Bug 263846 - ng_bridge: can't ge an IP using DHCP when creating a vlan on an interface in the bridge
Summary: ng_bridge: can't ge an IP using DHCP when creating a vlan on an interface in...
Status: Open
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 13.0-RELEASE
Hardware: Any Any
: --- Affects Only Me
Assignee: Lutz Donnerhacke
URL:
Keywords:
: 263847 (view as bug list)
Depends on:
Blocks:
 
Reported: 2022-05-07 16:23 UTC by benoitc
Modified: 2022-05-10 14:49 UTC (History)
2 users (show)

See Also:


Attachments
diagram of the network handled by netgraph for this case. (74.43 KB, image/png)
2022-05-10 07:32 UTC, benoitc
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description benoitc 2022-05-07 16:23:13 UTC
I am using a bridge `bridge0` that will contain a native nic interface ixl3 and add a tap interface in it:

```
ifconfig bridge0 create
ifconfig bridge0 addm ixl3 addm tap0
ifconfig bridge0
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 58:9c:fc:10:e7:20
    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
    maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
    member: ixl3 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 6 priority 128 path cost 2000
    member: tap1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 12 priority 128 path cost 2000000
    member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 11 priority 128 path cost 2000000
    groups: bridge vm-switch viid-73f50@
    nd6 options=1<PERFORMNUD>
```

When I create a bhyve vm `test` with a network interface on this bridge, it is able to access to the vlan101:

```
root@test:~ # ifconfig vtnet1 up
root@test:~ # dhclient vtnet1.101
DHCPDISCOVER on vtnet1.101 to 255.255.255.255 port 67 interval 4
DHCPOFFER from 10.101.1.1
DHCPREQUEST on vtnet1.101 to 255.255.255.255 port 67
DHCPACK from 10.101.1.1
bound to 10.101.1.14 -- renewal in 300 seconds.
```

I can access to this machine using SSH and ping it with success. But when I try to do the same using netgraph (initial bridg0 has been destroyed), my VM is not able to retrieve the IP using DHCP. It is only possible to do it on the untagged vlan. Is there something wrong in the configuration below? 

Why the behaviour is not the same using a bridge created with if_bridge? Is this a bug?

```
ngctl -f- <<EOF
mkpeer ixl3: bridge lower link0
name ixl3:lower bridge0
connect ixl3: bridge0: upper link1
msg ixl3: setpromisc 1
msg ixl3: setautosrc 0
EOF
```
Comment 1 benoitc 2022-05-07 16:29:32 UTC
*** Bug 263847 has been marked as a duplicate of this bug. ***
Comment 2 Lutz Donnerhacke freebsd_committer 2022-05-09 15:18:04 UTC
ng_bridge is ethertype transparent, that means that vlan tagging is ignored. OTOH this may cause problems, if the same MAC address is used on different interfaces with different VLAN tags.

I currently do not understand your setup. May I ask you to provide a bit more about the netgraph topology? Something like the following:

```
# ngctl show bridge0:
  Name: bridge0         Type: bridge          ID: 00000003   Num hooks: 2
  Local hook      Peer name       Peer type    Peer ID         Peer hook      
  ----------      ---------       ---------    -------         ---------      
  link1           ngeth1          eiface       00000006        ether          
  link0           ngeth0          eiface       00000005        ether          

# ifconfig
ngeth0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=28<VLAN_MTU,JUMBO_MTU>
        ether 58:9c:fc:10:80:4d
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ngeth1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=28<VLAN_MTU,JUMBO_MTU>
        ether 58:9c:fc:10:ff:86
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ngeth0.100: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 58:9c:fc:10:80:4d
        inet 192.168.1.2 netmask 0xfffffff8 broadcast 192.168.1.7
        groups: vlan
        vlan: 100 vlanproto: 802.1q vlanpcp: 0 parent interface: ngeth0
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ngeth1.100: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 58:9c:fc:10:ff:86
        inet 192.168.2.3 netmask 0xfffffff8 broadcast 192.168.2.7
        groups: vlan
        vlan: 100 vlanproto: 802.1q vlanpcp: 0 parent interface: ngeth1
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
```


May I ask you to provide the bridge statistics?

```
# ngctl msg bridge0: getstats 0
Rec'd response "getstats" (4) from "[3]:":
Args:   { recvOctets=230 recvPackets=5 recvBroadcast=5
          xmitOctets=552 xmitPackets=12 xmitBroadcasts=12 }

# ngctl msg bridge0: getstats 1
Rec'd response "getstats" (4) from "[3]:":
Args:   { recvOctets=552 recvPackets=12 recvBroadcast=12
          xmitOctets=230 xmitPackets=5 xmitBroadcasts=5 }
```

As you can see, the interfaces are mirroring each other: What is received on one link was transmitted to the other one.
Comment 3 benoitc 2022-05-10 07:32:11 UTC
Created attachment 233832 [details]
diagram of the network handled by netgraph for this case.

the point of this setup was to setup a firewall vm with an interface in the bridge. The firewall must be able to setup vlan oin its interface. 

Unfortunately I have for now decided to use a simple if_bridge so I can't get the stats. I am attaching the graph i had with this setup. The related part is the lan bridge with the ixl3 interface hooked to it.
Comment 4 Lutz Donnerhacke freebsd_committer 2022-05-10 14:26:01 UTC
Do I understand correctly, that ng_bridge is working fine, if you are using ng_vlan to separate the traffic?

Do I understand correctly, that ng_bridge is not working as expected, if you are connecting both the upper and lower hooks of the same physical interface?

In this case ng_bridge should learn the interface mac from the upper-hook and the external macs from the lower-hook. But it does not do so in your setup, correct?
Comment 5 benoitc 2022-05-10 14:38:06 UTC
> Do I understand correctly, that ng_bridge is working fine, if you are using ng_vlan to separate the traffic?

Yes

> Do I understand correctly, that ng_bridge is not working as expected, if you are connecting both the upper and lower hooks of the same physical interface?

Yes

> In this case ng_bridge should learn the interface mac from the upper-hook and the external macs from the lower-hook. But it does not do so in your setup, correct?

correct
Comment 6 Lutz Donnerhacke freebsd_committer 2022-05-10 14:49:56 UTC
I just tried this on the interface I'm connecting to the system itself:

lagg1001: flags=28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,PPROMISC> metric 0 mtu 1500
        options=4e507bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
        ether d4:f5:ef:11:45:58
        laggproto lacp lagghash l2,l3,l4
        laggport: ixl7 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
        groups: lagg
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>


vlan44: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4600703<RXCSUM,TXCSUM,TSO4,TSO6,LRO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
        ether d4:f5:ef:11:45:58
        inet6 fe80::d6f5:efff:fe11:4558%vlan44 prefixlen 64 scopeid 0x13
        inet6 2... prefixlen 64
        inet 1... netmask 0xffffff00 broadcast 1...
        groups: vlan
        vlan: 44 vlanproto: 802.1q vlanpcp: 0 parent interface: lagg1001
        media: Ethernet autoselect
        status: active
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

That's the interface I'm connecting through. It's tagged.

# ngctl -f- <<END
mkpeer lagg1001: bridge lower link0
connect lagg1001: lagg1001:lower upper link1
END

# ngctl show lagg1001:lower
  Name: lagg1001        Type: ether           ID: 00000025   Num hooks: 2
  Local hook      Peer name       Peer type    Peer ID         Peer hook      
  ----------      ---------       ---------    -------         ---------      
  upper           <unnamed>       bridge       0000002e        link1          
  lower           <unnamed>       bridge       0000002e        link0          

# ngctl msg lagg1001:lower getstats 0
Rec'd response "getstats" (4) from "[2e]:":
Args:   { recvOctets=256975 recvPackets=2116 recvMulticast=267 recvBroadcast=1393 recvUnknown=432 }
# ngctl msg lagg1001:lower getstats 1
Rec'd response "getstats" (4) from "[2e]:":
Args:   { xmitOctets=265205 xmitPackets=2198 xmitMulticasts=277 xmitBroadcasts=1450 }

I'm still able to work over this tagged interface which is connected though to the bridge ...

Which exact version of FreeBSD are you using?