FreeBSD/OVS equivalent of ESXi vSwitch VLAN config

The name of the pictureThe name of the pictureThe name of the pictureClash Royale CLAN TAG#URR8PPP











up vote
3
down vote

favorite












I'm trying out FreeBSD with bhyve hypervisor and trying to replicate VMware ESXi vSwitch config in FreeBSD so that pfSense VM gets network traffic properly.



VLANs:



  • 111 = LAN, 192.168.101.0/24

  • 333 = Internet (WAN), DHCP

pfSense virtual machine setup (ESXi & FreeBSD):



NICS:



  • vnic0

  • vnic0.111 192.168.101.1/24

  • vnic0.333 DHCP from ISP

  • NAT: VLAN 333 <-> VLAN 111 & DHCP server

  • HW offloads off

Old ESXi setup:



  • 192.168.101.6/24 on VLAN 111 GW 192.168.101.1

  • Only vSwitch, no dvSwitches

vSwitch0:



 ----------------------- -----------------------
| allvlans | | Physical adapters |
| VLAN ID: 4095 (all) |----| * vmnic0, 1000 Mbps |
| * pfSense24 | | ----------------------- 
 ----------------------- |
 |
 ----------------------- |
| Management Network |--/ 
| VLAN ID: 111 |
| VMkernel ports (1): |
| * vmk0: 192.168.101.6 |
 -----------------------


Security policy:



  • Allow promiscuous mode: no

  • Allow forged transmits: no

  • Allow MAC changes: no

Port group allvlans:



  • VLAN ID: 4095 (allow all tagged VLAN traffic)

  • Allow promiscuous mode: Inherit from vSwitch (no)

  • Allow forged transmits: Inherit from vSwitch (no)

  • Allow MAC changes: Inherit from vSwitch (no)

FreeBSD ESXi replacement setup attempt:



sysrc -f /boot/loader.conf vmm_load="YES"
sysrc -f /boot/loader.conf nmdm_load="YES"
sysrc -f /boot/loader.conf if_bridge_load="YES"
sysrc -f /boot/loader.conf if_tap_load="YES"
sysrc if_vlan_load="YES"
sysrc cloned_interfaces="bridge0 tap0"
sysrc ifconfig_bridge0="addm em0 addm tap0"
echo "net.link.tap.up_on_open=1" > /etc/sysctl.d/vm_network.conf
sysrc defaultrouter="192.168.101.1"
sysrc ifconfig_em0="up"
sysrc gateway_enable="YES"


ESXi's Management Network equivalent(?) for SSH access: 



sysrc vlans_em0="111"
sysrc ifconfig_em0_111="inet 192.168.101.6/24"


Interfaces:



em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
 options=852099<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO>
 ether 00:25:90:14:95:8c
 nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
 media: Ethernet autoselect (1000baseT <full-duplex>)
 status: active
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
 ether 02:eb:00:40:63:00
 nd6 options=9<PERFORMNUD,IFDISABLED>
 groups: bridge
 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
 member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
 ifmaxaddr 0 port 5 priority 128 path cost 2000000
 member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
 ifmaxaddr 0 port 1 priority 128 path cost 2000000
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
 options=80000<LINKSTATE>
 ether 00:bd:f0:02:f7:00
 nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
 media: Ethernet autoselect
 status: active
 groups: tap
 Opened by PID 45408
em0.111: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
 options=103<RXCSUM,TXCSUM,TSO4>
 ether 00:25:90:14:95:8c
 inet 192.168.101.6 netmask 0xffffff00 broadcast 192.168.101.255
 nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
 media: Ethernet autoselect (1000baseT <full-duplex>)
 status: active
 vlan: 111 vlanpcp: 0 parent interface: em0
 groups: vlan


pciconf -lv:



em0@pci0:1:0:0: class=0x020000 card=0x10d315d9 chip=0x10d38086 rev=0x00 hdr=0x00
 vendor = 'Intel Corporation'
 device = '82574L Gigabit Network Connection'
 class = network
 subclass = ethernet


Running pfSense VM with:



sh /usr/share/examples/bhyve/vmrun.sh -m 2048M -d /dev/zvol/tank/pfsense0 pfsensevm


It uses tap0.



Currently I can access pfSense's web admin but vmnet0.333 doesn't get IP from my ISP. I'd like to set VLAN bridging as securely as possible (private for bridge0?). If it's possible to send all traffic to the physical switch first, that's what I would prefer. openvSwitch is also ok, but I'm not familiar with it.



DHCP request packet is correctly seen in tap0, bridge0, and em0 with tcpdump -lnexv -i <iface> "vlan 333"and not in em0.111, which is correct when requesting new IP in pfSense. There's no DHCP response from ISP. em0 and tap0 are in promisc mode which is disabled in vSwitch version.



More debugging:



Connected Raspberry Pi to my VDSL modem and the DHCP packet is seen. I also tried spoofing the pfSense's MAC address with RPi and it works. So possible culprits currently are packet checksum and packet truncating. At least Linux bridge implementation is very well known to break packets with bridging and VLANs so FreeBSD might be doing it as well? Adding VLAN 333 to em0 DHCP works. So what is bridge0 or tap0 doing?



What I am missing?






networking freebsd virtual-machine







share|improve this question



























    up vote
    3
    down vote

    favorite












    I'm trying out FreeBSD with bhyve hypervisor and trying to replicate VMware ESXi vSwitch config in FreeBSD so that pfSense VM gets network traffic properly.



    VLANs:



    • 111 = LAN, 192.168.101.0/24

    • 333 = Internet (WAN), DHCP

    pfSense virtual machine setup (ESXi & FreeBSD):



    NICS:



    • vnic0

    • vnic0.111 192.168.101.1/24

    • vnic0.333 DHCP from ISP

    • NAT: VLAN 333 <-> VLAN 111 & DHCP server

    • HW offloads off

    Old ESXi setup:



    • 192.168.101.6/24 on VLAN 111 GW 192.168.101.1

    • Only vSwitch, no dvSwitches

    vSwitch0:



     ----------------------- -----------------------
    | allvlans | | Physical adapters |
    | VLAN ID: 4095 (all) |----| * vmnic0, 1000 Mbps |
    | * pfSense24 | | ----------------------- 
     ----------------------- |
     |
     ----------------------- |
    | Management Network |--/ 
    | VLAN ID: 111 |
    | VMkernel ports (1): |
    | * vmk0: 192.168.101.6 |
     -----------------------


    Security policy:



    • Allow promiscuous mode: no

    • Allow forged transmits: no

    • Allow MAC changes: no

    Port group allvlans:



    • VLAN ID: 4095 (allow all tagged VLAN traffic)

    • Allow promiscuous mode: Inherit from vSwitch (no)

    • Allow forged transmits: Inherit from vSwitch (no)

    • Allow MAC changes: Inherit from vSwitch (no)

    FreeBSD ESXi replacement setup attempt:



    sysrc -f /boot/loader.conf vmm_load="YES"
    sysrc -f /boot/loader.conf nmdm_load="YES"
    sysrc -f /boot/loader.conf if_bridge_load="YES"
    sysrc -f /boot/loader.conf if_tap_load="YES"
    sysrc if_vlan_load="YES"
    sysrc cloned_interfaces="bridge0 tap0"
    sysrc ifconfig_bridge0="addm em0 addm tap0"
    echo "net.link.tap.up_on_open=1" > /etc/sysctl.d/vm_network.conf
    sysrc defaultrouter="192.168.101.1"
    sysrc ifconfig_em0="up"
    sysrc gateway_enable="YES"


    ESXi's Management Network equivalent(?) for SSH access: 



    sysrc vlans_em0="111"
    sysrc ifconfig_em0_111="inet 192.168.101.6/24"


    Interfaces:



    em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
     options=852099<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO>
     ether 00:25:90:14:95:8c
     nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
     media: Ethernet autoselect (1000baseT <full-duplex>)
     status: active
    bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
     ether 02:eb:00:40:63:00
     nd6 options=9<PERFORMNUD,IFDISABLED>
     groups: bridge
     id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
     maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
     root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
     member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
     ifmaxaddr 0 port 5 priority 128 path cost 2000000
     member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
     ifmaxaddr 0 port 1 priority 128 path cost 2000000
    tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
     options=80000<LINKSTATE>
     ether 00:bd:f0:02:f7:00
     nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
     media: Ethernet autoselect
     status: active
     groups: tap
     Opened by PID 45408
    em0.111: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
     options=103<RXCSUM,TXCSUM,TSO4>
     ether 00:25:90:14:95:8c
     inet 192.168.101.6 netmask 0xffffff00 broadcast 192.168.101.255
     nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
     media: Ethernet autoselect (1000baseT <full-duplex>)
     status: active
     vlan: 111 vlanpcp: 0 parent interface: em0
     groups: vlan


    pciconf -lv:



    em0@pci0:1:0:0: class=0x020000 card=0x10d315d9 chip=0x10d38086 rev=0x00 hdr=0x00
     vendor = 'Intel Corporation'
     device = '82574L Gigabit Network Connection'
     class = network
     subclass = ethernet


    Running pfSense VM with:



    sh /usr/share/examples/bhyve/vmrun.sh -m 2048M -d /dev/zvol/tank/pfsense0 pfsensevm


    It uses tap0.



    Currently I can access pfSense's web admin but vmnet0.333 doesn't get IP from my ISP. I'd like to set VLAN bridging as securely as possible (private for bridge0?). If it's possible to send all traffic to the physical switch first, that's what I would prefer. openvSwitch is also ok, but I'm not familiar with it.



    DHCP request packet is correctly seen in tap0, bridge0, and em0 with tcpdump -lnexv -i <iface> "vlan 333"and not in em0.111, which is correct when requesting new IP in pfSense. There's no DHCP response from ISP. em0 and tap0 are in promisc mode which is disabled in vSwitch version.



    More debugging:



    Connected Raspberry Pi to my VDSL modem and the DHCP packet is seen. I also tried spoofing the pfSense's MAC address with RPi and it works. So possible culprits currently are packet checksum and packet truncating. At least Linux bridge implementation is very well known to break packets with bridging and VLANs so FreeBSD might be doing it as well? Adding VLAN 333 to em0 DHCP works. So what is bridge0 or tap0 doing?



    What I am missing?






    networking freebsd virtual-machine







    share|improve this question

























      up vote
      3
      down vote

      favorite









      up vote
      3
      down vote

      favorite











      I'm trying out FreeBSD with bhyve hypervisor and trying to replicate VMware ESXi vSwitch config in FreeBSD so that pfSense VM gets network traffic properly.



      VLANs:



      • 111 = LAN, 192.168.101.0/24

      • 333 = Internet (WAN), DHCP

      pfSense virtual machine setup (ESXi & FreeBSD):



      NICS:



      • vnic0

      • vnic0.111 192.168.101.1/24

      • vnic0.333 DHCP from ISP

      • NAT: VLAN 333 <-> VLAN 111 & DHCP server

      • HW offloads off

      Old ESXi setup:



      • 192.168.101.6/24 on VLAN 111 GW 192.168.101.1

      • Only vSwitch, no dvSwitches

      vSwitch0:



       ----------------------- -----------------------
      | allvlans | | Physical adapters |
      | VLAN ID: 4095 (all) |----| * vmnic0, 1000 Mbps |
      | * pfSense24 | | ----------------------- 
       ----------------------- |
       |
       ----------------------- |
      | Management Network |--/ 
      | VLAN ID: 111 |
      | VMkernel ports (1): |
      | * vmk0: 192.168.101.6 |
       -----------------------


      Security policy:



      • Allow promiscuous mode: no

      • Allow forged transmits: no

      • Allow MAC changes: no

      Port group allvlans:



      • VLAN ID: 4095 (allow all tagged VLAN traffic)

      • Allow promiscuous mode: Inherit from vSwitch (no)

      • Allow forged transmits: Inherit from vSwitch (no)

      • Allow MAC changes: Inherit from vSwitch (no)

      FreeBSD ESXi replacement setup attempt:



      sysrc -f /boot/loader.conf vmm_load="YES"
      sysrc -f /boot/loader.conf nmdm_load="YES"
      sysrc -f /boot/loader.conf if_bridge_load="YES"
      sysrc -f /boot/loader.conf if_tap_load="YES"
      sysrc if_vlan_load="YES"
      sysrc cloned_interfaces="bridge0 tap0"
      sysrc ifconfig_bridge0="addm em0 addm tap0"
      echo "net.link.tap.up_on_open=1" > /etc/sysctl.d/vm_network.conf
      sysrc defaultrouter="192.168.101.1"
      sysrc ifconfig_em0="up"
      sysrc gateway_enable="YES"


      ESXi's Management Network equivalent(?) for SSH access: 



      sysrc vlans_em0="111"
      sysrc ifconfig_em0_111="inet 192.168.101.6/24"


      Interfaces:



      em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
       options=852099<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO>
       ether 00:25:90:14:95:8c
       nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
       media: Ethernet autoselect (1000baseT <full-duplex>)
       status: active
      bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
       ether 02:eb:00:40:63:00
       nd6 options=9<PERFORMNUD,IFDISABLED>
       groups: bridge
       id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
       maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
       root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
       member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
       ifmaxaddr 0 port 5 priority 128 path cost 2000000
       member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
       ifmaxaddr 0 port 1 priority 128 path cost 2000000
      tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
       options=80000<LINKSTATE>
       ether 00:bd:f0:02:f7:00
       nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
       media: Ethernet autoselect
       status: active
       groups: tap
       Opened by PID 45408
      em0.111: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
       options=103<RXCSUM,TXCSUM,TSO4>
       ether 00:25:90:14:95:8c
       inet 192.168.101.6 netmask 0xffffff00 broadcast 192.168.101.255
       nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
       media: Ethernet autoselect (1000baseT <full-duplex>)
       status: active
       vlan: 111 vlanpcp: 0 parent interface: em0
       groups: vlan


      pciconf -lv:



      em0@pci0:1:0:0: class=0x020000 card=0x10d315d9 chip=0x10d38086 rev=0x00 hdr=0x00
       vendor = 'Intel Corporation'
       device = '82574L Gigabit Network Connection'
       class = network
       subclass = ethernet


      Running pfSense VM with:



      sh /usr/share/examples/bhyve/vmrun.sh -m 2048M -d /dev/zvol/tank/pfsense0 pfsensevm


      It uses tap0.



      Currently I can access pfSense's web admin but vmnet0.333 doesn't get IP from my ISP. I'd like to set VLAN bridging as securely as possible (private for bridge0?). If it's possible to send all traffic to the physical switch first, that's what I would prefer. openvSwitch is also ok, but I'm not familiar with it.



      DHCP request packet is correctly seen in tap0, bridge0, and em0 with tcpdump -lnexv -i <iface> "vlan 333"and not in em0.111, which is correct when requesting new IP in pfSense. There's no DHCP response from ISP. em0 and tap0 are in promisc mode which is disabled in vSwitch version.



      More debugging:



      Connected Raspberry Pi to my VDSL modem and the DHCP packet is seen. I also tried spoofing the pfSense's MAC address with RPi and it works. So possible culprits currently are packet checksum and packet truncating. At least Linux bridge implementation is very well known to break packets with bridging and VLANs so FreeBSD might be doing it as well? Adding VLAN 333 to em0 DHCP works. So what is bridge0 or tap0 doing?



      What I am missing?






      networking freebsd virtual-machine







      share|improve this question















      I'm trying out FreeBSD with bhyve hypervisor and trying to replicate VMware ESXi vSwitch config in FreeBSD so that pfSense VM gets network traffic properly.



      VLANs:



      • 111 = LAN, 192.168.101.0/24

      • 333 = Internet (WAN), DHCP

      pfSense virtual machine setup (ESXi & FreeBSD):



      NICS:



      • vnic0

      • vnic0.111 192.168.101.1/24

      • vnic0.333 DHCP from ISP

      • NAT: VLAN 333 <-> VLAN 111 & DHCP server

      • HW offloads off

      Old ESXi setup:



      • 192.168.101.6/24 on VLAN 111 GW 192.168.101.1

      • Only vSwitch, no dvSwitches

      vSwitch0:



       ----------------------- -----------------------
      | allvlans | | Physical adapters |
      | VLAN ID: 4095 (all) |----| * vmnic0, 1000 Mbps |
      | * pfSense24 | | ----------------------- 
       ----------------------- |
       |
       ----------------------- |
      | Management Network |--/ 
      | VLAN ID: 111 |
      | VMkernel ports (1): |
      | * vmk0: 192.168.101.6 |
       -----------------------


      Security policy:



      • Allow promiscuous mode: no

      • Allow forged transmits: no

      • Allow MAC changes: no

      Port group allvlans:



      • VLAN ID: 4095 (allow all tagged VLAN traffic)

      • Allow promiscuous mode: Inherit from vSwitch (no)

      • Allow forged transmits: Inherit from vSwitch (no)

      • Allow MAC changes: Inherit from vSwitch (no)

      FreeBSD ESXi replacement setup attempt:



      sysrc -f /boot/loader.conf vmm_load="YES"
      sysrc -f /boot/loader.conf nmdm_load="YES"
      sysrc -f /boot/loader.conf if_bridge_load="YES"
      sysrc -f /boot/loader.conf if_tap_load="YES"
      sysrc if_vlan_load="YES"
      sysrc cloned_interfaces="bridge0 tap0"
      sysrc ifconfig_bridge0="addm em0 addm tap0"
      echo "net.link.tap.up_on_open=1" > /etc/sysctl.d/vm_network.conf
      sysrc defaultrouter="192.168.101.1"
      sysrc ifconfig_em0="up"
      sysrc gateway_enable="YES"


      ESXi's Management Network equivalent(?) for SSH access: 



      sysrc vlans_em0="111"
      sysrc ifconfig_em0_111="inet 192.168.101.6/24"


      Interfaces:



      em0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
       options=852099<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,VLAN_HWFILTER,VLAN_HWTSO>
       ether 00:25:90:14:95:8c
       nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
       media: Ethernet autoselect (1000baseT <full-duplex>)
       status: active
      bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
       ether 02:eb:00:40:63:00
       nd6 options=9<PERFORMNUD,IFDISABLED>
       groups: bridge
       id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
       maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
       root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
       member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
       ifmaxaddr 0 port 5 priority 128 path cost 2000000
       member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
       ifmaxaddr 0 port 1 priority 128 path cost 2000000
      tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
       options=80000<LINKSTATE>
       ether 00:bd:f0:02:f7:00
       nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
       media: Ethernet autoselect
       status: active
       groups: tap
       Opened by PID 45408
      em0.111: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
       options=103<RXCSUM,TXCSUM,TSO4>
       ether 00:25:90:14:95:8c
       inet 192.168.101.6 netmask 0xffffff00 broadcast 192.168.101.255
       nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
       media: Ethernet autoselect (1000baseT <full-duplex>)
       status: active
       vlan: 111 vlanpcp: 0 parent interface: em0
       groups: vlan


      pciconf -lv:



      em0@pci0:1:0:0: class=0x020000 card=0x10d315d9 chip=0x10d38086 rev=0x00 hdr=0x00
       vendor = 'Intel Corporation'
       device = '82574L Gigabit Network Connection'
       class = network
       subclass = ethernet


      Running pfSense VM with:



      sh /usr/share/examples/bhyve/vmrun.sh -m 2048M -d /dev/zvol/tank/pfsense0 pfsensevm


      It uses tap0.



      Currently I can access pfSense's web admin but vmnet0.333 doesn't get IP from my ISP. I'd like to set VLAN bridging as securely as possible (private for bridge0?). If it's possible to send all traffic to the physical switch first, that's what I would prefer. openvSwitch is also ok, but I'm not familiar with it.



      DHCP request packet is correctly seen in tap0, bridge0, and em0 with tcpdump -lnexv -i <iface> "vlan 333"and not in em0.111, which is correct when requesting new IP in pfSense. There's no DHCP response from ISP. em0 and tap0 are in promisc mode which is disabled in vSwitch version.



      More debugging:



      Connected Raspberry Pi to my VDSL modem and the DHCP packet is seen. I also tried spoofing the pfSense's MAC address with RPi and it works. So possible culprits currently are packet checksum and packet truncating. At least Linux bridge implementation is very well known to break packets with bridging and VLANs so FreeBSD might be doing it as well? Adding VLAN 333 to em0 DHCP works. So what is bridge0 or tap0 doing?



      What I am missing?






      networking freebsd virtual-machine




      networking freebsd virtual-machine






      share|improve this question















      share|improve this question













      share|improve this question




      share|improve this question








      edited Sep 18 at 7:11

























      asked Sep 17 at 9:24









      raspi

      27519




      27519

























          active

          oldest

          votes











          Your Answer







          StackExchange.ready(function()
          var channelOptions =
          tags: "".split(" "),
          id: "106"
          ;
          initTagRenderer("".split(" "), "".split(" "), channelOptions);

          StackExchange.using("externalEditor", function()
          // Have to fire editor after snippets, if snippets enabled
          if (StackExchange.settings.snippets.snippetsEnabled)
          StackExchange.using("snippets", function()
          createEditor();
          );

          else
          createEditor();

          );

          function createEditor()
          StackExchange.prepareEditor(
          heartbeatType: 'answer',
          convertImagesToLinks: false,
          noModals: false,
          showLowRepImageUploadWarning: true,
          reputationToPostImages: null,
          bindNavPrevention: true,
          postfix: "",
          onDemand: true,
          discardSelector: ".discard-answer"
          ,immediatelyShowMarkdownHelp:true
          );



          );













           

          draft saved


          draft discarded


















          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f469514%2ffreebsd-ovs-equivalent-of-esxi-vswitch-vlan-config%23new-answer', 'question_page');

          );

          Post as a guest






















          active

          oldest

          votes













          active

          oldest

          votes









          active

          oldest

          votes






          active

          oldest

          votes















           

          draft saved


          draft discarded















































           


          draft saved


          draft discarded














          StackExchange.ready(
          function ()
          StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f469514%2ffreebsd-ovs-equivalent-of-esxi-vswitch-vlan-config%23new-answer', 'question_page');

          );

          Post as a guest
































































          -

          Popular posts from this blog

          How to check contact read email or not when send email to Individual?

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Sep 26 at 0:12 ToanLuong 49 9 add a comment  |  up vote 1 down vote favorite I'm using WordPress 4.9.8, CiviCRM to 5.5.1, I usually send email to contact by Search> Find contacts View contact details Action> Send email Send email ok, Contact received mail ok like picture But status only Email sent though contact read email or not. So, can CiviCRM can change status to Email read when contact read email? wordpress email share | improve this question asked Se
          Read more

          Bahrain

          Image
          For other uses, see Bahrain (disambiguation). Sovereign island state in the Persian Gulf Kingdom of Bahrain مملكة البحرين   (Arabic) Mamlakat al-Baḥrayn Flag Coat of arms Anthem:  نشيد البحرين الوطني Bahrainona Our Bahrain Location of   Bahrain    (circled in red) Capital and largest city Manama 26°13′N 50°35′E  /  26.217°N 50.583°E  / 26.217; 50.583 Official languages Arabic Ethnic groups (2010 [1] ) 50.7% Arab (46% Bahrani, 4.7% other Arabs) 45.5% Asian 1% European 1.2% Others Religion Islam Demonym(s) Bahraini Government Unitary constitutional monarchy • King Hamad bin Isa Al Khalifa • Crown Prince Salman bin Hamad bin Isa Al Khalifa • Prime Minister Khalifa bin Salman Al Khalifa Legislature National Assembly • Upper house Consultative Council • Lower house Council of Representatives Independence • Declared Independence [2] 14 August 1971 • from United Kingdom [1] 15 August 1971 • Admitted to the United Nations 21 September 1971 • Kingdom of Bahrain 14 February 2002
          Read more

          Postfix configuration issue with fips on centos 7; mailgun relay

          Image
          Clash Royale CLAN TAG #URR8PPP up vote 0 down vote favorite I am trying to setup postfix to relay all mail generated on the local machine via SMTP to a mailgun relay. I have used the mailgun relay before with success on an ubuntu server, but I am migrating to a Centos 7 server which I will be running in FIPS mode. There error log is below, slightly sanitized. I have a small enough network that I choose to have each machine reach out to mailgun individually (this the loopback-only, 127.0.0.0/8 restrictions) and no firewall open port allowing smtp in to the machine. I assume the FIPS mode (and with it disabling of MD5) is causing problems, but I don't know how to overcome it or if it is even possible for tls_fprint to use some supported hash such as sha256 or sha512. However, the relay=none is slightly concerning since I have relayhost set, but perhaps that is because the smtp process is failing? Any help would be appreciated! postconf -n: alias_database = hash:/etc/alia
          Read more