Text only | Text with Images

OPNsense Forum

English Forums => 25.7, 25.10 Series => Topic started by: KrzyDrew on October 22, 2025, 03:26:30 PM

Title: vlan on sr-iovi ixv 25.7
Post by: KrzyDrew on October 22, 2025, 03:26:30 PM
Hello i do have a clean:
OPNsense-25.7-serial-amd64.img.bz2                 22-Jul-2025 07:12 

i do have a SRV-IO capable interface, a KVM/QEMU hypervisor

i do see in hyperbvisor an interface
06:00.0 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01)
06:00.1 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01)
i see functions

06:10.0 Ethernet controller: Intel Corporation 82599 Ethernet Controller Virtual Function (rev 01)
06:10.1 Ethernet controller: Intel Corporation 82599 Ethernet Controller Virtual Function (rev 01)
(..)
06:10.7 Ethernet controller: Intel Corporation 82599 Ethernet Controller Virtual Function (rev 01)

I could use any linux and bind to any VF.
I could install a vSRX demo and use VF. So - i assume my network is working, i do see vlans.

But when i install opnsense i see only unttaged traffic on ixv0, i see info from my switch like name from my switch - so i thing - my network works.

so in cli, in single user mode i just say:

# ifconfig ixv0.4123 create vlan 4123 vlandev ixv0 inet 172.41.23.1/16 up

i do have woking devices in 4123 vlan (also on same hypervisor with same PF, on a different VF but - running linux os)

but - i dont see any traffic that is tagged with - any vlan (even vlan 1)

Any hints, what should i check, even is this connifg supported or working (passing down one VF from hypervisor to VM inside) ?
Maybe i do need to paste any sniplets, condfig, dmesg etc ?
Title: Re: vlan on sr-iovi ixv 25.7
Post by: meyergru on October 22, 2025, 03:32:23 PM
Did you try creating the VLAN from the GUI? I do not even know if ifconfig can work like that - see, OpnSense is not Linux, but FreeBSD.

Also, you normally create a VLAN on a physical NIC, then assign that to a logical interface und then configure that interface with a subnet.
Title: Re: vlan on sr-iovi ixv 25.7
Post by: KrzyDrew on October 22, 2025, 08:53:31 PM
thanks for your time on this, yeap this is perfectly FBSD:

<code> fconfig ixv0.4123 create vlan 4123 vlandev ixv0 inet 172.41.23.1/16 up </code>

but opnsense tries to do this:
<code>root@:/ # ifconfig ixv0_vlan4030 inet 172.30.0.246/16 up
ifconfig: interface ixv0_vlan4030 does not exist
root@:/ #
root@:/ # ifconfig ixv0_vlan4033 create vlan 4033 vlandev ixv0
ifconfig: SIOCIFCREATE2 (ixv0_vlan4033): Invalid argument
root@:/ # ifconfig ixv0
ixv0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        options=4e507bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
        ether 52:54:00:e8:7a:fc
        inet 192.168.252.252 netmask 0xffffffff broadcast 192.168.252.252
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
root@:/ # ifconfig ixv0_vlan4030 create vlan 4030 vlandev ixv0
ifconfig: SIOCIFCREATE2 (ixv0_vlan4030): Invalid argument
root@:/ # ifconfig ixv0.vlan4030 create vlan 4030 vlandev ixv0
ifconfig: invalid vlan tag
root@:/ # ifconfig ixv0.4030 create vlan 4030 vlandev ixv0
ixv0: link state changed to DOWN
ixv0: link state changed to UP
root@:/ #
</code>

so interfaces named like ixv0_vlan4030 are bad idea for fBSD imvho.

no, i cant do anything in GUI as i need gui to configure, as this is KVM so i do have - a serial console and CLI (and that is fine) - simply vlan config from there is not working.

do i need to vi /conf/config.xml ? i really whould like not to, but what the heck, could try.
Title: Re: vlan on sr-iovi ixv 25.7
Post by: meyergru on October 22, 2025, 09:21:36 PM
If you have KVM or Proxmox, you can well set up a bridge without any real NICs at all or use a vtnet0 interface on the 10 GB adapter in the first place to first set that up with a network running. If your ixv0 is your LAN, then why would you not use that as bridge where your KVM host connects, too? Or is that a pure KVM for OpnSense and nothing else?
Title: Re: vlan on sr-iovi ixv 25.7
Post by: KrzyDrew on October 23, 2025, 09:13:55 AM
Nope, this is not dedicated for OPNSense.
I've got there vyos, vyatta (versions differ, and ages apart), vSRX and some linux host (just to test as machine inside).
vSRX obviouse - uses the SR-IOV and DPDK, OPNSense "only" as VF taken down.

Simply i do search why - it do works like that.

networking stops - if i go to single user (simply S as boot) and setup network, then exit - OPNSense goes up with very same config.

my "lan" and "wan" are more like this: APP ( n x vlans, MGMT, storage vlan - not used there, internet - i do have a tiny /24 and ASN on my own)

if only bridge is supported, then what the heck, whould use a bride.

Any way - is there a doc saying - how do i test every step in config - step by step i whould like to pass dome "DEBUG" flag to startup scripts - maybe some offload or anything fancy being setup, i've tested and i can easy reproduce this behavior in this (25.7) and prefious one version of OPNSense.

also: i've got TWO cards, with 10G so - i whould then give a try for LAGG (redundancy, not - speed).

in terms of speed my needs are modest, 300 Mbps "at peek" x 2 ( 300 in and 300 out) traffic is symetrical, small packets (VoIP mostly).

Text only | Text with Images