Re: Need some assistance concerning HVM guests and VLANs

[Hugo Silva <hugo%barafranca.com@localhost>]

Brook Milligan wrote:
> I'm pretty certain that the setup goes something like this (using fxp0
> as the real network interface for dom0):
>
>      dom0:
>      # ifconfig fxp0 up
>      # ifconfig vlan0 create
>      # ifconfig vlan0 vlan 6 vlanif fxp0
>      # ifconfig vlan0 10.0.0.10/24
>      # ifconfig bridge0 create
>      # brconfig bridge0 add vlan0 up
>
>      domU:
>      network setup as usual with xennet0, etc. same as without vlan
>      i.e., _no_ knowledge of vlan within domU
>
> The key point is to bridge the vlan device (not the real interface) to
> the bridge used by the xennet devices.  Everything connected to that
> bridge will not have tagged packets.
>
> Note that I have never done this with FreeBSD, but would assume that
> since packets on the bridge are not tagged that it need not know
> anything about vlans either.
>
> Cheers,
> Brook
>   


I created bridge1 and vlan3 on dom0:

bridge1: flags=41<UP,RUNNING>
Configuration:
priority 32768 hellotime 2 fwddelay 15 maxage 20
ipfilter disabled flags 0x0
Interfaces:
xvif9.0 flags=3<LEARNING,DISCOVER>
port 17 priority 128
tap0 flags=3<LEARNING,DISCOVER>
port 18 priority 128
vlan3 flags=3<LEARNING,DISCOVER>
port 7 priority 128
Address cache (max cache: 100, timeout: 1200):

vlan3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
vlan: 3 parent: msk0
address: --:--:--:--:--:--

----

If I try to ping the OpenBSD box (10.100.3.1) from the FreeBSD guest 
(10.100.3.3), I see the following on OpenBSD's vlan3:


--:--:--:--:--:FREEBSD ff:ff:ff:ff:ff:ff 0806 64: arp who-has 10.100.3.1 
tell 10.100.3.3
--:--:--:--:--:OPENBSD --:--:--:--:--:FREEBSD 0806 64: arp reply 
10.100.3.1 is-at --:--:--:--:--:OPENBSD

And at the dom0 msk0 interface:
--:--:--:--:--:FREEBSD > ff:ff:ff:ff:ff:ff, ethertype 802.1Q (0x8100), 
length 68: vlan 3, p 0, ethertype ARP, arp who-has 10.100.3.1 tell 
10.100.3.3
--:--:--:--:--:OPENBSD > --:--:--:--:--:FREEBSD, ethertype 802.1Q 
(0x8100), length 68: vlan 3, p 0, ethertype ARP, arp reply 10.100.3.1 
is-at --:--:--:--:--:OPENBSD

So I know packets are going out and coming back properly (remember, the 
OpenBSD machine is different hardware).
----


FreeBSD's mac address is correctly entered on OpenBSD's ARP table:
? (10.100.3.3) at --:--:--:--:--:FREEBSD on vlan3

But the reverse isn't true.

From FreeBSD's point of view, there is never a reply at all, altough I 
can see it at both the openbsd vlan3 interface and the dom0 msk0, as 
shown above;

PING 10.100.3.1 (10.100.3.1): 56 data bytes
12:55:03.827809 --:--:--:--:--:FREEBSD > ff:ff:ff:ff:ff:ff, ethertype 
ARP (0x0806), length 42: Request who-has 10.100.3.1 tell 10.100.3.3, 
length 28
12:55:05.630182 --:--:--:--:--:FREEBSD > ff:ff:ff:ff:ff:ff, ethertype 
ARP (0x0806), length 42: Request who-has 10.100.3.1 tell 10.100.3.3, 
length 28
12:55:07.433457 --:--:--:--:--:FREEBSD > ff:ff:ff:ff:ff:ff, ethertype 
ARP (0x0806), length 42: Request who-has 10.100.3.1 tell 10.100.3.3, 
length 28
ping: sendto: Host is down


I'm no longer using vlan interfaces on the FreeBSD domU:
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=9b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM>
ether --:--:--:--:--:FREEBSD
inet 10.100.3.3 netmask 0xffffff00 broadcast 10.100.3.255
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active




I don't understand why I'm able to bridge msk0 and create vlan 
interfaces on the NetBSD domU (and I'm willing to bet on the OpenSolaris 
domU too, altough I haven't tried yet - stumped by this atm) and get 
connectivity, but not on the FreeBSD guest. Also, it isn't clear why I'm 
able to see the vlan3 packets on msk0, but not on the vlan3 interface 
(the arp is-at packets never show up on vlan3, only the who-was from the 
domU).

Could it be related to vlan3 being on bridge1 now?