vlan on sr-iovi ixv 25.7

Started by KrzyDrew, October 22, 2025, 03:26:30 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
October 22, 2025, 03:26:30 PM
Hello i do have a clean:
OPNsense-25.7-serial-amd64.img.bz2                 22-Jul-2025 07:12 

i do have a SRV-IO capable interface, a KVM/QEMU hypervisor

i do see in hyperbvisor an interface
06:00.0 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01)
06:00.1 Ethernet controller: Intel Corporation 82599ES 10-Gigabit SFI/SFP+ Network Connection (rev 01)
i see functions

06:10.0 Ethernet controller: Intel Corporation 82599 Ethernet Controller Virtual Function (rev 01)
06:10.1 Ethernet controller: Intel Corporation 82599 Ethernet Controller Virtual Function (rev 01)
(..)
06:10.7 Ethernet controller: Intel Corporation 82599 Ethernet Controller Virtual Function (rev 01)

I could use any linux and bind to any VF.
I could install a vSRX demo and use VF. So - i assume my network is working, i do see vlans.

But when i install opnsense i see only unttaged traffic on ixv0, i see info from my switch like name from my switch - so i thing - my network works.

so in cli, in single user mode i just say:

# ifconfig ixv0.4123 create vlan 4123 vlandev ixv0 inet 172.41.23.1/16 up

i do have woking devices in 4123 vlan (also on same hypervisor with same PF, on a different VF but - running linux os)

but - i dont see any traffic that is tagged with - any vlan (even vlan 1)

Any hints, what should i check, even is this connifg supported or working (passing down one VF from hypervisor to VM inside) ?
Maybe i do need to paste any sniplets, condfig, dmesg etc ?
October 22, 2025, 03:32:23 PM #1
Did you try creating the VLAN from the GUI? I do not even know if ifconfig can work like that - see, OpnSense is not Linux, but FreeBSD.

Also, you normally create a VLAN on a physical NIC, then assign that to a logical interface und then configure that interface with a subnet.
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
October 22, 2025, 08:53:31 PM #2 Last Edit: October 22, 2025, 08:56:32 PM by KrzyDrew
thanks for your time on this, yeap this is perfectly FBSD:

<code> fconfig ixv0.4123 create vlan 4123 vlandev ixv0 inet 172.41.23.1/16 up </code>

but opnsense tries to do this:
<code>root@:/ # ifconfig ixv0_vlan4030 inet 172.30.0.246/16 up
ifconfig: interface ixv0_vlan4030 does not exist
root@:/ #
root@:/ # ifconfig ixv0_vlan4033 create vlan 4033 vlandev ixv0
ifconfig: SIOCIFCREATE2 (ixv0_vlan4033): Invalid argument
root@:/ # ifconfig ixv0
ixv0: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
        options=4e507bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
        ether 52:54:00:e8:7a:fc
        inet 192.168.252.252 netmask 0xffffffff broadcast 192.168.252.252
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
root@:/ # ifconfig ixv0_vlan4030 create vlan 4030 vlandev ixv0
ifconfig: SIOCIFCREATE2 (ixv0_vlan4030): Invalid argument
root@:/ # ifconfig ixv0.vlan4030 create vlan 4030 vlandev ixv0
ifconfig: invalid vlan tag
root@:/ # ifconfig ixv0.4030 create vlan 4030 vlandev ixv0
ixv0: link state changed to DOWN
ixv0: link state changed to UP
root@:/ #
</code>

so interfaces named like ixv0_vlan4030 are bad idea for fBSD imvho.

no, i cant do anything in GUI as i need gui to configure, as this is KVM so i do have - a serial console and CLI (and that is fine) - simply vlan config from there is not working.

do i need to vi /conf/config.xml ? i really whould like not to, but what the heck, could try.
October 22, 2025, 09:21:36 PM #3
If you have KVM or Proxmox, you can well set up a bridge without any real NICs at all or use a vtnet0 interface on the 10 GB adapter in the first place to first set that up with a network running. If your ixv0 is your LAN, then why would you not use that as bridge where your KVM host connects, too? Or is that a pure KVM for OpnSense and nothing else?
Intel N100, 4* I226-V, 2* 82559, 16 GByte, 500 GByte NVME, ZTE F6005

1100 down / 800 up, Bufferbloat A+
Today at 09:13:55 AM #4 Last Edit: Today at 09:16:06 AM by KrzyDrew
Nope, this is not dedicated for OPNSense.
I've got there vyos, vyatta (versions differ, and ages apart), vSRX and some linux host (just to test as machine inside).
vSRX obviouse - uses the SR-IOV and DPDK, OPNSense "only" as VF taken down.

Simply i do search why - it do works like that.

networking stops - if i go to single user (simply S as boot) and setup network, then exit - OPNSense goes up with very same config.

my "lan" and "wan" are more like this: APP ( n x vlans, MGMT, storage vlan - not used there, internet - i do have a tiny /24 and ASN on my own)

if only bridge is supported, then what the heck, whould use a bride.

Any way - is there a doc saying - how do i test every step in config - step by step i whould like to pass dome "DEBUG" flag to startup scripts - maybe some offload or anything fancy being setup, i've tested and i can easy reproduce this behavior in this (25.7) and prefious one version of OPNSense.

also: i've got TWO cards, with 10G so - i whould then give a try for LAGG (redundancy, not - speed).

in terms of speed my needs are modest, 300 Mbps "at peek" x 2 ( 300 in and 300 out) traffic is symetrical, small packets (VoIP mostly).

Print
Go Up Pages1
User actions