Bug 224795

Summary: vlan interfaces created off tap devices do not work
Product: Base System Reporter: Gaelan D'costa <gdcosta>
Component: kernAssignee: freebsd-net (Nobody) <net>
Status: New ---    
Severity: Affects Only Me    
Priority: ---    
Version: 11.1-RELEASE   
Hardware: amd64   
OS: Any   

Description Gaelan D'costa 2017-12-31 16:04:31 UTC 
(I am not sure if this is a technical problem or a documentation issue ... the only relevant-seeming info I could find on this issue was an unanswered post in the forums https://forums.freebsd.org/threads/49106/)

I have been running the pfSense FreeBSD-based firewall/routing OS as a bhyve VM on my FreeBSD box.

I have two (relevant) network devices, bge0 and em0.
I have a bridge0 device with bge0 and the tap0 from the pfSense bhye vm as members. This is a trunk connection with multiple VLANs' worth of data running over them. They have a standard MTU of 1500.

I created a vlan20 (for example) device off tap0, since I cannot create vlan devices off bridge devices and creating it off the bge0 device means no other VMs or jails get traggic passed through (since presumably bge0 only gets traffic that isn't another virtual instance but needs to go through the attached network switch)

The vlan20 device has an MTU of 1496, which is a different behaviour from when vlan devices are created off bge0 or em0 where they retain an MTU of 1500. The reason I mention this is because if I want to bridge this vlan20 device with other VM or jail interfaces (VNET or otherwise) I have to lower the other interfaces' MTUs to 1496 and this is all for naught as vlan20 doesn't seem to pass traffic anywhere.

--

HOWEVER, if I configure my em0 device to accept the VLAN traffic I need and create vlan20 interface off it, all bridging and network traffic work fine.
I have a workaround, but it feels to me like creating a vlan device off a tap is either broken or is something that possibly shouldn't be allowed.

--

I am not a networking or FreeBSD expert so my diagnostics probably can be improved. I used tcpdump and showed that the vlan20 device would never send ARP data (and ICMP data) through to the tap0 trunk. Other jail/VM members on the bridge could talk to each other because presumably the bridge device was working fine, just not this particular vlan20 member.

I can reproduce this scenario fairly easy so if there are any other logs or commands you would like to run I would be happy to do so.


Hello, I am not a networking or FreeBSD poweruser;