Tap interface shows status: no carrier

[asimov-solensan]

Hello,

I'm doing some network segmentation at home and I have got FreeNAS connected on a trunk interface. The point here was to have jails and virtual machines in different vlans, but after many tries I'm unable to do this.

I expect it to work this way, I have got the tagged interface em0 connected to bridge bridge200. Then I have got a vlan interface named vlan17020 using parent interface tap17020, also attached to the bridge.

Relevant output from ifconfig:

Code:

bridge200: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
		ether 02:c8:7a:06:44:c8
		nd6 options=9<PERFORMNUD,IFDISABLED>
		id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
		maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
		root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
		member: tap17020 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
				ifmaxaddr 0 port 10 priority 128 path cost 2000000
		member: em2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
				ifmaxaddr 0 port 4 priority 128 path cost 2000000
		member: tap200 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
				ifmaxaddr 0 port 9 priority 128 path cost 2000000

tap200: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
		options=80000<LINKSTATE>
		ether 00:bd:03:f4:00:c8
		nd6 options=9<PERFORMNUD,IFDISABLED>
		media: Ethernet autoselect
		status: active
		Opened by PID 8103

tap17020: flags=8903<UP,BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
		options=80000<LINKSTATE>
		ether 00:bd:07:f4:00:7c
		nd6 options=9<PERFORMNUD,IFDISABLED>
		media: Ethernet autoselect
		status: no carrier

vlan17020: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1496
		ether 00:bd:07:f4:00:7c
		inet 192.169.0.3 netmask 0xffffffff broadcast 192.169.0.3
		inet 192.168.17.20 netmask 0xffffff00 broadcast 192.168.17.255
		nd6 options=9<PERFORMNUD,IFDISABLED>
		media: Ethernet autoselect
		status: no carrier
		vlan: 17 parent interface: tap17020

Then on the jail I tried disabling VIMAGE and selecting NIC vlan17020. But even when I run the jail in question I got no connection to that jail, and still the status shows no carrier. And I thing that's the problem. I read that when a process uses a tap interface it becomes active, but running the jail does nothing.

Where I think the problem may be. I already have got a vlan interface created and configured on the same vlan. This is the one I use to mange FreeNAS in fact. Also I can see that jail configuration appears in the host OS, as you see in the ifconfig output there is the jail IP, and I guess that it can't have two addresses in the same subnet.

Does anyone have an idea on how to solve this problem?

 

[asimov-solensan]

Definitely I'm doing something wrong here.

What I'm trying should much more simpler. I have got a trunk interface, and I have got a vlan interface for all the the vlans I want to use.

FreeNAS will be managed only in one of those vlan interfaces. And therefor it has it's own IP.

Then I want to have jails in different vlans. Including the one where is FreeNAS management.

I tried configuring two jails in the same vlan (different from FreeNAS) and although there is an interface with two addresses I can connect to both of them without problem.

Now when I configure a jail using the same vlan of FreeNAS this jail can access internet but if I try to connect to it (with ssh for instance) FreeNAS is the one answering.

Definitely this is the way to go but how do set up the address in FreeNAS not interfering with jails?

 

[dlavigne]

Which build version of FreeNAS (System -> Information)?

 

[asimov-solensan]

FreeNAS-9.10.2-U6

I have already been told tat jail management improved a lot in 11. My problem seems to be that the GUI tried to attach the same interface to two different bridges and therefor it doesn't work.

I already opened a feature request to add open vswitch as a core package in freenas. I'm sure that with this tool the network management for jail and bhybe will be at the same level that esxi.