Re: dhcp and bridge problem
Thank you Stefan! Below is explanation how I should configure my bridge(4). That was exactly my issue, dhcpd(8) was running on sis0, which didn't had cable plugged in. Now I'm using vether(4) and all works like a charm. On Tue, Aug 24, 2010 at 10:55:01PM +0200, Stefan Sperling wrote: re http://marc.info/?l=openbsd-miscm=128260593928878w=2 (sorry not subscribed to misc so this mail has no in-reply-to headers) I've hit the same problem some time ago. The root of the problem is related to the way network drivers call bpf(4) hooks. Drivers need to pass packets to bpf so that dhcpd can see them. Some drivers always pass packets to bpf, but some only do so if the link state of the interface is up. This means that with some drivers, dhcpd will see packets only if the interface it is listening on has a cable plugged into it. E.g. my net5501 soekris with dhcpd listening on vr0 could only serve DHCP when the vr0 interface had a cable plugged into it (so for a while I patched the vr driver to always call the bpf hook, but that's a crude workaround...) But as of 4.7, we have vether(4), which nicely solves this problem. Try putting your dhcpd on a vether interface, and add the vether interface to the bridge. Then dhcpd should see packets from all other bridge member interfaces just fine. You can add the router's IPs to the vether interface -- the other bridge ports don't need to have IP addresses. You can think of the vether interface as an additional port of the bridge which can safely be used by the machine itself. Below my current setup which works under: OpenBSD 4.8 (GENERIC) #136: Mon Aug 16 09:06:23 MDT 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC == /etc/hostname.bridge0 == description link to virtual hosts add vether0 add sis0 add sis1 add sis2 add sis3 up == /etc/hostname.sis0 == up description part of bridge0 == /etc/hostname.sis1 == up description part of bridge0 == /etc/hostname.sis2 == up description part of bridge0 == /etc/hostname.sis3 == up description part of bridge0 == /etc/hostname.vether0 == inet 192.168.110.1 255.255.255.0 NONE description part of bridge0 inet alias 192.168.3.1 255.255.255.0 == /etc/hostname.vr0 == dhcp description internet uplink == /etc/hostname.vr1 == inet 192.168.101.1 255.255.255.0 NONE description link to net4511 == /etc/hostname.vr2 == inet 192.168.102.1 255.255.255.0 NONE description link to linksys == /etc/hostname.vr3 == inet 192.168.103.1 255.255.255.0 NONE description link to netgear switch # grep ^dhcpd /etc/rc.conf.local dhcpd_flags=vr1 vr2 vr3 vether0 # enabled -- best regards q#
Re: dhcp and bridge problem
Hi, I did't manage to resolve my issue. On all members of bridge0, except sis0 (so sis1, sis2, sis3) I cannot use dhcp (Ethernet broadcast). You can find my pcap files, which I mentioned in my previous email at location ref#1. I've also uploaded there `ifconfig -A' output of that router. My all emails are at ref#2 if you need to re-read what I've wrote before in this thread. OpenBSD 4.8 (GENERIC) #136: Mon Aug 16 09:06:23 MDT 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC References 1. http://www.kucharski.name/pub/openbsd/pcap-files/ 2. http://marc.info/?t=12808803711r=1w=2 On Fri, Aug 06, 2010 at 04:11:10PM +0100, Mikolaj Kucharski wrote: I did some more research. I don't think I find something useful. I'm attaching pcap files from each interface when Ethernet broadcast is working and the it stop to work. You can see arp who has messages, they also stop to work around 14:18:24. I think the whole problem is because of 00:e0:4c:4c:40:91 machine which sends arp who-has every two seconds, if I unplug this machine from switch everything is working fine (I'm not able to break the bridge). If someone is interested in more details about this strange bug please contact me off the list. On Fri, Aug 06, 2010 at 01:34:05AM +0100, Mikolaj Kucharski wrote: No, sorry, false alarm. It stopped to work again. After rebooting one of the virtual machines none of the machines on the bridge (when using Ethernet broadcast) is able to get the lease again. You can get lease only when you plug the calbe where the dhcpd(8) is running (on sis0). Fedora, the vm host, is bridging VMs with physical network card. openbsd [ bridge0 ( sis0 sis1 sis2 sis3 ) ] --- cable from sis3 to switch --| fedora [ virbr0 ( eth0 vnet0 ) ] ecable from eth0 to switch ---| I'm puzzled with that, don't even know how to troubleshoot this. Any one is willing to help me? :/ OpenBSD 4.8-beta (GENERIC) #87: Wed Aug 4 20:16:06 MDT 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC References 1. http://marc.info/?l=openbsd-miscm=128088020301868w=2 -- best regards q#
Re: dhcp and bridge problem
I did some more research. I don't think I find something useful. I'm attaching pcap files from each interface when Ethernet broadcast is working and the it stop to work. You can see arp who has messages, they also stop to work around 14:18:24. I think the whole problem is because of 00:e0:4c:4c:40:91 machine which sends arp who-has every two seconds, if I unplug this machine from switch everything is working fine (I'm not able to break the bridge). If someone is interested in more details about this strange bug please contact me off the list. On Fri, Aug 06, 2010 at 01:34:05AM +0100, Mikolaj Kucharski wrote: No, sorry, false alarm. It stopped to work again. After rebooting one of the virtual machines none of the machines on the bridge (when using Ethernet broadcast) is able to get the lease again. You can get lease only when you plug the calbe where the dhcpd(8) is running (on sis0). Fedora, the vm host, is bridging VMs with physical network card. openbsd [ bridge0 ( sis0 sis1 sis2 sis3 ) ] --- cable from sis3 to switch --| fedora [ virbr0 ( eth0 vnet0 ) ] ecable from eth0 to switch ---| I'm puzzled with that, don't even know how to troubleshoot this. Any one is willing to help me? :/ OpenBSD 4.8-beta (GENERIC) #87: Wed Aug 4 20:16:06 MDT 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC References 1. http://marc.info/?l=openbsd-miscm=128088020301868w=2 -- best regards q# [demime 1.01d removed an attachment of type application/x-tar-gz]
Re: dhcp and bridge problem
Do I need any special parameter to ifconfig(8) to allow Ethernet broadcast address (ff:ff:ff:ff:ff:ff) travel to all bridge members? On Wed, Aug 04, 2010 at 12:59:07AM +0100, Mikolaj Kucharski wrote: Hi, I have two OpenBSD machines, one is a router, second is a guest on KVM virtual machine (Fedora 13), both run same OpenBSD version (see below for details). I've also used Windows machine connected to sis2 and it has the same issue like OpenBSD connected to sis3 (via Fedora 13). OpenBSD (or Windows) connected to sis3 (or sis2) cannot get the IP from the dhcpd(8) server which runs on sis0, but Fedora 13 (like OpenBSD connected to sis3) which already has a lease from that dhcpd(8) server doesn't have a problem with renewing the lease. Do you know what I am missing in my setup to make that work? OPENBSD ROUTER SETUP: == /etc/hostname.sis0 == inet 192.168.110.1 255.255.255.0 NONE description part of bridge0 == /etc/hostname.sis1 == up description part of bridge0 == /etc/hostname.sis2 == up description part of bridge0 - cable to windows == /etc/hostname.sis3 == up description part of bridge0 - cable to virts == /etc/hostname.bridge0 == description link to virtual hosts add sis0 add sis1 add sis2 add sis3 up == /etc/pf.conf == set skip on lo match out on egress from !(egress) nat-to (egress:0) pass block in on ! lo0 proto tcp to port 6000:6010 == /etc/sysctl.conf == net.inet.ip.forwarding=1 == /etc/rc.conf.local == dhcpd_flags=vr1 vr2 vr3 sis0 OPENBSD GUEST SETUP: == /etc/hostname.em0 == dhcp == /etc/pf.conf == set skip on lo match out on egress from !(egress) nat-to (egress:0) pass block in on ! lo0 proto tcp to port 6000:6010 == /etc/sysctl.conf == net.inet.ip.forwarding=1 ref1-ROUTER-guest-req# tcpdump -c3 -lvveni sis3 port 67 tcpdump: listening on sis3, link-type EN10MB 00:27:06.025235 52:54:00:53:15:40 ff:ff:ff:ff:ff:ff 0800 342: 0.0.0.0.68 255.255.255.255.67: xid:0xcdbecf9a [|bootp] [tos 0x10] (ttl 16, id 0, len 328) 00:27:07.036323 52:54:00:53:15:40 ff:ff:ff:ff:ff:ff 0800 342: 0.0.0.0.68 255.255.255.255.67: xid:0xcdbecf9a secs:1 [|bootp] [tos 0x10] (ttl 16, id 0, len 328) 00:27:09.046432 52:54:00:53:15:40 ff:ff:ff:ff:ff:ff 0800 342: 0.0.0.0.68 255.255.255.255.67: xid:0xcdbecf9a secs:3 [|bootp] [tos 0x10] (ttl 16, id 0, len 328) ref2-ROUTER-guest-req# tcpdump -c3 -lvveni bridge0 port 67 tcpdump: listening on bridge0, link-type EN10MB 00:29:49.991539 52:54:00:53:15:40 ff:ff:ff:ff:ff:ff 0800 342: 0.0.0.0.68 255.255.255.255.67: xid:0xe2c0c174 [|bootp] [tos 0x10] (ttl 16, id 0, len 328) 00:29:50.996544 52:54:00:53:15:40 ff:ff:ff:ff:ff:ff 0800 342: 0.0.0.0.68 255.255.255.255.67: xid:0xe2c0c174 secs:1 [|bootp] [tos 0x10] (ttl 16, id 0, len 328) 00:29:53.006556 52:54:00:53:15:40 ff:ff:ff:ff:ff:ff 0800 342: 0.0.0.0.68 255.255.255.255.67: xid:0xe2c0c174 secs:3 [|bootp] [tos 0x10] (ttl 16, id 0, len 328) ref3-ROUTER-guest-req# tcpdump -c3 -lvveni sis0 port 67 tcpdump: listening on sis0, link-type EN10MB (nothing) ref4-ROUTER-fedora-req# tcpdump -c3 -lvveni sis0 port 67 tcpdump: listening on sis0, link-type EN10MB 00:45:37.095604 00:50:8d:9e:73:85 00:00:24:cc:d4:7c 0800 342: 192.168.110.206.68 192.168.110.1.67: xid:0xf1d78b4f C:192.168.110.206 [|bootp] (DF) (ttl 64, id 0, len 328) $ sysctl -n kern.version OpenBSD 4.7 (GENERIC) #558: Wed Mar 17 20:46:15 MDT 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC -- best regards q# -- best regards q#
Re: dhcp and bridge problem
On Wed, Aug 04, 2010 at 12:59:07AM +0100, Mikolaj Kucharski wrote: Hi, I have two OpenBSD machines, one is a router, second is a guest on KVM virtual machine (Fedora 13), both run same OpenBSD version (see below for details). I've also used Windows machine connected to sis2 and it has the same issue like OpenBSD connected to sis3 (via Fedora 13). OpenBSD (or Windows) connected to sis3 (or sis2) cannot get the IP from the dhcpd(8) server which runs on sis0, but Fedora 13 (like OpenBSD connected to sis3) which already has a lease from that dhcpd(8) server doesn't have a problem with renewing the lease. Do you know what I am missing in my setup to make that work? Maybe try a -current snapshot. There was some bridge(4) work to make the broadcast and tcpdump behaviour better but maybe something was missed. -- :wq Claudio
Re: dhcp and bridge problem
On Thu, Aug 05, 2010 at 10:30:22PM +0200, Claudio Jeker wrote: Maybe try a -current snapshot. There was some bridge(4) work to make the broadcast and tcpdump behaviour better but maybe something was missed. Thanks Claudio, that helped. Now everything seems to work. OpenBSD 4.8-beta (GENERIC) #87: Wed Aug 4 20:16:06 MDT 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC -- best regards q#
Re: dhcp and bridge problem
On Thu, Aug 05, 2010 at 11:13:15PM +0100, Mikolaj Kucharski wrote: On Thu, Aug 05, 2010 at 10:30:22PM +0200, Claudio Jeker wrote: Maybe try a -current snapshot. There was some bridge(4) work to make the broadcast and tcpdump behaviour better but maybe something was missed. Thanks Claudio, that helped. Now everything seems to work. No, sorry, false alarm. It stopped to work again. After rebooting one of the virtual machines none of the machines on the bridge (when using Ethernet broadcast) is able to get the lease again. You can get lease only when you plug the calbe where the dhcpd(8) is running (on sis0). Fedora, the vm host, is bridging VMs with physical network card. openbsd [ bridge0 ( sis0 sis1 sis2 sis3 ) ] --- cable from sis3 to switch --| fedora [ virbr0 ( eth0 vnet0 ) ] ecable from eth0 to switch ---| I'm puzzled with that, don't even know how to troubleshoot this. Any one is willing to help me? :/ OpenBSD 4.8-beta (GENERIC) #87: Wed Aug 4 20:16:06 MDT 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC References 1. http://marc.info/?l=openbsd-miscm=128088020301868w=2 -- best regards q#
dhcp and bridge problem
Hi, I have two OpenBSD machines, one is a router, second is a guest on KVM virtual machine (Fedora 13), both run same OpenBSD version (see below for details). I've also used Windows machine connected to sis2 and it has the same issue like OpenBSD connected to sis3 (via Fedora 13). OpenBSD (or Windows) connected to sis3 (or sis2) cannot get the IP from the dhcpd(8) server which runs on sis0, but Fedora 13 (like OpenBSD connected to sis3) which already has a lease from that dhcpd(8) server doesn't have a problem with renewing the lease. Do you know what I am missing in my setup to make that work? OPENBSD ROUTER SETUP: == /etc/hostname.sis0 == inet 192.168.110.1 255.255.255.0 NONE description part of bridge0 == /etc/hostname.sis1 == up description part of bridge0 == /etc/hostname.sis2 == up description part of bridge0 - cable to windows == /etc/hostname.sis3 == up description part of bridge0 - cable to virts == /etc/hostname.bridge0 == description link to virtual hosts add sis0 add sis1 add sis2 add sis3 up == /etc/pf.conf == set skip on lo match out on egress from !(egress) nat-to (egress:0) pass block in on ! lo0 proto tcp to port 6000:6010 == /etc/sysctl.conf == net.inet.ip.forwarding=1 == /etc/rc.conf.local == dhcpd_flags=vr1 vr2 vr3 sis0 OPENBSD GUEST SETUP: == /etc/hostname.em0 == dhcp == /etc/pf.conf == set skip on lo match out on egress from !(egress) nat-to (egress:0) pass block in on ! lo0 proto tcp to port 6000:6010 == /etc/sysctl.conf == net.inet.ip.forwarding=1 ref1-ROUTER-guest-req# tcpdump -c3 -lvveni sis3 port 67 tcpdump: listening on sis3, link-type EN10MB 00:27:06.025235 52:54:00:53:15:40 ff:ff:ff:ff:ff:ff 0800 342: 0.0.0.0.68 255.255.255.255.67: xid:0xcdbecf9a [|bootp] [tos 0x10] (ttl 16, id 0, len 328) 00:27:07.036323 52:54:00:53:15:40 ff:ff:ff:ff:ff:ff 0800 342: 0.0.0.0.68 255.255.255.255.67: xid:0xcdbecf9a secs:1 [|bootp] [tos 0x10] (ttl 16, id 0, len 328) 00:27:09.046432 52:54:00:53:15:40 ff:ff:ff:ff:ff:ff 0800 342: 0.0.0.0.68 255.255.255.255.67: xid:0xcdbecf9a secs:3 [|bootp] [tos 0x10] (ttl 16, id 0, len 328) ref2-ROUTER-guest-req# tcpdump -c3 -lvveni bridge0 port 67 tcpdump: listening on bridge0, link-type EN10MB 00:29:49.991539 52:54:00:53:15:40 ff:ff:ff:ff:ff:ff 0800 342: 0.0.0.0.68 255.255.255.255.67: xid:0xe2c0c174 [|bootp] [tos 0x10] (ttl 16, id 0, len 328) 00:29:50.996544 52:54:00:53:15:40 ff:ff:ff:ff:ff:ff 0800 342: 0.0.0.0.68 255.255.255.255.67: xid:0xe2c0c174 secs:1 [|bootp] [tos 0x10] (ttl 16, id 0, len 328) 00:29:53.006556 52:54:00:53:15:40 ff:ff:ff:ff:ff:ff 0800 342: 0.0.0.0.68 255.255.255.255.67: xid:0xe2c0c174 secs:3 [|bootp] [tos 0x10] (ttl 16, id 0, len 328) ref3-ROUTER-guest-req# tcpdump -c3 -lvveni sis0 port 67 tcpdump: listening on sis0, link-type EN10MB (nothing) ref4-ROUTER-fedora-req# tcpdump -c3 -lvveni sis0 port 67 tcpdump: listening on sis0, link-type EN10MB 00:45:37.095604 00:50:8d:9e:73:85 00:00:24:cc:d4:7c 0800 342: 192.168.110.206.68 192.168.110.1.67: xid:0xf1d78b4f C:192.168.110.206 [|bootp] (DF) (ttl 64, id 0, len 328) $ sysctl -n kern.version OpenBSD 4.7 (GENERIC) #558: Wed Mar 17 20:46:15 MDT 2010 dera...@i386.openbsd.org:/usr/src/sys/arch/i386/compile/GENERIC -- best regards q#
