OPNsense Forum

English Forums => General Discussion => Topic started by: NOYB on January 18, 2018, 01:26:28 pm

Title: Virtual Interface VLANs
Post by: NOYB on January 18, 2018, 01:26:28 pm

Any plan to use virtual interface vlans (em0.1 vs em0_vlan1)?
https://www.freebsd.org/doc/handbook/network-vlan.html

I don't know what all the advantages are.  But I know it is much nicer to work with packet capturing.  Can just specify the virtual vlan interface (em0.n) rather than having to include the vlan tag in the capture filter.

Title: Re: Virtual Interface VLANs
Post by: franco on January 19, 2018, 05:00:50 pm

Maybe I'm missing something, but I only see a difference in the device name handling, so "." vs "_vlan"?

Title: Re: Virtual Interface VLANs
Post by: NOYB on January 20, 2018, 12:56:26 am

One of us is missing something.  Most likely me.  If it is just naming convention then perhaps the question would be; any plans to use the "best practice" defined there?

Quote from: https://www.freebsd.org/doc/handbook/network-vlan.html

Note:
See how the interface name includes the NIC driver name and the VLAN tag, separated by a period? This is a best practice to make maintaining the VLAN configuration easy when many VLANs are present on a machine.

They seem to emphasize the use of dot tag for some reason.  Wish they provided an example and explanation of how/why this makes "maintaining the VLAN configuration easy when many VLANs are present on a machine."  And is thus best practice.

Title: Re: Virtual Interface VLANs
Post by: franco on January 20, 2018, 09:09:59 pm

The "easy" part is that you can see the hardware interface and the VLAN tag in the name. Whether the separator is "_vlan" or "." is a personal preference, but the idea is the same. The normal VLAN name is "vlan0" and that can be confusing as one doesn't directly know the physical interface nor the VLAN tag.

"." is going to be difficult to pull off while avoiding operational problems for a while, because "_vlan" is used in the config.xml and in numerous hardcoded situations in the interface code.

A batch of work for no GUI-based benefit. On the backend, "em0.1" looks simpler, but also be more ambiguous. VXLAN will make sure of it:

https://wiki.freebsd.org/vxlan

In that case it may be better to go on with "_vxlan" instead of using e.g. ".x". Or the whole interface identification code needs to be rewritten to not use the name at all, then we could just leave all of it as "vxlan0", "em0" and "vlan0" and we are back to "not easy". :)

Because of those reasons, I don't think a move away from "_vlan" to "." will happen. Sorry.


Cheers,
Franco