subject:"VLAN configuration problem on 6.1 \(\"no route to host\" on other than own IP\)"

Re: VLAN configuration problem on 6.1 ("no route to host" on other than own IP)

2017-11-06 Thread Hrvoje Popovski

On 6.11.2017. 17:47, Andre Ruppert wrote:
> Hello @misc,
> 
> perhaps I'm stupid, but I don't see my fault in a vlan network
> configuration:
> 
> I got a OpenBSD 6.1 gateway box, connected to several switches.
> 
> On em0 I habe to serve two networks:
> 172.16.210.0  (direct em0 - no vlan)
> 172.16.211.0  (VLAN 211 tagged on em0)
> 
> 
> 
> On of my connections (em0) has a simple configuration on standard VLAN 1
> (untagged):
> 
> # ifconfig em0
> em0: flags=8b43
> mtu 1500
>     lladdr a0:36:9f:36:49:e6
>     description: sbc-ect-lan-ext
>     index 1 priority 0 llprio 3
>     media: Ethernet autoselect (1000baseT full-duplex,master)
>     status: active
>     inet 172.16.210.3 netmask 0xff00 broadcast 172.16.210.255
> 
> # cat /etc/hostname.em0
> inet 172.16.210.3 255.255.255.0 172.16.210.255 description
> "sbc-ect-lan-ext"
> 
> --
> 
> This interface also is "CARPed":
> 
> # ifconfig carp0
> carp0: flags=8843 mtu 1500
>     lladdr 00:00:5e:00:01:01
>     index 8 priority 15 llprio 3
>     carp: BACKUP carpdev em0 vhid 1 advbase 1 advskew 100
>     groups: carp
>     status: backup
>     inet 172.16.210.1 netmask 0xff00 broadcast 172.16.210.255
> 
> # cat /etc/hostname.carp0
> inet 172.16.210.1 255.255.255.0 172.16.210.255 vhid 1 carpdev em0 pass
>  advskew 100
> 
> (this gateway is the CARP slave (backup) of a pair of redundant gateways)
> 
> ---
> 
> Next: I want to have a VLAN on this interface em0:
> (the connected switch has a trunk configured this VLAN 210 (untagged)
> and VLAN 211 (tagged) - but I don't know if this information makes sense
> here)
> 
> # ifconfig vlan211
> vlan211: flags=8843 mtu 1500
>     lladdr a0:36:9f:36:49:e6
>     index 15 priority 0 llprio 3
>     vlan: 211 parent interface: em0
>     vnetid: 211
>     parent: em0
>     groups: vlan
>     status: active
>     inet 172.16.211.3 netmask 0xff00 broadcast 172.16.211.255
> 
> # cat /etc/hostname.vlan211
> inet 172.16.211.3 255.255.255.0 172.16.211.255 vlandev em0
> 
> --
> 
> corresponding routing table (excerpt):
> 
>  # netstat -nr
> Routing tables
> 
> Internet:
> Destination    Gateway    Flags   Refs  Use   Mtu  Prio
> Iface
> default    172.16.0.15    UGS    1  191 - 8
> 
> ...
> ...
> 
> 172.16.210/24  172.16.210.3   UCn    1 1094 - 4 em0
> 172.16.210/24  172.16.210.1   Cn 0    0 -    19
> carp0
> 172.16.210.1   00:00:5e:00:01:01  UHLl   0  153 - 1
> carp0
> 172.16.210.3   a0:36:9f:36:49:e6  UHLl   0  275 - 1 em0
> 172.16.210.10  00:08:25:22:50:e0  UHLc   0  158 - 3 em0
> 172.16.210.255 172.16.210.3   UHPb   0    0 - 1 em0
> 172.16.210.255 172.16.210.1   HPb    0    0 - 1
> carp0
> 172.16.211/24  172.16.211.3   UCn    0 1215 - 4
> vlan211
> 172.16.211.3   a0:36:9f:36:49:e6  UHLl   0    0 - 1
> vlan211
> 172.16.211.255 172.16.211.3   UHb    0    0 - 1
> vlan211
> 
> -
> 
> My problem:
> 
> I am only able to ping myself (VLAN 211)  - end I _don't_ think it's a
> switch problem - because I get an "no route to host" error
> # ping 172.16.211.3 # (my IP)
> PING 172.16.211.3 (172.16.211.3): 56 data bytes
> 64 bytes from 172.16.211.3: icmp_seq=0 ttl=255 time=0.153 ms
> 64 bytes from 172.16.211.3: icmp_seq=1 ttl=255 time=0.080 ms
> ...
> ...stupid but working as expected...
> 
> 
> # ping 172.16.211.2 # some other IP, same network
> PING 172.16.211.2 (172.16.211.2): 56 data bytes
> ping: sendmsg: No route to host
> ping: wrote 172.16.211.2 64 chars, ret=-1
> ping: sendmsg: No route to host
> ping: wrote 172.16.211.2 64 chars, ret=-1
> ping: sendmsg: No route to host
> ...
> 
> 
> The routing table then has added one new entry:
> 
> 172.16.211/24  172.16.211.3   UCn    1 1743 - 4
> vlan211
> 172.16.211.2   link#15    UHLc   0 1684 - 3
> vlan211  !
> 172.16.211.3   a0:36:9f:36:49:e6  UHLl   0   18 - 1
> vlan211
> 172.16.211.255 172.16.211.3   UHb    0    0 - 1
> vlan211
> 
> 
> I'm clueless and don't know how to investigate further...
> 
> In my pf.conf I tried to "temporarly annihilate" the rules on the em0
> interface ("set skip on em0"), but that didn't help
> 
> Any hints?
> 
> head-scratching regards
> 
> Andre Ruppert
> 

i think that in 6.1 vlan config is little different
in man vlan - ifconfig vlan0 parent em0 vnetid 5

if you disable pf with "pfctl -d" can you ping

Re: VLAN configuration problem on 6.1 ("no route to host" on other than own IP)

2017-11-06 Thread Erik van Westen

Aren't you missing the vlan definition in hostname.vlan211 like:

# cat /etc/hostname.vlan211
inet 172.16.211.3 255.255.255.0 172.16.211.255*vlan 211* vlandev em0

or, like in 6.2:

inet 172.16.211.3 255.255.255.0 172.16.211.255 vnetid 211 parent em0

?

Erik


Op 6-11-2017 om 17:47 schreef Andre Ruppert:
> Hello @misc,
>
> perhaps I'm stupid, but I don't see my fault in a vlan network
> configuration:
>
> I got a OpenBSD 6.1 gateway box, connected to several switches.
>
> On em0 I habe to serve two networks:
> 172.16.210.0  (direct em0 - no vlan)
> 172.16.211.0  (VLAN 211 tagged on em0)
>
> 
>
> On of my connections (em0) has a simple configuration on standard VLAN
> 1 (untagged):
>
> # ifconfig em0
> em0:
> flags=8b43
> mtu 1500
>     lladdr a0:36:9f:36:49:e6
>     description: sbc-ect-lan-ext
>     index 1 priority 0 llprio 3
>     media: Ethernet autoselect (1000baseT full-duplex,master)
>     status: active
>     inet 172.16.210.3 netmask 0xff00 broadcast 172.16.210.255
>
> # cat /etc/hostname.em0
> inet 172.16.210.3 255.255.255.0 172.16.210.255 description
> "sbc-ect-lan-ext"
>
> --
>
> This interface also is "CARPed":
>
> # ifconfig carp0
> carp0: flags=8843 mtu 1500
>     lladdr 00:00:5e:00:01:01
>     index 8 priority 15 llprio 3
>     carp: BACKUP carpdev em0 vhid 1 advbase 1 advskew 100
>     groups: carp
>     status: backup
>     inet 172.16.210.1 netmask 0xff00 broadcast 172.16.210.255
>
> # cat /etc/hostname.carp0
> inet 172.16.210.1 255.255.255.0 172.16.210.255 vhid 1 carpdev em0 pass
>  advskew 100
>
> (this gateway is the CARP slave (backup) of a pair of redundant gateways)
>
> ---
>
> Next: I want to have a VLAN on this interface em0:
> (the connected switch has a trunk configured this VLAN 210 (untagged)
> and VLAN 211 (tagged) - but I don't know if this information makes
> sense here)
>
> # ifconfig vlan211
> vlan211: flags=8843 mtu 1500
>     lladdr a0:36:9f:36:49:e6
>     index 15 priority 0 llprio 3
>     vlan: 211 parent interface: em0
>     vnetid: 211
>     parent: em0
>     groups: vlan
>     status: active
>     inet 172.16.211.3 netmask 0xff00 broadcast 172.16.211.255
>
> # cat /etc/hostname.vlan211
> inet 172.16.211.3 255.255.255.0 172.16.211.255 vlandev em0
>
> --
>
> corresponding routing table (excerpt):
>
>  # netstat -nr
> Routing tables
>
> Internet:
> Destination    Gateway    Flags   Refs  Use   Mtu 
> Prio Iface
> default    172.16.0.15    UGS    1  191 - 8
>
> ...
> ...
>
> 172.16.210/24  172.16.210.3   UCn    1 1094 -
> 4 em0
> 172.16.210/24  172.16.210.1   Cn 0    0 -   
> 19 carp0
> 172.16.210.1   00:00:5e:00:01:01  UHLl   0  153 -
> 1 carp0
> 172.16.210.3   a0:36:9f:36:49:e6  UHLl   0  275 -
> 1 em0
> 172.16.210.10  00:08:25:22:50:e0  UHLc   0  158 -
> 3 em0
> 172.16.210.255 172.16.210.3   UHPb   0    0 -
> 1 em0
> 172.16.210.255 172.16.210.1   HPb    0    0 -
> 1 carp0
> 172.16.211/24  172.16.211.3   UCn    0 1215 -
> 4 vlan211
> 172.16.211.3   a0:36:9f:36:49:e6  UHLl   0    0 -
> 1 vlan211
> 172.16.211.255 172.16.211.3   UHb    0    0 -
> 1 vlan211
>
> -
>
> My problem:
>
> I am only able to ping myself (VLAN 211)  - end I _don't_ think it's a
> switch problem - because I get an "no route to host" error
> # ping 172.16.211.3 # (my IP)
> PING 172.16.211.3 (172.16.211.3): 56 data bytes
> 64 bytes from 172.16.211.3: icmp_seq=0 ttl=255 time=0.153 ms
> 64 bytes from 172.16.211.3: icmp_seq=1 ttl=255 time=0.080 ms
> ...
> ...stupid but working as expected...
>
>
> # ping 172.16.211.2 # some other IP, same network
> PING 172.16.211.2 (172.16.211.2): 56 data bytes
> ping: sendmsg: No route to host
> ping: wrote 172.16.211.2 64 chars, ret=-1
> ping: sendmsg: No route to host
> ping: wrote 172.16.211.2 64 chars, ret=-1
> ping: sendmsg: No route to host
> ...
>
>
> The routing table then has added one new entry:
>
> 172.16.211/24  172.16.211.3   UCn    1 1743 -
> 4 vlan211
> 172.16.211.2   link#15    UHLc   0 1684 -
> 3 vlan211  !
> 172.16.211.3   a0:36:9f:36:49:e6  UHLl   0   18 -
> 1 vlan211
> 172.16.211.255 172.16.211.3   UHb    0    0 -
> 1 vlan211
>
>
> I'm clueless and don't know how to investigate further...
>
> In my pf.conf I tried to "temporarly annihilate" the rules on the em0
> interface ("set skip on em0"),

VLAN configuration problem on 6.1 ("no route to host" on other than own IP)

2017-11-06 Thread Andre Ruppert


Hello @misc,

perhaps I'm stupid, but I don't see my fault in a vlan network 
configuration:


I got a OpenBSD 6.1 gateway box, connected to several switches.

On em0 I habe to serve two networks:
172.16.210.0  (direct em0 - no vlan)
172.16.211.0  (VLAN 211 tagged on em0)



On of my connections (em0) has a simple configuration on standard VLAN 1 
(untagged):


# ifconfig em0
em0: flags=8b43 
mtu 1500

lladdr a0:36:9f:36:49:e6
description: sbc-ect-lan-ext
index 1 priority 0 llprio 3
media: Ethernet autoselect (1000baseT full-duplex,master)
status: active
inet 172.16.210.3 netmask 0xff00 broadcast 172.16.210.255

# cat /etc/hostname.em0
inet 172.16.210.3 255.255.255.0 172.16.210.255 description "sbc-ect-lan-ext"

--

This interface also is "CARPed":

# ifconfig carp0
carp0: flags=8843 mtu 1500
lladdr 00:00:5e:00:01:01
index 8 priority 15 llprio 3
carp: BACKUP carpdev em0 vhid 1 advbase 1 advskew 100
groups: carp
status: backup
inet 172.16.210.1 netmask 0xff00 broadcast 172.16.210.255

# cat /etc/hostname.carp0
inet 172.16.210.1 255.255.255.0 172.16.210.255 vhid 1 carpdev em0 pass 
 advskew 100


(this gateway is the CARP slave (backup) of a pair of redundant gateways)

---

Next: I want to have a VLAN on this interface em0:
(the connected switch has a trunk configured this VLAN 210 (untagged) 
and VLAN 211 (tagged) - but I don't know if this information makes sense 
here)


# ifconfig vlan211
vlan211: flags=8843 mtu 1500
lladdr a0:36:9f:36:49:e6
index 15 priority 0 llprio 3
vlan: 211 parent interface: em0
vnetid: 211
parent: em0
groups: vlan
status: active
inet 172.16.211.3 netmask 0xff00 broadcast 172.16.211.255

# cat /etc/hostname.vlan211
inet 172.16.211.3 255.255.255.0 172.16.211.255 vlandev em0

--

corresponding routing table (excerpt):

 # netstat -nr
Routing tables

Internet:
DestinationGatewayFlags   Refs  Use   Mtu  Prio 
Iface

default172.16.0.15UGS1  191 - 8

...
...

172.16.210/24  172.16.210.3   UCn1 1094 - 4 em0
172.16.210/24  172.16.210.1   Cn 00 -19 
carp0
172.16.210.1   00:00:5e:00:01:01  UHLl   0  153 - 1 
carp0

172.16.210.3   a0:36:9f:36:49:e6  UHLl   0  275 - 1 em0
172.16.210.10  00:08:25:22:50:e0  UHLc   0  158 - 3 em0
172.16.210.255 172.16.210.3   UHPb   00 - 1 em0
172.16.210.255 172.16.210.1   HPb00 - 1 
carp0
172.16.211/24  172.16.211.3   UCn0 1215 - 4 
vlan211
172.16.211.3   a0:36:9f:36:49:e6  UHLl   00 - 1 
vlan211
172.16.211.255 172.16.211.3   UHb00 - 1 
vlan211


-

My problem:

I am only able to ping myself (VLAN 211)  - end I _don't_ think it's a 
switch problem - because I get an "no route to host" error

# ping 172.16.211.3 # (my IP)
PING 172.16.211.3 (172.16.211.3): 56 data bytes
64 bytes from 172.16.211.3: icmp_seq=0 ttl=255 time=0.153 ms
64 bytes from 172.16.211.3: icmp_seq=1 ttl=255 time=0.080 ms
...
...stupid but working as expected...


# ping 172.16.211.2 # some other IP, same network
PING 172.16.211.2 (172.16.211.2): 56 data bytes
ping: sendmsg: No route to host
ping: wrote 172.16.211.2 64 chars, ret=-1
ping: sendmsg: No route to host
ping: wrote 172.16.211.2 64 chars, ret=-1
ping: sendmsg: No route to host
...


The routing table then has added one new entry:

172.16.211/24  172.16.211.3   UCn1 1743 - 4 
vlan211
172.16.211.2   link#15UHLc   0 1684 - 3 
vlan211  !
172.16.211.3   a0:36:9f:36:49:e6  UHLl   0   18 - 1 
vlan211
172.16.211.255 172.16.211.3   UHb00 - 1 
vlan211



I'm clueless and don't know how to investigate further...

In my pf.conf I tried to "temporarly annihilate" the rules on the em0 
interface ("set skip on em0"), but that didn't help


Any hints?

head-scratching regards

Andre Ruppert



smime.p7s
Description: S/MIME Cryptographic Signature

Re: VLAN configuration problem on 6.1 ("no route to host" on other than own IP)

Re: VLAN configuration problem on 6.1 ("no route to host" on other than own IP)

VLAN configuration problem on 6.1 ("no route to host" on other than own IP)

3 matches

Site Navigation

Mail list logo

Footer information