I encountered this recently for another reason. My scenario is that I had a
host with a separate physical NIC that was a VLAN trunk (many different VLANs)
but I needed a VM (zone or KVM makes no difference) that had unfiltered promisc
on only one of those VLANs.
I ended up not being able to use that strategy since unfiltered_promisc gives
the VM everything with the vlan_id stripped from the packet (so the VM gets
everything on the physical NIC but can't do its own VLAN filtering). Removing
unfiltered_promisc, although I had mac_spoof enabled this only allows the
sending of packets with different MACs and any responses to the MAC won't be
passed up by the vnic. Since my application was a WAN accelerator with any
number of MACs behind it, it wasn't feasible to manage the list.
I did attempt to use dladm to create a vlan entry and see if I could bridge
that to an ether stub. Snooping the VLAN interface gave me the traffic I wanted
but you can't bridge those to anything.
Still a work in progress, but I ended up dedicating a physical NIC to the VLAN
that the VM needed promisc on. The core blocker to me was that the normal
promisc supplies the packets with vlans stripped, which RM from Joyent
confirmed is expected behaviour at this stage.
- Dave
> On 28 Aug 2015, at 4:36 AM, Jorge Schrauwen <sjorge...@blackdot.be> wrote:
>
> It could also be an illumos qwerk.
> If you can join #smartos on freenode and see if rm is online. He's quite
> knowlagble on the network stack.
>
>> On 2015-08-27 20:23, Daryl Turner wrote:
>>
>> I'll check what the behaviour is on the working VM tomorrow. I'm not able to
>> confirm that this isn't just a symptom of the system diagnostics.
>> -------- Original Message --------
>> Subject: Re: [smartos-discuss] VLAN tagging to guest zone
>> Time (UTC): August 27 2015 6:11 pm
>> From: daryl.tur...@protonmail.ch
>> To: sjorge...@blackdot.be
>> CC: smartos-disc...@lists.smartos.org
>> I've just checked and yes I do. I see it leave with VLAN ID applied but
>> received with the VLAN stripped from the frame.
>> -------- Original Message --------
>> Subject: Re: [smartos-discuss] VLAN tagging to guest zone
>> Time (UTC): August 27 2015 5:18 pm
>> From: sjorge...@blackdot.be
>> To: smartos-disc...@lists.smartos.org
>> Do you see the ARP's withing the vm?
>>> On 2015-08-27 19:18, Daryl Turner wrote:
>>> etherstub.
>>> Funnily enough checking the NICs with snoop it appears the ARP request
>>> makes it to the destination NIC but obviously isn't being picked up by
>>> the destination machine.
>>> [root@00-0c-29-87-c9-0b ~]# snoop -z
>>> a57e5f07-cee7-47ed-a74b-f54b227cd25f -d net0
>>> Using device net0 (promiscuous mode)
>>> VLAN#200: 192.168.0.1 -> (broadcast) ARP C Who is 192.168.0.2,
>>> 192.168.0.2 ?
>>> VLAN#200: 192.168.0.1 -> (broadcast) ARP C Who is 192.168.0.2,
>>> 192.168.0.2 ?
>>> VLAN#200: 192.168.0.1 -> (broadcast) ARP C Who is 192.168.0.2,
>>> 192.168.0.2 ?
>>> VLAN#200: 192.168.0.1 -> (broadcast) ARP C Who is 192.168.0.2,
>>> 192.168.0.2 ?
>>> VLAN#200: 192.168.0.1 -> (broadcast) ARP C Who is 192.168.0.2,
>>> 192.168.0.2 ?
>>> VLAN#200: 192.168.0.1 -> (broadcast) ARP C Who is 192.168.0.2,
>>> 192.168.0.2 ?
>>> VLAN#200: 192.168.0.1 -> (broadcast) ARP C Who is 192.168.0.2,
>>> 192.168.0.2 ?
>>> VLAN#200: 192.168.0.1 -> (broadcast) ARP C Who is 192.168.0.2,
>>> 192.168.0.2 ?
>>> VLAN#200: 192.168.0.1 -> (broadcast) ARP C Who is 192.168.0.2,
>>> 192.168.0.2 ?
>>> VLAN#200: 192.168.0.1 -> (broadcast) ARP C Who is 192.168.0.2,
>>> 192.168.0.2 ?
>>> VLAN#200: 192.168.0.1 -> (broadcast) ARP C Who is 192.168.0.2,
>>> 192.168.0.2 ?
>>> ^C[root@00-0c-29-87-c9-0b ~]# snoop -z
>>> a57e5f07-cee7-47ed-a74b-f54b227cd25f -d net1
>>> Using device net1 (promiscuous mode)
>>> VLAN#200: 192.168.0.1 -> (broadcast) ARP C Who is 192.168.0.2,
>>> 192.168.0.2 ?
>>> VLAN#200: 192.168.0.1 -> (broadcast) ARP C Who is 192.168.0.2,
>>> 192.168.0.2 ?
>>> VLAN#200: 192.168.0.1 -> (broadcast) ARP C Who is 192.168.0.2,
>>> 192.168.0.2 ?
>>> VLAN#200: 192.168.0.1 -> (broadcast) ARP C Who is 192.168.0.2,
>>> 192.168.0.2 ?
>>> VLAN#200: 192.168.0.1 -> (broadcast) ARP C Who is 192.168.0.2,
>>> 192.168.0.2 ?
>>> VLAN#200: 192.168.0.1 -> (broadcast) ARP C Who is 192.168.0.2,
>>> 192.168.0.2 ?
>>> VLAN#200: 192.168.0.1 -> (broadcast) ARP C Who is 192.168.0.2,
>>> 192.168.0.2 ?
>>> VLAN#200: 192.168.0.1 -> (broadcast) ARP C Who is 192.168.0.2,
>>> 192.168.0.2 ?
>>>> -------- Original Message --------
>>>> Subject: Re: [smartos-discuss] VLAN tagging to guest zone
>>>> Time (UTC): August 27 2015 4:27 pm
>>>> From: sjorge...@blackdot.be
>>>> To: smartos-disc...@lists.smartos.org
>>>> loop0 is an etherstub or a physical interface?
>>>>> On 2015-08-27 18:25, Daryl Turner wrote:
>>>>> Here is what i currently have set. This probably wasn't the best
>>>>> machine to start with as it's already a little unusual.
>>>>> This machine is a simulated Juniper router. Net0 loops back into Net1
>>>>> and each end is placed into logical systems. Multiple links are
>>>>> simulated by using VLAN tags to create separate point to point
>>>>> circuits
>>>>> and allows you to build up a topology of interconnected logical
>>>>> routers. At the moment tagged frames from net0 aren't received on
>>>>> net1.
>>>>> If i use untagged frames I can ping between logical systems as
>>>>> expected.
>>>>> # vmadm get a57e5f07-cee7-47ed-a74b-f54b227cd25f | json nics
>>>>> [
>>>>> {
>>>>> "interface": "net0",
>>>>> "mac": "f2:da:d4:5c:ba:70",
>>>>> "nic_tag": "loop0",
>>>>> "ip": "dhcp",
>>>>> "model": "e1000",
>>>>> "allow_ip_spoofing": true,
>>>>> "allow_mac_spoofing": true,
>>>>> "allow_restricted_traffic": true,
>>>>> "allow_unfiltered_promisc": true,
>>>>> "primary": true
>>>>> },
>>>>> {
>>>>> "interface": "net1",
>>>>> "mac": "52:fb:a9:db:86:f4",
>>>>> "nic_tag": "loop0",
>>>>> "ip": "dhcp",
>>>>> "model": "e1000",
>>>>> "allow_ip_spoofing": true,
>>>>> "allow_mac_spoofing": true,
>>>>> "allow_restricted_traffic": true,
>>>>> "allow_unfiltered_promisc": true
>>>>> }
>>>>> ]
>>>>> I will check the behaviour using separate machines and try using
>>>>> Joyent
>>>>> zones to see if it makes any difference.
>>>>> Thanks,
>>>>> Daryl.
>>>>>> -------- Original Message --------
>>>>>> Subject: Re: [smartos-discuss] VLAN tagging to guest zone
>>>>>> Time (UTC): August 27 2015 4:01 pm
>>>>>> From: sjorge...@blackdot.be
>>>>>> To: smartos-disc...@lists.smartos.org
>>>>>> CC: daryl.tur...@protonmail.ch
>>>>>> Hi Daryl,
>>>>>> You probably need to have allow_unfiltered_promisc set to true.
>>>>>> I simple add multiple nics with a different vlan_id set for each
>>>>>> myself,
>>>>>> which also works fine.
>>>>>> Regards
>>>>>> Jorge
>>>>>>> On 2015-08-27 17:31, Daryl Turner wrote:
>>>>>>> Hi All,
>>>>>>> I'm currently working on porting over some machines from a network
>>>>>>> lab
>>>>>>> from ESXi to SmartOS. There is a requirement to carry tagged
>>>>>>> traffic
>>>>>>> between several KVM branded zones to simulate a specific network
>>>>>>> topology.
>>>>>>> From what I can see, and have tried this isn't possible even with
>>>>>>> the
>>>>>>> permit_restricted_traffic flag. I've also added spoof_ip and
>>>>>>> spoof_mac
>>>>>>> permits.
>>>>>>> Can anyone confirm if this is a restriction in the virtual
>>>>>>> networking
>>>>>>> stack in SmartOS or if there is a possible workaround? The link
>>>>>>> between
>>>>>>> the zones is logically point to point so the etherstub wouldn't
>>>>>>> need
>>>>>>> to
>>>>>>> VLAN aware as such, just passing the traffic would satisfy my
>>>>>>> requirement for now.
>>>>>>> Thanks,
>>>>>>> Daryl.
>>>>>>> SMARTOS-DISCUSS | Archives [1] [2] | Modify [3] Your Subscription
>>>>>>> [4]
>>>>>> Links:
>>>>>> ------
>>>>>> [1] https://www.listbox.com/member/archive/184463/=now
>>>>>> https://www.listbox.com/member/archive/rss/184463/26452851-88b650c7
>>>>>> https://www.listbox.com/member/?&;
>>>>>> http://www.listbox.com
>>>>> SMARTOS-DISCUSS | Archives [1] [2] | Modify [3] Your Subscription
>>>>> [4]
>>>> Links:
>>>> ------
>>>> [1] https://www.listbox.com/member/archive/184463/=now
>>>> https://www.listbox.com/member/archive/rss/184463/26452851-88b650c7
>>>> https://www.listbox.com/member/?&;
>>>> http://www.listbox.com
>>> SMARTOS-DISCUSS | Archives [1] [2] | Modify [3] Your Subscription
>>> [4]
>> Links:
>> ------
>> [1] https://www.listbox.com/member/archive/184463/=now
>> https://www.listbox.com/member/archive/rss/184463/26452851-88b650c7
>> https://www.listbox.com/member/?&;
>> http://www.listbox.com
>
>
-------------------------------------------
smartos-discuss
Archives: https://www.listbox.com/member/archive/184463/=now
RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00
Modify Your Subscription:
https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb
Powered by Listbox: http://www.listbox.com
