FreeNAS kernel arp attempts to modify permanent

[KevDog]

I'm a little bit stumped.

My FreeNAS logs are littered with:
freenas kernel: arp: ce:c0:9f:c5:9a:b1 attempts to modify permanent entry for 10.0.1.1 on epair2b

So some background:
I'm running pfSense (router software) within a VM on xcp-ng. The MAC address of ce:c0:9f:c5:9a:b1 corresponds to the MAC address of the pfSense router (virtualized). Within the routing table within pfsense I have the following:
LAN 10.0.1.1 ce:c0:9f:c5:9a:b1 Permanent ethernet

So why is FreeNAS complaining about this?
How do I find what is trying to communicate on epair2b?

Within FreeNAS I have the following:
# ifconfig
igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=2400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6>
ether 0c:c4:7a:84:a5:94
hwaddr 0c:c4:7a:84:a5:94
inet 10.0.1.197 netmask 0xffffff00 broadcast 10.0.1.255
nd6 options=9<PERFORMNUD,IFDISABLED>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
igb1: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
ether 0c:c4:7a:84:a5:95
hwaddr 0c:c4:7a:84:a5:95
nd6 options=9<PERFORMNUD,IFDISABLED>
media: Ethernet autoselect
status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: iohyve-bridge-igb0
ether 02:f6:c7:64:02:00
nd6 options=1<PERFORMNUD>
groups: bridge
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: vnet0:7 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 12 priority 128 path cost 2000
member: vnet0:6 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 11 priority 128 path cost 2000
member: vnet0:4 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 10 priority 128 path cost 2000
member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 9 priority 128 path cost 2000000
member: epair2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 8 priority 128 path cost 2000
member: epair1a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 7 priority 128 path cost 2000
member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 6 priority 128 path cost 2000
member: tap1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 5 priority 128 path cost 2000000
member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 1 priority 128 path cost 20000
tap1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: iohyve-arch-on-FreeNAS--
options=80000<LINKSTATE>
ether 00:bd:8d:56:f8:01
hwaddr 00:bd:8d:56:f8:01
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect
status: active
groups: tap
Opened by PID 3915
epair0a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:a8:d0:00:06:0a
hwaddr 02:a8:d0:00:06:0a
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
epair1a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:a8:d0:00:07:0a
hwaddr 02:a8:d0:00:07:0a
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
epair2a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:a8:d0:00:08:0a
hwaddr 02:a8:d0:00:08:0a
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: Attached to UbuntuMC
options=80000<LINKSTATE>
ether 00:bd:52:cc:f8:00
hwaddr 00:bd:52:cc:f8:00
nd6 options=1<PERFORMNUD>
media: Ethernet autoselect
status: active
groups: tap
Opened by PID 8225
vnet0:4: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: associated with jail: mineos as nic: epair0b
options=8<VLAN_MTU>
ether 02:ff:60:c5:1d:5f
hwaddr 02:a8:d0:00:0a:0a
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
vnet0:6: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: associated with jail: nextcloud as nic: epair0b
options=8<VLAN_MTU>
ether 02:ff:60:ba:b5:81
hwaddr 02:a8:d0:00:0b:0a
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
vnet0:7: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: associated with jail: Borg as nic: epair0b
options=8<VLAN_MTU>
ether 02:ff:60:4f:ca:3f
hwaddr 02:a8:d0:00:0c:0a
nd6 options=1<PERFORMNUD>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair

 

[KevDog]

So I checked over with the pfSense people and they don't think its related to pfSense. (Post for reference here: https://forum.netgate.com/topic/146859/freenas-kernel-arp-attempts-to-modify-permanent-arp-entry/4)

I'm reposting the information here: Hopefully a jail expert might be able to help. I'm kind of stuck:

OK I troubleshooted a few things and changed my available DHCP range from 10.0.1.100-10.0.1.150, 10.0.1.165-10.0.1.195

I'm no networking expert in creation of virtual LANs and jails. FreeNAS creates a VNET for each jail then associates it with an epair interface that is bridged to the main adapter.

On the main FreeNAS system I have these interfaces:

Code:

igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=2400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6>
    ether 0c:c4:7a:84:a5:94
    hwaddr 0c:c4:7a:84:a5:94
    inet 10.0.1.197 netmask 0xffffff00 broadcast 10.0.1.255
    nd6 options=9<PERFORMNUD,IFDISABLED>
    media: Ethernet autoselect (1000baseT <full-duplex>)
    status: active
igb1: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
    ether 0c:c4:7a:84:a5:95
    hwaddr 0c:c4:7a:84:a5:95
    nd6 options=9<PERFORMNUD,IFDISABLED>
    media: Ethernet autoselect
    status: no carrier
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
    options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
    inet6 ::1 prefixlen 128
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
    inet 127.0.0.1 netmask 0xff000000
    nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
    groups: lo
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    description: iohyve-bridge-igb0
    ether 02:f6:c7:64:02:00
    nd6 options=1<PERFORMNUD>
    groups: bridge
    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
    maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
    member: vnet0:12 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 10 priority 128 path cost 2000
    member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 9 priority 128 path cost 2000000
    member: epair2a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 8 priority 128 path cost 2000
    member: epair1a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 7 priority 128 path cost 2000
    member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 6 priority 128 path cost 2000
    member: tap1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 5 priority 128 path cost 2000000
    member: igb0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 1 priority 128 path cost 20000
tap1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    description: iohyve-arch-on-FreeNAS--
    options=80000<LINKSTATE>
    ether 00:bd:8d:56:f8:01
    hwaddr 00:bd:8d:56:f8:01
    nd6 options=1<PERFORMNUD>
    media: Ethernet autoselect
    status: active
    groups: tap
    Opened by PID 3915
epair0a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8<VLAN_MTU>
    ether 02:a8:d0:00:06:0a
    hwaddr 02:a8:d0:00:06:0a
    nd6 options=1<PERFORMNUD>
    media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
    status: active
    groups: epair
epair1a: flags=8942<BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8<VLAN_MTU>
    ether 02:a8:d0:00:07:0a
    hwaddr 02:a8:d0:00:07:0a
    nd6 options=1<PERFORMNUD>
    media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
    status: active
    groups: epair
epair2a: flags=8942<BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    options=8<VLAN_MTU>
    ether 02:a8:d0:00:08:0a
    hwaddr 02:a8:d0:00:08:0a
    nd6 options=1<PERFORMNUD>
    media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
    status: active
    groups: epair
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    description: Attached to UbuntuMC
    options=80000<LINKSTATE>
    ether 00:bd:52:cc:f8:00
    hwaddr 00:bd:52:cc:f8:00
    nd6 options=1<PERFORMNUD>
    media: Ethernet autoselect
    status: active
    groups: tap
    Opened by PID 8225
vnet0:12: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    description: associated with jail: nextcloud as nic: epair0b
    options=8<VLAN_MTU>
    ether 02:ff:60:ba:b5:81
    hwaddr 02:a8:d0:00:0a:0a
    nd6 options=1<PERFORMNUD>
    media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
    status: active
    groups: epair

In this example I'm having issues with the 10.0.1.158 jail or the jail on net0:12 on epair0b -- meaning i get the error in the logs if the jail is running -- however when the jail is turned off, I don't get the error in the logs:

freenas kernel: arp: ce:c0:9f:c5:9a:b1 attempts to modify permanent entry for 10.0.1.1 on epair0b

In terms of arp entries -- (I've got three systems potentially I'm dealing with -- pfSense, FreeNas, Jail within FreeNas)

Arp caches are as follows:
pfSense:

Code:

/root: arp -a
? (10.0.1.171) at d0:e7:82:bc:b7:0b on xn1 expires in 1195 seconds [ethernet]
? (10.0.1.10) at 00:e0:67:13:5b:7f on xn1 expires in 985 seconds [ethernet]
? (10.0.1.169) at 40:9f:38:26:e6:af on xn1 expires in 1002 seconds [ethernet]
? (10.0.1.9) at 74:83:c2:1e:ad:c5 on xn1 expires in 977 seconds [ethernet]
? (10.0.1.168) at 38:c9:86:1b:2b:2f on xn1 expires in 1071 seconds [ethernet]
? (10.0.1.174) at 38:8b:59:0e:b8:43 on xn1 expires in 974 seconds [ethernet]
? (10.0.1.173) at 8c:85:90:35:cc:e7 on xn1 expires in 1071 seconds [ethernet]
? (10.0.1.172) at 70:ef:00:b1:5a:92 on xn1 expires in 1186 seconds [ethernet]
? (10.0.1.3) at b4:fb:e4:b0:af:f8 on xn1 expires in 1160 seconds [ethernet]
? (10.0.1.226) at 18:b4:30:9b:b9:56 on xn1 expires in 1006 seconds [ethernet]
? (10.0.1.193) at 94:e9:6a:00:81:67 on xn1 expires in 1111 seconds [ethernet]
pfSense.xxxxx.com (10.0.1.1) at ce:c0:9f:c5:9a:b1 on xn1 permanent [ethernet]
? (10.0.1.160) at 00:a0:98:c6:2b:6d on xn1 expires in 1185 seconds [ethernet]
? (10.0.1.224) at 18:b4:30:30:68:33 on xn1 expires in 977 seconds [ethernet]
? (10.0.1.167) at 5c:ad:cf:c9:dc:6c on xn1 expires in 1071 seconds [ethernet]
? (10.0.1.71) at d4:81:ca:5e:f7:58 on xn1 expires in 976 seconds [ethernet]
? (10.0.1.197) at 0c:c4:7a:84:a5:94 on xn1 permanent [ethernet]
? (10.0.1.228) at 18:b4:30:98:b3:e3 on xn1 expires in 977 seconds [ethernet]
? (10.0.1.132) at 64:52:99:7d:6b:60 on xn1 expires in 972 seconds [ethernet]
? (10.0.1.91) at c8:63:f1:cf:6a:c6 on xn1 expires in 1199 seconds [ethernet]
? (10.0.1.186) at 9c:ae:d3:1e:31:d2 on xn1 expires in 1178 seconds [ethernet]
? (10.0.1.121) at d4:81:ca:5e:de:04 on xn1 expires in 1022 seconds [ethernet]
? (10.0.1.120) at 00:5b:94:d8:c5:0f on xn1 expires in 1158 seconds [ethernet]
? (10.0.1.95) at 00:a0:98:4e:65:cf on xn1 expires in 990 seconds [ethernet]
? (10.0.1.222) at 18:b4:30:36:38:4b on xn1 expires in 1070 seconds [ethernet]
? (10.0.1.158) at 02:ff:60:ba:b5:82 on xn1 expires in 981 seconds [ethernet]
? (10.0.1.221) at 18:b4:30:3a:24:b1 on xn1 expires in 1053 seconds [ethernet]
? (10.0.1.220) at 18:b4:30:99:0f:95 on xn1 expires in 1195 seconds [ethernet]
? (10.0.1.211) at 64:16:66:9d:d6:b8 on xn1 expires in 969 seconds [ethernet]
? (10.0.1.146) at 7a:5b:b5:96:d0:af on xn1 expires in 993 seconds [ethernet]
? (10.0.1.210) at 18:b4:30:15:ab:50 on xn1 expires in 975 seconds [ethernet]
? (10.0.1.178) at 6c:40:08:94:5b:78 on xn1 expires in 971 seconds [ethernet]
? (10.0.1.177) at 00:9d:6b:bc:cc:68 on xn1 expires in 1088 seconds [ethernet]
? (10.0.1.176) at b0:ca:68:c5:06:11 on xn1 expires in 1114 seconds [ethernet]
? (10.0.1.212) at 64:16:66:9e:45:22 on xn1 expires in 1030 seconds [ethernet]
? (10.0.1.116) at 90:dd:5d:cf:ee:04 on xn1 expires in 976 seconds [ethernet]
c-xx.xx.xx.xx.hsd1.il.comcast.net (xx.xx.xx.xx) at 2a:ec:f4:07:7c:72 on xn0 permanent [ethernet]
? (xx.xx.xx.xx) at 00:01:5c:64:f0:46 on xn0 expires in 780 seconds [ethernet

FreeNAS:

Code:

# arp -a
? (10.0.1.10) at 00:e0:67:13:5b:7f on igb0 expires in 1139 seconds [ethernet]
? (10.0.1.168) at 38:c9:86:1b:2b:2f on igb0 expires in 1154 seconds [ethernet]
? (10.0.1.173) at 8c:85:90:35:cc:e7 on igb0 expires in 1154 seconds [ethernet]
pfSense.xxxxx.com (10.0.1.1) at ce:c0:9f:c5:9a:b1 on igb0 expires in 1171 seconds [ethernet]
? (10.0.1.6) at 64:a5:c3:5b:bb:90 on igb0 expires in 1182 seconds [ethernet]
? (10.0.1.5) at 34:12:98:03:ca:6a on igb0 expires in 1154 seconds [ethernet]
? (10.0.1.197) at 0c:c4:7a:84:a5:94 on igb0 permanent [ethernet]
? (10.0.1.186) at 9c:ae:d3:1e:31:d2 on igb0 expires in 1161 seconds [ethernet]
? (10.0.1.178) at 6c:40:08:94:5b:78 on igb0 expires in 848 seconds [ethernet]

and finally the jail at 10.0.1.158

Code:

? (10.0.1.158) at 02:ff:60:ba:b5:82 on epair0b permanent [ethernet]
? (10.0.1.178) at 6c:40:08:94:5b:78 on epair0b expires in 1198 seconds [ethernet]

Nothing looks amiss to me when I look at the arp cache tables. Hopefully this makes some sense to you. Problem goes away when I stop the jail, however I kind of need it running.

 

[dlavigne]

Have you tried setting a static MAC for that jail?