Am Tue, 04 Jun 2024 09:36:38 +0200 Alexander Leidinger <alexan...@leidinger.net> schrieb:
> Am 2024-06-03 21:02, schrieb FreeBSD User: > > Hello, > > > > I'm running a dual socket NUMA CURRENT host (Fujitsu RX host) running > > several jails. Jails are > > attached to a bridge device (bridge1), the physical device on that > > bridge is igb1 (i350 based > > NIC). The bridge is created via host's rc scripts, adding and/or > > deleting epair members of the > > bridge is performed by the jail.conf script. > > > > I do not know how long the setup worked, but out of the blue, last week > > after a longish > > poudriere run after updating the host to most recent CURRENT (as of > > today, latest update > > kernel and world) and performing "etcupdate" on both the host and all > > jails, traffic beyond > > the bridge is not seen on the network! All jails can communicate with > > each other. Traffic from > > the host itself is routed via igb0 to network and back via igb1 onto > > the bridge. > > > > I check all setups for net.link.bridge: > > > > net.link.bridge.ipfw: 0 > > net.link.bridge.log_mac_flap: 1 > > net.link.bridge.allow_llz_overlap: 0 > > net.link.bridge.inherit_mac: 0 > > net.link.bridge.log_stp: 0 > > net.link.bridge.pfil_local_phys: 0 > > net.link.bridge.pfil_member: 0 > > net.link.bridge.ipfw_arp: 0 > > net.link.bridge.pfil_bridge: 0 > > net.link.bridge.pfil_onlyip: 0 > > > > I did not change anything (knowingly). > > > > I also have an oldish box running single socket processor, also driven > > by the very same > > CURRENT and similar, but not identical setup. The box is running very > > well and the bridge is > > working as expected. > > > > I was wondering if something in detail has changed in the handling of > > jails, epair and > > bridges. I followed the setup "after the book", nothing suspicious. > > "after the book" = the IP of the host itself is not on igb1 but on a > different interface or on the bridge? > > Is there a firewall active on the box itself? Which one? > > What does wireshark / a traffic dump at the physical interface level > tell compared to a traffic dump at the switch interface? Did you replace > the cable / SFP / move to a different switch port as a test? > > I suggest to provide the output of ifconfig -a and netstat -rn (feel > free to mangle the IPs, as long as the mangling is a consistent > replacement and not a cut-off). > > Bye, > Alexander. > Hello Alexander and everybody brave enough reading my post. Somehow I managed it to let "ifconfig_igb1="up" disappear - I guess by accident when sneaking through the rc.conf file. igb1 is the physical device connecting to the network. The bridge is layer 2 only, no IP, only the vnet-portions pointing towards the jail do have IPv6 and IPv4. The bridge has around 20 members, the last entry is igb1 - I never checked whether it is up ... Sorry! Kind regards, oh -- O. Hartmann
pgpEjETT1Jdg5.pgp
Description: OpenPGP digital signature
