On 5/12/15 1:02 , Schmurfy wrote: > Thanks for the precisions. > > What I find weird is that here is what I see with tcpdump/snoop (the vm > interface is configured with vlan_id 500): > > - the QinQ packet enter the SmartOS host via the physical interface with > two tags (500 400) > - (on the host) SmartOS/kvm/whatever strips the first tag (500) and > correctly send the packet to the VM via its interface, the packet is now a > vlan packet tagged only 400 > - (in the VM) the vlan interface created on top of the interface configured > as vlan 500 in smartos sees that the packet is for it and responds with an > ARP Reply > - the packet is dropped > > If QinQ is not supported I would image it would either never work in both > directions or the packet would be passed along because only the first tag > would be checked and removed/added, why does it half works here ?
Well, this is likely a side effect of the vnd implementation. The vnd implementation doesn't really do much checking of the frame, other than having a valid MAC header before passing it off to the guest's networking stack and optionally first through ipf when a frame is to be received by the guest. On the send side, there is more going on. I'm not quite sure where it's getting dropped. We can certainly try to figure out where that is and potentially go fix things up so that it works for KVM instances. If you're interested in debugging this, perhaps jump into #smartos on irc.freenode.net and I can help work through how we would figure out what's going on here. > Is there a way I can "cheat" here by bridging the physical interface > directly with the VM interface without any control from SmartOS/KVM ? All > the VM are managed by me so that would be an acceptable solution, for now > at least, we have no client VMs. No, not really. We don't support that through vmadm. Robert > On 12 May 2015 at 00:04, Robert Mustacchi <[email protected]> wrote: > >> On 5/11/15 2:46 , Schmurfy wrote: >>> Hello, >>> I am using QinQ in my network and can't figure out how to properly use it >>> on the VMs, I configured the vm to get one interface as being a vlan >>> interface and this works (the interface works properly in the VM) but >> when >>> I try to create a vlan interface inside the VM backed on the first >>> interface packets don't get through SmartOS. I see incoming ARP Request >>> packets and the response from inside the VM (with the correct vlan tag) >> but >>> using snoop on the host I never see them get out. >>> >>> While trying to make it works I enabled allow_ip_spoofing, >>> allow_dhcp_spoofing, allow_mac_spoofing, allow_restricted_traffic, >>> allow_unfiltered_promisc but none of them seems to help, packets still >> get >>> blocked on the way out :( >>> does anyone know what could be blocking the packets ? >> >> Hi, >> >> There are few different things that are going on here. Probably the most >> important is that, to my knowledge, we don't support 802.1ad (Q in Q). >> >> Second, let me clarify what exactly is happening with respect to VNICs, >> VLANs, and the different kinds of instances you can create. When you >> specify a VLAN id in the JSON file, we'll create a VNIC that is marked >> with that tag. That means that the system will enforce that packets that >> enter and leave the interface have that tag. If you're just creating >> zones (whether lx, docker, or smartos), then this doesn't matter. >> >> With kvm, it's a different story. We treat a KVM guest as though it's >> NIC is always in access mode, and instead the hypervisor is responsible >> for adding and removing a tag. If the guest is setting a tag, then it's >> liable that it'll be dropped. >> >> Robert >> >> >> ------------------------------------------- >> smartos-discuss >> Archives: https://www.listbox.com/member/archive/184463/=now >> RSS Feed: >> https://www.listbox.com/member/archive/rss/184463/27127964-b8d97130 >> Modify Your Subscription: >> https://www.listbox.com/member/?&; >> Powered by Listbox: http://www.listbox.com >> > > > > ------------------------------------------- > smartos-discuss > Archives: https://www.listbox.com/member/archive/184463/=now > RSS Feed: https://www.listbox.com/member/archive/rss/184463/21483261-4b78dd38 > Modify Your Subscription: https://www.listbox.com/member/?&; > Powered by Listbox: http://www.listbox.com > ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
