Junicast
Patron
- Joined
- Mar 6, 2015
- Messages
- 206
Hi,
I suffer this phenomenon since FreeNAS 11.3. It only affects jail guests. FreeNAS itself and also bhyve guests are not affected.
I just upgraded to 11.3U1 but problem persists.
I'm running my network mostly in IPv6 which is my my jails are configured with static IPv6 addresses. This is an example configuration of a jail:
As you can see my jails are attached to bridges that are at the same time bond to vlan interfaces since I work with VLAN quite a lot. This guest is connected to bridge5 with represents vlan 5. bhyve guest on the same bridge work flawlessly.
The actual problem is the following. My jails are not being found by Neighbor Discovery Protocol by my router. My router is an OpenWrt device 19.07.01.
It sends out Neighbor Solicitations like those:
This is what tcpdumps shows when I sniff at the jails vnet0.x device on the FreeNAS host itself. I cannot tcpdump within the jail, it gives me an error:
The solicitation is never being answered.
When the jail itself tries to get out to the internet it sends Neighbor Solicitations on its own. During this process the OpenWrt router is learning the jails MAC address. This is only a very temporary solution. As long as the jail does outgoing connection, incoming connections work, too since my router keeps learning the MAC address. About 10 seconds after the jail stops communication the router unlearns the MAC and inbound communication fails.
The NDP entry on my router looks like this:
Does someone have an idea what might be going on here? To me it looks like a FreeNAS bug but I'm not quite sure because other local clients are able to learn the jails MAC addresses.
I suffer this phenomenon since FreeNAS 11.3. It only affects jail guests. FreeNAS itself and also bhyve guests are not affected.
I just upgraded to 11.3U1 but problem persists.
I'm running my network mostly in IPv6 which is my my jails are configured with static IPv6 addresses. This is an example configuration of a jail:
Code:
... interfaces:vnet0:bridge5 ip4:new ip4_addr:10.10.101.173/24 ip4_saddrsel:1 ip6:new ip6_addr:2001:6666:1111:1b::1aee/64 ip6_saddrsel:1 ip_hostname:0 vnet:1 vnet0_mac:7085c26cd053 7085c26cd054 vnet1_mac:none vnet2_mac:none vnet3_mac:none vnet_default_interface:auto vnet_interfaces:none ...
As you can see my jails are attached to bridges that are at the same time bond to vlan interfaces since I work with VLAN quite a lot. This guest is connected to bridge5 with represents vlan 5. bhyve guest on the same bridge work flawlessly.
The actual problem is the following. My jails are not being found by Neighbor Discovery Protocol by my router. My router is an OpenWrt device 19.07.01.
It sends out Neighbor Solicitations like those:
Code:
22:39:34.308307 IP6 fe80::feec:daff:fe7b:3798 > ff02::1:ff00:1aee: ICMP6, neighbor solicitation, who has 2001:6666:1111:1b::1aee, length 32
This is what tcpdumps shows when I sniff at the jails vnet0.x device on the FreeNAS host itself. I cannot tcpdump within the jail, it gives me an error:
Code:
tcpdump: (there are no BPF devices)
When the jail itself tries to get out to the internet it sends Neighbor Solicitations on its own. During this process the OpenWrt router is learning the jails MAC address. This is only a very temporary solution. As long as the jail does outgoing connection, incoming connections work, too since my router keeps learning the MAC address. About 10 seconds after the jail stops communication the router unlearns the MAC and inbound communication fails.
The NDP entry on my router looks like this:
Code:
root@kukilala:~# ip -6 n s|grep 1aee 2001:6666:1111:1b::1aee dev br-lan INCOMPLETE
Does someone have an idea what might be going on here? To me it looks like a FreeNAS bug but I'm not quite sure because other local clients are able to learn the jails MAC addresses.