[Bug 240106] VNET issue with ARP and routing sockets in jails

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed Oct 9 11:43:04 UTC 2019 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=240106

Alexander Lunev <lan at zato.ru> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
                 CC|                            |lan at zato.ru

--- Comment #3 from Alexander Lunev <lan at zato.ru> ---
I think that bug that I wanted to report is somewhat similar, all main actors -
VNET, jails and ARP - are the same.

So I have a problem with network connectivity between jails and host when using
jails with VNET and VLANs. 

I've written about it to freebsd-net@ mailing list: 

threads: 
https://lists.freebsd.org/pipermail/freebsd-net/2019-September/054391.html
https://lists.freebsd.org/pipermail/freebsd-net/2019-October/054437.html

There's a topic on FreeBSD forums, which confirms this and once again explain
the configuration with which this problem occuring, and in in great detail, but
author has "solved" his problem by simply not using configuration when you
bridge physical interface with jail's VNET interface and not using jail's VNET
interface with VLANs. 

https://forums.freebsd.org/threads/bridge-epair-not-passing-through-tagged-vlan-traffic-between-host-and-vnet-jail.71646/

I'll add some more observation here. I recreated configuration in a virtual
machine, as i wrote in my last message to freebsd-net@ here:
https://lists.freebsd.org/pipermail/freebsd-net/2019-October/054475.html.
Jail's vlan interface IP is 10.15.15.2 and host's vlan interface IP is
10.15.15.1. Both jail and host have no ARP entries about each other addresses. 

So I ping from 10.15.15.2 to 10.15.15.1. 

1. in initial configuration, I see this on em0: 

HOST# tcpdump -i em0 -e | grep 10.15.15
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes
08:57:52.051429 02:95:ce:33:dc:0b (oui Unknown) > Broadcast, ethertype 802.1Q
(0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.1
tell 10.15.15.2, length 28
08:57:53.071451 02:95:ce:33:dc:0b (oui Unknown) > Broadcast, ethertype 802.1Q
(0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.1
tell 10.15.15.2, length 28
08:57:54.101515 02:95:ce:33:dc:0b (oui Unknown) > Broadcast, ethertype 802.1Q
(0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.1
tell 10.15.15.2, length 28

2. then I added ARP entry in jail: 

JAIL# arp -s 10.15.15.1 00:0c:29:2f:6c:08

HOST# tcpdump -i em0 -e | grep 10.15.15
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes
09:07:10.321257 00:0c:29:2f:6c:08 (oui Unknown) > Broadcast, ethertype 802.1Q
(0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.2
tell 10.15.15.1, length 28
09:07:11.391300 00:0c:29:2f:6c:08 (oui Unknown) > Broadcast, ethertype 802.1Q
(0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.2
tell 10.15.15.1, length 28
09:07:12.415232 00:0c:29:2f:6c:08 (oui Unknown) > Broadcast, ethertype 802.1Q
(0x8100), length 46: vlan 22, p 0, ethertype ARP, Request who-has 10.15.15.2
tell 10.15.15.1, length 28

3. then I added jail ARP entry to host: 

HOST# arp -s 10.15.15.2 02:95:ce:33:dc:0b

and ICMP requests started to pass from jail to host, and vlan22 interface on
host receiving packets and sending replies: 

HOST# tcpdump -i vlan22 -e | grep 10.15.15
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vlan22, link-type EN10MB (Ethernet), capture size 262144 bytes
09:37:11.517054 02:95:ce:33:dc:0b (oui Unknown) > 00:0c:29:2f:6c:08 (oui
Unknown), ethertype IPv4 (0x0800), length 98: 10.15.15.2 > 10.15.15.1: ICMP
echo request, id 25864, seq 0, length 64
09:37:11.517063 00:0c:29:2f:6c:08 (oui Unknown) > 02:95:ce:33:dc:0b (oui
Unknown), ethertype IPv4 (0x0800), length 98: 10.15.15.1 > 10.15.15.2: ICMP
echo reply, id 25864, seq 0, length 64

but i don't see them on host's epair0a interface, bridged with em0 in bridge0,
there are only requests on epair0a: 

HOST# tcpdump -i epair0a -e | grep 10.15.15
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on epair0a, link-type EN10MB (Ethernet), capture size 262144 bytes
09:40:44.178363 02:95:ce:33:dc:0b (oui Unknown) > 00:0c:29:2f:6c:08 (oui
Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IPv4,
10.15.15.2 > 10.15.15.1: ICMP echo request, id 32264, seq 0, length 64
09:40:45.221713 02:95:ce:33:dc:0b (oui Unknown) > 00:0c:29:2f:6c:08 (oui
Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IPv4,
10.15.15.2 > 10.15.15.1: ICMP echo request, id 32264, seq 1, length 64
09:40:46.253079 02:95:ce:33:dc:0b (oui Unknown) > 00:0c:29:2f:6c:08 (oui
Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IPv4,
10.15.15.2 > 10.15.15.1: ICMP echo request, id 32264, seq 2, length 64

and on em0 i see only replies:

HOST# tcpdump -i em0 -e | grep 10.15.15
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em0, link-type EN10MB (Ethernet), capture size 262144 bytes
09:41:11.092092 00:0c:29:2f:6c:08 (oui Unknown) > 02:95:ce:33:dc:0b (oui
Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IPv4,
10.15.15.1 > 10.15.15.2: ICMP echo reply, id 34568, seq 0, length 64
09:41:12.096310 00:0c:29:2f:6c:08 (oui Unknown) > 02:95:ce:33:dc:0b (oui
Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IPv4,
10.15.15.1 > 10.15.15.2: ICMP echo reply, id 34568, seq 1, length 64
09:41:13.121890 00:0c:29:2f:6c:08 (oui Unknown) > 02:95:ce:33:dc:0b (oui
Unknown), ethertype 802.1Q (0x8100), length 102: vlan 22, p 0, ethertype IPv4,
10.15.15.1 > 10.15.15.2: ICMP echo reply, id 34568, seq 2, length 64

and on bridge interface nor requests nor replies are shown. 

HOST# tcpdump -i bridge0 -e | grep 10.15.15
... silince ...

Is it normal and I'm doing something wrong? 
I wanted to make jails act as the normal freebsd host with one dedicated VNET
interface with VLANs.

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-jail mailing list