Bug #3737
closed
Incoming VLAN traffic fails to reach VLAN interface if PCP not 0
Added by Clement Barnier over 10 years ago.
Updated about 9 years ago.
Description
On ESXi, incoming VLAN traffic fails to reach the related VLAN interface if PCP is set to anything else than the default value (0); it stops at the parent interface.
The problem and setup is almost identical to issue #2613, except it only occurs when incoming PCP is not default.
It occurs on my regular setup (inbound IPtv traffic on WAN with PCP 4) and also on a test setup between two pfSense over a dedicated (virtual) LAN.
So if inbound VLAN packets have default PCP (0) it's fine and traffic goes through to the actual VLAN interface.
But if PCP differs from 0, packets stops being forwarded to the VLAN interface, and are only visible on the parent.
The host is ESXi 5.5 with E1000 or VMXNET3 virtual adapters (no difference).
The hardware is a Dell Poweredge 2900 II with integrated BMC5708 NICs
Tested with pfSense 2.1.4 and 2.2-ALPHA.
Files
I haven't dug too deeply into this, but I suspect the root issue here is this should be a feature request for PCP configuration (sysctls, ifconfig, etc.).
Clement: for best chance of a quick implementation, if you could spend some time digging into configuring the underlying FreeBSD to work in this circumstance, and hence then narrow down exactly what we need to allow configuring and where, that would make this much more likely to gain traction quickly. Otherwise it's probably one of those things that one of us will eventually get into, at some point.
Might want to start your testing with a stock FreeBSD 10.0 or 10-STABLE, see if you can make it work there, then try the same on pfSense 2.2.
I've finally managed to put together a fully working environment and take a deeper look at this.
The problem is that setting PCP for a VLAN interface to anything except 0 corrupts its VID (seen with ifconfig).
This happens because there is a mix-up in if_vlan.c which likely got unnoticed in the pf_802.1p patch:
#define ifv_vid ifv_mib.ifvm_tag
So the VID and the full 802.1Q tag are equal when PCP is 0, but it obviously breaks in all other cases (vlan_input will be unable to match VLAN packets to existing VLAN interfaces).
It can be resolved by adding the proper ifvm_vid field to the mib, as shown in the attached diff.
So can this be pushed in the 802.1Q patch?
I confirm that it solves the problem.
I encounter the same issue, with the patch PCP is working fine.
Can you push this patch so it can be included in the 2.2?
Chris, if you're interested in using PCP in your configuration you can take a look at #4133 which is more "up-to-date" and also include GUI support.
- Status changed from New to Duplicate
- Affected Architecture added
- Affected Architecture deleted (
amd64)
closing this in favor of #4133
Also available in: Atom
PDF
Updated by 
Updated by 
Updated by 
Updated by