From nobody Wed Jul 26 15:32:42 2023 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4R9yb36vpWz4npTx for ; Wed, 26 Jul 2023 15:33:03 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from mail.punkt.de (mail.punkt.de [217.29.41.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4R9yb16s6Fz43vB for ; Wed, 26 Jul 2023 15:33:01 +0000 (UTC) (envelope-from hausen@punkt.de) Authentication-Results: mx1.freebsd.org; dkim=none; spf=pass (mx1.freebsd.org: domain of hausen@punkt.de designates 217.29.41.227 as permitted sender) smtp.mailfrom=hausen@punkt.de; dmarc=none Received: from smtpclient.apple (unknown [IPv6:2003:a:d59:3800:9031:aaf7:a22b:e6b1]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.punkt.de (Postfix) with ESMTPSA id 8CCF355595; Wed, 26 Jul 2023 17:32:54 +0200 (CEST) Content-Type: text/plain; charset=utf-8 List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 16.0 \(3731.600.7\)) Subject: Re: VLAN not working - jails, bridges, and VLANs From: "Patrick M. Hausen" In-Reply-To: <156f55a9-9a0b-f2e8-f542-1933f6dc229a@monkeybrains.net> Date: Wed, 26 Jul 2023 17:32:42 +0200 Cc: FreeBSD Net Content-Transfer-Encoding: quoted-printable Message-Id: References: <156f55a9-9a0b-f2e8-f542-1933f6dc229a@monkeybrains.net> To: Rudy X-Mailer: Apple Mail (2.3731.600.7) X-Spamd-Result: default: False [-2.80 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000]; NEURAL_HAM_SHORT(-1.00)[-1.000]; NEURAL_HAM_LONG(-1.00)[-0.999]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:217.29.32.0/20]; MIME_GOOD(-0.10)[text/plain]; MLMMJ_DEST(0.00)[freebsd-net@freebsd.org]; FROM_EQ_ENVFROM(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; MIME_TRACE(0.00)[0:+]; R_DKIM_NA(0.00)[]; ASN(0.00)[asn:16188, ipnet:217.29.32.0/20, country:DE]; RCPT_COUNT_TWO(0.00)[2]; TO_DN_ALL(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; ARC_NA(0.00)[]; RCVD_COUNT_TWO(0.00)[2]; MID_RHS_MATCH_FROM(0.00)[]; DMARC_NA(0.00)[punkt.de]; FROM_HAS_DN(0.00)[]; RCVD_TLS_ALL(0.00)[] X-Rspamd-Queue-Id: 4R9yb16s6Fz43vB X-Spamd-Bar: -- Hi all, > Am 16.07.2023 um 05:54 schrieb Rudy : > Kernel: FreeBSD 13.1-RELEASE-p8 GENERIC amd64 > Issue: vlan traffic not in the jail To connect a VNET jail to a VLAN you - create the VLAN on top of a physical interface or lagg - create a bridge interface with that VLAN as a member interface - if the host needs IP connectivity in that VLAN assign IP addresses to = the bridge and not to the VLAN - connect the jail to that bridge One bridge per VLAN. Running in production with about 1000 jails, here. HTH, Patrick --=20 punkt.de GmbH Patrick M. Hausen .infrastructure Sophienstr. 187 76185 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de info@punkt.de AG Mannheim 108285 Gesch=C3=A4ftsf=C3=BChrer: Daniel Lienert, Fabian Stein