Re: When is a switch not a switch?
Hi, On Tue, 20 Oct 2020 at 13:02, D'Arcy Cain wrote: > I am using bhyve with vm-bhyve, I am trying to set up a virtual network > with multiple hosts. The idea is that a VM would be on the same virtual > network no matter which actual host it is on. > > Say I have a public network a.b.c.0/24. I thought I could create a switch > on a host. The host would be a.b.c.1 and the VMs would be a.b.c.100 and > a.b.c.101. The idea would be that the VMs would appear on the real > network. > Then the 101 VM could migrate to a.b.c.2 and still be accessible. I > envisioned some sort of proxy arp would happen so that every VM would > simply > announce itself wherever it was. > It looks like you are over complicating this. When using vm-bhyve, as long as each host has the same vswitch (bridge) then the tap will automagically be inserted correctly on guest startup (as long as the conf file follows your guest storage). Let vm-bhyve manage bridge creation. Only use /etc/rc.conf to bring up the interface. If you are running > 11.4 then you must turn LRO off (-lro) when you bring up the interface. The other settings in this thread can be left on. The problem you are experiencing is packet fragmentation that the guest has to deal with because LRO is enabled (off by default in 11, enabled in 12 and above). LRO should be disabled automatically when an interface (or child VLAN) is added to a bridge. I have tried to get the network guys to fix this but no such luck. > This did seem to work in that I could ping from the VM: > > # ping 8.8.8.8 > PING 8.8.8.8 (8.8.8.8): 56 data bytes > 64 bytes from 8.8.8.8: icmp_seq=0 ttl=114 time=1.734 ms > > Even IPV6: > > # ping6 2605:2600:1001::4b > PING6(56=40+8+8 bytes) 2605:2600:1001::4 --> 2605:2600:1001::4b > 16 bytes from 2605:2600:1001::4b, icmp_seq=0 hlim=64 time=0.960 ms > 16 bytes from 2605:2600:1001::4b, icmp_seq=1 hlim=64 time=0.415 ms > > However TCP doesn't work. In fact, I could only ping by IP because the > system couldn't connect to the DNS server, to get an address even though > it > could ping it. > > I guess my first question is does this seem doable? If so, what am I > missing? Is it possible that a bhyve switch is more like a router? ___ freebsd-virtualization@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
[Bug 203874] [patch] MSI/MSI-X interrupts don't work in VMware virtual machines
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=203874 Manuel P. changed: What|Removed |Added CC||registrazi...@kiokoman.eu.o ||rg --- Comment #32 from Manuel P. --- I only see it in the master branch on FreeBSD i think that it would be useful to see it also for FreeBSD 12 if possible Thanks, Manuel -- You are receiving this mail because: You are the assignee for the bug. ___ freebsd-virtualization@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization To unsubscribe, send any mail to "freebsd-virtualization-unsubscr...@freebsd.org"
Re: When is a switch not a switch?
On 10/20/20 8:35 AM, Patrick M. Hausen wrote: So why alias? Wouldn't "ifconfig_public=" work? We already have ifconfig_public="addm bge0 up" Adding ifconfig_public="inet 1.2.3.4/24" on another line would overwrite the first one. These are just variable assignments not executable code. You cannot have more than one Doh! Of course. I would have known that after the next coffee. -- D'Arcy J.M. Cain | Democracy is three wolves http://www.druid.net/darcy/| and a sheep voting on +1 416 788 2246 (DoD#0082)(eNTP) | what's for dinner. IM: da...@vybenetworks.com, VoIP: sip:da...@druid.net Disclaimer: By sending an email to ANY of my addresses you are agreeing that: 1. I am by definition, "the intended recipient". 2. All information in the email is mine to do with as I see fit and make such financial profit, political mileage, or good joke as it lends itself to. In particular, I may quote it where I please. 3. I may take the contents as representing the views of your company if I so wish. 4. This overrides any disclaimer or statement of confidentiality that may be included or implied in your message. OpenPGP_signature Description: OpenPGP digital signature
Re: When is a switch not a switch?
On Mon, Oct 19, 2020 at 10:02:17PM -0400, D'Arcy Cain wrote:
> I am using bhyve with vm-bhyve, I am trying to set up a virtual network
> with multiple hosts. The idea is that a VM would be on the same virtual
> network no matter which actual host it is on.
>
> Say I have a public network a.b.c.0/24. I thought I could create a switch
> on a host. The host would be a.b.c.1 and the VMs would be a.b.c.100 and
> a.b.c.101. The idea would be that the VMs would appear on the real network.
> Then the 101 VM could migrate to a.b.c.2 and still be accessible. I
> envisioned some sort of proxy arp would happen so that every VM would simply
> announce itself wherever it was.
>
> This did seem to work in that I could ping from the VM:
>
> # ping 8.8.8.8
> PING 8.8.8.8 (8.8.8.8): 56 data bytes
> 64 bytes from 8.8.8.8: icmp_seq=0 ttl=114 time=1.734 ms
>
> Even IPV6:
>
> # ping6 2605:2600:1001::4b
> PING6(56=40+8+8 bytes) 2605:2600:1001::4 --> 2605:2600:1001::4b
> 16 bytes from 2605:2600:1001::4b, icmp_seq=0 hlim=64 time=0.960 ms
> 16 bytes from 2605:2600:1001::4b, icmp_seq=1 hlim=64 time=0.415 ms
>
> However TCP doesn't work. In fact, I could only ping by IP because the
> system couldn't connect to the DNS server, to get an address even though it
> could ping it.
>
> I guess my first question is does this seem doable? If so, what am I
> missing? Is it possible that a bhyve switch is more like a router?
>
> Thanks.
>
> --
> D'Arcy J.M. Cain | Democracy is three wolves
> http://www.druid.net/darcy/| and a sheep voting on
> +1 416 788 2246 (DoD#0082)(eNTP) | what's for dinner.
> IM: da...@vybenetworks.com, VoIP: sip:da...@druid.net
>
> Disclaimer: By sending an email to ANY of my addresses you
> are agreeing that:
>
> 1. I am by definition, "the intended recipient".
> 2. All information in the email is mine to do with as I see
> fit and make such financial profit, political mileage, or
> good joke as it lends itself to. In particular, I may quote
> it where I please.
> 3. I may take the contents as representing the views of
> your company if I so wish.
> 4. This overrides any disclaimer or statement of
> confidentiality that may be included or implied in
> your message.
I usually configure my bridgeN device to have an IP and subnet that I
know won't be on any of the physical networks I care about. I'll then
add only the tapN..M devices that the bhyve VMs will use to that
bridgeN. I'll then use pf to NAT from that private network on bridgeN
to the real world.
BEGIN rc.conf
cloned_interfaces="bridge0 tap0 tap1"
ifconfig_bridge0="inet 192.168.254.1 subnet mask 255.255.255.0"
ifconfig_bridge0="${ifconfig_bridge0} addm tap0 addm tap1"
END rc.conf
BEGIN pf.conf
table counters { \
192.168.254.0/24 \
}
scrub in all
nat on em0 from {} to any -> (em0)
nat on wlan0 from {} to any -> (wlan0)
pass in all
pass out all
END pf.conf
Thanks,
--
Shawn Webb
Cofounder / Security Engineer
HardenedBSD
GPG Key ID: 0xFF2E67A277F8E1FA
GPG Key Fingerprint: D206 BB45 15E0 9C49 0CF9 3633 C85B 0AF8 AB23 0FB2
https://git-01.md.hardenedbsd.org/HardenedBSD/pubkeys/src/branch/master/Shawn_Webb/03A4CBEBB82EA5A67D9F3853FF2E67A277F8E1FA.pub.asc
signature.asc
Description: PGP signature
Re: When is a switch not a switch?
Hi! > Am 20.10.2020 um 14:10 schrieb D'Arcy Cain : > > On 10/20/20 7:39 AM, Patrick M. Hausen wrote: >>> When I started I thought of a switch as analogous to a physical switch. If >>> I am in an office with one ethernet jack but I have multiple devices I >>> might connect a switch (or hub) to the jack and plug my devices into the >>> switch. I don't need to create a separate network for my office. All of my >>> devices are on the company network. >> OK, the "switch" interface in FreeBSD is bridge(4). > > Understood. > >> Or to cite Radia Perlman: >> A bridge is a network device making forwarding decisions based on layer 2 >> addresses. >> A router is a network device making forwarding decisions based on layer 3 >> addresses. >> "Switch" is a marketing term meaning "faster or cheaper than the >> competition". > > I always thought that a switch was a hub with packet switching to avoid > collisions. That is a bridge. A switch simply is a multiport bridge. And a layer 3 switch is a router. > Or else rename the bridges to "public" and "private". Yep, probably. >> ifconfig_inet0="addm igb0 up" > ifconfig_public="addm bge0 up" > ifconfig_private="addm bge1 up" > >> ifconfig_inet0_alias0="inet 1.2.3.4/24" > ifconfig_public_alias0="inet 1.2.3.4/24" > ifconfig_private_alias0="192.168.151.4/14" > > So why alias? Wouldn't "ifconfig_public=" work? We already have ifconfig_public="addm bge0 up" Adding ifconfig_public="inet 1.2.3.4/24" on another line would overwrite the first one. These are just variable assignments not executable code. You cannot have more than one ifconfig_public line. If you need more than one they have to be named ifconfig_public ifconfig_public_alias0 ifconfig_public_alias1 ... Execution stops at the first undefined one, so no gaps, either. > Not sure I need this as long as arp works as it should. Do I really care > what the MAC is? Well, the ARP timeouts specifically of Cisco gear can be enervatingly long so hosts are not reachable after reboot for minutes ... these settings fix that. HTH, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein signature.asc Description: Message signed with OpenPGP
Re: When is a switch not a switch?
On 10/20/20 7:39 AM, Patrick M. Hausen wrote: When I started I thought of a switch as analogous to a physical switch. If I am in an office with one ethernet jack but I have multiple devices I might connect a switch (or hub) to the jack and plug my devices into the switch. I don't need to create a separate network for my office. All of my devices are on the company network. OK, the "switch" interface in FreeBSD is bridge(4). Understood. Or to cite Radia Perlman: A bridge is a network device making forwarding decisions based on layer 2 addresses. A router is a network device making forwarding decisions based on layer 3 addresses. "Switch" is a marketing term meaning "faster or cheaper than the competition". I always thought that a switch was a hub with packet switching to avoid collisions. cloned_interfaces="bridge0" ifconfig_bridge0="a.b.c.d.1 addm bge0 addm switch0 up" Except that switch0 doesn't get created until vm-bhyve starts so it probably doesn't exist at that time. What is "switch0"? I suspect it is just a bridge interface that gets renamed by your VM management software. In that case manually creating bridge0 and all the things we discussed will not get you anywhere. So in vm-bhyve I need to change; @@ -3,9 +3,9 @@ cpu=2 memory=2G network0_type="virtio-net" -network0_switch="public" +network0_switch="bridge0" network1_type="virtio-net" -network1_switch="private" +network1_switch="bridge1" disk0_type="virtio-blk" disk0_name="disk0.img" disk0_dev="sparse-zvol" Or else rename the bridges to "public" and "private". Real life example from our environment: ifconfig_igb0="-rxcsum -rxcsum6 -txcsum -txcsum6 -tso -vlanhwtag -vlanhwtso up" ifconfig_bge0="-rxcsum -rxcsum6 -txcsum -txcsum6 -tso -vlanhwtag -vlanhwtso up" cloned_interfaces="bridge0" cloned_interfaces="bridge0 bridge1" ifconfig_bridge0_name="inet0" ifconfig _bridge0_name="public" ifconfig _bridge1_name="private" ifconfig_inet0="addm igb0 up" ifconfig_public="addm bge0 up" ifconfig_private="addm bge1 up" ifconfig_inet0_alias0="inet 1.2.3.4/24" ifconfig_public_alias0="inet 1.2.3.4/24" ifconfig_private_alias0="192.168.151.4/14" So why alias? Wouldn't "ifconfig_public=" work? Then we configure iocage to attach the jails to bridge0. In your case you would have to tell your VM management tool to attach the VM tap interfaces to bridge0 instead of creating its own "switch0" - which I suspect is a bridge interface in disguise. As you can see above we rename all our Internet facing interfaces to "inet0" on all hosts. Then there are more like "mgmt0", "priv0", ... like that. So probably the bridge is renamed to "switch0". If I do the above I guess I can keep the names "public" and "private". Tell the tool not to do that and use the preconfigured bridge0 instead. Or public? inet0 in your example? Another useful sysctl to get reproduceable static MAC addresses for the bridge itself accross reboots is: loader.conf: if_bridge_load="YES" sysctl.conf: net.link.bridge.inherit_mac=1 Not sure I need this as long as arp works as it should. Do I really care what the MAC is? Cheers. -- D'Arcy J.M. Cain | Democracy is three wolves http://www.druid.net/darcy/| and a sheep voting on +1 416 788 2246 (DoD#0082)(eNTP) | what's for dinner. IM: da...@vybenetworks.com, VoIP: sip:da...@druid.net Disclaimer: By sending an email to ANY of my addresses you are agreeing that: 1. I am by definition, "the intended recipient". 2. All information in the email is mine to do with as I see fit and make such financial profit, political mileage, or good joke as it lends itself to. In particular, I may quote it where I please. 3. I may take the contents as representing the views of your company if I so wish. 4. This overrides any disclaimer or statement of confidentiality that may be included or implied in your message. OpenPGP_signature Description: OpenPGP digital signature
Re: When is a switch not a switch?
A short P.S. I just looked shortly into vm-bhyve. Whatever this tool does with respect to the "switches", possibly just turning off all the hardware acceleration features for your network card can solve your problems without further messing around with bridge(4) and friends. What you need to configure depends on your hardware. I made a table for the various interfaces we use at our place: em: -rxcsum -txcsum -lro -vlanmtu -vlanhwcsum -vlanhwfilter -vlanhwtag up igb:-rxcsum -rxcsum6 -txcsum -txcsum6 -tso -vlanhwtag -vlanhwtso up ix: -rxcsum -rxcsum6 -txcsum -txcsum6 -tso -lro -vlanhwtag -vlanhwtso up ixl:-rxcsum -rxcsum6 -txcsum -txcsum6 -tso -lro -vlanhwtag -vlanhwtso up bnxt: -rxcsum -rxcsum6 -txcsum -txcsum6 -tso -lro -vlanhwtag -vlanhwtso -vlanhwfilter up HTH, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein signature.asc Description: Message signed with OpenPGP
Re: When is a switch not a switch?
Hi all, > Am 20.10.2020 um 12:50 schrieb D'Arcy Cain : > > On 10/20/20 5:36 AM, Patrick M. Hausen wrote: >>> I did see that. Does that mean that I don't even need to create switches >>> at all? >> What is a switch in this context? I use bridge interfaces to connect jails >> via epair >> and VMs via tap. > > When I started I thought of a switch as analogous to a physical switch. If I > am in an office with one ethernet jack but I have multiple devices I might > connect a switch (or hub) to the jack and plug my devices into the switch. I > don't need to create a separate network for my office. All of my devices are > on the company network. OK, the "switch" interface in FreeBSD is bridge(4). Or to cite Radia Perlman: A bridge is a network device making forwarding decisions based on layer 2 addresses. A router is a network device making forwarding decisions based on layer 3 addresses. "Switch" is a marketing term meaning "faster or cheaper than the competition". > cloned_interfaces="bridge0" > ifconfig_bridge0="a.b.c.d.1 addm bge0 addm switch0 up" > Except that switch0 doesn't get created until vm-bhyve starts so it probably > doesn't exist at that time. What is "switch0"? I suspect it is just a bridge interface that gets renamed by your VM management software. In that case manually creating bridge0 and all the things we discussed will not get you anywhere. >> If em0 does not have an IP address on the host and should be used >> exclusively for VMs, then the bridge does not need an IP address, either. >> Still you need to configure em0 "up". > > I can't imagine a scenario like that. You probably always need access to the > host for maintenance. Well, there could be a second hardware interface for host communication ... And if one of the two is member of the bridge and the other one isn't it is perfectly valid to plug them into the same broadcast domain and get e.g. 1Gbit/s for the host and 1Gbit/s for all the jails or VMs. >> And additionally ... >> - you should disable all hardware acceleration features on the physical >> interface > > Like ASF? Real life example from our environment: ifconfig_igb0="-rxcsum -rxcsum6 -txcsum -txcsum6 -tso -vlanhwtag -vlanhwtso up" cloned_interfaces="bridge0" ifconfig_bridge0_name="inet0" ifconfig_inet0="addm igb0 up" ifconfig_inet0_alias0="inet 1.2.3.4/24" Then we configure iocage to attach the jails to bridge0. In your case you would have to tell your VM management tool to attach the VM tap interfaces to bridge0 instead of creating its own "switch0" - which I suspect is a bridge interface in disguise. As you can see above we rename all our Internet facing interfaces to "inet0" on all hosts. Then there are more like "mgmt0", "priv0", ... like that. So probably the bridge is renamed to "switch0". Tell the tool not to do that and use the preconfigured bridge0 instead. Another useful sysctl to get reproduceable static MAC addresses for the bridge itself accross reboots is: loader.conf: if_bridge_load="YES" sysctl.conf: net.link.bridge.inherit_mac=1 HTH, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein signature.asc Description: Message signed with OpenPGP
Re: When is a switch not a switch?
Hi all, > Am 20.10.2020 um 11:28 schrieb D'Arcy Cain : > > On 10/20/20 4:36 AM, Patrick M. Hausen wrote: >> It's officially documented here: >> https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridging.html > > I did see that. Does that mean that I don't even need to create switches at > all? What is a switch in this context? I use bridge interfaces to connect jails via epair and VMs via tap. >> "If the bridge host needs an IP address, set it on the bridge interface, not >> on the member interfaces." > > But I don't necessarily need an IP on the bridge itself, right? Depends ;-) If the host has got e.g. em0 with an IP address and you want to make that physical interface part of e.g. bridge0 as well as all the VMs so they can communicate on the wire ... you *must* move the IP address config from em0 to bridge0 and configure em0 "up". If em0 does not have an IP address on the host and should be used exclusively for VMs, then the bridge does not need an IP address, either. Still you need to configure em0 "up". And additionally ... - you should disable all hardware acceleration features on the physical interface - if you are using pf you should move the rule processing from the members to the bridge like so: sysctl net.link.bridge.pfil_member=0 sysctl net.link.bridge.pfil_bridge=1 HTH, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein signature.asc Description: Message signed with OpenPGP
Re: When is a switch not a switch?
On 10/20/20 4:36 AM, Patrick M. Hausen wrote: It's officially documented here: https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridging.html I did see that. Does that mean that I don't even need to create switches at all? "If the bridge host needs an IP address, set it on the bridge interface, not on the member interfaces." But I don't necessarily need an IP on the bridge itself, right? -- D'Arcy J.M. Cain | Democracy is three wolves http://www.druid.net/darcy/| and a sheep voting on +1 416 788 2246 (DoD#0082)(eNTP) | what's for dinner. IM: da...@vybenetworks.com, VoIP: sip:da...@druid.net Disclaimer: By sending an email to ANY of my addresses you are agreeing that: 1. I am by definition, "the intended recipient". 2. All information in the email is mine to do with as I see fit and make such financial profit, political mileage, or good joke as it lends itself to. In particular, I may quote it where I please. 3. I may take the contents as representing the views of your company if I so wish. 4. This overrides any disclaimer or statement of confidentiality that may be included or implied in your message. OpenPGP_signature Description: OpenPGP digital signature
Re: When is a switch not a switch?
On 10/20/20 2:56 AM, John-Mark Gurney wrote: By switch, do you mean use bridge? How specifically is the network configured? Yes. I did try bridge first but I may not have understand all the nuances. I also thought that "switch" meant the same thing as a physical switch but I guess it is more like a router. That was the point of my subject. What you are describing sounds like what I do w/ bridge, but my use was slightly more complicated. Say your host has em0 as the main network, you would create a bridge0 interface, either via cloned_interfaces or via "ifconfig bridge0 create". Then you would put the em0 interface as a member of the bridge "ifconfig bridge0 addm bge0" in my case but I also have a private network so "ifconfig bridge0 addm bge0 addm bge1" then. Or do I need two bridges? interface. You would also add the tap interfaces of the various bhyve vms as well (don't forget to make sure the tap interface is up on the host, net.link.tap.up_on_open helps w/ this)... This is the part I am trying to automate so that VM can freely move between hosts. Is there a way to make tap automatically add itself to a bridge? Thanks for your help. -- D'Arcy J.M. Cain | Democracy is three wolves http://www.druid.net/darcy/| and a sheep voting on +1 416 788 2246 (DoD#0082)(eNTP) | what's for dinner. IM: da...@vybenetworks.com, VoIP: sip:da...@druid.net Disclaimer: By sending an email to ANY of my addresses you are agreeing that: 1. I am by definition, "the intended recipient". 2. All information in the email is mine to do with as I see fit and make such financial profit, political mileage, or good joke as it lends itself to. In particular, I may quote it where I please. 3. I may take the contents as representing the views of your company if I so wish. 4. This overrides any disclaimer or statement of confidentiality that may be included or implied in your message. OpenPGP_signature Description: OpenPGP digital signature
Re: When is a switch not a switch?
Hi all, > Am 20.10.2020 um 08:56 schrieb John-Mark Gurney : > I have heard (and that is the way I do that), that you have to put the > host IPs on the bridge0 interface, and not the em0 interface. It's officially documented here: https://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-bridging.html "If the bridge host needs an IP address, set it on the bridge interface, not on the member interfaces." Kind regards, Patrick -- punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de i...@punkt.de AG Mannheim 108285 Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein signature.asc Description: Message signed with OpenPGP
Re: When is a switch not a switch?
D'Arcy Cain wrote this message on Mon, Oct 19, 2020 at 22:02 -0400: > I am using bhyve with vm-bhyve, I am trying to set up a virtual network > with multiple hosts. The idea is that a VM would be on the same virtual > network no matter which actual host it is on. > > Say I have a public network a.b.c.0/24. I thought I could create a switch > on a host. The host would be a.b.c.1 and the VMs would be a.b.c.100 and > a.b.c.101. The idea would be that the VMs would appear on the real network. > Then the 101 VM could migrate to a.b.c.2 and still be accessible. I > envisioned some sort of proxy arp would happen so that every VM would simply > announce itself wherever it was. > > This did seem to work in that I could ping from the VM: > > # ping 8.8.8.8 > PING 8.8.8.8 (8.8.8.8): 56 data bytes > 64 bytes from 8.8.8.8: icmp_seq=0 ttl=114 time=1.734 ms > > Even IPV6: > > # ping6 2605:2600:1001::4b > PING6(56=40+8+8 bytes) 2605:2600:1001::4 --> 2605:2600:1001::4b > 16 bytes from 2605:2600:1001::4b, icmp_seq=0 hlim=64 time=0.960 ms > 16 bytes from 2605:2600:1001::4b, icmp_seq=1 hlim=64 time=0.415 ms > > However TCP doesn't work. In fact, I could only ping by IP because the > system couldn't connect to the DNS server, to get an address even though it > could ping it. > > I guess my first question is does this seem doable? If so, what am I > missing? Is it possible that a bhyve switch is more like a router? By switch, do you mean use bridge? How specifically is the network configured? What you are describing sounds like what I do w/ bridge, but my use was slightly more complicated. Say your host has em0 as the main network, you would create a bridge0 interface, either via cloned_interfaces or via "ifconfig bridge0 create". Then you would put the em0 interface as a member of the bridge interface. You would also add the tap interfaces of the various bhyve vms as well (don't forget to make sure the tap interface is up on the host, net.link.tap.up_on_open helps w/ this)... I have heard (and that is the way I do that), that you have to put the host IPs on the bridge0 interface, and not the em0 interface. -- John-Mark Gurney Voice: +1 415 225 5579 "All that I will do, has been done, All that I have, has not." signature.asc Description: PGP signature
