arp, vlan issues after upgrade to 5.6

[moviuro]

Hi all,

I just upgraded my main router to 5.6 and lots of bad surprises

I have lots of vlans, and my OpenBSD machine has 8 networking cards, so here is the (huge) ifconfig:

Code:

lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 32768
	priority: 0
	groups: lo
	inet6 ::1 prefixlen 128
	inet6 fe80::1%lo0 prefixlen 64 scopeid 0xb
	inet 127.0.0.1 netmask 0xff000000
em0: flags=28b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr 00:04:23:b1:b8:90
	priority: 0
	groups: egress
	media: Ethernet autoselect (1000baseT full-duplex)
	status: active
	inet MY.EXT.IP.ADDR netmask 0xffffffc0 broadcast AN.OTHER.IP.HERE
em1: flags=28b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr 00:04:23:b1:b8:91
	priority: 0
	media: Ethernet autoselect (1000baseT full-duplex,master)
	status: active
em2: flags=28b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr 00:04:23:d0:32:fc
	priority: 0
	media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
	status: active
em3: flags=28b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr 00:04:23:d0:32:fd
	priority: 0
	media: Ethernet autoselect (1000baseT full-duplex,master,rxpause,txpause)
	status: active
em4: flags=28b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr 00:c0:9f:23:4c:54
	priority: 0
	media: Ethernet autoselect (100baseTX full-duplex)
	status: active
em5: flags=28b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr 00:04:23:a8:af:16
	priority: 0
	media: Ethernet autoselect (1000baseT full-duplex,master,rxpause,txpause)
	status: active
em6: flags=28b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr 00:04:23:a8:af:17
	priority: 0
	media: Ethernet autoselect (1000baseT full-duplex,master)
	status: active
em7: flags=28b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr 00:04:23:d0:2f:fa
	priority: 0
	media: Ethernet autoselect (1000baseT full-duplex)
	status: active
em8: flags=28b43<UP,BROADCAST,RUNNING,PROMISC,ALLMULTI,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr 00:04:23:d0:2f:fb
	priority: 0
	media: Ethernet autoselect (1000baseT full-duplex,rxpause,txpause)
	status: active
enc0: flags=20041<UP,RUNNING,NOINET6>
	priority: 0
	groups: enc
	status: active
pflow0: flags=20041<UP,RUNNING,NOINET6> mtu 1492
	priority: 0
	pflow: sender: THE.PLFOW.RECEI.VER receiver: 10.2.0.107:9996 version: 5
	groups: pflow
pflow1: flags=20041<UP,RUNNING,NOINET6> mtu 1492
	priority: 0
	pflow: sender: 10.3.15.1 receiver: 10.3.15.5:9999 version: 5
	groups: pflow
vether314: flags=28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr fe:e1:ba:d0:3f:7e
	priority: 0
	groups: vether
	media: Ethernet autoselect
	status: active
	inet 10.3.14.15 netmask 0xffffff00 broadcast 10.3.14.255
vether315: flags=28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr fe:e1:ba:d1:b6:9d
	priority: 0
	groups: vether
	media: Ethernet autoselect
	status: active
	inet 10.3.15.1 netmask 0xffffff00 broadcast 10.3.15.255
vether666: flags=28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr fe:e1:ba:d2:fb:9f
	priority: 0
	groups: vether
	media: Ethernet autoselect
	status: active
	inet 172.16.0.1 netmask 0xffffff00 broadcast 172.16.0.255
vlan1314: flags=28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr 00:04:23:b1:b8:91
	priority: 0
	vlan: 314 parent interface: em1
	groups: vlan
	status: active
vlan1315: flags=28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr 00:04:23:b1:b8:91
	priority: 0
	vlan: 315 parent interface: em1
	groups: vlan
	status: active
vlan1316: flags=28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr 00:04:23:b1:b8:91
	priority: 0
	vlan: 316 parent interface: em1
	groups: vlan
	status: active
vlan2314: flags=28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr 00:04:23:d0:32:fc
	priority: 0
	vlan: 314 parent interface: em2
	groups: vlan
	status: active
vlan2316: flags=28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr 00:04:23:d0:32:fc
	priority: 0
	vlan: 316 parent interface: em2
	groups: vlan
	status: active
vlan3314: flags=28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr 00:04:23:d0:32:fd
	priority: 0
	vlan: 314 parent interface: em3
	groups: vlan
	status: active
vlan3316: flags=28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr 00:04:23:d0:32:fd
	priority: 0
	vlan: 316 parent interface: em3
	groups: vlan
	status: active
vlan5314: flags=28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr 00:04:23:a8:af:16
	priority: 0
	vlan: 314 parent interface: em5
	groups: vlan
	status: active
vlan5316: flags=28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr 00:04:23:a8:af:16
	priority: 0
	vlan: 316 parent interface: em5
	groups: vlan
	status: active
vlan666: flags=28943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,NOINET6> mtu 1500
	lladdr 00:04:23:b1:b8:90
	priority: 0
	vlan: 314 parent interface: em0
	groups: vlan
	status: active
tun0: flags=29943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,LINK0,MULTICAST,NOINET6> mtu 1500
	lladdr fe:e1:ba:d4:35:f6
	priority: 0
	groups: tun
	status: active
	inet 10.3.16.1 netmask 0xffffff00 broadcast 10.3.16.255
bridge314: flags=20041<UP,RUNNING,NOINET6>
	groups: bridge
	priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
	vether314 flags=3<LEARNING,DISCOVER>
		port 14 ifpriority 0 ifcost 0
	vlan5314 flags=3<LEARNING,DISCOVER>
		port 24 ifpriority 0 ifcost 0
	vlan1314 flags=3<LEARNING,DISCOVER>
		port 17 ifpriority 0 ifcost 0
	vlan2314 flags=3<LEARNING,DISCOVER>
		port 20 ifpriority 0 ifcost 0
	vlan3314 flags=3<LEARNING,DISCOVER>
		port 22 ifpriority 0 ifcost 0
bridge315: flags=20041<UP,RUNNING,NOINET6>
	groups: bridge
	priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
	vether315 flags=3<LEARNING,DISCOVER>
		port 15 ifpriority 0 ifcost 0
	em6 flags=3<LEARNING,DISCOVER>
		port 7 ifpriority 0 ifcost 0
	em7 flags=3<LEARNING,DISCOVER>
		port 8 ifpriority 0 ifcost 0
	em8 flags=3<LEARNING,DISCOVER>
		port 9 ifpriority 0 ifcost 0
	em4 flags=3<LEARNING,DISCOVER>
		port 5 ifpriority 0 ifcost 0
	vlan1315 flags=3<LEARNING,DISCOVER>
		port 18 ifpriority 0 ifcost 0
bridge316: flags=20041<UP,RUNNING,NOINET6>
	groups: bridge
	priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
	vlan1316 flags=3<LEARNING,DISCOVER>
		port 19 ifpriority 0 ifcost 0
	vlan2316 flags=3<LEARNING,DISCOVER>
		port 21 ifpriority 0 ifcost 0
	vlan3316 flags=3<LEARNING,DISCOVER>
		port 23 ifpriority 0 ifcost 0
	vlan5316 flags=3<LEARNING,DISCOVER>
		port 25 ifpriority 0 ifcost 0
	tun0 flags=3<LEARNING,DISCOVER>
		port 28 ifpriority 0 ifcost 0
bridge666: flags=20041<UP,RUNNING,NOINET6>
	groups: bridge
	priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
	vlan666 flags=3<LEARNING,DISCOVER>
		port 26 ifpriority 0 ifcost 0
	vether666 flags=3<LEARNING,DISCOVER>
		port 16 ifpriority 0 ifcost 0
pflog0: flags=20141<UP,RUNNING,PROMISC,NOINET6> mtu 33192
	priority: 0
	groups: pflog

And then, more importantly, arp -a:

Code:

? (10.3.14.1) at (incomplete) on vether314
? (10.3.14.15) at fe:e1:ba:d0:3f:7e on vether314 static
? (10.3.14.50) at (incomplete) on vether314
? (10.3.14.51) at (incomplete) on vether314
? (10.3.14.52) at (incomplete) on vether314
? (10.3.14.240) at (incomplete) on vether314
? (10.3.15.2) at 00:0f:1f:dc:0d:d8 on vether315
? (10.3.15.3) at 00:15:17:36:d6:15 on vether315
? (10.3.15.4) at 00:26:b9:46:d3:c3 on vether315
? (10.3.15.5) at 00:40:63:e0:d3:52 on vether315
? (10.3.15.50) at 00:26:b9:46:d3:c3 on vether315
? (10.3.15.53) at 00:26:b9:46:d3:c3 on vether315
? (10.3.15.150) at 00:26:b9:46:d3:c2 on vether315
? (10.3.16.201) at 00:16:19:25:03:08 on tun0
? (10.3.16.202) at 00:19:03:08:09:26 on tun0
? (10.3.16.203) at 00:08:25:16:14:15 on tun0
? (10.3.16.206) at 00:06:05:14:18:09 on tun0
hostname1 (IP1) at f8:b1:56:c2:bf:e9 on em0
hostname2 (IP2) at 00:13:5f:20:d4:40 on em0
? (172.16.0.2) at 00:14:22:56:ca:33 on vether666

The 10.3.15 addresses are linked directly to the machine. The ones that say (incomplete) on e.g. 10.3.14 are behind a vlan.

The following line in the release notes might be the cause (?):

Quote:

Originally Posted by http://www.openbsd.org/plus56.html

Prepend ether_vlan_header rather than regular ethernet header for more efficient vlan tagging.

At the moment, I only have things not relying on vlans working.
Another troubling thing is that my IPSec connection with 172.16.0.2 does not happen. This machine is behind a VLAN but its arp record is correct...

EDIT: Looks like I'm not alone:
http://marc.info/?l=openbsd-misc&m=141493273422630&w=2

[jggimi]

Hello, and welcome!

1. You've got nine em(4) devices, not eight. They start with em0.

2. You should edit your post, and further redact your public facing IP address. Your broadcast address and your pflow settings need further masking.

3. If you don't receive an answer soon, you may wish to post this to the misc@ mailing list, which will reach a much wider and more knowledgeable audience, since about half the developers are active there. We're more newbie friendly and newbie focused, here.

If you do post to misc@, please be sure to include a dmesg with your Email.

www.openbsd.org/mail.html

[jggimi]

Adding one additional thought - PF had a syntax change at 5.6 to complete the transition to the new queuing system. The altq system is now completely gone. At 5.5 oldqueue was valid, at 5.6 it is not. Iif you upgraded from an older release, you should check your PF rules carefully.

[moviuro]

Quote:

Originally Posted by jggimi

Hello, and welcome!

1. You've got nine em(4) devices, not eight. They start with em0.

2. You should edit your post, and further redact your public facing IP address. Your broadcast address and your pflow settings need further masking.

3. If you don't receive an answer soon, you may wish to post this to the misc@ mailing list, which will reach a much wider and more knowledgeable audience, since about half the developers are active there. We're more newbie friendly and newbie focused, here.

If you do post to misc@, please be sure to include a dmesg with your Email.

1. Yup, indeed, 9 em devices
2. Fixed the IPs (not really critical, though, got a good firewall)
3. I just found some people with th same issue on misc@. I'll continue setting everything up and downgrade (hopefully more successfully) once I'm done readying the box for 5.6

[moviuro]

Quote:

Originally Posted by jggimi

Adding one additional thought - PF had a syntax change at 5.6 to complete the transition to the new queuing system. The altq system is now completely gone. At 5.5 oldqueue was valid, at 5.6 it is not. Iif you upgraded from an older release, you should check your PF rules carefully.

I don't have this oldqueue instruction in my pf, so that's OK (first thing I tried was to disable it and the issue was still present).

[jggimi]

Quote:

Originally Posted by moviuro

...I just found some people with th same issue on misc@..

This thread? I noticed it over the weekend, but didn't recall it when I read your post here.

[moviuro]

Quote:

Originally Posted by jggimi

This thread? I noticed it over the weekend, but didn't recall it when I read your post here.

Yes, that's it. I edited my first post shortly before you posted your first answer