VLANs for use with jails

Christian Baer chris at debilux.org
Fri May 17 08:58:56 UTC 2019 

Hi,

i still can’t get it to work.

My rc.conf looks like this:

defaultrouter="10.0.3.1"

ifconfig_igb0="inet 10.0.3.11/24 -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso"

ifconfig_igb1="up -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso"
cloned_interfaces="vlan30 vlan40 vlan50 vlan60"

ifconfig_vlan30="inet 10.0.3.12/24 vlan 30 vlandev igb1 description LAN"
ifconfig_vlan40="inet 10.0.4.12/24 vlan 40 vlandev igb1 description IoT"
ifconfig_vlan50="inet 10.0.5.12/24 vlan 50 vlandev igb1 description Guest"
ifconfig_vlan60="inet 10.0.6.12/24 vlan 60 vlandev igb1 description VOIP“

ifconfig says:

# ifconfig
igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8100b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER>
        ether ac:1f:6b:63:37:b0
        inet 10.0.3.11 netmask 0xffffff00 broadcast 10.0.3.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
igb1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8100b8<VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER>
        ether ac:1f:6b:63:37:b1
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
vlan30: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: LAN
        ether ac:1f:6b:63:37:b1
        inet 10.0.3.12 netmask 0xffffff00 broadcast 10.0.3.255
        groups: vlan
        vlan: 30 vlanpcp: 0 parent interface: igb1
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vlan40: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: IoT
        ether ac:1f:6b:63:37:b1
        inet 10.0.4.12 netmask 0xffffff00 broadcast 10.0.4.255
        groups: vlan
        vlan: 40 vlanpcp: 0 parent interface: igb1
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vlan50: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: Guest
        ether ac:1f:6b:63:37:b1
        inet 10.0.5.12 netmask 0xffffff00 broadcast 10.0.5.255
        groups: vlan
        vlan: 50 vlanpcp: 0 parent interface: igb1
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vlan60: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: VOIP
        ether ac:1f:6b:63:37:b1
        inet 10.0.6.12 netmask 0xffffff00 broadcast 10.0.6.255
        groups: vlan
        vlan: 60 vlanpcp: 0 parent interface: igb1
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

When I try to bring up a jail on a freshly installed iocage it quits with an error.

# iocage create -n "vlantest" -r LATEST defaultrouter="10.0.6.1"  vnet="on" allow_raw_sockets="1" boot="on" interfaces="vnet0:vlan60" ip4_addr="vnet0|10.0.6.13/24"

vlantest successfully created!
* Starting vlantest
  + Started OK
  + Using devfs_ruleset: 5
  + Configuring VNET FAILED
  ifconfig: BRDGADD vnet0.5: Invalid argument

Stopped vlantest due to VNET failure

What am I doning wrong? 

Best regards,
Chris
-- 
E-Mail: chris at debilux.org
Web: https://christianbaer.me

> Am 14.05.2019 um 09:01 schrieb Patrick M. Hausen <hausen at punkt.de>:
> 
> Hi!
> 
> Not tested, minor typos possible ...
> 
>> Am 10.05.2019 um 23:02 schrieb Christian Baer <chris at debilux.org>:
>> ifconfig_igb1="inet 10.0.3.12/24 -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso"
>> ifconfig_igb1_ipv6="inet6 accept_rtadv -lro -tso“ 
>> [...]
>> What's the proper way to set up igb1 to be untagged (and so be in the management vlan) and create the different VLANs on it and use it with the jails? On of the VLANs should also be in the management VLAN (to move my Unifi controller from a Pi to a jail).
> 
> ifconfig_igb1=“up -rxcsum -rxcsum6 -txcsum -txcsum6 -lro -tso -vlanhwtso“
> cloned_interfaces="vlan3 vlan4“
> 
> ifconfig_vlan3="inet 10.0.3.12/24 vlan 3 vlandev igb1“
> ifconfig_vlan4="inet 10.0.4.12/24 vlan 4 vlandev igb1“
> 
> iocage set vlan3jail interfaces="vnet0:vlan3"
> iocage set vlan3jail ip4_addr="vnet0|10.0.3.13/24"
> 
> iocage set vlan4jail interfaces="vnet0:vlan4"
> iocage set vlan4jail ip4_addr="vnet0|10.0.4.13/24"
> 
> HTH,
> Patrick
> -- 
> punkt.de GmbH			Internet - Dienstleistungen - Beratung
> Kaiserallee 13a			Tel.: 0721 9109-0 Fax: -100
> 76133 Karlsruhe			info at punkt.de	http://punkt.de
> AG Mannheim 108285		Gf: Juergen Egeling
>

More information about the freebsd-net mailing list