[Bug 224795] vlan interfaces created off tap devices do not work

Sun Dec 31 16:04:32 UTC 2017

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=224795

            Bug ID: 224795
           Summary: vlan interfaces created off tap devices do not work
           Product: Base System
           Version: 11.1-RELEASE
          Hardware: amd64
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: kern
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: gdcosta at gmail.com

(I am not sure if this is a technical problem or a documentation issue ... the
only relevant-seeming info I could find on this issue was an unanswered post in
the forums https://forums.freebsd.org/threads/49106/)

I have been running the pfSense FreeBSD-based firewall/routing OS as a bhyve VM
on my FreeBSD box.

I have two (relevant) network devices, bge0 and em0.
I have a bridge0 device with bge0 and the tap0 from the pfSense bhye vm as
members. This is a trunk connection with multiple VLANs' worth of data running
over them. They have a standard MTU of 1500.

I created a vlan20 (for example) device off tap0, since I cannot create vlan
devices off bridge devices and creating it off the bge0 device means no other
VMs or jails get traggic passed through (since presumably bge0 only gets
traffic that isn't another virtual instance but needs to go through the
attached network switch)

The vlan20 device has an MTU of 1496, which is a different behaviour from when
vlan devices are created off bge0 or em0 where they retain an MTU of 1500. The
reason I mention this is because if I want to bridge this vlan20 device with
other VM or jail interfaces (VNET or otherwise) I have to lower the other
interfaces' MTUs to 1496 and this is all for naught as vlan20 doesn't seem to
pass traffic anywhere.

--

HOWEVER, if I configure my em0 device to accept the VLAN traffic I need and
create vlan20 interface off it, all bridging and network traffic work fine.
I have a workaround, but it feels to me like creating a vlan device off a tap
is either broken or is something that possibly shouldn't be allowed.

--

I am not a networking or FreeBSD expert so my diagnostics probably can be
improved. I used tcpdump and showed that the vlan20 device would never send ARP
data (and ICMP data) through to the tap0 trunk. Other jail/VM members on the
bridge could talk to each other because presumably the bridge device was
working fine, just not this particular vlan20 member.

I can reproduce this scenario fairly easy so if there are any other logs or
commands you would like to run I would be happy to do so.

Hello, I am not a networking or FreeBSD poweruser;

-- 
You are receiving this mail because:
You are the assignee for the bug.