Egregoros

Signal feed

API Docs
Timeline

Post

Remote status

Crest

Crest

@crest@bsd.network remote
Open link

@feld The new FreeBSD 15+ bridge driver will still allow you to put IP addresses on the bridge itself and on VLAN interfaces created on top of the bridge e.g. bridge0.1. There is and never has been a need to use an epair for non-vnet jails.

Replies

7
Replying to @crest@bsd.network
feld

feld

@feld@friedcheese.us remote
Open link
@crest let's say I have 5 different IP addresses I want on vlan 3

If I create bridge0.3 and put all the aliases on there, it's getting messy. Now what happens if I need to tcpdump traffic on bridge0.3? I'm traffic getting that could be bound for any of those and now I have to filter etc etc.

If you use a dedicated epair for each, it's much cleaner and easier to reason about because there's a 1:1 relationship

edit: especially for traffic accounting / snmp / etc
Replying to @feld@friedcheese.us
feld

feld

@feld@friedcheese.us remote
Open link
@crest also it looks like rc.conf doesn't even support the dot syntax for VLAN interfaces off the bridge. It can create them but not configure them.

in rc.conf:

cloned_interfaces="${cloned_interfaces} bridge0.3"
ifconfig_bridge0.3="inet 10.27.3.210/24"


# service netif start bridge0.3
/etc/rc.conf: ifconfig_bridge0.3=inet 10.27.3.210/24: not found
/etc/rc.conf: ifconfig_bridge0.3=inet 10.27.3.210/24: not found
Created clone interfaces: bridge0.3.
Starting Network: bridge0.3.
bridge0.3: flags=8842<BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1496
options=0
ether 58:9c:fc:10:99:d4
groups: vlan
vlan: 3 vlanproto: 802.1q vlanpcp: 0 parent interface: bridge0
nd6 options=43<PERFORMNUD,ACCEPT_RTADV,NO_RADR>
/etc/rc.conf: ifconfig_bridge0.3=inet 10.27.3.210/24: not found
/etc/rc.conf: ifconfig_bridge0.3=inet 10.27.3.210/24: not found
/etc/rc.conf: ifconfig_bridge0.3=inet 10.27.3.210/24: not found



So now what, gotta manually manage these interfaces in /etc/rc.local? My method works cleanly with rc.conf at least...
Replying to @feld@friedcheese.us
Replying to @feld@friedcheese.us
Replying to @lw@mastodon.bsd.cafe
feld

feld

@feld@friedcheese.us remote
Open link
@lw @crest so I guess we don't use cloned_interfaces for this even though it technically "works"?

Really confusing how the syntax deviates so much. The interface name in rc.conf should match the real interface name exactly, but it doesn't.

Sometimes we have too many ways to do the same thing in FreeBSD...
Replying to @feld@friedcheese.us
some quirky girl

some quirky girl

@lw@mastodon.bsd.cafe remote
Open link

@feld @crest

i think you can use either. for interfaces like "ix0.100", the only difference is that $vlans_IF auto-loads if_vlan.ko, but you can also use it to create vlans with arbitrary names:

vlans_ix0="public private"
ifconfig_public="inet ... vlan 100"
ifconfig_private="inet ... vlan 200"

you could probably do the same thing with $cloned_interfaces and $ifconfig_IF_name, but it would require more lines.

the reason you have to use the underscore is not vlan-specific, /bin/sh just doesn't allow '.' in a variable name.

yes, all of this is somewhat annoying since it's evolved haphazardly over the last 30 years...

Replying to @feld@friedcheese.us
feld

feld

@feld@friedcheese.us remote
Open link
@crest I can update my classic jails example to not use the epair because the jails are dynamically putting the ip address on the interface, but I currently see no way to put addresses on the vlan sub interfaces of a bridge with /etc/rc.conf because a period is not a valid character in an interface name in this file