When is a switch not a switch?

D'Arcy Cain darcy at druid.net
Sun Oct 25 14:25:19 UTC 2020 

On 10/22/20 3:56 AM, Patrick M. Hausen wrote:
> Hi!
> 
>> Am 22.10.2020 um 04:47 schrieb D'Arcy Cain <darcy at druid.net>:
>> public: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
>>         ether 02:9d:b2:b8:78:00
>>         inet 98.158.139.65 netmask 0xffffffe0 broadcast 98.158.139.95
>>         id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
>>         maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
>>         root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
>>         member: eth0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>>                 ifmaxaddr 0 port 1 priority 128 path cost 55
>>         groups: bridge
>>         nd6 options=9<PERFORMNUD,IFDISABLED>
>> tap0: [...]
> 
> tap0 is not a member of your bridge. With the VM running you can try
> 
> 	ifconfig public addm tap0
> 
> and check if that changes things.

Things got stranger.  First of all, here is my current setup:

In rc.conf:
   set -- $(/sbin/ifconfig -l ether); eth0=$1 eth1=$2
   eval "ifconfig_${eth0}_name=\"eth0\""
   eval "ifconfig_${eth1}_name=\"eth1\""
   ifconfig_eth0="-tso -lro -rxcsum -rxcsum6 -txcsum -txcsum6 -vlanhwtag 
-vlanhwtso up"

In rc.local:
   vm switch create public
   vm switch add public eth0
   ifconfig vm-public inet 0x629e8b41/27
   ifconfig vm-public inet6 2605:2600:1001::41/64
   route add default 98.158.139.94
   route add -inet6 default 2605:2600:1001::1

This works just like a number of previous attempts.  I can ping any site in 
the world but, other than to the host, I can't connect by TCP.  My test is 
ssh.  But now I just noticed that I can ssh into one other server on my 
network.  The only difference that I can find is that the one that I can 
connect to has a HP NC382i DP Multifunction Gigabit Server Adapter - bce(5). 
  It's the only one in the network with that adapter.  The host and many 
other servers are bge(5).  Here are the ifconfig entries:

eth0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 
mtu 1500
         options=80088<VLAN_MTU,VLAN_HWCSUM,LINKSTATE>
         ether 14:02:ec:31:60:d0
         media: Ethernet autoselect (1000baseT <full-duplex,master>)
         status: active
         nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vm-public: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
         ether 1a:d8:8b:3e:51:87
         inet 98.158.139.65 netmask 0xffffffe0 broadcast 98.158.139.95
         inet6 2605:2600:1001::41 prefixlen 64
         id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
         maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
         root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
         member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                 ifmaxaddr 0 port 8 priority 128 path cost 2000000
         member: eth0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                 ifmaxaddr 0 port 1 priority 128 path cost 20000
         groups: bridge vm-switch viid-4c918@
         nd6 options=1<PERFORMNUD>

And the remote:
bce0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 
mtu 1500
options=c00b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,LINKSTATE>
         ether 3c:d9:2b:f9:e2:10
         inet 98.158.139.77 netmask 0xffffffe0 broadcast 98.158.139.95
         inet6 fe80::3ed9:2bff:fef9:e210%bce0 prefixlen 64 scopeid 0x1
         inet6 2605:2600:1001::4d prefixlen 64
         media: Ethernet autoselect (100baseTX <full-duplex>)
         status: active
         nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

That PROMISC flag looked promising but turning it on on other servers didn't 
help.  In any case I hope I can fix this on my host.  I think that I may 
find it hard to have everyone else in the world change their system.

-- 
D'Arcy J.M. Cain <darcy at druid.net>         |  Democracy is three wolves
http://www.druid.net/darcy/                |  and a sheep voting on
+1 416 788 2246     (DoD#0082)    (eNTP)   |  what's for dinner.
IM: darcy at VybeNetworks.com, VoIP: sip:darcy at druid.net

Disclaimer: By sending an email to ANY of my addresses you
are agreeing that:

1.  I am by definition, "the intended recipient".
2.  All information in the email is mine to do with as I see
     fit and make such financial profit, political mileage, or
     good joke as it lends itself to. In particular, I may quote
     it where I please.
3.  I may take the contents as representing the views of
     your company if I so wish.
4.  This overrides any disclaimer or statement of
     confidentiality that may be included or implied in
     your message.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-virtualization/attachments/20201025/182ab068/attachment.sig>

More information about the freebsd-virtualization mailing list