SOLVED Can't add existing tap interface in "interfaces" section 11.1-U2

[asimov-solensan]

Hello,

I just upgraded to 11.1-U2 from 9.something (can't remember really). I wanted to create the rancher OS virtual machine and got this error:

In freenas 9 I got a tap interface created using a Tuables. If anyone is wondering I did this because I use a PFsense virtualized in the freenas and virtual machines connect to this firewall thorugh the tap interface.

It worked perfectly in iohyve and still does in 11.1. But if I try to configure a VM using the web interface, in my test it was the rancherOS, in the devices section I cannot select this tap as the device mapped to this VM. I guess it's because thi interface isn't included in the interfaces section from the web interface. But then again I cannot add this interface to the list and is pretty strange because in version 9 I was able to add tap interfaces in this section. In fact I can see a few I added formerly in version 9 and are working correctly.

Any idea? Is this a bug maybe?

 

[dlavigne]

What error do you get?

There are several open bugs for improving the VM fields in the new UI as well as the tap mechanism for VMs, so this might be resolved with 11.2.

 

[asimov-solensan]

I got no errors. The tap interfaces simply don't appear on the list.

I absolutely agree that network management, specially for jails an VMs needs some improvement. I also asked as a feature to include openvswitch which really improve the situation in my opinion, but it won't be ready until 11.3 as I read.

Regarding my more inmediate problem I think that will be covered in https://redmine.ixsystems.com/issues/27122

And it's just two month away.

 

[asimov-solensan]

Hello,

I need to retrieve this thread from the graveyard because the bug I mentioned won't be solved in short. I opened a new one regarding this problem in particular.

Can someone using the new interface check if this happens also in it? (I'm not sure if it's just graphical issue)

I don't have the means to test a 11.2 installation. Can someone with the 11.2 beta check if it's already solved.

It's pretty important for me to know if this is solved in 11.2 or not. I may create my own scripts to rearrange taps and bridges but if it's solved in 11.2 I will just wait instead of implementing a kludge.

Basically the check is as follows:
- Create a new interface from the UI. NOT VLAN interface.
- Check is created in UI and in CLI.
- Create new VM.
- Add NIC interface.
- Check if in the interface list is the newly created interface.

Thanks a lot for the help.

 

[dlavigne]

Which new bug did you open?

 

[asimov-solensan]

This one: https://redmine.ixsystems.com/issues/42269

Right now they ask me to replicate bug on freenas 11.1 U6.

But since this happened U2 I'm pretty sure there won't be any difference. I will update and check again.

EDIT:
Ok so I checked on U6 and noticed a problem in my description. Basically I add tap interfaces using tunables, those interfaces can be added using the interfaces GUI, but they don't appear on VM GUI, and I can't see why,, it should be the same as physical interfaces.

 

[short-stack]

Can someone using the new interface check if this happens also in it? (I'm not sure if it's just graphical issue)

I can see physical interface, taps, vnets, and VLANs in the 11.2 new UI for Docker VM Creation.

 

[asimov-solensan]

So basically my bug file was denied because solution will be included into the whole network overhaul. Again https://redmine.ixsystems.com/issues/27122.

@short-stack Thanks a lot man! That's exactly what I can't see in the old UI. May I ask how you created the tap interfaces? Using tunables maybe? Any additional configuration needed?

I will enable the new interface and check if it was a graphical bug after all.

 

[short-stack]

May I ask how you created the tap interfaces? Using tunables maybe?

Those taps were created automatically when I created an interface and assign it as a device to a VM.

I have a LAGG pair that is em0 and em1 that have a management VLAN as the native VLAN, and then 4 other VLANs on the same connection. I do however have a span port plugged in to em2 that I connect to a VM that an IDS uses for traffic inspection but that interface is just in promiscuous mode and just sees mirrored traffic.

Is there a reason you are shoving the traffic over through a tap and not just creating a VLAN on the network and assigning that interface to the VM? It seems like what you're trying to do is very easily accomplished within the FreeNAS configurations without having to do this huge workaround.

 

[asimov-solensan]

Well, simplest example is the ability to have a isolated networks only to interconnect VMs. This requieres a tap or waste a physical interface.

But my intention is to have a openviswitch virtualized to manage and isolate networks. Furthermore I have got a pfsense virtualized in freenas as my main home firewall. Having VMs and jails split in different networks and this segmentation expanded to my physical network was an incredible mess, although it has been like this since freenas 9.10 and still going.

Right now this requeries a lot extra interfaces and bridges managed by my own scripts.

If I was able to create freely taps and assign them to interfaces I would be able to redo most of my configuration in a more sensible way.

I think that your test works for me, because I also have taps created automatically and they don't appear on the VM list.

Still, if you are that kind I would like to ask you a favour. Can you create a new tap interface in tunables and check if it appears as an option on the VM configuration?

Seems that I won't be able to test the new interface until 11.2:
https://www.ixsystems.com/blog/library/freenas-11-1-u5/

 

[short-stack]

Oh that makes more sense, I didn't realize what you meant at first. You basically are creating a tap to create a secondary isolated network between two VMs that are both on FreeNAS, I was thinking you were trying to route the traffic out not keep it totally inside the NAS.

Create tap5 interface:

Make Docker VM and look for tap5:

 

[asimov-solensan]

Thanks a lot. Since I have a lot of projects that will keep me entertained until 11.2 I think I will leave this thread as it is.

Right now the only option is wait for the next upgrade.

Thanks all for your help.