VLAN Interface for a VM

[RobertS]

Has anybody found out how to create a VLAN interface for a VM?
What I've done:

1. Created a link aggregation (lagg0)
   This interface is working well for freenas itself and a VM
2. Created a VLAN interface (vlan25) with parent lagg0 und vlan ID 25
3. Added this interface to a VM configuration
   Unfortunately I can't reach other systems within VLAN 25

Any ideas?

Version: FreeNAS-11.2-U5

 

[dlavigne]

Were you able to resolve this?

 

[RobertS]

Asking a question without getting an answer means obviously - no.
After a lot of investigation and trials it seems to me the whole virtualisation stuff in freenas is totaly crap.

May it is possible to run a fresh Windows/Linux system using bhyve without bigger problems. But if you try to migrate a running system (i.e. from Proxmox a legacy BIOS booted system) you are totally lost. Also the idea to run a firewall appliance inside freenas (i.e. PfSense orVyOs) is sure to fail because of the insufficent network capabilities. Different isolated VLAN's - the toppic of my post - are absolute necesssary here.
At the end I found out a way how to manually configure the network for correct VLAN tagging at least for a tagged and an untagged interface used by a vm, but because of the other shortcomings I have cancelled the idea to use virtualisation inside freenas.

 

[lexxai]

I use lagg, VLANs for Jails/Plugins and VM.

lagg0 LAN gw
vlan2200 DMZ1 gw
vlan2500 DMZ2 gw

bridge0 members of DMZ2
bridge1 members of LAN
bridge9 members of DMZ1

vnet for jails
tap for VM

All of it really work many months, but one task need after reboot FreeNAS - need MANUALLY restart any Network interface , and then restart all Jails and VM.

Iocage Jails and VM configured by configure files only.

iocage/jails/portal/config.json

Code:

   "interfaces": "vnet0:bridge9",
   "ip4": "new",
    "ip4_addr": "none",
    "ip4_saddrsel": "1",
   "vnet_default_interface": "vlan2200",
   "vnet_interfaces": "none",

iocage/jails/webmail/config.json

Code:

   "interfaces": "vnet0:bridge9",
   "ip4": "new",
    "ip4_addr": "none",
    "ip4_saddrsel": "1",
   "vnet_default_interface": "vlan2200",
   "vnet_interfaces": "none",

iocage/jails/nextcloud/config.json

Code:

   "interfaces": "vnet0:bridge9",
   "ip4": "new",
    "ip4_addr": "none",
    "ip4_saddrsel": "1",
   "vnet_default_interface": "vlan2200",
   "vnet_interfaces": "none",

Code:

# ifconfig
igb0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=2400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6>
        ether XX:XX:XX:XX:84:bf
        hwaddr XX:XX:XX:XX:84:bf
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
igb1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
        ether XX:XX:XX:XX:84:c0
        hwaddr XX:XX:XX:XX:84:c0
        inet 10.1.0.1 netmask 0xffffff00 broadcast 10.1.0.255
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
igb2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=2400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6>
        ether XX:XX:XX:XX:84:bf
        hwaddr XX:XX:XX:XX:84:c1
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
igb3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6>
        ether XX:XX:XX:XX:84:c2
        hwaddr XX:XX:XX:XX:84:c2
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
        groups: lo
lagg0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=2400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6>
        ether XX:XX:XX:XX:84:bf
        inet 10.2.0.1.22 netmask 0xffffff00 broadcast 10.2.0.1.255
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet autoselect
        status: active
        groups: lagg
        laggproto lacp lagghash l2,l3,l4
        laggport: igb0 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
        laggport: igb2 flags=1c<ACTIVE,COLLECTING,DISTRIBUTING>
vlan2200: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=200001<RXCSUM,RXCSUM_IPV6>
        ether XX:XX:XX:XX:84:c2
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        vlan: 2200 vlanpcp: 0 parent interface: igb3
        groups: vlan
vlan2500: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=200001<RXCSUM,RXCSUM_IPV6>
        ether XX:XX:XX:XX:84:c2
        nd6 options=9<PERFORMNUD,IFDISABLED>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        vlan: 2500 vlanpcp: 0 parent interface: igb3
        groups: vlan
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether XX:XX:XX:XX:19:00
        nd6 options=1<PERFORMNUD>
        groups: bridge
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 9 priority 128 path cost 2000000
        member: vlan2500 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 8 priority 128 path cost 20000
bridge1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether XX:XX:XX:XX:19:01
        nd6 options=1<PERFORMNUD>
        groups: bridge
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: tap1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 11 priority 128 path cost 2000000
        member: lagg0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 6 priority 128 path cost 10000
bridge9: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether XX:XX:XX:XX:19:09
        nd6 options=1<PERFORMNUD>
        groups: bridge
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: vnet0:4 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 16 priority 128 path cost 2000
        member: vnet0:3 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 15 priority 128 path cost 2000
        member: vnet0:2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 14 priority 128 path cost 2000
        member: vlan2200 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 7 priority 128 path cost 20000
vnet0:2: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: webmail as nic: epair0b
        options=8<VLAN_MTU>
        ether XX:XX:XX:72:54:47
        hwaddr XX:XX:XX:00:0e:0a
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair
vnet0:3: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: portal as nic: epair0b
        options=8<VLAN_MTU>
        ether XX:XX:XX:9f:28:51
        hwaddr XX:XX:XX:00:0f:0a
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair
vnet0:4: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: associated with jail: nextcloud as nic: epair0b
        options=8<VLAN_MTU>
        ether XX:XX:XX:ba:b5:81
        hwaddr XX:XX:XX:00:10:0a
        nd6 options=1<PERFORMNUD>
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        groups: epair
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: Attached to pfsense
        options=80000<LINKSTATE>
        ether XX:XX:XX:ba:fd:00
        hwaddr XX:XX:XX:ba:fd:00
        nd6 options=1<PERFORMNUD>
        media: Ethernet autoselect
        status: active
        groups: tap
        Opened by PID 8895
tap1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: Attached to pfsense
        options=80000<LINKSTATE>
        ether XX:XX:XX:ba:fd:01
        hwaddr XX:XX:XX:ba:fd:01
        nd6 options=1<PERFORMNUD>
        media: Ethernet autoselect
        status: active
        groups: tap
        Opened by PID 8895

 

[Crizzt321]

@RobertS
What were the steps you had to take?! I'm having potentially a similar issue in bare FreeBSD 12.2 with VLANs and bridges with bhyve VMs.

 

[KevDog]

@Crizzt321 -- What seems to be problem? Can't get VLANs to work?