Limiters not syncing
Added some traffic shaping on one of our pf's, made sure Firewall->Virtual IPs->CARP Settings had "Synchronize traffic shaper" enabled, but still no dice.
multiple vlans + spoofmac result in unexpected behaviour
I have an acceptable workaround, so the problem is not urgent, but before i fiogured out the workaround, is was severely impacting performance (3 interfaces not operating). I am a network specialist and I am available to assist wherever possible. If the issue si considered seriousenough for a fix, I can assist in more detailed pinpointing using tcpdumps on test-platforms.
If a interface is using vlan tagging for virtual interfaces and also the untagged interface is using MAC address spoofing, communication fails on the tagged vlans.
On interface rl1 is untagged the WAN connection. This requires a spoofed MAC address, eg using <spoofmac>00:03:6b:f7:3b:3f</spoofmac>. On interface rl1 is also a vlan/tagged interface, eg vlan0 using rl1 and vlan tag 5. The tagged interface vlan0 expects to use the original MAC address of the interface rl0. But the issue is that interface rl0 is only processing incoming packets with destination mac address spoof_mac_rl1.
Workarounds (no code change required)
acceptable configure the <spoofmac>00:03:6b:f7:3b:3f</spoofmac> on all vlan interfaces connected to interface rl1
funny start a tcpdump on the vlan interface. This will put the interface in promiscuous mode and it will process all packets. Now the packets destined for the original MAC address (and active on the vlan interface)
bypass Do not use tagged interfaces on a interface with spoofmac
It is very confusing that when a vlan is created, the GUI a refernece shows to the physical/original MAC address, even when the MAC addres of the untagged interface is