:4ed:d87f:f648 with SMTP id x14-20020ac259ce000000b004edd87ff648mr3611502lfn.8.1682351693256; Mon, 24 Apr 2023 08:54:53 -0700 (PDT) List-Id: Technical discussions relating to FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-hackers List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-hackers@freebsd.org MIME-Version: 1.0 References: In-Reply-To: From: George Kontostanos Date: Mon, 24 Apr 2023 18:54:41 +0300 Message-ID: Subject: Re: Host address zero vs bridge, carp and nat To: FreeBSD Hackers Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Spamd-Result: default: False [-3.98 / 15.00]; NEURAL_HAM_LONG(-1.00)[-1.000]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-0.98)[-0.980]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20221208]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; MIME_GOOD(-0.10)[text/plain]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; RCPT_COUNT_ONE(0.00)[1]; PREVIOUSLY_DELIVERED(0.00)[freebsd-hackers@freebsd.org]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::129:from]; ARC_NA(0.00)[]; TAGGED_FROM(0.00)[]; MLMMJ_DEST(0.00)[freebsd-hackers@freebsd.org]; DKIM_TRACE(0.00)[gmail.com:+]; TO_DN_ALL(0.00)[]; MID_RHS_MATCH_FROMTLD(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; RCVD_TLS_LAST(0.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; FREEMAIL_ENVFROM(0.00)[gmail.com]; RCVD_COUNT_TWO(0.00)[2] X-Rspamd-Queue-Id: 4Q4qTD10Yfz43BS X-Spamd-Bar: --- X-ThisMailContainsUnwantedMimeParts: N unsubscribe On Mon, Apr 24, 2023 at 1:00=E2=80=AFAM Bob Bishop wrote: > > Hi, > > We=E2=80=99re commissioning a new router build here based on 13.2-RC5 (ba= d timing) and it seems that something is amiss when using host address zero= with this combination. More precisely, this setup: > > igb1: flags=3D8963 metric= 0 mtu 1500 > options=3D4e523bb > ether 00:0d:b9:5f:0f:31 > media: Ethernet autoselect (1000baseT ) > status: active > nd6 options=3D29 > igb2: flags=3D8963 metric= 0 mtu 1500 > options=3D4e523bb > ether 00:0d:b9:5f:0f:32 > media: Ethernet autoselect (1000baseT ) > status: active > nd6 options=3D29 > > bridge0: flags=3D8943 met= ric 0 mtu 1500 > ether 00:0d:b9:5f:0f:31 > inet x.y.z.0 netmask 0xffffffe0 broadcast x.y.z.31 > inet x.y.z.10 netmask 0xffffffe0 broadcast x.y.z.31 vhid 11 > inet x.y.z.11 netmask 0xffffffe0 broadcast x.y.z.31 vhid 11 > id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 > maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 > root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 > member: igb2 flags=3D143 > ifmaxaddr 0 port 3 priority 128 path cost 2000000 > member: igb1 flags=3D143 > ifmaxaddr 0 port 2 priority 128 path cost 2000000 > groups: bridge > carp: MASTER vhid 11 advbase 1 advskew 100 > nd6 options=3D9 > > > doesn=E2=80=99t pass traffic through the bridge. The NAT is in-kernel via= ipfw and there are firewall rules in play but they do not seem to be a fac= tor. > > Change the primary address on the bridge to eg x.y.z.13 and everything wo= rks. carp failover seem to work OK with the zero host in spite of not passi= ng traffic. > > We only found this because in live we=E2=80=99ll have a /29 and we are go= ing to run out of addresses if we can=E2=80=99t use zero. The bridge is req= uired to avoid using a switch upstream where we have two routers on redunda= nt fibres using VRRP. > > We will solve this by getting a bigger allocation upstream unless anyone = has any bright ideas, in default of which I=E2=80=99ll raise a bug report. > > -- > Bob Bishop > rb@gid.co.uk > > > > > --=20 George Kontostanos ---