Register for the iXsystems Community to get an ad-free experience and exclusive discounts in our eBay Store.

How to properly setup iocage jails using a VLAN

KevDog

FreeNAS Experienced
Joined
Nov 26, 2016
Messages
210
Hi -- I've researched this topic for about the last few hours, however I'm slightly confused how to set things up

My setup pfsense router/ unifi switches and APs and 11.7 u7 FreeNAS on bare metal.

I've created all the vlans on pfsense and I have freenas connected to trunk port of Unifi switch passing all the VLAN tags.

bhyve jails are currently using vnet as network interface.

I created VLANs with pfsense GUI and tied them to the one physical interface coming into the machine igb0.
I'm not sure what to do beyond this.
 

KevDog

FreeNAS Experienced
Joined
Nov 26, 2016
Messages
210
So I've managed to create the bridges and attach each VM to a bridge. Ie I created bridge30 for vlan30 and bridge0 for vlan1.
Within each jail I've set the IPV4 interface to vnet0 and interface to vnet0:bridge<vlan number>

All network packets entering FreeNAS on igb0 are tagged (including VLAN1 and VLAN30) tags.

However when starting the jail and attempting to ping another computer on the VLAN I keep getting host is down.

Code:
I have the following tunables set:
cloned_interfaces  bridge0 bridge30 rc i
fconfig_bridge0  addm vlan1 up  rc
ifconfig_bridge30  addm vlan30 up  rc
ifconfig_igb0  up  rc
net.add_addr_allfibs  0  sysctl
net.fibs  4  loader
route_vlan30_gw    default 10.0.30.1 -fib 3  rc
route_vlan30_if      -net 10.0.30.0/24 -iface vlan30 -fib 3  rc
route_vlan1_gw      default 10.0.1.1 -fib 1  rc
route_vlan1_if        -net 10.0.1.0/24 -iface vlan1 -fib 1   rc
static_routes  vlan1_if vlan1_gw vlan30_if vlan30_gw    rc
 

dak180

FreeNAS Aware
Joined
Nov 22, 2017
Messages
64
So I've managed to create the bridges and attach each VM to a bridge. Ie I created bridge30 for vlan30 and bridge0 for vlan1.
Within each jail I've set the IPV4 interface to vnet0 and interface to vnet0:bridge<vlan number>

All network packets entering FreeNAS on igb0 are tagged (including VLAN1 and VLAN30) tags.

However when starting the jail and attempting to ping another computer on the VLAN I keep getting host is down.
I think you may be making this more complicated than it needs to be; I have my jails working on vlans and have no tunables set for them.

Here is how I did that:
First in VLANs under Network set up your vlans (in my case and for this example 60).
Next Interfaces under Network set up a corresponding interface for each vlan ie: vlan60.
Then in the jail network properties set interfaces to vnet0:bridge60.
Finally in the jail network properties set vnet_default_interface to vlan60.


Change as appropriate for your vlans and everything should just work.
One nifty thing about this setup is that if you have two jails on the same vlan they will share a bridge which speeds up startup time.
 

KevDog

FreeNAS Experienced
Joined
Nov 26, 2016
Messages
210
Yea I managed to get things working they way you described with a few caveats.
I ended up tagging all traffic into FreeNAS including VLAN1.
I created bridges for VLAN1 and VLAN30 (in my case).
I added the VLANS to the appropriate bridges
I left vnet_default_interface at auto (and things still worked).
The problem I found out after much trial an error is I had a concurrent VM that I had created before that was bridged through bridge1 to the parent interface igb0. I actually needed to remove igb0 from the bridge -- and actually destroyed bridge1 and then moved the VM to connect to VLAN1 network. This last step actually took me about a day to figure out.

I didn't need any fibs statements (in fact they screwed things up as I found out as I went through the trial and error process since they bypassed the epair interfaces) and I didn't need to setup any static routes -- both these items I previously posted.
 
Top